Skip to content
Permalink
Browse files Browse the repository at this point in the history
Updated Base class' filter method to use htmlspecialchars, which shou…
…ld help in preventing XSS vulnerabilities. This change was in response to http://code.google.com/p/php-form-builder-class/issues/detail?id=184.
  • Loading branch information
ajporterfield@gmail.com committed Nov 23, 2012
1 parent 7e818a4 commit 7489799
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion PFBC/Base.php
Expand Up @@ -48,7 +48,7 @@ public function debug() {

/*This method prevents double/single quotes in html attributes from breaking the markup.*/
protected function filter($str) {
return str_replace('"', '"', $str);
return htmlspecialchars($str);
}

/*This method is used by the Form class and all Element classes to return a string of html
Expand Down
2 changes: 1 addition & 1 deletion PFBC/Element/Textarea.php
Expand Up @@ -7,7 +7,7 @@ class Textarea extends \PFBC\Element {
public function render() {
echo "<textarea", $this->getAttributes("value"), ">";
if(!empty($this->attributes["value"]))
echo $this->attributes["value"];
echo $this->filter($this->attributes["value"]);
echo "</textarea>";
}
}

0 comments on commit 7489799

Please sign in to comment.