Avatar

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register
CRITICAL SECURITY VERSION UPDATE:
https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.4.13

rwestergren

About

Username
rwestergren
Joined
Visits
13
Last Active
Roles
Member

Comments

  • Form field: $fields['myfield_upload'] = array('type' => 'file', 'upload_path' => $this->upload_path, 'overwrite' => TRUE, 'after_html' => $file_after_html, 'order' => 1000, 'label' => 'File', 'filename' …
    in Module File Uploads Comment by rwestergren September 2011
  • This function does not properly escape/prepare text containing double quotes for editing in a standard input element of a form. public static function prep($str, $double_encode = TRUE) { $str = (string) $str; if ($double_encode) { $s…
    in safe_htmlentities() Comment by rwestergren September 2011
  • In the fuel/application/libraries/Form.php, line 431
    in safe_htmlentities() Comment by rwestergren September 2011
  • I came across this thread when looking into an issue with displaying double quotes in a normal input field. In the prep function, shouldn't the correct line be: $str = htmlspecialchars($str, ENT_QUOTES, 'UTF-8', FALSE); This will then correctly …
    in safe_htmlentities() Comment by rwestergren September 2011