Index: modules/in-commerce/units/orders/order_calculator.php IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- modules/in-commerce/units/orders/order_calculator.php (revision 15892) +++ modules/in-commerce/units/orders/order_calculator.php (revision ) @@ -576,7 +576,7 @@ protected function formatPrice($a_val, $price, $parsed) { - $a_val = htmlspecialchars_decode($a_val); + $a_val = kUtil::unescape($a_val, kUtil::ESCAPE_HTML); // TODO: Not sure why we're unescaping. $addition = 0; $conv_prices = $parsed['Prices']; @@ -856,4 +856,4 @@ { return $this->manager->getTable($prefix); } - } \ No newline at end of file + } Index: modules/in-news/units/articles/articles_event_handler.php IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- modules/in-news/units/articles/articles_event_handler.php (revision 15892) +++ modules/in-news/units/articles/articles_event_handler.php (revision ) @@ -333,7 +333,7 @@ break; case 'html': - $data = htmlspecialchars_decode( $node->GetXML(true) ); // $node->firstChild->Data // $node->Data + $data = kUtil::unescape($node->GetXML(true), kUtil::ESCAPE_HTML); // $node->firstChild->Data // $node->Data break; default: @@ -572,4 +572,4 @@ $this->Application->setUnitOption($event->MasterEvent->Prefix, 'Clones', $clones); } } - } \ No newline at end of file + } Index: modules/in-commerce/units/product_options/product_options_tag_processor.php IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- modules/in-commerce/units/product_options/product_options_tag_processor.php (revision 15892) +++ modules/in-commerce/units/product_options/product_options_tag_processor.php (revision ) @@ -108,7 +108,8 @@ $selected = is_array($option_value) && in_array(kUtil::escape($val), $option_value); } else { // radio buttons ? - $selected = htmlspecialchars_decode($option_value) == $val; + // TODO: Not sure why we're unescaping. + $selected = kUtil::unescape($option_value, kUtil::ESCAPE_HTML) == $val; } } @@ -172,4 +173,4 @@ { return $this->PrintList2($params); } -} \ No newline at end of file +} Index: modules/in-commerce/units/order_items/order_items_tag_processor.php IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- modules/in-commerce/units/order_items/order_items_tag_processor.php (revision 15892) +++ modules/in-commerce/units/order_items/order_items_tag_processor.php (revision ) @@ -78,7 +78,7 @@ $options = $item_data['Options']; foreach ($options as $opt => $val) { if ( !is_array($val) ) { - $val = htmlspecialchars_decode($val); + $val = kUtil::unescape($val, kUtil::ESCAPE_HTML); // TODO: Not sure why we're unescaping. } $key_data = $opt_helper->ConvertKey($opt, $object->GetDBField('ProductId')); @@ -177,7 +177,7 @@ $i = 0; foreach ($values as $val) { $i++; - $val = htmlspecialchars_decode($val); + $val = kUtil::unescape($val, kUtil::ESCAPE_HTML); // TODO: Not sure why we're unescaping. // TODO: consider escaping in template instead $block_params['value'] = kUtil::escape($val); @@ -302,4 +302,4 @@ return $order_helper->eligibleForFreePromoShipping($object); } -} \ No newline at end of file +} Index: modules/in-bulletin/units/helpers/post_helper.php IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- modules/in-bulletin/units/helpers/post_helper.php (revision 15892) +++ modules/in-bulletin/units/helpers/post_helper.php (revision ) @@ -397,6 +397,7 @@ * @param string $input_string code line to highlight * @param string $bbcode_element block name used for bbcode descoration * @return string + * @see parsePostBody about why we unescape here. */ function replaceCodeBBCode($input_string, $bbcode_element) { @@ -407,7 +408,7 @@ $bbcode_mask = trim($this->Application->ParseBlock($block_params)); } - $input_string = trim( str_replace('\"','"', htmlspecialchars_decode($input_string)) ); + $input_string = trim(str_replace('\"', '"', kUtil::unescape($input_string, kUtil::ESCAPE_HTML))); $input_string = $this->highlightCode($input_string); $input_string = preg_replace("/\r
/s", "\r", $input_string); // undo nl2br added in highlighting $input_string = str_replace('#BB_CODE#', $input_string, $bbcode_mask); @@ -460,4 +461,4 @@ return $manager; } - } \ No newline at end of file + }