diff options
author | Andrew Dolgov <[email protected]> | 2010-11-09 13:14:59 +0300 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2010-11-09 13:15:26 +0300 |
commit | 10249c41b763a373926d9b1f78b7b8cef68e411b (patch) | |
tree | f969dd9850b6c6ad9db3896d81d06ad7824dd6ad /modules | |
parent | 3acc0da647b27a78d65c01ca98e6201d14b021c6 (diff) |
properly handle on-the-fly adding of labels
Diffstat (limited to 'modules')
-rw-r--r-- | modules/pref-filters.php | 8 | ||||
-rw-r--r-- | modules/pref-labels.php | 4 |
2 files changed, 6 insertions, 6 deletions
diff --git a/modules/pref-filters.php b/modules/pref-filters.php index c629f9c18..18d25a82f 100644 --- a/modules/pref-filters.php +++ b/modules/pref-filters.php @@ -523,14 +523,14 @@ $result = db_query($link, "SELECT caption FROM ttrss_labels2 WHERE owner_uid = '".$_SESSION["uid"]."' ORDER BY caption"); - print "<select default=\"$value\" name=\"$name\" style=\"$style\" - onchange=\"labelSelectOnChange(this)\" >"; + print "<select default=\"$value\" name=\"" . htmlspecialchars($name) . + "\" style=\"$style\" onchange=\"labelSelectOnChange(this)\" >"; while ($line = db_fetch_assoc($result)) { - $issel = ($line["caption"] == $value) ? "selected" : ""; + $issel = ($line["caption"] == $value) ? "selected=\"1\"" : ""; - print "<option $issel>" . $line["caption"] . "</option>"; + print "<option $issel>" . htmlspecialchars($line["caption"]) . "</option>"; } diff --git a/modules/pref-labels.php b/modules/pref-labels.php index d9cacecc3..73d6e583f 100644 --- a/modules/pref-labels.php +++ b/modules/pref-labels.php @@ -107,12 +107,12 @@ if ($output == "select") { header("Content-Type: text/xml"); - print "<rpc-reply><payload><![CDATA["; + print "<rpc-reply><payload>"; print_label_select($link, "select_label", $caption, ""); - print "]]></payload></rpc-reply>"; + print "</payload></rpc-reply>"; } } |