From 1e87f4eb8cb29d362efba7da1df89b688d68b949 Mon Sep 17 00:00:00 2001
From: Fabrixxm <fabrix.xm@gmail.com>
Date: Thu, 16 Jan 2014 09:08:51 -0500
Subject: [PATCH 1/2] use htmlspecialchars in xmlify and
 htmlspecialchars_decode in unxmlify

---
 include/text.php | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/include/text.php b/include/text.php
index a47e352bae..7b4d7e1914 100644
--- a/include/text.php
+++ b/include/text.php
@@ -218,14 +218,16 @@ function xmlify($str) {
 				break;
 		}	
 	}*/
-
+	/*
 	$buffer = mb_ereg_replace("&", "&amp;", $str);
 	$buffer = mb_ereg_replace("'", "&apos;", $buffer);
-	$buffer = mb_ereg_replace("\"", "&quot;", $buffer);
+	$buffer = mb_ereg_replace('"', "&quot;", $buffer);
 	$buffer = mb_ereg_replace("<", "&lt;", $buffer);
 	$buffer = mb_ereg_replace(">", "&gt;", $buffer);
-
+	*/
+	$buffer = htmlspecialchars($str);
 	$buffer = trim($buffer);
+	
 	return($buffer);
 }}
 
@@ -238,11 +240,13 @@ if(! function_exists('unxmlify')) {
 function unxmlify($s) {
 //	$ret = str_replace('&amp;','&', $s);
 //	$ret = str_replace(array('&lt;','&gt;','&quot;','&apos;'),array('<','>','"',"'"),$ret);
-	$ret = mb_ereg_replace('&amp;', '&', $s);
+	/*$ret = mb_ereg_replace('&amp;', '&', $s);
 	$ret = mb_ereg_replace('&apos;', "'", $ret);
 	$ret = mb_ereg_replace('&quot;', '"', $ret);
 	$ret = mb_ereg_replace('&lt;', "<", $ret);
 	$ret = mb_ereg_replace('&gt;', ">", $ret);
+	*/
+	$ret = htmlspecialchars_decode($s);
 	return $ret;	
 }}
 

From 682793ccd30ac2f32acd70d34292815d0a58e847 Mon Sep 17 00:00:00 2001
From: Fabrixxm <fabrix.xm@gmail.com>
Date: Mon, 20 Jan 2014 02:59:20 -0500
Subject: [PATCH 2/2] use 'ENT_QUOTES' in xmlify/unxmlify

---
 include/text.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/include/text.php b/include/text.php
index 7b4d7e1914..8b9a5e58cc 100644
--- a/include/text.php
+++ b/include/text.php
@@ -225,7 +225,7 @@ function xmlify($str) {
 	$buffer = mb_ereg_replace("<", "&lt;", $buffer);
 	$buffer = mb_ereg_replace(">", "&gt;", $buffer);
 	*/
-	$buffer = htmlspecialchars($str);
+	$buffer = htmlspecialchars($str, ENT_QUOTES);
 	$buffer = trim($buffer);
 	
 	return($buffer);
@@ -246,7 +246,7 @@ function unxmlify($s) {
 	$ret = mb_ereg_replace('&lt;', "<", $ret);
 	$ret = mb_ereg_replace('&gt;', ">", $ret);
 	*/
-	$ret = htmlspecialchars_decode($s);
+	$ret = htmlspecialchars_decode($s, ENT_QUOTES);
 	return $ret;	
 }}