PHPBuilder.com, the best resource for PHP tutorials, templates, PHP manuals, content management systems, scripts, classes and more.

Linux Today
Enterprise Linux Today
Apache Today
JustLinux.com
Linux Planet
PHPBuilder
All Linux Devices
Hiermenus
DatabaseJournal
Technology Jobs

IT
Developer
Internet News
Small Business
Personal Technology
International

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers

Covalent Extends Apache 2.0 to Microsoft ASP.NET
ShopWorX - Support for Windows
PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1
Network Risk Assessment
Full-Featured, Java-Based Apache GUI

Partners & Affiliates

Installing PHP-GTK on Linux
phpwiki - The Wiki for PHP Developers
Reading RSS feeds in PHP: Part 1
Fundamentals of Application Design
Manually Expiring Web Pages

[PHPLIB-DEV] cvs commit From: negro (phplib-dev <email protected>)
Date: 01/14/00

Next message: kir: "[PHPLIB-DEV] cvs commit"
Previous message: ssilk: "[PHPLIB-DEV] cvs commit"
Next in thread: kir: "[PHPLIB-DEV] cvs commit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: negro
Date: Fri Jan 14 09:00:58 2000
Modified files:
php-lib/CHANGES
php-lib/php/of_select.inc

Log message:
HTML escaped OPTION value for OOHForm generated SELECT statements.

Index: php-lib/CHANGES
diff -u php-lib/CHANGES:1.157 php-lib/CHANGES:1.158
--- php-lib/CHANGES:1.157 Fri Jan 14 06:42:43 2000
+++ php-lib/CHANGES Fri Jan 14 09:00:27 2000
@@ -1,4 +1,7 @@
-$Id: CHANGES,v 1.157 2000/01/14 05:42:43 ssilk Exp $
+$Id: CHANGES,v 1.158 2000/01/14 08:00:27 negro Exp $
+
+14-Jan-2000 negro
+ - HTML escaped OPTION value for OOHForm generated SELECT statements.

12-Jan-2000 ssilk
   - Fixed and tested query_sql.inc
Index: php-lib/php/of_select.inc
diff -u php-lib/php/of_select.inc:1.7 php-lib/php/of_select.inc:1.8
--- php-lib/php/of_select.inc:1.7 Thu Dec 2 06:35:07 1999
+++ php-lib/php/of_select.inc Fri Jan 14 09:00:27 2000
@@ -3,7 +3,7 @@
  *
  * Copyright (c) 1998 by Jay Bloodworth
  *
- * $Id: of_select.inc,v 1.7 1999/12/02 05:35:07 uw Exp $
+ * $Id: of_select.inc,v 1.8 2000/01/14 08:00:27 negro Exp $
  */

class of_select extends of_element {
@@ -39,7 +39,7 @@
     while (list($k,$o) = each($this->options)) {
       $str .= "<option";
       if (is_array($o))
- $str .= " value='" . $o["value"] . "'";
+ $str .= " value=\"" . htmlspecialchars($o["value"]) . "\"";
       if (!$this->multiple && ($this->value==$o["value"] || $this->value==$o))
         $str .= " selected";
       elseif ($this->multiple && is_array($this->value)) {
@@ -73,7 +73,7 @@
            (($tmp=$v["value"])==$tv || $v["label"]==$tv))
          || ($tmp=$v)==$tv) {
           $x++;
- $str .= "<input type='hidden' name='$n' value='$tmp'>\n";
+ $str .= "<input type='hidden' name='$n' value=\"" . htmlspecialchars($tmp) . "\">\n";
           $str .= "<tr><td>" . (is_array($v) ? $v["label"] : $v) . "</td></tr>\n";
         }
       }
@@ -108,4 +108,4 @@
   }

} // end SELECT
-?>
\ No newline at end of file
+?>

-
PHPLIB Developers Mailing List. Send messages to <phplib-dev <email protected>>.
To unsubscribe, send "unsubscribe" to <phplib-dev-request <email protected>> in
the body, not the subject, of your message.

Next message: kir: "[PHPLIB-DEV] cvs commit"
Previous message: ssilk: "[PHPLIB-DEV] cvs commit"
Next in thread: kir: "[PHPLIB-DEV] cvs commit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]