diff options
author | marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2009-02-10 14:32:34 +0000 |
---|---|---|
committer | marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2009-02-10 14:32:34 +0000 |
commit | 7c884b14bd0d1a9d7bebe314e27ebd74ec0726ee (patch) | |
tree | cd8dbe67446cfa1988714782da642be60155e9a1 /views/default | |
parent | 65001decf7a36cffd077575229b4dd9239a48315 (diff) | |
download | elgg-7c884b14bd0d1a9d7bebe314e27ebd74ec0726ee.tar.gz elgg-7c884b14bd0d1a9d7bebe314e27ebd74ec0726ee.tar.bz2 |
Refs #756: htmlentities on all input views
git-svn-id: https://code.elgg.org/elgg/trunk@2704 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'views/default')
-rw-r--r-- | views/default/input/access.php | 4 | ||||
-rw-r--r-- | views/default/input/email.php | 2 | ||||
-rw-r--r-- | views/default/input/file.php | 2 | ||||
-rw-r--r-- | views/default/input/longtext.php | 2 | ||||
-rw-r--r-- | views/default/input/password.php | 2 | ||||
-rw-r--r-- | views/default/input/pulldown.php | 8 |
6 files changed, 10 insertions, 10 deletions
diff --git a/views/default/input/access.php b/views/default/input/access.php index 9cd1e3d99..db938111e 100644 --- a/views/default/input/access.php +++ b/views/default/input/access.php @@ -35,9 +35,9 @@ foreach($vars['options'] as $key => $option) {
if ($key != $vars['value']) {
- echo "<option value=\"{$key}\">{$option}</option>";
+ echo "<option value=\"{$key}\">". htmlentities($option, null, 'UTF-8') ."</option>";
} else {
- echo "<option value=\"{$key}\" selected=\"selected\">{$option}</option>";
+ echo "<option value=\"{$key}\" selected=\"selected\">". htmlentities($option, null, 'UTF-8') ."</option>";
}
}
diff --git a/views/default/input/email.php b/views/default/input/email.php index 9fc620a38..9c1f9920a 100644 --- a/views/default/input/email.php +++ b/views/default/input/email.php @@ -21,4 +21,4 @@ if (!$class) $class = "input-text";
?>
-<input type="text" <?php echo $vars['js']; ?> name="<?php echo $vars['internalname']; ?>" value="<?php echo $vars['value']; ?>" class="<?php echo $class; ?>"/>
\ No newline at end of file +<input type="text" <?php echo $vars['js']; ?> name="<?php echo $vars['internalname']; ?>" value="<?php echo htmlentities($vars['value'], null, 'UTF-8'); ?>" class="<?php echo $class; ?>"/>
\ No newline at end of file diff --git a/views/default/input/file.php b/views/default/input/file.php index 03e9e067d..58d7437ff 100644 --- a/views/default/input/file.php +++ b/views/default/input/file.php @@ -23,4 +23,4 @@ $class = $vars['class']; if (!$class) $class = "input-file";
?>
-<input type="file" size="30" <?php echo $vars['js']; ?>name="<?php echo $vars['internalname']; ?>" <?php if ($vars['disabled']) echo ' disabled="yes" '; ?> class="<?php echo $class; ?>" />
\ No newline at end of file +<input type="file" size="30" <?php echo $vars['js']; ?> name="<?php echo $vars['internalname']; ?>" <?php if ($vars['disabled']) echo ' disabled="yes" '; ?> class="<?php echo $class; ?>" />
\ No newline at end of file diff --git a/views/default/input/longtext.php b/views/default/input/longtext.php index c28028217..ef7cd0efb 100644 --- a/views/default/input/longtext.php +++ b/views/default/input/longtext.php @@ -22,4 +22,4 @@ ?>
-<textarea class="<?php echo $class; ?>" name="<?php echo $vars['internalname']; ?>" <?php if ($vars['disabled']) echo ' disabled="yes" '; ?> <?php echo $vars['js']; ?>><?php echo $vars['value']; ?></textarea>
\ No newline at end of file +<textarea class="<?php echo $class; ?>" name="<?php echo $vars['internalname']; ?>" <?php if ($vars['disabled']) echo ' disabled="yes" '; ?> <?php echo $vars['js']; ?>><?php echo htmlentities($vars['value'], null, 'UTF-8'); ?></textarea>
\ No newline at end of file diff --git a/views/default/input/password.php b/views/default/input/password.php index 75650b6c7..e93864bce 100644 --- a/views/default/input/password.php +++ b/views/default/input/password.php @@ -21,4 +21,4 @@ if (!$class) $class = "input-password";
?>
-<input type="password" <?php if ($vars['disabled']) echo ' disabled="yes" '; ?> <?php echo $vars['js']; ?> name="<?php echo $vars['internalname']; ?>" value="<?php echo $vars['value']; ?>" class="<?php echo $class; ?>" />
\ No newline at end of file +<input type="password" <?php if ($vars['disabled']) echo ' disabled="yes" '; ?> <?php echo $vars['js']; ?> name="<?php echo $vars['internalname']; ?>" value="<?php echo htmlentities($vars['value'], null, 'UTF-8'); ?>" class="<?php echo $class; ?>" />
\ No newline at end of file diff --git a/views/default/input/pulldown.php b/views/default/input/pulldown.php index fcd13a6b3..8d7d94e75 100644 --- a/views/default/input/pulldown.php +++ b/views/default/input/pulldown.php @@ -32,9 +32,9 @@ { foreach($vars['options_values'] as $value => $option) { if ($value != $vars['value']) { - echo "<option value=\"$value\">{$option}</option>"; + echo "<option value=\"$value\">". htmlentities($option, null, 'UTF-8') ."</option>"; } else { - echo "<option value=\"$value\" selected=\"selected\">{$option}</option>"; + echo "<option value=\"$value\" selected=\"selected\">". htmlentities($option, null, 'UTF-8') ."</option>"; } } } @@ -42,9 +42,9 @@ {
foreach($vars['options'] as $option) {
if ($option != $vars['value']) {
- echo "<option>{$option}</option>";
+ echo "<option>". htmlentities($option, null, 'UTF-8') ."</option>";
} else {
- echo "<option selected=\"selected\">{$option}</option>";
+ echo "<option selected=\"selected\">". htmlentities($option, null, 'UTF-8') ."</option>";
}
}
}
|