tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity

Merge pull request #1327 from ss23/patch-2

Browse Source 
BUG Database config values aren't escaped
This commit is contained in:
Simon Welsh 2013-03-23 12:16:13 -07:00
commit 7ce010928d
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
dev/install/config-form.html
View File

@ -157,7 +157,7 @@
$attrs['class'] .= ' configured-by-env';
}
$attrHTML = '';
foreach($attrs as $attrName => $attrValue) $attrHTML .= "$attrName=\"$attrValue\" ";
foreach($attrs as $attrName => $attrValue) $attrHTML .= "$attrName=\"" . htmlspecialchars($attrValue) . '"';
if(isset($fieldSpec['attributes'])) $attrs = array_merge($attrs, $fieldSpec['attributes']);
// html