tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-06-28 23:49:26 +02:00
Code Issues Projects Releases Wiki Activity

BUG Database config values aren't escaped

Browse Source 
Causes minor UI issues if you try use database configuration values that happen to have " or other values in them.
This commit is contained in:
Stephen Shkardoon 2013-03-24 01:05:33 +13:00
parent bfab74ac6e
commit 9b9f367e93
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
dev/install/config-form.html
View File

@ -157,7 +157,7 @@
$attrs['class'] .= ' configured-by-env';
}
$attrHTML = '';
foreach($attrs as $attrName => $attrValue) $attrHTML .= "$attrName=\"$attrValue\" ";
foreach($attrs as $attrName => $attrValue) $attrHTML .= "$attrName=\"" . htmlspecialchars($attrValue) . '"';
if(isset($fieldSpec['attributes'])) $attrs = array_merge($attrs, $fieldSpec['attributes']);
// html