From: Moritz Bunkus <m.bunkus@linet-services.de>
Date: Thu, 7 Jan 2010 09:41:29 +0000 (+0100)
Subject: Mehr Attribute HTML-escapen.
X-Git-Tag: release-2.6.2beta1~331^2~32
X-Git-Url: http://wagnertech.de/git?a=commitdiff_plain;h=47978b5b00f1f458b969acdde496ba2bdc78859f;p=kivitendo-erp.git

Mehr Attribute HTML-escapen.
---

diff --git a/SL/Template/Plugin/L.pm b/SL/Template/Plugin/L.pm
index 40e132a86..f044fc165 100644
--- a/SL/Template/Plugin/L.pm
+++ b/SL/Template/Plugin/L.pm
@@ -5,6 +5,11 @@ use Template::Plugin;
 
 use strict;
 
+sub _H {
+  my $string = shift;
+  return $::locale->quote_special_chars('HTML', $string);
+}
+
 sub new {
   my $class   = shift;
   my $context = shift;
@@ -20,7 +25,7 @@ sub attributes {
   while (my ($name, $value) = each %{ $options }) {
     next unless $name;
     $value ||= '';
-    push @result, "${name}=\"" . $::locale->quote_special_chars('HTML', $value) . '"';
+    push @result, _H($name) . '="' . _H($value) . '"';
   }
 
   return @result ? ' ' . join(' ', @result) : '';
@@ -67,7 +72,7 @@ sub options_for_select {
       my %attributes = ( value => $result[0] );
       $attributes{selected} = 'selected' if $options->{default} && ($options->{default} eq ($result[0] || ''));
 
-      push @tags, $self->html_tag('option', $result[1], \%attributes);
+      push @tags, $self->html_tag('option', _H($result[1]), \%attributes);
     }
   }