diff --git a/include/class.forms.php b/include/class.forms.php index ded5e766371c9b05c8a53e1db062b4a4c5629ac8..c3396edabb62f18089d60bdad28cc01951b4098a 100644 --- a/include/class.forms.php +++ b/include/class.forms.php @@ -1017,12 +1017,13 @@ class PhoneNumberWidget extends Widget { list($phone, $ext) = explode("X", $this->value); ?> <input type="text" name="<?php echo $this->name; ?>" value="<?php - echo $phone; ?>"/><?php + echo Format::htmlchars($phone); ?>"/><?php // Allow display of extension field even if disabled if the phone // number being edited has an extension if ($ext || $config['ext']) { ?> Ext: <input type="text" name="<?php - echo $this->name; ?>-ext" value="<?php echo $ext; ?>" size="5"/> + echo $this->name; ?>-ext" value="<?php echo Format::htmlchars($ext); + ?>" size="5"/> <?php } }