From 4a694b2a1e6519fabbfffa951e6e00e7607aa588 Mon Sep 17 00:00:00 2001
From: Jared Hancock <jared@osticket.com>
Date: Mon, 3 Feb 2014 11:41:45 -0600
Subject: [PATCH] Properly escape htmlchars in field errors

---
 include/staff/templates/dynamic-form.tmpl.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/staff/templates/dynamic-form.tmpl.php b/include/staff/templates/dynamic-form.tmpl.php
index cfe25a45a..b178b2fff 100644
--- a/include/staff/templates/dynamic-form.tmpl.php
+++ b/include/staff/templates/dynamic-form.tmpl.php
@@ -28,7 +28,7 @@
             }
             foreach ($field->errors() as $e) { ?>
                 <br />
-                <font class="error"><?php echo $e; ?></font>
+                <font class="error"><?php echo Format::htmlchars($e); ?></font>
             <?php } ?>
             </td>
         </tr>
-- 
GitLab