mirror of
https://github.com/silverstripe/silverstripe-userforms.git
synced 2024-09-29 20:59:15 +02:00
MINOR - Added escaping for values passed by url params
This commit is contained in:
parent
e24e9b4245
commit
ab7e53fb6f
@ -407,7 +407,7 @@ class UserDefinedForm_Controller extends Page_Controller {
|
||||
|
||||
// set the values passed by the url to the field
|
||||
$request = $this->getRequest();
|
||||
$value = $request->getVar($field->name);
|
||||
$value = Convert::raw2att($request->getVar($field->name));
|
||||
if(isset($value)) $field->value = $value;
|
||||
|
||||
$fields->push($field);
|
||||
|
Loading…
Reference in New Issue
Block a user