properly handle on-the-fly adding of labels

[tt-rss.git] / modules / pref-filters.php

diff --git a/modules/pref-filters.php b/modules/pref-filters.php
index c629f9c18b852e0c6aec64faaec6b9b91487e17b..18d25a82f90bb88b989f4ebb179791e5348551bc 100644 (file)
--- a/modules/pref-filters.php
+++ b/modules/pref-filters.php
@@ -523,14 +523,14 @@
                $result = db_query($link, "SELECT caption FROM ttrss_labels2
                        WHERE owner_uid = '".$_SESSION["uid"]."' ORDER BY caption");
 
-               print "<select default=\"$value\" name=\"$name\" style=\"$style\" 
-                       onchange=\"labelSelectOnChange(this)\" >";
+               print "<select default=\"$value\" name=\"" . htmlspecialchars($name) . 
+                       "\" style=\"$style\" onchange=\"labelSelectOnChange(this)\" >";
 
                while ($line = db_fetch_assoc($result)) {
 
-                       $issel = ($line["caption"] == $value) ? "selected" : "";
+                       $issel = ($line["caption"] == $value) ? "selected=\"1\"" : "";
 
-                       print "<option $issel>" . $line["caption"] . "</option>";
+                       print "<option $issel>" . htmlspecialchars($line["caption"]) . "</option>";
 
                }