#971120 by bec, dereine, bojanz, chx: Fixed Radio button values get run through check_plain() twice

1 files changed, 7 insertions, 2 deletions

diff --git a/includes/form.inc b/includes/form.inc
index 9018931ef..4f907dd8f 100644
--- a/includes/form.inc
+++ b/includes/form.inc
@@ -2658,6 +2658,9 @@ function theme_fieldset($variables) {
 /**
  * Returns HTML for a radio button form element.
  *
+ * Note: The input "name" attribute needs to be sanitized before output, which
+ *       is currently done by passing all attributes to drupal_attributes().
+ *
  * @param $variables
  *   An associative array containing:
  *   - element: An associative array containing the properties of the element.
@@ -2671,7 +2674,7 @@ function theme_radio($variables) {
   $element['#attributes']['type'] = 'radio';
   element_set_attributes($element, array('id', 'name', '#return_value' => 'value'));
 
-  if (isset($element['#return_value']) && check_plain($element['#value']) == $element['#return_value']) {
+  if (isset($element['#return_value']) && $element['#value'] !== FALSE && $element['#value'] == $element['#return_value']) {
     $element['#attributes']['checked'] = 'checked';
   }
   _form_set_class($element, array('form-radio'));
@@ -2890,7 +2893,9 @@ function form_process_radios($element) {
       $element[$key] += array(
         '#type' => 'radio',
         '#title' => $choice,
-        '#return_value' => check_plain($key),
+        // The key is sanitized in drupal_attributes() during output from the
+        // theme function.
+        '#return_value' => $key,
         '#default_value' => isset($element['#default_value']) ? $element['#default_value'] : NULL,
         '#attributes' => $element['#attributes'],
         '#parents' => $element['#parents'],