smarty-php/smarty
1
0
Fork 0
mirror of https://github.com/smarty-php/smarty.git synced 2025-10-17 22:45:20 +02:00
Code Issues Packages Projects Releases Wiki Activity

escape html entities in the option values and output

Browse Source
This commit is contained in:
mohrt
2002-12-10 15:20:09 +00:00
parent 9b25d35767
commit 556a9fc9df
3 changed files with 9 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
libs/plugins/function.html_options.php
View File

@@ -43,10 +43,11 @@ function smarty_function_html_options($params, &$smarty)
function smarty_function_html_options_optoutput($key, $value, $selected) {
if(!is_array($value)) {
$html_result = "<option label=\"$value\" value=\"$key\"";
$html_result = '<option label="' . htmlspecialchars($value) . '" value="' .
htmlspecialchars($key) . '"';
if (in_array($key, $selected))
$html_result .= " selected=\"selected\"";
$html_result .= ">$value</option>\n";
$html_result .= '>' . htmlspecialchars($value) . '</option>' . "\n";
} else {
$html_result = smarty_function_html_options_optgroup($key, $value, $selected);
}
@@ -54,7 +55,7 @@ function smarty_function_html_options_optoutput($key, $value, $selected) {
}
function smarty_function_html_options_optgroup($key, $values, $selected) {
$optgroup_html = "<optgroup label=\"$value\">\n";
$optgroup_html = '<optgroup label="' . htmlspecialchars($value) . '">' . "\n";
foreach ($values as $key => $value) {
$optgroup_html .= smarty_function_html_options_optoutput($key, $value, $selected);
}