From 94c201f265c758fad38eb69c0a5878970119197a Mon Sep 17 00:00:00 2001
From: Andy Staudacher <andy.st@gmail.com>
Date: Tue, 1 Sep 2009 01:17:39 -0700
Subject: XSS escape in form helper and forge where missing.

---
 modules/forge/libraries/Form_Group.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'modules/forge/libraries/Form_Group.php')

diff --git a/modules/forge/libraries/Form_Group.php b/modules/forge/libraries/Form_Group.php
index 29eff510..e0601321 100644
--- a/modules/forge/libraries/Form_Group.php
+++ b/modules/forge/libraries/Form_Group.php
@@ -57,7 +57,7 @@ class Form_Group_Core extends Forge {
 		{
 			if ($label = $this->data['label'])
 			{
-				return $this->data['label'];
+				return html::purify($this->data['label']);
 			}
 		}
 		else
-- 
cgit v1.2.3