From 1caeea6a6ebd068882e4fe0292bbda2f44283c3d Mon Sep 17 00:00:00 2001
From: Marius Burkard <m.burkard@pixcept.de>
Date: Fri, 29 Dec 2017 13:44:15 +0100
Subject: [PATCH] - fixed missing htmlentities on formtype SELECT in list
 entries

---
 interface/lib/classes/listform_actions.inc.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/interface/lib/classes/listform_actions.inc.php b/interface/lib/classes/listform_actions.inc.php
index 1bf615e857..b4366feaa6 100644
--- a/interface/lib/classes/listform_actions.inc.php
+++ b/interface/lib/classes/listform_actions.inc.php
@@ -180,7 +180,7 @@ class listform_actions {
 						$rec['_'.$key.'_'] = (strtolower($rec[$key]) == 'y')?'x16/tick_circle.png':'x16/cross_circle.png';
 					}
 					//* substitute value for select field
-					$rec[$key] = @$field['value'][$rec[$key]];
+					$rec[$key] = $app->functions->htmlentities(@$field['value'][$rec[$key]]);
 				}
 			}
 		}
-- 
GitLab