From dc54de165717058268494910052ef465e9de2284 Mon Sep 17 00:00:00 2001
From: Christian Boltz <postfixadmin@cboltz.de>
Date: Sat, 24 Sep 2011 16:35:42 +0000
Subject: [PATCH] smarty.inc.php - select_options(): - escape $val with
 htmlentities() (function result will/must be used   unescaped later)

git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1189 a1433add-5e2c-0410-b055-b7f2511e0802
---
 smarty.inc.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/smarty.inc.php b/smarty.inc.php
index f1ddfdfb..55ae044f 100644
--- a/smarty.inc.php
+++ b/smarty.inc.php
@@ -69,10 +69,10 @@ $smarty->assign ('authentication_has_role', array ('global_admin' => authenticat
 function select_options($aValues, $aSelected) {
     $ret_val = '';
     foreach ($aValues as $val) {
-        $ret_val .= '<option value="'.$val.'"';
+        $ret_val .= '<option value="'.htmlentities($val).'"';
         if (in_array ($val, $aSelected))
             $ret_val .= ' selected="selected"';
-        $ret_val .= '>'.$val.'</option>';
+        $ret_val .= '>'.htmlentities($val).'</option>';
     }
     return $ret_val;
 }