« Previous | Next » 

Revision 8f41edf7

Parent 315f3753
Child 99f43ca5

Added by Christopher Hlubek over 7 years ago

[BUGFIX] Use htmlspecialchars to escape hidden query parameters in form

Query parameters from the action URI of a form are sent as hidden values
for the GET method. UTF-8 values were not handled correctly in PHP
versions below 5.4 because the htmlentities function was used to
escape attributes.

This change updates the function to htmlspecialchars that is used
everywhere else to escape output for HTML and doesn't show the described

Change-Id: I944ad1389092d97000acc89d591a0d05b887232d
Fixes: FLOW-13
Releases: 2.2, 2.1

  • added
  • modified
  • copied
  • renamed
  • deleted