Only encode dangerous dangerous characters

There is no need to encode all characters into HTML entities, only potential dangerous characters as &, ", ', < and > should get encoded. This may fix issues like https://github.com/owncloud/calendar/pull/394
2024-07-25 13:54:59 +02:00 · 2014-04-11 19:42:15 +02:00 · 2014-04-11 19:42:15 +02:00 · 77ecfdd1a4
commit 77ecfdd1a4
parent e704bc2bf0
1 changed files with 1 additions and 1 deletions
--- a/lib/private/util.php
+++ b/lib/private/util.php
@ -805,7 +805,7 @@ class OC_Util {
 			array_walk_recursive($value, 'OC_Util::sanitizeHTML');
 		} else {
 			//Specify encoding for PHP<5.4
-			$value = htmlentities((string)$value, ENT_QUOTES, 'UTF-8');
+			$value = htmlspecialchars((string)$value, ENT_QUOTES, 'UTF-8');
 		}
 		return $value;
 	}