From 47cf96e03ce9ebfa29d4a5a71b82bd31ad3081ac Mon Sep 17 00:00:00 2001 From: NOYB Date: Tue, 15 Dec 2015 07:30:02 -0800 Subject: Applying htmlspecialchars on form action attribute causes ampersands to multiply, and also breaks multi-parameter query strings that are delimited with ampersands. --- src/usr/local/www/classes/Form.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/usr/local/www/classes/Form.class.php b/src/usr/local/www/classes/Form.class.php index 6f30f69..16865c0 100644 --- a/src/usr/local/www/classes/Form.class.php +++ b/src/usr/local/www/classes/Form.class.php @@ -54,7 +54,7 @@ class Form extends Form_Element $this->addGlobal($submit); if (!isset($this->_attributes['action'])) - $this->_attributes['action'] = htmlspecialchars($_SERVER['REQUEST_URI']); + $this->_attributes['action'] = $_SERVER['REQUEST_URI']; } public function add(Form_Section $section) -- cgit v1.1