mirror of
https://github.com/postfixadmin/postfixadmin.git
synced 2024-09-20 03:36:20 +02:00
smarty.inc.php - select_options():
- escape $val with htmlentities() (function result will/must be used unescaped later) git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1189 a1433add-5e2c-0410-b055-b7f2511e0802
This commit is contained in:
parent
bd4889a7c2
commit
dc54de1657
@ -69,10 +69,10 @@ $smarty->assign ('authentication_has_role', array ('global_admin' => authenticat
|
||||
function select_options($aValues, $aSelected) {
|
||||
$ret_val = '';
|
||||
foreach ($aValues as $val) {
|
||||
$ret_val .= '<option value="'.$val.'"';
|
||||
$ret_val .= '<option value="'.htmlentities($val).'"';
|
||||
if (in_array ($val, $aSelected))
|
||||
$ret_val .= ' selected="selected"';
|
||||
$ret_val .= '>'.$val.'</option>';
|
||||
$ret_val .= '>'.htmlentities($val).'</option>';
|
||||
}
|
||||
return $ret_val;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user