Commit 4ff21871 authored by Leigh Stoller's avatar Leigh Stoller

Add ENT_QUOTES to htmlspecialchars() calls so that all quotes are

escaped.
parent aba1120b
......@@ -131,7 +131,7 @@ if ($approval == "postpone") {
echo "<input type=hidden name=pcplab_okay value=$pcplab_okay>\n";
echo "<input type=hidden name=ron_okay value=$ron_okay>\n";
echo "<input type=hidden name=message value='".
htmlspecialchars($message) . "'>\n";
htmlspecialchars($message, ENT_QUOTES) . "'>\n";
echo "<b><input type=submit name=back value=Back></b>\n";
echo "</form>\n";
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment