select: escape label

ext · ext · commit 35e8864ade28 · 2016-08-17T00:47:04.000+02:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,9 @@
+# 1.4.2
+
+## Bugfixes
+
+  - Select now escapes label again. (backported from 1.5)
+
 # 1.4.1
 
 ## Bugfixes
diff --git a/src/lib/FormSelect.php b/src/lib/FormSelect.php
@@ -68,7 +68,7 @@ public function add($value, $text, $attr=array()) {
 			$attr['selected'] = 'selected';
 		}
 		$attr['value'] = $value;
-
+		$text = htmlspecialchars($text);
 		$this->options[] = "<option " . $this->serialize_attr($attr) . ">$text</option>";
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -68,7 +68,7 @@ public function add($value, $text, $attr=array()) {`
`68`	`68`	`$attr['selected'] = 'selected';`
`69`	`69`	`}`
`70`	`70`	`$attr['value'] = $value;`
`71`		`-`
	`71`	`+ $text = htmlspecialchars($text);`
`72`	`72`	`$this->options[] = "<option " . $this->serialize_attr($attr) . ">$text</option>";`
`73`	`73`	`}`
`74`	`74`