clean up post parameter values before use

rottaran · rottaran · commit 831195c4d6cd · 2018-01-03T00:36:37.000+01:00
diff --git a/action/edit.php b/action/edit.php
@@ -97,7 +97,7 @@ protected function createForm($tablename) {
             $label = $field->getColumn()->getLabel();
             if(isset($postdata[$label])) {
                 // posted data trumps stored data
-                $field->setValue($postdata[$label], true);
+                $field->setValue(cleanText($postdata[$label]), true);
             }
             $html .= $this->makeField($field, self::$VAR . "[$tablename][$label]");
         }

Original file line number	Diff line number	Diff line change
`@@ -97,7 +97,7 @@ protected function createForm($tablename) {`
`97`	`97`	`$label = $field->getColumn()->getLabel();`
`98`	`98`	`if(isset($postdata[$label])) {`
`99`	`99`	`// posted data trumps stored data`
`100`		`- $field->setValue($postdata[$label], true);`
	`100`	`+ $field->setValue(cleanText($postdata[$label]), true);`
`101`	`101`	`}`
`102`	`102`	`$html .= $this->makeField($field, self::$VAR . "[$tablename][$label]");`
`103`	`103`	`}`