« Previous | Next » 

Revision aa812026

IDaa81202607152c849bedd1fad8f8463c860a7a6a
Parent 6440e138
Child 9744e768, 0d782574

Added by Christopher Hlubek over 7 years ago

[BUGFIX] Use htmlspecialchars to escape hidden query parameters in form

Query parameters from the action URI of a form are sent as hidden values
for the GET method. UTF-8 values were not handled correctly in PHP
versions below 5.4 because the htmlentities function was used to
escape attributes.

This change updates the function to htmlspecialchars that is used
everywhere else to escape output for HTML and doesn't show the described
problem.

Change-Id: I944ad1389092d97000acc89d591a0d05b887232d
Fixes: FLOW-13
Releases: 2.2, 2.1

  • added
  • modified
  • copied
  • renamed
  • deleted