Commits

kenjis  committed 2cd11ad

fix form_prep() XSS bug

  • Participants
  • Parent commits fe88182

Comments (0)

Files changed (1)

File system/helpers/form_helper.php

 		// @todo need to figure out a way to namespace this so
 		// that we know the *exact* field and not just one with
 		// the same name
-		if (isset($prepped_fields[$field_name]))
+		if (isset($prepped_fields[$field_name]) && $prepped_fields[$field_name] === $str)
 		{
 			return $str;
 		}
 
 		if ($field_name != '')
 		{
-			$prepped_fields[$field_name] = $field_name;
+			$prepped_fields[$field_name] = $str;
 		}
 
 		return $str;