[Phpgroupware-cvs] CVS: etemplate/inc class.html.inc.php,1.19,1.20

[Ralf Becker <address@hidden>]

Update of /cvsroot/phpgroupware/etemplate/inc
In directory subversions:/tmp/cvs-serv12484

Modified Files:
        class.html.inc.php 
Log Message:
added some htmlspecialchars() to the values of input and textarea, to allow 
transparent use of " and '

Index: class.html.inc.php
===================================================================
RCS file: /cvsroot/phpgroupware/etemplate/inc/class.html.inc.php,v
retrieving revision 1.19
retrieving revision 1.20
diff -C2 -r1.19 -r1.20
*** class.html.inc.php  27 Apr 2003 08:18:53 -0000      1.19
--- class.html.inc.php  14 Jun 2003 13:47:41 -0000      1.20
***************
*** 64,68 ****
                while (list($k,$text) = each($arr))
                {
!                       $out .= '<option value="'.$k.'"';
                        if("$k" == "$key" || strstr(",$key,",",$k,"))
                        {
--- 64,68 ----
                while (list($k,$text) = each($arr))
                {
!                       $out .= '<option value="'.htmlspecialchars($k).'"';
                        if("$k" == "$key" || strstr(",$key,",",$k,"))
                        {
***************
*** 100,104 ****
        function textarea($name,$value='',$options='' )
        {
!               return "<TEXTAREA name=\"$name\" $options>$value</TEXTAREA>\n";
        }
  
--- 100,104 ----
        function textarea($name,$value='',$options='' )
        {
!               return "<TEXTAREA name=\"$name\" 
$options>".htmlspecialchars($value)."</TEXTAREA>\n";
        }
  
***************
*** 107,111 ****
                if ($type) $type = 'TYPE="'.$type.'"';
  
!               return "<INPUT $type NAME=\"$name\" VALUE=\"$value\" 
$options>\n";
        }
  
--- 107,111 ----
                if ($type) $type = 'TYPE="'.$type.'"';
  
!               return "<INPUT $type NAME=\"$name\" 
VALUE=\"".htmlspecialchars($value)."\" $options>\n";
        }