« Previous | Next » 

Revision 18e8b999

ID18e8b9997c92f9a3ec290573977227aaefeac6d2
Parent c897a811
Child 7a4293af, 6eb4d430

Added by Christopher Hlubek over 7 years ago

[BUGFIX] Use htmlspecialchars to escape hidden query parameters in form

Query parameters from the action URI of a form are sent as hidden values
for the GET method. UTF-8 values were not handled correctly in PHP
versions below 5.4 because the htmlentities function was used to
escape attributes.

This change updates the function to htmlspecialchars that is used
everywhere else to escape output for HTML and doesn't show the described
problem.

Change-Id: I944ad1389092d97000acc89d591a0d05b887232d
Fixes: FLOW-13
Releases: 2.2, 2.1

  • added
  • modified
  • copied
  • renamed
  • deleted