From c0bed5e88ef85f49bc1332fa60faaf781cde8c80 Mon Sep 17 00:00:00 2001
From: Ralf Becker <ralfbecker@outdoor-training.de>
Date: Sun, 20 Feb 2005 21:47:14 +0000
Subject: [PATCH] added escaping of onclick for buttons

---
 phpgwapi/inc/class.html.inc.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/phpgwapi/inc/class.html.inc.php b/phpgwapi/inc/class.html.inc.php
index f3549f1f96..059168c3a0 100644
--- a/phpgwapi/inc/class.html.inc.php
+++ b/phpgwapi/inc/class.html.inc.php
@@ -554,8 +554,8 @@ htmlareaConfig_'.$id.'.editorURL = '."'$this->phpgwapi_js_url/htmlarea/';";
 			$accesskey = '';
 			$label_u = $label;
 		}
-		if ($onClick) $options .= " onclick=\"$onClick\"";
-		
+		if ($onClick) $options .= ' onclick="'.str_replace('"','\\"',$onClick).'"';
+	
 		// <button> is not working in all cases if ($this->user_agent == 'mozilla' && $this->ua_version < 5 || $image)
 		{
 			return $this->input($name,$label,$image != '' ? 'image' : 'submit',$options.$image);