Avoid implicit type conversions

diff --git a/wcfsetup/install/files/lib/system/html/input/HtmlInputProcessor.class.php b/wcfsetup/install/files/lib/system/html/input/HtmlInputProcessor.class.php
index 4cfdc2a6764858bf1123ee2eef5110586b6ecc5f..73f5f823948e3401d6d7ac8ffdd41d53dfac98b1 100644 (file)
--- a/wcfsetup/install/files/lib/system/html/input/HtmlInputProcessor.class.php
+++ b/wcfsetup/install/files/lib/system/html/input/HtmlInputProcessor.class.php
@@ -99,7 +99,16 @@ class HtmlInputProcessor extends AbstractHtmlProcessor {
                        $bbcodeAttributes = '';
                        foreach ($attributes as $attribute) {
                                if (!empty($bbcodeAttributes)) $bbcodeAttributes .= ',';
-                               $bbcodeAttributes .= "'" . addcslashes($attribute, "'") . "'";
+                               
+                               if ($attribute === true) $bbcodeAttributes .= 'true';
+                               else if ($attribute === false) $bbcodeAttributes .= 'false';
+                               else if (is_string($attribute) || is_numeric($attribute)) {
+                                       $bbcodeAttributes .= "'" . addcslashes($attribute, "'") . "'";
+                               }
+                               else {
+                                       // discard anything that is not string-like
+                                       $bbcodeAttributes .= "''";
+                               }
                        }
                        
                        $text = $metacode->ownerDocument->createTextNode('[' . $name . (!empty($bbcodeAttributes) ? '=' . $bbcodeAttributes : '') . ']');