Adding "ESCAPE=HTML" to hidden input template variables in order to address bug 1919, "Form contents not escaped on login page"

Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-03-10 13:32:47 -05:00 · 2008-03-10 13:32:47 -05:00 · c55599974d
commit c55599974d
parent 1ce7cd7cbe
1 changed files with 1 additions and 1 deletions
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/auth.tmpl
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/auth.tmpl
@ -38,7 +38,7 @@
 <!-- login prompt time-->
 <form action="<!-- TMPL_VAR NAME="url" -->" method="post" name="loginform" id="loginform">
 <!-- TMPL_LOOP NAME="INPUTS" -->
-    <input type="hidden" name="<!-- TMPL_VAR NAME="name" -->" value="<!-- TMPL_VAR NAME="value" -->" />
+    <input type="hidden" name="<!-- TMPL_VAR NAME="name" -->" value="<!-- TMPL_VAR NAME="value" ESCAPE="html" -->" />
 <!-- /TMPL_LOOP -->
 <p><label>Username:<br />
 <input type="text" name="userid" id="userid" class="input focus" value="<!-- TMPL_VAR NAME="userid" -->" size="20" tabindex="1" /></label>