diff options
Diffstat (limited to 'includes/form.inc')
| -rw-r--r-- | includes/form.inc | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/includes/form.inc b/includes/form.inc index 9018931ef..4f907dd8f 100644 --- a/includes/form.inc +++ b/includes/form.inc @@ -2658,6 +2658,9 @@ function theme_fieldset($variables) { /** * Returns HTML for a radio button form element. * + * Note: The input "name" attribute needs to be sanitized before output, which + * is currently done by passing all attributes to drupal_attributes(). + * * @param $variables * An associative array containing: * - element: An associative array containing the properties of the element. @@ -2671,7 +2674,7 @@ function theme_radio($variables) { $element['#attributes']['type'] = 'radio'; element_set_attributes($element, array('id', 'name', '#return_value' => 'value')); - if (isset($element['#return_value']) && check_plain($element['#value']) == $element['#return_value']) { + if (isset($element['#return_value']) && $element['#value'] !== FALSE && $element['#value'] == $element['#return_value']) { $element['#attributes']['checked'] = 'checked'; } _form_set_class($element, array('form-radio')); @@ -2890,7 +2893,9 @@ function form_process_radios($element) { $element[$key] += array( '#type' => 'radio', '#title' => $choice, - '#return_value' => check_plain($key), + // The key is sanitized in drupal_attributes() during output from the + // theme function. + '#return_value' => $key, '#default_value' => isset($element['#default_value']) ? $element['#default_value'] : NULL, '#attributes' => $element['#attributes'], '#parents' => $element['#parents'], |