diff options
author | Philip Häusler <msquare@notrademark.de> | 2013-12-28 02:14:49 +0100 |
---|---|---|
committer | Philip Häusler <msquare@notrademark.de> | 2013-12-28 02:14:49 +0100 |
commit | 8ce67793df5ea77494f6587f297fb96271d03290 (patch) | |
tree | 1bb72bb7a32b4a65dbfcfce93c19cd6788cc80c7 /includes/sys_template.php | |
parent | c623a110ad9b3863b87c2ceb9adc9d689eed009b (diff) |
form text fields now make htmlspecialchars
Diffstat (limited to 'includes/sys_template.php')
-rw-r--r-- | includes/sys_template.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/includes/sys_template.php b/includes/sys_template.php index 569783a7..78519143 100644 --- a/includes/sys_template.php +++ b/includes/sys_template.php @@ -113,7 +113,7 @@ function form_submit($name, $label) { */ function form_text($name, $label, $value, $disabled = false) { $disabled = $disabled ? ' disabled="disabled"' : ''; - return form_element($label, '<input id="form_' . $name . '" type="text" name="' . $name . '" value="' . $value . '" ' . $disabled . '/>', 'form_' . $name); + return form_element($label, '<input id="form_' . $name . '" type="text" name="' . $name . '" value="' . htmlspecialchars($value) . '" ' . $disabled . '/>', 'form_' . $name); } /** |