Index: t3lib/class.t3lib_tceforms.php
===================================================================
--- t3lib/class.t3lib_tceforms.php (revision 7427)
+++ t3lib/class.t3lib_tceforms.php (working copy)
@@ -1645,7 +1645,7 @@
$opt[]= '' . LF;
+ '>' . t3lib_div::deHSCentities(($p[0])) . '' . LF;
}
}
@@ -2027,7 +2027,7 @@
// Perform modification of the selected items array:
foreach($itemArray as $tk => $tv) {
$tvP = explode('|',$tv,2);
- $evalValue = rawurldecode($tvP[0]);
+ $evalValue = ($tvP[0]);
$isRemoved = in_array($evalValue,$removeItems) || ($config['form_type']=='select' && $config['authMode'] && !$GLOBALS['BE_USER']->checkAuthMode($table,$field,$evalValue,$config['authMode']));
if ($isRemoved && !$PA['fieldTSConfig']['disableNoMatchingValueElement'] && !$config['disableNoMatchingValueElement']) {
$tvP[1] = rawurlencode(@sprintf($nMV_label, $evalValue));
@@ -2038,7 +2038,7 @@
// Case: flexform, default values supplied, no label provided (bug #9795)
foreach ($selItems as $selItem) {
if ($selItem[1] == $tvP[0]) {
- $tvP[1] = $selItem[0];
+ $tvP[1] = html_entity_decode($selItem[0]);
break;
}
}
@@ -2057,7 +2057,7 @@
}
$opt[]= '';
+ '>' . $p[0] . '';
}
// Put together the selector box:
@@ -4703,8 +4703,8 @@
// Add the item:
$items[] = array(
- $lPrefix.strip_tags(t3lib_BEfunc::getRecordTitle($f_table,$row)),
- $uidPre.$row['uid'],
+ $lPrefix . htmlspecialchars(t3lib_BEfunc::getRecordTitle($f_table, $row)),
+ $uidPre . $row['uid'],
$icon
);
}