Commit aad86b66 authored by Francois Marier's avatar Francois Marier
Browse files

Pieforms: harden custom renderer against potential XSS attacks


Signed-off-by: default avatarFrancois Marier <francois@catalyst.net.nz>
parent 649764b6
...@@ -62,10 +62,10 @@ function pieform_renderer_maharatable(Pieform $form, $element) { ...@@ -62,10 +62,10 @@ function pieform_renderer_maharatable(Pieform $form, $element) {
$result = ''; $result = '';
if (isset($element['labelhtml']) && $element['labelhtml'] !== '') { if (isset($element['labelhtml']) && $element['labelhtml'] !== '') {
$result .= "\t<tr"; $result .= "\t<tr";
$result .= ' id="' . $formname . '_' . $element['name'] . '_header"'; $result .= ' id="' . $formname . '_' . Pieform::hsc($element['name']) . '_header"';
// Set the class of the enclosing <tr> to match that of the element // Set the class of the enclosing <tr> to match that of the element
if ($element['class']) { if ($element['class']) {
$result .= ' class="' . $element['class'] . '"'; $result .= ' class="' . Pieform::hsc($element['class']) . '"';
} }
$result .= ">\n\t\t"; $result .= ">\n\t\t";
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment