Index: src/include/lib/Garradin/Template.php
==================================================================
--- src/include/lib/Garradin/Template.php
+++ src/include/lib/Garradin/Template.php
@@ -524,27 +524,27 @@
}
return $out;
}
-function tpl_display_champ_membre ($v, $config)
+function tpl_display_champ_membre($v, $config)
{
if ($config['type'] == 'checkbox')
{
return $v ? 'Oui' : 'Non';
}
elseif ($config['type'] == 'email')
{
- return '' . $v . '';
+ return '' . htmlspecialchars($v) . '';
}
elseif ($config['type'] == 'tel')
{
- return '' . $v . '';
+ return '' . htmlspecialchars($v) . '';
}
elseif ($config['type'] == 'url')
{
- return '' . $v . '';
+ return '' . htmlspecialchars($v) . '';
}
elseif ($config['type'] == 'country')
{
return Utils::getCountryName($v);
}
@@ -560,11 +560,11 @@
return implode(', ', $out);
}
else
{
- return $v;
+ return htmlspecialchars($v);
}
}
$tpl->register_function('csrf_field', 'Garradin\tpl_csrf_field');
$tpl->register_function('form_field', 'Garradin\tpl_form_field');