Mercurial > hg > fapweb

--- a/msitegen.inc.php	Mon Nov 25 18:43:31 2013 +0200
+++ b/msitegen.inc.php	Mon Nov 25 18:44:13 2013 +0200
@@ -157,6 +157,10 @@
   return htmlentities($str, ENT_NOQUOTES, "UTF-8");
 }

+function ihentities($str)
+{
+  return htmlentities($str, ENT_QUOTES, "UTF-8");
+}

 function stGetIDName($name, $id, $prefix = "")
 {
@@ -188,7 +192,7 @@
 {
   return
     "<input type=\"button\" ".stGetIDName($name, $id, $prefix).
-    "value=\" ".chentities($label)." \" ".
+    "value=\" ".ihentities($label)." \" ".
     ($onclick != "" ? "onClick=\"".$onclick."\"" : "")." />";
 }

@@ -198,7 +202,7 @@
   return
     "<textarea ".$extra." ".stGetIDName($name, $id, $prefix).
     "rows=\"".$rows."\" cols=\"".$cols."\">".
-    (isset($value) ? chentities($value) : "").
+    (isset($value) ? ihentities($value) : "").
     "</textarea>";
 }

@@ -208,7 +212,7 @@
   return
     "<input ".$extra." type=\"text\" ".stGetIDName($name, $id, $prefix).
     "size=\"".$size."\" maxlength=\"".$len."\"".
-    (isset($value) ? " value=\"".chentities($value)."\"" : "").
+    (isset($value) ? " value=\"".ihentities($value)."\"" : "").
     " />";
 }

@@ -224,7 +228,7 @@
 {
   return
     "<input type=\"submit\" name=\"".$name.
-    "\" value=\" ".chentities($label)." \" ".
+    "\" value=\" ".ihentities($label)." \" ".
     ($onclick != "" ? "onClick=\"".$onclick."\"" : "")." />";
 }

@@ -233,7 +237,7 @@
 {
   return
     "<input type=\"hidden\" name=\"".$name.
-    "\" value=\"".chentities($value)."\" />";
+    "\" value=\"".ihentities($value)."\" />";
 }


@@ -434,10 +438,10 @@
       return intval(stGetRequestItem($value));

     case "S":
-      return $db->quote(stGetDRequestItem($value));
+      return $db->quote(stGetRequestItem($value));

     case "Q":
-      return $db->quote(stripslashes(stGetDRequestItem($value)));
+      return $db->quote(stGetRequestItem($value));

     case "B":
       return intval(stGetRequestItem($value)) ? 1 : 0;