# HG changeset patch # User Matti Hamalainen # Date 1385397853 -7200 # Node ID fdcd78675d1ca4668623946684643e8bacb36eba # Parent bbdf1b9c5a07e467f9cc2c1aa519732fdd0bf833 Possibly fix input quotation and escaping issues. diff -r bbdf1b9c5a07 -r fdcd78675d1c msitegen.inc.php --- a/msitegen.inc.php Mon Nov 25 18:43:31 2013 +0200 +++ b/msitegen.inc.php Mon Nov 25 18:44:13 2013 +0200 @@ -157,6 +157,10 @@ return htmlentities($str, ENT_NOQUOTES, "UTF-8"); } +function ihentities($str) +{ + return htmlentities($str, ENT_QUOTES, "UTF-8"); +} function stGetIDName($name, $id, $prefix = "") { @@ -188,7 +192,7 @@ { return ""; } @@ -198,7 +202,7 @@ return ""; } @@ -208,7 +212,7 @@ return ""; } @@ -224,7 +228,7 @@ { return ""; } @@ -233,7 +237,7 @@ { return ""; + "\" value=\"".ihentities($value)."\" />"; } @@ -434,10 +438,10 @@ return intval(stGetRequestItem($value)); case "S": - return $db->quote(stGetDRequestItem($value)); + return $db->quote(stGetRequestItem($value)); case "Q": - return $db->quote(stripslashes(stGetDRequestItem($value))); + return $db->quote(stGetRequestItem($value)); case "B": return intval(stGetRequestItem($value)) ? 1 : 0;