Gravity Support Forums Topic: Prepopulating Input not being Escaped

Gravity Support Forums Topic: Prepopulating Input not being Escaped https://legacy.forums.gravityhelp.com/topic/prepopulating-input-not-being-escaped Gravity Support Forums Topic: Prepopulating Input not being Escaped en-US Sat, 18 Apr 2026 16:09:41 +0000 http://bbpress.org/?v=1.0.1 <![CDATA[Search]]> q https://legacy.forums.gravityhelp.com/search.php Chris Hajer on "Prepopulating Input not being Escaped" https://legacy.forums.gravityhelp.com/topic/prepopulating-input-not-being-escaped#post-116992 Tue, 08 Jan 2013 19:23:23 +0000 Chris Hajer 116992@https://legacy.forums.gravityhelp.com/ Which version of the User Registration add-on are you using? We might have already fixed this issue in a later, unreleased version. Let us know what your version is. SwankIBS on "Prepopulating Input not being Escaped" https://legacy.forums.gravityhelp.com/topic/prepopulating-input-not-being-escaped#post-116893 Tue, 08 Jan 2013 14:22:02 +0000 SwankIBS 116893@https://legacy.forums.gravityhelp.com/ We have a user registration field for our members to update their bio on the front end. We noticed recently that quote's weren't being properly escaped causing an error. Turns out this issue is in userregistration.php in the prepopulate_input function (lines 3225 - 32310. Replacing: <pre><code>public function prepopulate_input($input_id, $value) { $filter_name = 'gfur_field_' . str_replace('.', '_', $input_id); add_filter("gform_field_value_{$filter_name}", create_function("", "return '$value';")); return $filter_name; }</code></pre> with: <pre><code>public function prepopulate_input($input_id, $value) { $value = str_replace("'", "\'", str_replace("\\", "\\\\", $value)); $filter_name = 'gfur_field_' . str_replace('.', '_', $input_id); add_filter("gform_field_value_{$filter_name}", create_function("", "return '$value';")); return $filter_name; }</code></pre> Fixes the issue on our end. Please consider using this or a better solution!