From 941f81eb300074b203dd480924f9cf8b9d41a08d Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Thu, 12 Dec 2013 02:01:42 -0800
Subject: check that every invocation of htmlspecialchars has the right arg
 list

---
 mod/editblock.php   | 2 +-
 mod/editlayout.php  | 2 +-
 mod/editpost.php    | 2 +-
 mod/editwebpage.php | 2 +-
 mod/message.php     | 2 +-
 mod/network.php     | 2 +-
 mod/search.php      | 6 +++---
 version.inc         | 2 +-
 8 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/mod/editblock.php b/mod/editblock.php
index 9c691640b..8b5b2d16c 100644
--- a/mod/editblock.php
+++ b/mod/editblock.php
@@ -132,7 +132,7 @@ function editblock_content(&$a) {
 		'$pvisit' => 'none',
 		'$public' => t('Public post'),
 		'$jotnets' => $jotnets,
-		'$title' => htmlspecialchars($itm[0]['title']),
+		'$title' => htmlspecialchars($itm[0]['title'],ENT_COMPAT,'UTF-8'),
 		'$placeholdertitle' => t('Set title'),
 		'$category' => '',
 		'$placeholdercategory' => t('Categories (comma-separated list)'),
diff --git a/mod/editlayout.php b/mod/editlayout.php
index f8906d981..542bb8357 100644
--- a/mod/editlayout.php
+++ b/mod/editlayout.php
@@ -117,7 +117,7 @@ function editlayout_content(&$a) {
 		'$pvisit' => 'none',
 		'$public' => t('Public post'),
 		'$jotnets' => $jotnets,
-		'$title' => htmlspecialchars($itm[0]['title']),
+		'$title' => htmlspecialchars($itm[0]['title'],ENT_COMPAT,'UTF-8'),
 		'$placeholdertitle' => t('Set title'),
 		'$category' => '',
 		'$placeholdercategory' => t('Categories (comma-separated list)'),
diff --git a/mod/editpost.php b/mod/editpost.php
index f25d6d21d..e731c04fe 100644
--- a/mod/editpost.php
+++ b/mod/editpost.php
@@ -114,7 +114,7 @@ function editpost_content(&$a) {
 		'$pvisit' => 'none',
 		'$public' => t('Public post'),
 		'$jotnets' => $jotnets,
-		'$title' => htmlspecialchars($itm[0]['title']),
+		'$title' => htmlspecialchars($itm[0]['title'],ENT_COMPAT,'UTF-8'),
 		'$placeholdertitle' => t('Set title'),
 		'$category' => $category,
 		'$placeholdercategory' => t('Categories (comma-separated list)'),
diff --git a/mod/editwebpage.php b/mod/editwebpage.php
index 840bda336..85bd9e918 100644
--- a/mod/editwebpage.php
+++ b/mod/editwebpage.php
@@ -164,7 +164,7 @@ function editwebpage_content(&$a) {
 		'$jotnets' => $jotnets,
 		'$mimeselect' => $mimeselect,
 		'$layoutselect' => $layoutselect,
-		'$title' => htmlspecialchars($itm[0]['title']),
+		'$title' => htmlspecialchars($itm[0]['title'],ENT_COMPAT,'UTF-8'),
 		'$placeholdertitle' => t('Set title'),
 		'$category' => '',
 		'$placeholdercategory' => t('Categories (comma-separated list)'),
diff --git a/mod/message.php b/mod/message.php
index bee3b68f3..b5420e5b3 100644
--- a/mod/message.php
+++ b/mod/message.php
@@ -321,7 +321,7 @@ function message_content(&$a) {
 			'$preid' => $preid,
 			'$subject' => t('Subject:'),
 			'$subjtxt' => ((x($_REQUEST,'subject')) ? strip_tags($_REQUEST['subject']) : ''),
-			'$text' => ((x($_REQUEST,'body')) ? escape_tags(htmlspecialchars($_REQUEST['body'])) : ''),
+			'$text' => ((x($_REQUEST,'body')) ? htmlspecialchars($_REQUEST['body'], ENT_COMPAT, 'UTF-8') : ''),
 			'$readonly' => '',
 			'$yourmessage' => t('Your message:'),
 			'$select' => $select,
diff --git a/mod/network.php b/mod/network.php
index 1da5524c9..072f718ec 100644
--- a/mod/network.php
+++ b/mod/network.php
@@ -115,7 +115,7 @@ function network_content(&$a, $update = 0, $load = false) {
 
 		// search terms header
 		if($search)
-			$o .= '<h2>' . t('Search Results For:') . ' '  . htmlspecialchars($search) . '</h2>';
+			$o .= '<h2>' . t('Search Results For:') . ' '  . htmlspecialchars($search, ENT_COMPAT,'UTF-8') . '</h2>';
 
 		nav_set_selected('network');
 
diff --git a/mod/search.php b/mod/search.php
index 7651b3a4e..2b31002fa 100644
--- a/mod/search.php
+++ b/mod/search.php
@@ -17,7 +17,7 @@ function search_saved_searches() {
 		$o .= '<h3>' . t('Saved Searches') . '</h3>' . "\r\n";
 		$o .= '<ul id="saved-search-ul">' . "\r\n";
 		foreach($r as $rr) {
-			$o .= '<li class="saved-search-li clear"><a href="search/?f=&remove=1&search=' . rawurlencode($rr['term']) . '" title="' . t('Remove term') . '" onclick="return confirmDelete();"><i class="icon-remove drop-icons"></i></a> <a href="search/?f=&search=' . $rr['term'] . '" class="savedsearchterm" >' . htmlspecialchars($rr['term']) . '</a></li>' . "\r\n";
+			$o .= '<li class="saved-search-li clear"><a href="search/?f=&remove=1&search=' . rawurlencode($rr['term']) . '" title="' . t('Remove term') . '" onclick="return confirmDelete();"><i class="icon-remove drop-icons"></i></a> <a href="search/?f=&search=' . $rr['term'] . '" class="savedsearchterm" >' . htmlspecialchars($rr['term'], ENT_COMPAT,'UTF-8') . '</a></li>' . "\r\n";
 		}
 		$o .= '</ul><div class="clear"></div></div>' . "\r\n";
 	}		
@@ -272,9 +272,9 @@ function search_content(&$a,$update = 0, $load = false) {
 
 
 	if($tag) 
-		$o .= '<h2>Items tagged with: ' . htmlspecialchars($search) . '</h2>';
+		$o .= '<h2>Items tagged with: ' . htmlspecialchars($search, ENT_COMPAT,'UTF-8') . '</h2>';
 	else
-		$o .= '<h2>Search results for: ' . htmlspecialchars($search) . '</h2>';
+		$o .= '<h2>Search results for: ' . htmlspecialchars($search, ENT_COMPAT,'UTF-8') . '</h2>';
 
 	$o .= conversation($a,$items,'search',$update,'client');
 
diff --git a/version.inc b/version.inc
index 7a72887e8..64336785f 100644
--- a/version.inc
+++ b/version.inc
@@ -1 +1 @@
-2013-12-11.524
+2013-12-12.525
-- 
cgit v1.2.3