Another fix for CVE-2020-35132 - closes #137, missed from #130

This commit is contained in:
Deon George 2023-04-02 00:25:47 +11:00
parent c84b2d6d91
commit 1650d6a921

View File

@ -556,7 +556,7 @@ class PageRender extends Visitor {
final protected function drawOldValueAttribute($attribute,$i) { final protected function drawOldValueAttribute($attribute,$i) {
if (DEBUGTMP) printf('<font size=-2>%s</font><br />',__METHOD__); if (DEBUGTMP) printf('<font size=-2>%s</font><br />',__METHOD__);
echo $attribute->getOldValue($i); echo htmlspecialchars($attribute->getOldValue($i));
} }
/** DRAW DISPLAYED CURRENT VALUES **/ /** DRAW DISPLAYED CURRENT VALUES **/