From 831195c4d6cddfda57f3a3c8c8471bb1e8be94d8 Mon Sep 17 00:00:00 2001
From: Randolf Rotta <rrotta@informatik.tu-cottbus.de>
Date: Wed, 3 Jan 2018 00:36:37 +0100
Subject: [PATCH] clean up post parameter values before use

---
 action/edit.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/action/edit.php b/action/edit.php
index 6578a015..543e0e85 100644
--- a/action/edit.php
+++ b/action/edit.php
@@ -97,7 +97,7 @@ protected function createForm($tablename) {
             $label = $field->getColumn()->getLabel();
             if(isset($postdata[$label])) {
                 // posted data trumps stored data
-                $field->setValue($postdata[$label], true);
+                $field->setValue(cleanText($postdata[$label]), true);
             }
             $html .= $this->makeField($field, self::$VAR . "[$tablename][$label]");
         }