From 14f7906395b8e0ce31647217118b3ff9b31ada6c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pawe=C5=82=20Golianek?= <p.w.golianek@gmail.com>
Date: Sat, 1 Jun 2019 00:19:06 +0200
Subject: [PATCH] Add escape form values

---
 src/Form/FormHandler.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/Form/FormHandler.php b/src/Form/FormHandler.php
index 907ed58..768ed1e 100644
--- a/src/Form/FormHandler.php
+++ b/src/Form/FormHandler.php
@@ -56,6 +56,7 @@ public function open( $formSettings = [])
     $formname .= "-{$this->formcount}";
 
     if( strtolower( $attributes["method"] ) == "post" ) {
+      $_POST = array_map('htmlspecialchars', $_POST);
       $this->submittedData = $_POST;
       $this->submittedData["files"] = $_FILES;
 
@@ -67,6 +68,7 @@ public function open( $formSettings = [])
       }
     }
     else {
+      $_GET = array_map('htmlspecialchars', $_GET);
       $this->submittedData = $_GET;
       $raw = $_SERVER["QUERY_STRING"];
     }