From 2cc687c64f5537ab477b67f400130d5d107198df Mon Sep 17 00:00:00 2001
From: Tom Mortensen <tomm@lime-technology.com>
Date: Fri, 5 Sep 2025 10:30:14 -0700
Subject: [PATCH] Fix: Reading Share Settings from Share containing ' crashes
 the share

Root cause is that arguments passed to mk_option() should be sanitized via htmlspecialchars().
---
 emhttp/plugins/dynamix/include/Helpers.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/emhttp/plugins/dynamix/include/Helpers.php b/emhttp/plugins/dynamix/include/Helpers.php
index be1c17b65..5e4d1825a 100644
--- a/emhttp/plugins/dynamix/include/Helpers.php
+++ b/emhttp/plugins/dynamix/include/Helpers.php
@@ -180,6 +180,8 @@ function my_error($code) {
 }
 
 function mk_option($select, $value, $text, $extra="") {
+  $value = htmlspecialchars($value);
+  $text = htmlspecialchars($text);
   return "<option value='$value'".($value == $select ? " selected" : "").(strlen($extra) ? " $extra" : "").">$text</option>";
 }