Variables/Modules: Replace url encoding in select box options.

2019-12-31 07:19:51 -07:00 · 2019-12-31 07:19:51 -07:00 · 0c0c4c5f36
parent e299031c17
commit 0c0c4c5f36
2 changed files with 4 additions and 4 deletions
--- a/app/vars/vars.php
+++ b/app/vars/vars.php
@ -233,7 +233,7 @@
 				echo $text['label-'.$row['var_enabled']];
 			}
 			echo "	</td>\n";
-			echo "	<td class='description overflow hide-sm-dn'>".escape($row['var_description'])."</td>\n";
+			echo "	<td class='description overflow hide-sm-dn'>".escape(base64_decode($row['var_description']))."</td>\n";
 			if (permission_exists('var_edit') && $_SESSION['theme']['list_row_edit_button']['boolean'] == 'true') {
 				echo "	<td class='action-button'>\n";
 				echo button::create(['type'=>'button','title'=>$text['button-edit'],'icon'=>$_SESSION['theme']['button_icon_edit'],'link'=>$list_row_url]);
--- a/resources/functions.php
+++ b/resources/functions.php
@ -301,9 +301,9 @@

 			$html = "<table border='0' cellpadding='1' cellspacing='0'>\n";
 			$html .= "<tr>\n";
-			$html .= "<td id=\"cell".urlencode($field_name)."1\">\n";
+			$html .= "<td id=\"cell".escape($field_name)."1\">\n";
 			$html .= "\n";
-			$html .= "<select id=\"".urlencode($field_name)."\" name=\"".urlencode($field_name)."\" class='formfld' onchange=\"if (document.getElementById('".$field_name."').value == 'Other') { /*enabled*/ document.getElementById('".$field_name."_other').style.display=''; document.getElementById('".$field_name."_other').className='formfld'; document.getElementById('".$field_name."_other').focus(); } else { /*disabled*/ document.getElementById('".$field_name."_other').value = ''; document.getElementById('".$field_name."_other').style.display='none'; } \">\n";
+			$html .= "<select id=\"".escape($field_name)."\" name=\"".escape($field_name)."\" class='formfld' onchange=\"if (document.getElementById('".$field_name."').value == 'Other') { /*enabled*/ document.getElementById('".$field_name."_other').style.display=''; document.getElementById('".$field_name."_other').className='formfld'; document.getElementById('".$field_name."_other').focus(); } else { /*disabled*/ document.getElementById('".$field_name."_other').value = ''; document.getElementById('".$field_name."_other').style.display='none'; } \">\n";
 			$html .= "<option value=''></option>\n";

 			$sql = "select distinct(".$field_name.") as ".$field_name." ";
@ -313,7 +313,7 @@
 			if (is_array($result) && @sizeof($result) != 0) {
 				foreach($result as $field) {
 					if (strlen($field[$field_name]) > 0) {
-						$html .= "<option value=\"".urlencode($field[$field_name])."\" ".($field_current_value == $field[$field_name] ? "selected='selected'" : null).">".urlencode($field[$field_name])."</option>\n";
+						$html .= "<option value=\"".escape($field[$field_name])."\" ".($field_current_value == $field[$field_name] ? "selected='selected'" : null).">".escape($field[$field_name])."</option>\n";
 					}
 				}
 			}