Pieforms: harden custom renderer against potential XSS attacks

Signed-off-by: Francois Marier <francois@catalyst.net.nz>

Pieforms: harden custom renderer against potential XSS attacks
Signed-off-by: Francois Marier <francois@catalyst.net.nz>
aad86b66 · Francois Marier · 649764b6 · aad86b66
Commit aad86b66 authored May 17, 2010 by Francois Marier
--- a/htdocs/lib/form/renderers/maharatable.php
+++ b/htdocs/lib/form/renderers/maharatable.php
@@ -62,10 +62,10 @@ function pieform_renderer_maharatable(Pieform $form, $element) {
    $result = '';
    if (isset($element['labelhtml']) && $element['labelhtml'] !== '') {
        $result .= "\t<tr";
-        $result .= ' id="' . $formname . '_' . $element['name'] . '_header"';
+        $result .= ' id="' . $formname . '_' . Pieform::hsc($element['name']) . '_header"';
        // Set the class of the enclosing <tr> to match that of the element
        if ($element['class']) {
-            $result .= ' class="' . $element['class'] . '"';
+            $result .= ' class="' . Pieform::hsc($element['class']) . '"';
        }
        $result .= ">\n\t\t";