From 787e1319b9744ea9d5f8950827e3a7e699fe2ca3 Mon Sep 17 00:00:00 2001
From: "atm-florian.m" <florian.mortgat@atm-consulting.fr>
Date: Thu, 13 Jun 2019 16:21:07 +0200
Subject: [PATCH] FIX: in edit mode, dictionary inputs do not escape the string
 inside the 'value' attribute, causing errors if there are any double quotes

---
 htdocs/admin/dict.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/admin/dict.php b/htdocs/admin/dict.php
index e1e0c0d419e..07b8a9d7119 100644
--- a/htdocs/admin/dict.php
+++ b/htdocs/admin/dict.php
@@ -1976,7 +1976,7 @@ function fieldList($fieldlist, $obj='', $tabname='', $context='')
 			}
 			if (! $transfound)
 			{
-                print '<input type="text" class="flat'.($class?' '.$class:'').'" value="'.(isset($obj->{$fieldlist[$field]})?$obj->{$fieldlist[$field]}:'').'" name="'.$fieldlist[$field].'">';
+                print '<input type="text" class="flat'.($class?' '.$class:'').'" value="'.dol_escape_htmltag(isset($obj->{$fieldlist[$field]})?$obj->{$fieldlist[$field]}:'').'" name="'.$fieldlist[$field].'">';
 			}
 			print '</td>';
 		}