diff options
author | Andrey Andreev <narf@bofh.bg> | 2012-10-26 23:52:15 +0200 |
---|---|---|
committer | Andrey Andreev <narf@bofh.bg> | 2012-10-26 23:52:15 +0200 |
commit | 582ebcb3b7eebd12605804577710cf73f0362001 (patch) | |
tree | adb5ea8331cd45bf3654ba15e70ff18cd6f0f9ef /system/helpers/form_helper.php | |
parent | 74ffd17ab06327ca62ddfe28a186cae7ba6bd459 (diff) |
Fix #142
Diffstat (limited to 'system/helpers/form_helper.php')
-rw-r--r-- | system/helpers/form_helper.php | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/system/helpers/form_helper.php b/system/helpers/form_helper.php index d81bb7c08..a09cb36dd 100644 --- a/system/helpers/form_helper.php +++ b/system/helpers/form_helper.php @@ -298,10 +298,10 @@ if ( ! function_exists('form_dropdown')) /** * Drop-down Menu * - * @param string - * @param array - * @param string - * @param string + * @param mixed $name = '' + * @param mixed $options = array() + * @param mixed $selected = array() + * @param mixed $extra = array() * @return string */ function form_dropdown($name = '', $options = array(), $selected = array(), $extra = '') @@ -316,10 +316,7 @@ if ( ! function_exists('form_dropdown')) return form_dropdown($name['name'], $name['options'], $name['selected'], $name['extra']); } - if ( ! is_array($selected)) - { - $selected = array($selected); - } + is_array($selected) OR $selected = array($selected); // If no selected state was submitted we will attempt to set it automatically if (count($selected) === 0 && isset($_POST[$name])) @@ -352,14 +349,17 @@ if ( ! function_exists('form_dropdown')) foreach ($val as $optgroup_key => $optgroup_val) { $sel = in_array($optgroup_key, $selected) ? ' selected="selected"' : ''; - $form .= '<option value="'.$optgroup_key.'"'.$sel.'>'.(string) $optgroup_val."</option>\n"; + $form .= '<option value="'.html_escape($optgroup_key).'"'.$sel.'>' + .(string) $optgroup_val."</option>\n"; } $form .= "</optgroup>\n"; } else { - $form .= '<option value="'.$key.'"'.(in_array($key, $selected) ? ' selected="selected"' : '').'>'.(string) $val."</option>\n"; + $form .= '<option value="'.html_escape($key).'"' + .(in_array($key, $selected) ? ' selected="selected"' : '').'>' + .(string) $val."</option>\n"; } } |