Sanitize HTML in html_select_options
This commit is contained in:
parent
2f036bcc54
commit
cef6131ea8
|
@ -147,7 +147,7 @@ function html_select_options($options, $selected, $params=array()) {
|
||||||
$label = $label[$label_name];
|
$label = $label[$label_name];
|
||||||
}
|
}
|
||||||
$select = in_array($value, $selected) ? ' selected="selected"' : '';
|
$select = in_array($value, $selected) ? ' selected="selected"' : '';
|
||||||
$html .= '<option value="' . $value . '"' . $select . '>' . $label . '</option>'."\n";
|
$html .= '<option value="' . OC_Util::sanitizeHTML($value) . '"' . $select . '>' . OC_Util::sanitizeHTML($label) . '</option>'."\n";
|
||||||
}
|
}
|
||||||
return $html;
|
return $html;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue