Escaping values in Admin Setting Panel to prevent html to break the form.

2013-12-14 14:53:30 +01:00 · 2013-12-14 14:53:30 +01:00 · 9643f34183
commit 9643f34183
parent 6695d58401
1 changed files with 1 additions and 1 deletions
--- a/public/templates/mpos/admin/settings/default.tpl
+++ b/public/templates/mpos/admin/settings/default.tpl
@ -21,7 +21,7 @@
          {if $SETTINGS.$TAB[setting].type == 'select'}
            {html_options name="data[{$SETTINGS.$TAB[setting].name}]" options=$SETTINGS.$TAB[setting].options selected=$SETTINGS.$TAB[setting].value|default:$SETTINGS.$TAB[setting].default}
          {else if $SETTINGS.$TAB[setting].type == 'text'}
-            <input type="text" size="{$SETTINGS.$TAB[setting].size}" name="data[{$SETTINGS.$TAB[setting].name}]" value="{$SETTINGS.$TAB[setting].value|default:$SETTINGS.$TAB[setting].default}" />
+            <input type="text" size="{$SETTINGS.$TAB[setting].size}" name="data[{$SETTINGS.$TAB[setting].name}]" value="{$SETTINGS.$TAB[setting].value|default:$SETTINGS.$TAB[setting].default|escape:"html"}" />
          {else if $SETTINGS.$TAB[setting].type == 'textarea'}
          	<textarea name="data[{$SETTINGS.$TAB[setting].name}]" cols="{$SETTINGS.$TAB[setting].size|default:"1"}" rows="{$SETTINGS.$TAB[setting].height|default:"1"}">{$SETTINGS.$TAB[setting].value|default:$SETTINGS.$TAB[setting].default}</textarea>
          {else}