mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-08-11 17:14:42 +02:00
Code Issues Releases Wiki Activity

#4572: e_form: No htmlspecialchars() on "other" attributes

Browse Source 
Fixes: #4572

Discussion:
https://github.com/e107inc/e107/pull/4554#issuecomment-926113601
This commit is contained in:
Nick Liu
2021-09-23 16:12:52 -05:00
parent 171cac87b1
commit 45bce2a7aa
2 changed files with 21 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
e107_handlers/form_handler.php
View File

@@ -3907,7 +3907,10 @@ var_dump($select_options);*/
//
foreach ($options as $option => $optval)
{
$optval = htmlspecialchars(trim((string) $optval), ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
if ($option !== 'other')
{
$optval = htmlspecialchars(trim((string) $optval), ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
}
switch ($option)
{