--- a/includes/wikiengine/Tables.php Wed Jan 23 19:36:16 2008 -0500
+++ b/includes/wikiengine/Tables.php Wed Jan 23 19:36:42 2008 -0500
@@ -280,11 +280,24 @@
// In Enano 1.0.3, added this cheapo hack to keep ampersands
// from being double-sanitized. Thanks to markybob from #deluge.
+
+ // htmlspecialchars() the "manual" way
$encValue = strtr( $text, array(
- '&' => '&'
+ '&' => '&',
+ '"' => '"',
+ '<' => '<',
+ '>' => '>',
+ ''' => "'"
) );
- $encValue = htmlspecialchars( $text );
+ $encValue = strtr( $text, array(
+ '&' => '&',
+ '"' => '"',
+ '<' => '<',
+ '>' => '>',
+ "'" => '''
+ ) );
+
// Whitespace is normalized during attribute decoding,
// so if we've been passed non-spaces we must encode them