From 1ebaa416be9ffd7b2d05f13f5d96cb695019e8cf Mon Sep 17 00:00:00 2001
From: pdontthink <pdontthink@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Date: Sun, 11 Sep 2011 12:26:58 +0000
Subject: [PATCH 1/1] Temporarily sanitize output in wrong place

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14145 7612ce4b-ef26-0410-bec9-ea0150e637f0
---
 templates/default/input.tpl | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/templates/default/input.tpl b/templates/default/input.tpl
index 148c58c0..5e0400f2 100644
--- a/templates/default/input.tpl
+++ b/templates/default/input.tpl
@@ -28,7 +28,8 @@ extract($t);
 
 echo '<input type="' . $type . '"';
 foreach ($aAttribs as $key => $value) {
-    echo ' ' . $key . (is_null($value) ? '' : '="' . $value . '"');
+//TODO: see the FIXME tag on line 68 of functions/forms.php - the htmlspecialchars() below should be migrated to the template class
+    echo ' ' . $key . (is_null($value) ? '' : '="' . htmlspecialchars($value) . '"');
 }
 echo ' />';
 
-- 
2.25.1