diff options
| author | Lukas Reschke <lukas@statuscode.ch> | 2013-02-28 20:03:06 +0100 |
|---|---|---|
| committer | Lukas Reschke <lukas@statuscode.ch> | 2013-02-28 20:03:06 +0100 |
| commit | dee16deacd8a66c423d8b51ccfc23730823e4019 (patch) | |
| tree | cc1de2c2ada6291366eb0a4db62fc9510f04cc9c /lib/template.php | |
| parent | 5f8bd079272c3e568d80bb984a65d9835a6b4393 (diff) | |
| parent | a86761e1e720af148da6cbc3fd641da6b57fab5b (diff) | |
| download | nextcloud-server-dee16deacd8a66c423d8b51ccfc23730823e4019.tar.gz nextcloud-server-dee16deacd8a66c423d8b51ccfc23730823e4019.zip | |
Merge master
Diffstat (limited to 'lib/template.php')
| -rw-r--r-- | lib/template.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/template.php b/lib/template.php index 08ad5764ba1..b2d1f0c0292 100644 --- a/lib/template.php +++ b/lib/template.php @@ -147,7 +147,7 @@ function html_select_options($options, $selected, $params=array()) { $label = $label[$label_name]; } $select = in_array($value, $selected) ? ' selected="selected"' : ''; - $html .= '<option value="' . $value . '"' . $select . '>' . $label . '</option>'."\n"; + $html .= '<option value="' . OC_Util::sanitizeHTML($value) . '"' . $select . '>' . OC_Util::sanitizeHTML($label) . '</option>'."\n"; } return $html; } |