diff options
author | Andrew Dolgov <[email protected]> | 2021-02-16 15:36:40 +0300 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2021-02-16 15:36:40 +0300 |
commit | 627af2c236bf4a370a5d31641757b69d679513f6 (patch) | |
tree | 05912a2bf83e99bb7c3688c82d804c936a4fe182 | |
parent | 4f4e57bb26620ba6f4adcc413ff60b86fdeb158f (diff) |
amend previous to fix actual underlying problem (double escaping)
-rwxr-xr-x | classes/pref/filters.php | 8 | ||||
-rwxr-xr-x | include/controls.php | 2 |
2 files changed, 3 insertions, 7 deletions
diff --git a/classes/pref/filters.php b/classes/pref/filters.php index 36357234b..caefb1ea7 100755 --- a/classes/pref/filters.php +++ b/classes/pref/filters.php @@ -388,11 +388,9 @@ class Pref_Filters extends Handler_Protected { if (!$line["inverse"]) unset($line["inverse"]); unset($line["match_on"]); - $data = htmlspecialchars((string)json_encode($line)); - print "<li><input dojoType='dijit.form.CheckBox' type='checkbox' onclick='Lists.onRowChecked(this)'> <span onclick='App.dialogOf(this).editRule(this)'>".$this->_get_rule_name($line)."</span>". - \Controls\hidden_tag("rule[]", $data)."</li>"; + \Controls\hidden_tag("rule[]", (string)json_encode($line))."</li>"; } } @@ -430,11 +428,9 @@ class Pref_Filters extends Handler_Protected { unset($line["filter_id"]); unset($line["id"]); - $data = htmlspecialchars((string)json_encode($line)); - print "<li><input dojoType='dijit.form.CheckBox' type='checkbox' onclick='Lists.onRowChecked(this)'> <span onclick='App.dialogOf(this).editAction(this)'>".$this->_get_action_name($line)."</span>". - \Controls\hidden_tag("action[]", $data)."</li>"; + \Controls\hidden_tag("action[]", (string)json_encode($line))."</li>"; } } diff --git a/include/controls.php b/include/controls.php index 6d3cfc417..b351a9449 100755 --- a/include/controls.php +++ b/include/controls.php @@ -61,7 +61,7 @@ function hidden_tag(string $name, string $value) { return "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" - name=\"".htmlspecialchars($name)."\" value=\"$value\">"; + name=\"".htmlspecialchars($name)."\" value=\"".htmlspecialchars($value)."\">"; } function checkbox_tag(string $name, bool $checked = false, string $value = "", string $attributes = "", string $id = "") { |