diff options
| -rw-r--r-- | modules/comment/views/admin_comments.html.php | 6 | ||||
| -rw-r--r-- | modules/forge/libraries/Form_Checkbox.php | 2 | ||||
| -rw-r--r-- | modules/forge/libraries/Form_Checklist.php | 2 | ||||
| -rw-r--r-- | modules/forge/libraries/Form_Group.php | 2 | ||||
| -rw-r--r-- | modules/gallery/tests/Xss_Security_Test.php | 4 | ||||
| -rw-r--r-- | modules/gallery/tests/xss_data.txt | 30 | ||||
| -rw-r--r-- | modules/gallery/views/admin_dashboard.html.php | 2 | ||||
| -rw-r--r-- | modules/gallery/views/admin_graphics.html.php | 2 | ||||
| -rw-r--r-- | modules/gallery/views/admin_maintenance_task.html.php | 2 | ||||
| -rw-r--r-- | modules/recaptcha/views/admin_recaptcha.html.php | 4 | ||||
| -rw-r--r-- | modules/recaptcha/views/form_recaptcha.html.php | 2 | ||||
| -rw-r--r-- | modules/tag/js/tag.js | 10 | ||||
| -rw-r--r-- | modules/tag/views/admin_tags.html.php | 8 | ||||
| -rw-r--r-- | modules/user/views/login_ajax.html.php | 2 | ||||
| -rw-r--r-- | system/helpers/form.php | 19 |
15 files changed, 64 insertions, 33 deletions
diff --git a/modules/comment/views/admin_comments.html.php b/modules/comment/views/admin_comments.html.php index f5970ae1..455cd714 100644 --- a/modules/comment/views/admin_comments.html.php +++ b/modules/comment/views/admin_comments.html.php @@ -1,7 +1,7 @@ <?php defined("SYSPATH") or die("No direct script access.") ?> <script type="text/javascript"> var set_state_url = - "<?= url::site("admin/comments/set_state/__ID__/__STATE__?csrf=$csrf") ?>"; + <?= html::js_string(url::site("admin/comments/set_state/__ID__/__STATE__?csrf=$csrf")) ?>; function set_state(state, id) { $.get(set_state_url.replace("__STATE__", state).replace("__ID__", id), {}, @@ -12,7 +12,7 @@ } var delete_url = - "<?= url::site("admin/comments/delete/__ID__?csrf=$csrf") ?>"; + <?= html::js_string(url::site("admin/comments/delete/__ID__?csrf=$csrf")) ?>; function del(id) { $.get(delete_url.replace("__ID__", id), @@ -24,7 +24,7 @@ } function update_menu() { - $.get("<?= url::site("admin/comments/menu_labels") ?>", {}, + $.get(<?= html::js_string(url::site("admin/comments/menu_labels")) ?>, {}, function(data) { for (var i = 0; i < data.length; i++) { $("#gAdminCommentsMenu li:eq(" + i + ") a").html(data[i]); diff --git a/modules/forge/libraries/Form_Checkbox.php b/modules/forge/libraries/Form_Checkbox.php index b94fc438..aded4fdf 100644 --- a/modules/forge/libraries/Form_Checkbox.php +++ b/modules/forge/libraries/Form_Checkbox.php @@ -68,7 +68,7 @@ class Form_Checkbox_Core extends Form_Input { $label = ' '.ltrim($label); } - return '<label>'.form::input($data).$label.'</label>'; + return '<label>'.form::input($data).html::clean($label).'</label>'; } protected function load_value() diff --git a/modules/forge/libraries/Form_Checklist.php b/modules/forge/libraries/Form_Checklist.php index 99b455bd..4536d396 100644 --- a/modules/forge/libraries/Form_Checklist.php +++ b/modules/forge/libraries/Form_Checklist.php @@ -67,7 +67,7 @@ class Form_Checklist_Core extends Form_Input { $data['value'] = $val; $data['checked'] = $checked; - $checklist .= '<li><label>'.form::checkbox($data).' '.$title.'</label></li>'.$nl; + $checklist .= '<li><label>'.form::checkbox($data).' '.html::purify($title).'</label></li>'.$nl; } $checklist .= '</ul>'; diff --git a/modules/forge/libraries/Form_Group.php b/modules/forge/libraries/Form_Group.php index 29eff510..e0601321 100644 --- a/modules/forge/libraries/Form_Group.php +++ b/modules/forge/libraries/Form_Group.php @@ -57,7 +57,7 @@ class Form_Group_Core extends Forge { { if ($label = $this->data['label']) { - return $this->data['label']; + return html::purify($this->data['label']); } } else diff --git a/modules/gallery/tests/Xss_Security_Test.php b/modules/gallery/tests/Xss_Security_Test.php index 7a6589bd..85624517 100644 --- a/modules/gallery/tests/Xss_Security_Test.php +++ b/modules/gallery/tests/Xss_Security_Test.php @@ -66,7 +66,7 @@ class Xss_Security_Test extends Unit_Test_Case { // of opening / closing tag count since it would be meaningless. // Handle multiple start / end blocks on the same line? - $opening_script_pos = $closing_script_pos = 0; + $opening_script_pos = $closing_script_pos = -1; if (preg_match_all('{</script>}i', $inline_html, $matches, PREG_OFFSET_CAPTURE)) { $last_match = array_pop($matches[0]); if (is_array($last_match)) { @@ -75,7 +75,7 @@ class Xss_Security_Test extends Unit_Test_Case { $closing_script_pos = $last_match; } } - if (preg_match('{<script\b[^>]*>}i', $inline_html, $matches, PREG_OFFSET_CAPTURE)) { + if (preg_match_all('{<script\b[^>]*>}i', $inline_html, $matches, PREG_OFFSET_CAPTURE)) { $last_match = array_pop($matches[0]); if (is_array($last_match)) { $opening_script_pos = $last_match[1]; diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt index fa1f8cdf..7e536e90 100644 --- a/modules/gallery/tests/xss_data.txt +++ b/modules/gallery/tests/xss_data.txt @@ -50,7 +50,7 @@ modules/gallery/views/admin_block_news.html.php 5 DIRTY $entry modules/gallery/views/admin_block_news.html.php 7 DIRTY text::limit_words(strip_tags($entry["description"]),25); modules/gallery/views/admin_block_photo_stream.html.php 6 DIRTY photo::img_dimensions($photo->width,$photo->height,72) modules/gallery/views/admin_block_photo_stream.html.php 7 DIRTY_ATTR $photo->thumb_url() -modules/gallery/views/admin_dashboard.html.php 5 DIRTY $csrf +modules/gallery/views/admin_dashboard.html.php 5 DIRTY_JS $csrf modules/gallery/views/admin_dashboard.html.php 35 DIRTY $blocks modules/gallery/views/admin_graphics.html.php 22 DIRTY newView("admin_graphics_none.html") modules/gallery/views/admin_graphics.html.php 24 DIRTY newView("admin_graphics_$active.html",array("tk"=>$tk->$active,"is_active"=>true)) @@ -88,6 +88,7 @@ modules/gallery/views/admin_maintenance.html.php 146 DIRTY_ATTR $tas modules/gallery/views/admin_maintenance.html.php 147 DIRTY gallery::date_time($task->updated) modules/gallery/views/admin_maintenance.html.php 150 DIRTY $task->name modules/gallery/views/admin_maintenance.html.php 162 DIRTY $task->status +modules/gallery/views/admin_maintenance_show_log.html.php 8 DIRTY_JS url::site("admin/maintenance/save_log/$task->id?csrf=$csrf") modules/gallery/views/admin_maintenance_show_log.html.php 13 DIRTY $task->name modules/gallery/views/admin_maintenance_task.html.php 55 DIRTY $task->name modules/gallery/views/admin_modules.html.php 9 DIRTY access::csrf_form_field() @@ -95,7 +96,8 @@ modules/gallery/views/admin_modules.html.php 19 DIRTY_ATTR ($i% modules/gallery/views/admin_modules.html.php 22 DIRTY form::checkbox($data,'1',module::is_active($module_name)) modules/gallery/views/admin_modules.html.php 24 DIRTY $module_info->version modules/gallery/views/admin_theme_options.html.php 5 DIRTY $form -modules/gallery/views/admin_themes.html.php 5 DIRTY $csrf +modules/gallery/views/admin_themes.html.php 3 DIRTY_JS url::site("admin/themes/choose") +modules/gallery/views/admin_themes.html.php 5 DIRTY_JS $csrf modules/gallery/views/admin_themes.html.php 20 DIRTY $themes[$site]->name modules/gallery/views/admin_themes.html.php 22 DIRTY $themes[$site]->description modules/gallery/views/admin_themes.html.php 36 DIRTY $info->name @@ -123,6 +125,7 @@ modules/gallery/views/l10n_client.html.php 58 DIRTY form:: modules/gallery/views/l10n_client.html.php 62 DIRTY form::textarea("l10n-edit-plural-translation-many","",' rows="2"') modules/gallery/views/l10n_client.html.php 67 DIRTY form::textarea("l10n-edit-plural-translation-other","",' rows="2"') modules/gallery/views/maintenance.html.php 46 DIRTY user::get_login_form("login/auth_html") +modules/gallery/views/move_browse.html.php 4 DIRTY_JS url::site("move/show_sub_tree/{$source->id}/__TARGETID__") modules/gallery/views/move_browse.html.php 39 DIRTY $tree modules/gallery/views/move_browse.html.php 43 DIRTY access::csrf_form_field() modules/gallery/views/move_tree.html.php 2 DIRTY $parent->thumb_img(array(),25); @@ -134,7 +137,11 @@ modules/gallery/views/move_tree.html.php 11 DIRTY $child modules/gallery/views/move_tree.html.php 13 DIRTY_JS $child->id modules/gallery/views/move_tree.html.php 15 DIRTY_JS $child->id modules/gallery/views/movieplayer.html.php 2 DIRTY html::anchor($item->file_url(true),"",$attrs) -modules/gallery/views/movieplayer.html.php 5 DIRTY $attrs["id"] +modules/gallery/views/movieplayer.html.php 5 DIRTY_JS $attrs["id"] +modules/gallery/views/movieplayer.html.php 7 DIRTY_JS url::abs_file("lib/flowplayer.swf") +modules/gallery/views/movieplayer.html.php 13 DIRTY_JS url::abs_file("lib/flowplayer.h264streaming.swf") +modules/gallery/views/permissions_browse.html.php 3 DIRTY_JS url::site("permissions/form/__ITEM__") +modules/gallery/views/permissions_browse.html.php 16 DIRTY_JS url::site("permissions/change/__CMD__/__GROUP__/__PERM__/__ITEM__?csrf=$csrf") modules/gallery/views/permissions_browse.html.php 41 DIRTY_ATTR $parent->id modules/gallery/views/permissions_browse.html.php 42 DIRTY_JS $parent->id modules/gallery/views/permissions_browse.html.php 47 DIRTY_ATTR $item->id @@ -181,6 +188,10 @@ modules/notification/views/item_deleted.html.php 18 DIRTY_JS $item- modules/notification/views/item_deleted.html.php 19 DIRTY $item->parent()->url(array(),true) modules/notification/views/item_updated.html.php 20 DIRTY_JS $item->url(array(),true) modules/notification/views/item_updated.html.php 20 DIRTY $item->url(array(),true) +modules/organize/views/organize_dialog.html.php 3 DIRTY_JS url::site("organize/move_to/__ALBUM_ID__?csrf=$csrf") +modules/organize/views/organize_dialog.html.php 4 DIRTY_JS url::site("organize/rearrange/__TARGET_ID__/__BEFORE__?csrf=$csrf") +modules/organize/views/organize_dialog.html.php 5 DIRTY_JS url::site("organize/sort_order/__ALBUM_ID__/__COL__/__DIR__?csrf=$csrf") +modules/organize/views/organize_dialog.html.php 6 DIRTY_JS url::site("organize/tree/__ALBUM_ID__") modules/organize/views/organize_dialog.html.php 22 DIRTY $album_tree modules/organize/views/organize_dialog.html.php 29 DIRTY $micro_thumb_grid modules/organize/views/organize_dialog.html.php 37 DIRTY form::dropdown(array("id"=>"gOrganizeSortColumn"),album::get_sort_order_options(),$album->sort_column) @@ -189,6 +200,7 @@ modules/organize/views/organize_thumb_grid.html.php 3 DIRTY_ATTR $chi modules/organize/views/organize_thumb_grid.html.php 4 DIRTY_ATTR $child->id modules/organize/views/organize_thumb_grid.html.php 5 DIRTY_ATTR $child->is_album()?"gAlbum":"gPhoto" modules/organize/views/organize_thumb_grid.html.php 6 DIRTY $child->thumb_img(array("class"=>"gThumbnail","ref"=>$child->id),90,true) +modules/organize/views/organize_thumb_grid.html.php 14 DIRTY_JS url::site("organize/content/$album->id/".($offset+25)) modules/organize/views/organize_tree.html.php 2 DIRTY_ATTR access::can("edit",$album)?"":"gViewOnly" modules/organize/views/organize_tree.html.php 3 DIRTY_ATTR $album->id modules/organize/views/organize_tree.html.php 6 DIRTY_ATTR $selected&&$album->id==$selected->id?"selected":"" @@ -198,8 +210,8 @@ modules/organize/views/organize_tree.html.php 15 DIRTY_ATTR acce modules/organize/views/organize_tree.html.php 16 DIRTY_ATTR $child->id modules/organize/views/organize_tree.html.php 19 DIRTY_ATTR $child->id modules/recaptcha/views/admin_recaptcha.html.php 10 DIRTY $form -modules/recaptcha/views/admin_recaptcha.html.php 23 DIRTY $public_key -modules/recaptcha/views/form_recaptcha.html.php 7 DIRTY $public_key +modules/recaptcha/views/admin_recaptcha.html.php 23 DIRTY_JS $public_key +modules/recaptcha/views/form_recaptcha.html.php 7 DIRTY_JS $public_key modules/rss/views/feed.mrss.php 10 DIRTY $feed->uri modules/rss/views/feed.mrss.php 13 DIRTY_JS $feed->uri modules/rss/views/feed.mrss.php 16 DIRTY_JS $feed->previous_page_uri @@ -239,14 +251,19 @@ modules/server_add/views/admin_server_add.html.php 15 DIRTY_ATTR $id modules/server_add/views/admin_server_add.html.php 24 DIRTY $form modules/server_add/views/server_add_tree.html.php 12 DIRTY_JS html::js_string($dir) modules/server_add/views/server_add_tree.html.php 20 DIRTY_ATTR is_dir($file)?"ui-icon-folder-collapsed":"ui-icon-document" +modules/server_add/views/server_add_tree_dialog.html.php 3 DIRTY_JS url::site("server_add/children?path=__PATH__") +modules/server_add/views/server_add_tree_dialog.html.php 4 DIRTY_JS url::site("server_add/start?item_id={$item->id}&csrf=$csrf") modules/server_add/views/server_add_tree_dialog.html.php 23 DIRTY $tree -modules/tag/views/admin_tags.html.php 13 DIRTY $csrf +modules/tag/views/admin_tags.html.php 13 DIRTY_JS $csrf modules/tag/views/admin_tags.html.php 50 DIRTY_ATTR $tag->id modules/tag/views/admin_tags.html.php 51 DIRTY $tag->count modules/tag/views/tag_block.html.php 15 DIRTY $cloud modules/tag/views/tag_block.html.php 17 DIRTY $form modules/tag/views/tag_cloud.html.php 4 DIRTY_ATTR (int)(($tag->count/$max_count)*7) modules/tag/views/tag_cloud.html.php 5 DIRTY $tag->count +modules/user/views/admin_users.html.php 3 DIRTY_JS url::site("admin/users/add_user_to_group/__USERID__/__GROUPID__?csrf=$csrf") +modules/user/views/admin_users.html.php 26 DIRTY_JS url::site("admin/users/group/__GROUPID__") +modules/user/views/admin_users.html.php 36 DIRTY_JS url::site("admin/users/remove_user_from_group/__USERID__/__GROUPID__?csrf=$csrf") modules/user/views/admin_users.html.php 67 DIRTY_ATTR $user->id modules/user/views/admin_users.html.php 67 DIRTY_ATTR text::alternate("gOddRow","gEvenRow") modules/user/views/admin_users.html.php 67 DIRTY_ATTR $user->admin?"admin":"" @@ -258,6 +275,7 @@ modules/user/views/admin_users.html.php 121 DIRTY_ATTR ($gr modules/user/views/admin_users.html.php 123 DIRTY $v modules/user/views/admin_users_group.html.php 22 DIRTY_JS $user->id modules/user/views/admin_users_group.html.php 22 DIRTY_JS $group->id +modules/user/views/login_ajax.html.php 6 DIRTY_JS url::site("password/reset") modules/user/views/login_ajax.html.php 37 DIRTY $form modules/watermark/views/admin_watermarks.html.php 19 DIRTY_ATTR $width modules/watermark/views/admin_watermarks.html.php 19 DIRTY_ATTR $height diff --git a/modules/gallery/views/admin_dashboard.html.php b/modules/gallery/views/admin_dashboard.html.php index a2d22ab6..148de65f 100644 --- a/modules/gallery/views/admin_dashboard.html.php +++ b/modules/gallery/views/admin_dashboard.html.php @@ -1,7 +1,7 @@ <?php defined("SYSPATH") or die("No direct script access.") ?> <script type="text/javascript"> update_blocks = function() { - $.get("<?= url::site("admin/dashboard/reorder") ?>", + $.get(<?= html::js_string(url::site("admin/dashboard/reorder")) ?>, {"csrf": "<?= $csrf ?>", "dashboard_center[]": $("#gAdminDashboard").sortable( "toArray", {attribute: "block_id"}), diff --git a/modules/gallery/views/admin_graphics.html.php b/modules/gallery/views/admin_graphics.html.php index c4a2f5c6..f64c7f80 100644 --- a/modules/gallery/views/admin_graphics.html.php +++ b/modules/gallery/views/admin_graphics.html.php @@ -3,7 +3,7 @@ $(document).ready(function() { select_toolkit = function(el) { if (!$(this).hasClass("gUnavailable")) { - window.location = '<?= url::site("admin/graphics/choose/__TK__?csrf=$csrf") ?>' + window.location = <?= html::js_string(url::site("admin/graphics/choose/__TK__?csrf=$csrf")) ?> .replace("__TK__", $(this).attr("id")); } }; diff --git a/modules/gallery/views/admin_maintenance_task.html.php b/modules/gallery/views/admin_maintenance_task.html.php index bfc6ef44..ddd5bd17 100644 --- a/modules/gallery/views/admin_maintenance_task.html.php +++ b/modules/gallery/views/admin_maintenance_task.html.php @@ -28,7 +28,7 @@ update = function() { $.ajax({ - url: "<?= url::site("admin/maintenance/run/$task->id?csrf=$csrf") ?>", + url: <?= html::js_string(url::site("admin/maintenance/run/$task->id?csrf=$csrf")) ?>, dataType: "json", success: function(data) { target_value = data.task.percent_complete; diff --git a/modules/recaptcha/views/admin_recaptcha.html.php b/modules/recaptcha/views/admin_recaptcha.html.php index 43b4da8a..35722be4 100644 --- a/modules/recaptcha/views/admin_recaptcha.html.php +++ b/modules/recaptcha/views/admin_recaptcha.html.php @@ -4,7 +4,7 @@ <p> <?= t("reCAPTCHA is a free CAPTCHA service that helps to digitize books, newspapers and old time radio shows. In order to use it, you need to sign up for a <a href=\"%domain_url\">reCAPTCHA Public/Private Key pair</a>, which is also free. Once registered, the challenge and response strings are evaluated at <a href=\"%recaptcha_url\">recaptcha.net</a> to determine if the form content has been entered by a bot.", array("domain_url" => $form->get_key_url, - "recaptcha_url" => "http://recaptcha.net")) ?> + "recaptcha_url" => html::mark_safe("http://recaptcha.net"))) ?> </p> <?= $form ?> @@ -23,7 +23,7 @@ Recaptcha.create("<?= $public_key ?>", "gRecaptcha", { callback: Recaptcha.focus_response_field, lang: "en", - custom_translations : { instructions_visual : "<?= t("Type words to check:") ?>"}, + custom_translations : { instructions_visual : <?= t("Type words to check:")->for_js() ?>}, theme: "white" }); </script> diff --git a/modules/recaptcha/views/form_recaptcha.html.php b/modules/recaptcha/views/form_recaptcha.html.php index d4031586..4ec04c49 100644 --- a/modules/recaptcha/views/form_recaptcha.html.php +++ b/modules/recaptcha/views/form_recaptcha.html.php @@ -8,7 +8,7 @@ "gRecaptcha", { theme: "white", - custom_translations : { instructions_visual : "<?= t("Type words to check:") ?>"}, + custom_translations : { instructions_visual : <?= t("Type words to check:")->for_js() ?>}, callback: Recaptcha.focus_response_field } ); diff --git a/modules/tag/js/tag.js b/modules/tag/js/tag.js index 61ac73f4..aaae9e72 100644 --- a/modules/tag/js/tag.js +++ b/modules/tag/js/tag.js @@ -27,18 +27,24 @@ function closeEditInPlaceForms() { } } +function str_replace(search_term, replacement, string) { + var temp = string.split(search_term); + return temp.join(replacement); +} + function editInPlace(element) { closeEditInPlaceForms(); // create edit form var tag_id = $(this).attr('id').substr(5); - var tag_name = $(this).text(); + var tag_name = $(this).html(); var tag_width = $(this).width(); $(this).parent().data("revert", $(this).parent().html()); var form = '<form id="gRenameTagForm" method="post" class="ui-helper-clearfix" '; form += 'action="' + TAG_RENAME_URL.replace('__ID__', tag_id) + '">'; form += '<input name="csrf" type="hidden" value="' + csrf_token + '" />'; - form += '<input id="name" name="name" type="text" class="textbox" value="' + tag_name + '" />'; + form += '<input id="name" name="name" type="text" class="textbox" value="' + + str_replace('"', """, tag_name) + '" />'; form += '<input type="submit" class="submit ui-state-default ui-corner-all" value="' + save_i18n + '" i/>'; form += '<a href="#">' + cancel_i18n + '</a>'; form += '</form>'; diff --git a/modules/tag/views/admin_tags.html.php b/modules/tag/views/admin_tags.html.php index 3d805c5e..8f3693aa 100644 --- a/modules/tag/views/admin_tags.html.php +++ b/modules/tag/views/admin_tags.html.php @@ -1,9 +1,9 @@ <?php defined("SYSPATH") or die("No direct script access.") ?> <script> - var TAG_RENAME_URL = "<?= url::site("admin/tags/rename/__ID__") ?>"; + var TAG_RENAME_URL = <?= html::js_string(url::site("admin/tags/rename/__ID__")) ?>; $("document").ready(function() { // using JS for adding link titles to avoid running t() for each tag - $("#gTagAdmin .tag-name").attr("title", "<?= t("Click to edit this tag") ?>"); + $("#gTagAdmin .tag-name").attr("title", <?= t("Click to edit this tag")->for_js() ?>); $("#gTagAdmin .delete-link").attr("title", $(".delete-link:first span").html()); // In-place editing for tag admin @@ -11,8 +11,8 @@ }); // make some values available within tag.js var csrf_token = "<?= $csrf ?>"; - var save_i18n = '<?= t("save") ?>'; - var cancel_i18n = '<?= t("cancel") ?>'; + var save_i18n = <?= html::js_string(t("save")->for_html_attr()) ?>; + var cancel_i18n = <?= html::js_string(t("cancel")->for_html_attr()) ?>; </script> <div class="gBlock"> <h2> diff --git a/modules/user/views/login_ajax.html.php b/modules/user/views/login_ajax.html.php index d697c958..56bc1cbd 100644 --- a/modules/user/views/login_ajax.html.php +++ b/modules/user/views/login_ajax.html.php @@ -6,7 +6,7 @@ url: "<?= url::site("password/reset") ?>", success: function(data) { $("div#gLoginView").html(data); - $("#ui-dialog-title-gDialog").text("<?= t("Reset Password") ?>"); + $("#ui-dialog-title-gDialog").html(<?= t("Reset Password")->for_js() ?>); ajaxify_login_reset_form(); } }); diff --git a/system/helpers/form.php b/system/helpers/form.php index ce8767c5..815eef84 100644 --- a/system/helpers/form.php +++ b/system/helpers/form.php @@ -283,15 +283,21 @@ class form_Core { // Inner key should always be a string $inner_key = (string) $inner_key; - $sel = in_array($inner_key, $selected) ? ' selected="selected"' : ''; - $input .= '<option value="'.$inner_key.'"'.$sel.'>'.$inner_val.'</option>'."\n"; + $attr = array('value' => $inner_key); + if (in_array($inner_key, $selected)) { + $attr['selected'] = 'selected'; + } + $input .= '<option '.html::attributes($attr).'>'.html::purify($inner_val).'</option>'."\n"; } $input .= '</optgroup>'."\n"; } else { - $sel = in_array($key, $selected) ? ' selected="selected"' : ''; - $input .= '<option value="'.$key.'"'.$sel.'>'.$val.'</option>'."\n"; + $attr = array('value' => $key); + if (in_array($key, $selected)) { + $attr['selected'] = 'selected'; + } + $input .= '<option '.html::attributes($attr).'>'.html::purify($val).'</option>'."\n"; } } $input .= '</select>'; @@ -410,8 +416,9 @@ class form_Core { { $value = arr::remove('value', $data); } + // $value must be ::purify - return '<button'.form::attributes($data, 'button').' '.$extra.'>'.$value.'</button>'; + return '<button'.form::attributes($data, 'button').' '.$extra.'>'.html::purify($value).'</button>'; } /** @@ -455,7 +462,7 @@ class form_Core { $text = ucwords(inflector::humanize($data['for'])); } - return '<label'.form::attributes($data).' '.$extra.'>'.$text.'</label>'; + return '<label'.form::attributes($data).' '.$extra.'>'.html::purify($text).'</label>'; } /** |