From cef6131ea8d9875da70516a523ee076e81257a09 Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@statuscode.ch>
Date: Thu, 28 Feb 2013 17:19:04 +0100
Subject: [PATCH] Sanitize HTML in html_select_options

---
 lib/template.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/template.php b/lib/template.php
index ce55e58d28..3c103c901c 100644
--- a/lib/template.php
+++ b/lib/template.php
@@ -147,7 +147,7 @@ function html_select_options($options, $selected, $params=array()) {
 			$label = $label[$label_name];
 		}
 		$select = in_array($value, $selected) ? ' selected="selected"' : '';
-		$html .= '<option value="' . $value . '"' . $select . '>' . $label . '</option>'."\n";
+		$html .= '<option value="' . OC_Util::sanitizeHTML($value) . '"' . $select . '>' . OC_Util::sanitizeHTML($label) . '</option>'."\n";
 	}
 	return $html;
 }
-- 
GitLab