extern/egroupware
1
0
Fork 1
mirror of https://github.com/EGroupware/egroupware.git synced 2024-10-05 09:42:30 +02:00
Code Issues Packages Projects Releases Wiki Activity

Don't use htmlspecialchars, it causes issues with mixed quotes.

Browse Source
This commit is contained in:
Nathan Gray 2009-01-22 15:05:54 +00:00
parent 1b4d236d4a
commit 4c5d771cde
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
etemplate/inc/class.ajax_select_widget.inc.php
View File

@ -311,8 +311,10 @@
$data = ($query['nextmatch_template']) ? array(1=>$row) : $row;
$widget =& CreateObject('etemplate.etemplate', $query['template']);
$html = addslashes(str_replace("\n", '', $widget->show($data, '', $readonlys)));
$row['id_field'] = htmlspecialchars(addslashes($row[$query['id_field']]));
$row['title'] = htmlspecialchars(addslashes($row['title']));
// If we use htmlspecialchars, it causes issues with mixed quotes. addslashes() seems to handle it.
$row['id_field'] = addslashes($row[$query['id_field']]);
$row['title'] = addslashes($row['title']);
$response->addScript("add_ajax_result('$result_id', '${row['id_field']}', '" . $row['title'] . "', '$html');");
$count++;
if($count > $GLOBALS['egw_info']['user']['preferences']['common']['maxmatchs']) {