From 48c69ed3ad2ddcb567dfaef4ab43b5c934611c55 Mon Sep 17 00:00:00 2001
From: Moritz Strohm <strohm@data-quest.de>
Date: Mon, 9 Sep 2024 15:11:42 +0000
Subject: [PATCH] app/views/course/wizard/steps/basicdata/index_studygroup.php:
 improved code, fixes #4575

Closes #4575

Merge request studip/studip!3387
---
 .../course/wizard/steps/basicdata/index_studygroup.php      | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/app/views/course/wizard/steps/basicdata/index_studygroup.php b/app/views/course/wizard/steps/basicdata/index_studygroup.php
index 23b87b42d8b..d7417abd8b2 100644
--- a/app/views/course/wizard/steps/basicdata/index_studygroup.php
+++ b/app/views/course/wizard/steps/basicdata/index_studygroup.php
@@ -71,9 +71,9 @@
     <?= _('Einverstanden') ?>
 </label>
 
-<input type="hidden" name="institute" value="<?= $values['institute'] ?>"/>
-<input type="hidden" name="start_time" value="<?= $values['start_time'] ?>"/>
+<input type="hidden" name="institute" value="<?= htmlReady($values['institute']) ?>">
+<input type="hidden" name="start_time" value="<?= htmlReady($values['start_time']) ?>">
 <input type="hidden" name="studygroup" value="1"/>
 <?php foreach ($values['lecturers'] as $id => $assigned) : ?>
-    <input type="hidden" name="lecturers[<?= $id ?>]" value="1"/>
+    <input type="hidden" name="lecturers[<?= htmlReady($id) ?>]" value="1">
 <?php endforeach ?>
-- 
GitLab