diff options
| -rwxr-xr-x | edit_columns.rb | 2 | ||||
| -rw-r--r-- | pollhead.rb | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/edit_columns.rb b/edit_columns.rb index 10aaebb..363e618 100755 --- a/edit_columns.rb +++ b/edit_columns.rb @@ -102,7 +102,7 @@ UNDOREDOREADY <td> <form method='post' action=''> <div> - <input type='submit' title='#{title[button]}' value='#{localstr[button]}' #{disabled[button]} /> + <input type='submit' title="#{CGI.escapeHTML(title[button].to_s)}" value='#{localstr[button]}' #{disabled[button]} /> <input type='hidden' name='undo_revision' value='#{undorevision[button]}' /> #{hidden["common"]} #{hidden[button]} diff --git a/pollhead.rb b/pollhead.rb index 18d97e5..82327e5 100644 --- a/pollhead.rb +++ b/pollhead.rb @@ -77,7 +77,7 @@ SORTSYMBOL #{EDIT} </a>| <input style='padding:0;margin:0' title='#{deletestr}' class='delete' type='submit' value='#{DELETE}' /> - <input type='hidden' name='deletecolumn' value='#{CGI.escapeHTML(CGI.escape(columntitle))}' /> + <input type='hidden' name='deletecolumn' value="#{CGI.escapeHTML(columntitle)}" /> </div> </form> EDITDELETE |