Index: in-bulletin/units/helpers/post_helper.php
===================================================================
--- in-bulletin/units/helpers/post_helper.php (revision 15437)
+++ in-bulletin/units/helpers/post_helper.php (working copy)
@@ -158,7 +158,7 @@
function parsePostBody($post_body, $post_options, $sub_blocks)
{
// 1. escape all html sequences
- $post_body = htmlspecialchars($post_body, ENT_NOQUOTES); // don't touch quotes in bbcode attribute values
+ $post_body = htmlspecialchars($post_body, ENT_NOQUOTES, CHARSET); // don't touch quotes in bbcode attribute values
// 2. replace censored words
$post_body = $this->CensorText($post_body);
Index: in-commerce/units/gateways/gw_classes/google_checkout.php
===================================================================
--- in-commerce/units/gateways/gw_classes/google_checkout.php (revision 15437)
+++ in-commerce/units/gateways/gw_classes/google_checkout.php (working copy)
@@ -80,8 +80,8 @@
$cart_xml = Array ();
foreach ($order_items as $order_item) {
$cart_xml[] = ' -
- '.htmlspecialchars($order_item['ProductName']).'
- '.htmlspecialchars($order_item[$ml_formatter->LangFieldName('DescriptionExcerpt')]).''.
+ '.htmlspecialchars($order_item['ProductName'], null, CHARSET).'
+ '.htmlspecialchars($order_item[$ml_formatter->LangFieldName('DescriptionExcerpt')], null, CHARSET).''.
$this->getPriceXML('unit-price', $order_item['Price']).'
'.$order_item['Quantity'].'
';
@@ -102,7 +102,7 @@
$shipping_xml = '';
foreach ($shipping_types as $shipping_name) {
- $shipping_xml .= '
+ $shipping_xml .= '
0.00
';
}
@@ -390,7 +390,7 @@
$shipping_name = $shipping_type['ShippingName'];
$processable_shipping_index = array_search($shipping_name, $process_shippings);
if ($processable_shipping_index !== false) {
- $shipping_types_xml .= '
+ $shipping_types_xml .= '
'.sprintf('%01.2f', $shipping_type['TotalCost']).'
true
';
@@ -402,7 +402,7 @@
// add unavailable shipping types
foreach ($process_shippings as $shipping_name) {
- $shipping_types_xml .= '
+ $shipping_types_xml .= '
0.00
false
';
Index: in-commerce/units/gateways/gw_classes/ideal_nl.php
===================================================================
--- in-commerce/units/gateways/gw_classes/ideal_nl.php (revision 15437)
+++ in-commerce/units/gateways/gw_classes/ideal_nl.php (working copy)
@@ -103,7 +103,7 @@
$error_msg = $trans_data->FindChildValue('message');
$this->parsed_responce['XML'] = $transaction_xml;
$this->Application->SetVar('failure_template', $this->Application->RecallVar('gw_cancel_template'));
- $this->parsed_responce['MESSAGE'] = $error_msg ? $error_msg : 'Unknown gateway error ('.htmlspecialchars($transaction_xml).')';
+ $this->parsed_responce['MESSAGE'] = $error_msg ? $error_msg : 'Unknown gateway error ('.htmlspecialchars($transaction_xml, null, CHARSET).')';
return false;
}
Index: in-commerce/units/gateways/gw_tag_processor.php
===================================================================
--- in-commerce/units/gateways/gw_tag_processor.php (revision 15437)
+++ in-commerce/units/gateways/gw_tag_processor.php (working copy)
@@ -50,7 +50,7 @@
$value = isset($this->ConfigValues[$id]) ? $this->ConfigValues[$id] : '';
if ( !array_key_exists('no_special', $params) || !$params['no_special'] ) {
- $value = htmlspecialchars($value);
+ $value = htmlspecialchars($value, null, CHARSET);
}
if ( getArrayValue($params, 'checked') ) {
Index: in-commerce/units/order_items/order_items_tag_processor.php
===================================================================
--- in-commerce/units/order_items/order_items_tag_processor.php (revision 15437)
+++ in-commerce/units/order_items/order_items_tag_processor.php (working copy)
@@ -126,7 +126,7 @@
$block_params['price_type'] = $price_type;
$block_params['sign'] = $price >= 0 ? '+' : '-';
}
- $block_params['value'] = htmlspecialchars($val);
+ $block_params['value'] = htmlspecialchars($val, null, CHARSET);
$block_params['type'] = $key_data['OptionType'];
}
$o .= $this->Application->ParseBlock($block_params, 1);
@@ -176,7 +176,7 @@
foreach ($values as $val) {
$i++;
$val = htmlspecialchars_decode($val);
- $block_params['value'] = htmlspecialchars($val);
+ $block_params['value'] = htmlspecialchars($val, null, CHARSET);
if ($price_types[$val] == '$') {
$iso = $this->GetISO($params['currency']);
$value = $this->AddCurrencySymbol(sprintf("%.2f", $this->ConvertCurrency($prices[$val], $iso)), $iso, true); // true to force sign
Index: in-commerce/units/product_options/product_options_tag_processor.php
===================================================================
--- in-commerce/units/product_options/product_options_tag_processor.php (revision 15437)
+++ in-commerce/units/product_options/product_options_tag_processor.php (working copy)
@@ -61,11 +61,11 @@
if ( getArrayValue($params, 'js') ) {
$block_params['id'] = addslashes($val);
- $block_params['value'] = htmlspecialchars($val);
+ $block_params['value'] = htmlspecialchars($val, null, CHARSET);
}
else {
- $block_params['id'] = htmlspecialchars($val);
- $block_params['value'] = htmlspecialchars($val);
+ $block_params['id'] = htmlspecialchars($val, null, CHARSET);
+ $block_params['value'] = htmlspecialchars($val, null, CHARSET);
}
if ( $conv_prices[$val] ) {
@@ -105,7 +105,7 @@
$option_value = array_key_exists($object->GetID(), $options) ? $options[$object->GetID()] : '';
if ( $object->GetDBField('OptionType') == OptionType::CHECKBOX ) {
- $selected = is_array($option_value) && in_array(htmlspecialchars($val), $option_value);
+ $selected = is_array($option_value) && in_array(htmlspecialchars($val, null, CHARSET), $option_value);
}
else { // radio buttons ?
$selected = htmlspecialchars_decode($option_value) == $val;