ckp

[plewww.git] / planetlab / includes / plc_forms.php

diff --git a/planetlab/includes/plc_forms.php b/planetlab/includes/plc_forms.php
index 19052e9..e67a2fd 100644 (file)
--- a/planetlab/includes/plc_forms.php
+++ b/planetlab/includes/plc_forms.php
@@ -59,12 +59,13 @@ function plc_form_textarea_text ($name,$value,$cols,$rows) {
 }
  
 function plc_form_select_text ($name,$values,$label="") {
+  $encoded=htmlentities($label,ENT_QUOTES);
   $selector="";
   $selector.="<select name='$name'>";
   if ($label) 
-    $selector.="<option value=''>$label</option>";
+    $selector.="<option value=''>$encoded</option>";
   foreach ($values as $chunk) {
-    $display=$chunk['display'];
+    $display=htmlentities($chunk['display'],ENT_QUOTES);
     $value=$chunk['value'];
     $selector .= "<option value='$value'";
     if ($chunk['selected']) $selector .= " selected=selected";