Revision 8ec9cba4
Added by Jim Pingle over 12 years ago
| usr/local/www/wizard.php | ||
|---|---|---|
| 304 | 304 |
<?php } ?> |
| 305 | 305 |
|
| 306 | 306 |
<form action="wizard.php" method="post" name="iform" id="iform"> |
| 307 |
<input type="hidden" name="xml" value="<?= $xml ?>">
|
|
| 308 |
<input type="hidden" name="stepid" value="<?= $stepid ?>">
|
|
| 307 |
<input type="hidden" name="xml" value="<?= htmlspecialchars($xml) ?>">
|
|
| 308 |
<input type="hidden" name="stepid" value="<?= htmlspecialchars($stepid) ?>">
|
|
| 309 | 309 |
|
| 310 | 310 |
<center> |
| 311 | 311 |
|
| ... | ... | |
| 390 | 390 |
if(!$field['dontcombinecells']) |
| 391 | 391 |
echo "<td class=\"vtable\">\n"; |
| 392 | 392 |
|
| 393 |
echo "<input class='formfld unknown' id='" . $name . "' name='" . $name . "' value='" . $value . "'";
|
|
| 393 |
echo "<input class='formfld unknown' id='" . $name . "' name='" . $name . "' value='" . htmlspecialchars($value) . "'";
|
|
| 394 | 394 |
if($field['size']) |
| 395 | 395 |
echo " size='" . $field['size'] . "' "; |
| 396 | 396 |
if($field['validate']) |
| ... | ... | |
| 421 | 421 |
echo "<td class=\"vtable\">\n"; |
| 422 | 422 |
|
| 423 | 423 |
$inputaliases[] = $name; |
| 424 |
echo "<input class='formfldalias' autocomplete='off' class='formfldalias' id='" . $name . "' name='" . $name . "' value='" . $value . "'";
|
|
| 424 |
echo "<input class='formfldalias' autocomplete='off' class='formfldalias' id='" . $name . "' name='" . $name . "' value='" . htmlspecialchars($value) . "'";
|
|
| 425 | 425 |
if($field['size']) |
| 426 | 426 |
echo " size='" . $field['size'] . "' "; |
| 427 | 427 |
if($field['validate']) |
| ... | ... | |
| 494 | 494 |
} |
| 495 | 495 |
if(!$field['dontcombinecells']) |
| 496 | 496 |
echo "<td class=\"vtable\">"; |
| 497 |
echo "<input class='formfld pwd' id='" . $name . "' name='" . $name . "' value='" . $value . "' type='password' ";
|
|
| 497 |
echo "<input class='formfld pwd' id='" . $name . "' name='" . $name . "' value='" . htmlspecialchars($value) . "' type='password' ";
|
|
| 498 | 498 |
if($field['size']) |
| 499 | 499 |
echo " size='" . $field['size'] . "' "; |
| 500 | 500 |
echo ">\n"; |
| ... | ... | |
| 650 | 650 |
case "submit": |
| 651 | 651 |
echo "<td> <br></td></tr>"; |
| 652 | 652 |
echo "<tr><td colspan='2'><center>"; |
| 653 |
echo "<input type='submit' name='" . $name . "' value='" . $field['name'] . "'>\n";
|
|
| 653 |
echo "<input type='submit' name='" . $name . "' value='" . htmlspecialchars($field['name']) . "'>\n";
|
|
| 654 | 654 |
|
| 655 | 655 |
if($field['description'] <> "") {
|
| 656 | 656 |
echo "<br /> " . $field['description']; |
Also available in: Unified diff
Still more encoding...