From c6d1a7e325994154511c4742b77d82e817c4659a Mon Sep 17 00:00:00 2001
From: Ralf Becker <ralfbecker@outdoor-training.de>
Date: Wed, 9 Feb 2005 13:53:16 +0000
Subject: [PATCH] select: fixed quoting of option texts in selectbox,
 htmlspecialchars: dont quote &nbsp; &lt; &gt; as they are already entities

---
 phpgwapi/inc/class.html.inc.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/phpgwapi/inc/class.html.inc.php b/phpgwapi/inc/class.html.inc.php
index edd0496137..2d1f3af4fc 100644
--- a/phpgwapi/inc/class.html.inc.php
+++ b/phpgwapi/inc/class.html.inc.php
@@ -130,8 +130,8 @@ class html
 		$str = @htmlspecialchars($str,ENT_COMPAT,$this->charset);
 		
 		// we need '&#' unchanged, so we translate it back
-		$str = str_replace('&amp;#','&#',$str);
-		
+		$str = str_replace(array('&amp;#','&amp;nbsp;','&amp;lt;','&amp;gt;'),array('&#','&nbsp;','&lt;','&gt;'),$str);
+
 		return $str;
 	}
 	
@@ -175,7 +175,7 @@ class html
 			{
 				$out .= ' selected="1"';
 			}
-			$out .= ">" . ($no_lang || $text == '' ? $text : lang($text)) . "</option>\n";
+			$out .= ">" . $this->htmlspecialchars($no_lang || $text == '' ? $text : lang($text)) . "</option>\n";
 		}
 		$out .= "</select>\n";
 		
@@ -707,4 +707,4 @@ htmlareaConfig_'.$id.'.editorURL = '."'$this->phpgwapi_js_url/htmlarea/';";
 		}
 		return $html;
 	}		
-}
\ No newline at end of file
+}