From c300d3fdb6d87b9f9b5a197b0d388989dc1a10b8 Mon Sep 17 00:00:00 2001
From: sunsetsystems <sunsetsystems>
Date: Thu, 30 Jul 2009 14:22:14 +0000
Subject: [PATCH] fix for quote handling when no magic quotes

---
 library/options.inc.php | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/library/options.inc.php b/library/options.inc.php
index dfc5c361c..7dbdc6a12 100644
--- a/library/options.inc.php
+++ b/library/options.inc.php
@@ -14,6 +14,8 @@
 //   $GLOBALS['translate_lists'] and $GLOBALS['translate_layout']
 //   flags in globals.php
 
+require_once("formdata.inc.php");
+
 $date_init = "";
 
 function get_pharmacies() {
@@ -1131,7 +1133,9 @@ function get_layout_form_value($frow) {
       $value = $_POST["form_$field_id"];
     }
   }
-  return $value;
+
+  // Make sure the return value is quote-safe.
+  return formTrim($value);
 }
 
 // Generate JavaScript validation logic for the required fields.
@@ -1157,7 +1161,7 @@ function generate_layout_validation($form_id) {
         echo
         " if (f.$fldname.selectedIndex <= 0) {\n" .
         "  alert('" . xl('Please choose a value for','','',' ') .
-	xl_layout_label($fldtitle) . "');\n" .
+        xl_layout_label($fldtitle) . "');\n" .
         "  if (f.$fldname.focus) f.$fldname.focus();\n" .
         "  return false;\n" .
         " }\n";
@@ -1169,7 +1173,7 @@ function generate_layout_validation($form_id) {
         echo
         " if (trimlen(f.$fldname.value) == 0) {\n" .
         "  alert('" . xl('Please choose a value for','','',' ') .
-	xl_layout_label($fldtitle) . "');\n" .
+        xl_layout_label($fldtitle) . "');\n" .
         "  if (f.$fldname.focus) f.$fldname.focus();\n" .
         "  return false;\n" .
         " }\n";
-- 
2.11.4.GIT