smarty-php/smarty
1
0
Fork 0
mirror of https://github.com/smarty-php/smarty.git synced 2025-08-04 18:34:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

escape html entities in the option values and output

Browse Source
This commit is contained in:
mohrt
2002-12-10 15:20:09 +00:00
parent 9b25d35767
commit 556a9fc9df
3 changed files with 9 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
NEWS
View File

@@ -1,3 +1,4 @@
- escape html entities in html_options (Monte)
- fixed bug with label for html_options (Monte) - fixed bug with label for html_options (Monte)
- added caching to config file loading (Monte) - added caching to config file loading (Monte)
- added "extra" parameter to mailto function (Monte, - added "extra" parameter to mailto function (Monte,

7
libs/plugins/function.html_options.php
View File

@@ -43,10 +43,11 @@ function smarty_function_html_options($params, &$smarty)
function smarty_function_html_options_optoutput($key, $value, $selected) { function smarty_function_html_options_optoutput($key, $value, $selected) {
if(!is_array($value)) { if(!is_array($value)) {
$html_result = "<option label=\"$value\" value=\"$key\""; $html_result = '<option label="' . htmlspecialchars($value) . '" value="' .
htmlspecialchars($key) . '"';
if (in_array($key, $selected)) if (in_array($key, $selected))
$html_result .= " selected=\"selected\""; $html_result .= " selected=\"selected\"";
$html_result .= ">$value</option>\n"; $html_result .= '>' . htmlspecialchars($value) . '</option>' . "\n";
} else { } else {
$html_result = smarty_function_html_options_optgroup($key, $value, $selected); $html_result = smarty_function_html_options_optgroup($key, $value, $selected);
} }
@@ -54,7 +55,7 @@ function smarty_function_html_options_optoutput($key, $value, $selected) {
} }
function smarty_function_html_options_optgroup($key, $values, $selected) { function smarty_function_html_options_optgroup($key, $values, $selected) {
$optgroup_html = "<optgroup label=\"$value\">\n"; $optgroup_html = '<optgroup label="' . htmlspecialchars($value) . '">' . "\n";
foreach ($values as $key => $value) { foreach ($values as $key => $value) {
$optgroup_html .= smarty_function_html_options_optoutput($key, $value, $selected); $optgroup_html .= smarty_function_html_options_optoutput($key, $value, $selected);
} }

7
plugins/function.html_options.php
View File

@@ -43,10 +43,11 @@ function smarty_function_html_options($params, &$smarty)
function smarty_function_html_options_optoutput($key, $value, $selected) { function smarty_function_html_options_optoutput($key, $value, $selected) {
if(!is_array($value)) { if(!is_array($value)) {
$html_result = "<option label=\"$value\" value=\"$key\""; $html_result = '<option label="' . htmlspecialchars($value) . '" value="' .
htmlspecialchars($key) . '"';
if (in_array($key, $selected)) if (in_array($key, $selected))
$html_result .= " selected=\"selected\""; $html_result .= " selected=\"selected\"";
$html_result .= ">$value</option>\n"; $html_result .= '>' . htmlspecialchars($value) . '</option>' . "\n";
} else { } else {
$html_result = smarty_function_html_options_optgroup($key, $value, $selected); $html_result = smarty_function_html_options_optgroup($key, $value, $selected);
} }
@@ -54,7 +55,7 @@ function smarty_function_html_options_optoutput($key, $value, $selected) {
} }
function smarty_function_html_options_optgroup($key, $values, $selected) { function smarty_function_html_options_optgroup($key, $values, $selected) {
$optgroup_html = "<optgroup label=\"$value\">\n"; $optgroup_html = '<optgroup label="' . htmlspecialchars($value) . '">' . "\n";
foreach ($values as $key => $value) { foreach ($values as $key => $value) {
$optgroup_html .= smarty_function_html_options_optoutput($key, $value, $selected); $optgroup_html .= smarty_function_html_options_optoutput($key, $value, $selected);
} }