aboutsummaryrefslogtreecommitdiff
path: root/views
diff options
context:
space:
mode:
authormarcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>2009-02-10 14:32:34 +0000
committermarcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>2009-02-10 14:32:34 +0000
commit7c884b14bd0d1a9d7bebe314e27ebd74ec0726ee (patch)
treecd8dbe67446cfa1988714782da642be60155e9a1 /views
parent65001decf7a36cffd077575229b4dd9239a48315 (diff)
downloadelgg-7c884b14bd0d1a9d7bebe314e27ebd74ec0726ee.tar.gz
elgg-7c884b14bd0d1a9d7bebe314e27ebd74ec0726ee.tar.bz2
Refs #756: htmlentities on all input views
git-svn-id: https://code.elgg.org/elgg/trunk@2704 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'views')
-rw-r--r--views/default/input/access.php4
-rw-r--r--views/default/input/email.php2
-rw-r--r--views/default/input/file.php2
-rw-r--r--views/default/input/longtext.php2
-rw-r--r--views/default/input/password.php2
-rw-r--r--views/default/input/pulldown.php8
6 files changed, 10 insertions, 10 deletions
diff --git a/views/default/input/access.php b/views/default/input/access.php
index 9cd1e3d99..db938111e 100644
--- a/views/default/input/access.php
+++ b/views/default/input/access.php
@@ -35,9 +35,9 @@
foreach($vars['options'] as $key => $option) {
if ($key != $vars['value']) {
- echo "<option value=\"{$key}\">{$option}</option>";
+ echo "<option value=\"{$key}\">". htmlentities($option, null, 'UTF-8') ."</option>";
} else {
- echo "<option value=\"{$key}\" selected=\"selected\">{$option}</option>";
+ echo "<option value=\"{$key}\" selected=\"selected\">". htmlentities($option, null, 'UTF-8') ."</option>";
}
}
diff --git a/views/default/input/email.php b/views/default/input/email.php
index 9fc620a38..9c1f9920a 100644
--- a/views/default/input/email.php
+++ b/views/default/input/email.php
@@ -21,4 +21,4 @@
if (!$class) $class = "input-text";
?>
-<input type="text" <?php echo $vars['js']; ?> name="<?php echo $vars['internalname']; ?>" value="<?php echo $vars['value']; ?>" class="<?php echo $class; ?>"/> \ No newline at end of file
+<input type="text" <?php echo $vars['js']; ?> name="<?php echo $vars['internalname']; ?>" value="<?php echo htmlentities($vars['value'], null, 'UTF-8'); ?>" class="<?php echo $class; ?>"/> \ No newline at end of file
diff --git a/views/default/input/file.php b/views/default/input/file.php
index 03e9e067d..58d7437ff 100644
--- a/views/default/input/file.php
+++ b/views/default/input/file.php
@@ -23,4 +23,4 @@
$class = $vars['class'];
if (!$class) $class = "input-file";
?>
-<input type="file" size="30" <?php echo $vars['js']; ?>name="<?php echo $vars['internalname']; ?>" <?php if ($vars['disabled']) echo ' disabled="yes" '; ?> class="<?php echo $class; ?>" /> \ No newline at end of file
+<input type="file" size="30" <?php echo $vars['js']; ?> name="<?php echo $vars['internalname']; ?>" <?php if ($vars['disabled']) echo ' disabled="yes" '; ?> class="<?php echo $class; ?>" /> \ No newline at end of file
diff --git a/views/default/input/longtext.php b/views/default/input/longtext.php
index c28028217..ef7cd0efb 100644
--- a/views/default/input/longtext.php
+++ b/views/default/input/longtext.php
@@ -22,4 +22,4 @@
?>
-<textarea class="<?php echo $class; ?>" name="<?php echo $vars['internalname']; ?>" <?php if ($vars['disabled']) echo ' disabled="yes" '; ?> <?php echo $vars['js']; ?>><?php echo $vars['value']; ?></textarea> \ No newline at end of file
+<textarea class="<?php echo $class; ?>" name="<?php echo $vars['internalname']; ?>" <?php if ($vars['disabled']) echo ' disabled="yes" '; ?> <?php echo $vars['js']; ?>><?php echo htmlentities($vars['value'], null, 'UTF-8'); ?></textarea> \ No newline at end of file
diff --git a/views/default/input/password.php b/views/default/input/password.php
index 75650b6c7..e93864bce 100644
--- a/views/default/input/password.php
+++ b/views/default/input/password.php
@@ -21,4 +21,4 @@
if (!$class) $class = "input-password";
?>
-<input type="password" <?php if ($vars['disabled']) echo ' disabled="yes" '; ?> <?php echo $vars['js']; ?> name="<?php echo $vars['internalname']; ?>" value="<?php echo $vars['value']; ?>" class="<?php echo $class; ?>" /> \ No newline at end of file
+<input type="password" <?php if ($vars['disabled']) echo ' disabled="yes" '; ?> <?php echo $vars['js']; ?> name="<?php echo $vars['internalname']; ?>" value="<?php echo htmlentities($vars['value'], null, 'UTF-8'); ?>" class="<?php echo $class; ?>" /> \ No newline at end of file
diff --git a/views/default/input/pulldown.php b/views/default/input/pulldown.php
index fcd13a6b3..8d7d94e75 100644
--- a/views/default/input/pulldown.php
+++ b/views/default/input/pulldown.php
@@ -32,9 +32,9 @@
{
foreach($vars['options_values'] as $value => $option) {
if ($value != $vars['value']) {
- echo "<option value=\"$value\">{$option}</option>";
+ echo "<option value=\"$value\">". htmlentities($option, null, 'UTF-8') ."</option>";
} else {
- echo "<option value=\"$value\" selected=\"selected\">{$option}</option>";
+ echo "<option value=\"$value\" selected=\"selected\">". htmlentities($option, null, 'UTF-8') ."</option>";
}
}
}
@@ -42,9 +42,9 @@
{
foreach($vars['options'] as $option) {
if ($option != $vars['value']) {
- echo "<option>{$option}</option>";
+ echo "<option>". htmlentities($option, null, 'UTF-8') ."</option>";
} else {
- echo "<option selected=\"selected\">{$option}</option>";
+ echo "<option selected=\"selected\">". htmlentities($option, null, 'UTF-8') ."</option>";
}
}
}