diff options
| author | Andy Staudacher <andy.st@gmail.com> | 2009-09-01 01:17:39 -0700 |
|---|---|---|
| committer | Andy Staudacher <andy.st@gmail.com> | 2009-09-01 01:17:39 -0700 |
| commit | 94c201f265c758fad38eb69c0a5878970119197a (patch) | |
| tree | 0eb14e0ab61e86b04d9b554b4575bc06b692e33a /modules/forge/libraries/Form_Checklist.php | |
| parent | ff1979e12e0b012374e2ab3712b19f87e1a92e64 (diff) | |
XSS escape in form helper and forge where missing.
Diffstat (limited to 'modules/forge/libraries/Form_Checklist.php')
| -rw-r--r-- | modules/forge/libraries/Form_Checklist.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/modules/forge/libraries/Form_Checklist.php b/modules/forge/libraries/Form_Checklist.php index 99b455bd..4536d396 100644 --- a/modules/forge/libraries/Form_Checklist.php +++ b/modules/forge/libraries/Form_Checklist.php @@ -67,7 +67,7 @@ class Form_Checklist_Core extends Form_Input { $data['value'] = $val; $data['checked'] = $checked; - $checklist .= '<li><label>'.form::checkbox($data).' '.$title.'</label></li>'.$nl; + $checklist .= '<li><label>'.form::checkbox($data).' '.html::purify($title).'</label></li>'.$nl; } $checklist .= '</ul>'; |