diff options
| author | Björn Schießle <bjoern@schiessle.org> | 2013-02-28 08:51:07 -0800 |
|---|---|---|
| committer | Björn Schießle <bjoern@schiessle.org> | 2013-02-28 08:51:07 -0800 |
| commit | 1cc7e6d31a0ed8a590543cfb44cf1f31799d3dde (patch) | |
| tree | b1b7ef5997fab33ed550da7fb34fb9b50f0aae73 | |
| parent | 93e713d3781c5d5fc6d0dbb6c6a0a8f9c2e15b97 (diff) | |
| parent | cef6131ea8d9875da70516a523ee076e81257a09 (diff) | |
| download | nextcloud-server-1cc7e6d31a0ed8a590543cfb44cf1f31799d3dde.tar.gz nextcloud-server-1cc7e6d31a0ed8a590543cfb44cf1f31799d3dde.zip | |
Merge pull request #1989 from owncloud/selectSanitize
Sanitize HTML in html_select_options
| -rw-r--r-- | lib/template.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/template.php b/lib/template.php index ce55e58d28d..3c103c901c2 100644 --- a/lib/template.php +++ b/lib/template.php @@ -147,7 +147,7 @@ function html_select_options($options, $selected, $params=array()) { $label = $label[$label_name]; } $select = in_array($value, $selected) ? ' selected="selected"' : ''; - $html .= '<option value="' . $value . '"' . $select . '>' . $label . '</option>'."\n"; + $html .= '<option value="' . OC_Util::sanitizeHTML($value) . '"' . $select . '>' . OC_Util::sanitizeHTML($label) . '</option>'."\n"; } return $html; } |