htmlentities() durch htmlspecialchars() ersetzt

diff --git a/form-email/functions.php b/form-email/functions.php
index eb7f92068f5fa2a271d1c0537e2327ffcc69eb03..d8d6f71773f93980ca5433bab4a09138aed03d18 100644 (file)
--- a/form-email/functions.php
+++ b/form-email/functions.php
@@ -67,7 +67,7 @@ function formdata($param) {
 # Rueckgabe: Bearbeiteter Text (String)\r
 \r
 function &plain(&$text,$linebreak='<br>') {\r
 # Rueckgabe: Bearbeiteter Text (String)\r
 \r
 function &plain(&$text,$linebreak='<br>') {\r

-    $htmltext = htmlentities($text);\r
+    $htmltext = htmlspecialchars($text);\r

     $htmltext = preg_replace("/\015\012|\012|\015/",$linebreak,$htmltext);\r
 \r
     for($x=0;$x<strlen($htmltext);$x++) {\r
     $htmltext = preg_replace("/\015\012|\012|\015/",$linebreak,$htmltext);\r
 \r
     for($x=0;$x<strlen($htmltext);$x++) {\r


@@ -130,16 +130,16 @@ function show_user_error(&$errmsg) {
 \r
     $tpl->parse_if_block('CAPTCHA',$captcha_enable);\r
 \r
 \r
     $tpl->parse_if_block('CAPTCHA',$captcha_enable);\r
 \r

-    $tpl->set_var('EMAIL',  htmlentities($email));\r
+    $tpl->set_var('EMAIL',  htmlspecialchars($email));\r

     $tpl->set_var('ERROR',  $errmsg);\r
     $tpl->set_var('ERROR',  $errmsg);\r

-    $tpl->set_var('NAME',   htmlentities($name));\r
-    $tpl->set_var('SUBJECT',htmlentities($subject));\r
-    $tpl->set_var('TEXT',   htmlentities($text));\r
+    $tpl->set_var('NAME',   htmlspecialchars($name));\r
+    $tpl->set_var('SUBJECT',htmlspecialchars($subject));\r
+    $tpl->set_var('TEXT',   htmlspecialchars($text));\r

 \r
     reset($user_fields);\r
 \r
     while(list($user_field,$user_field_data) = each($user_fields)) {\r
 \r
     reset($user_fields);\r
 \r
     while(list($user_field,$user_field_data) = each($user_fields)) {\r

-        $tpl->set_var($user_field_data['tpl_var'],htmlentities(formdata($user_field)));\r
+        $tpl->set_var($user_field_data['tpl_var'],htmlspecialchars(formdata($user_field)));\r

     }\r
 \r
     $tpl->parse();\r
     }\r
 \r
     $tpl->parse();\r