From fdd5acff5de502faad20379ec33f68676b19c22f Mon Sep 17 00:00:00 2001
From: Thomas Portelange <thomas@lekoala.be>
Date: Thu, 27 Sep 2018 12:12:59 +0200
Subject: [PATCH] raw2att accepts array, but sprintf doesn't

it's not very likely to happen (it did in my case :-) ) but if the value is an array, sprintf will fail (because raw2att accepts array, but sprintf doesn't). i suggest to json encode any array data to ensure it's safely included in the html. Or we should throw proper exceptions to make sure invalid values do not result in a php error.
---
 src/Forms/FormField.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/Forms/FormField.php b/src/Forms/FormField.php
index dce2688f8..632335391 100644
--- a/src/Forms/FormField.php
+++ b/src/Forms/FormField.php
@@ -730,7 +730,11 @@ class FormField extends RequestHandler
             if ($value === true) {
                 $parts[] = sprintf('%s="%s"', $name, $name);
             } else {
-                $parts[] = sprintf('%s="%s"', $name, Convert::raw2att($value));
+                $strValue = Convert::raw2att($value);
+                if (!is_string($strValue)) {
+                    $strValue = json_encode($strValue);
+                }
+                $parts[] = sprintf('%s="%s"', $name, $strValue);
             }
         }