Don't use htmlspecialchars, it causes issues with mixed quotes.

This commit is contained in:
Nathan Gray 2009-01-22 15:05:54 +00:00
parent 1b4d236d4a
commit 4c5d771cde

View File

@ -311,8 +311,10 @@
$data = ($query['nextmatch_template']) ? array(1=>$row) : $row; $data = ($query['nextmatch_template']) ? array(1=>$row) : $row;
$widget =& CreateObject('etemplate.etemplate', $query['template']); $widget =& CreateObject('etemplate.etemplate', $query['template']);
$html = addslashes(str_replace("\n", '', $widget->show($data, '', $readonlys))); $html = addslashes(str_replace("\n", '', $widget->show($data, '', $readonlys)));
$row['id_field'] = htmlspecialchars(addslashes($row[$query['id_field']]));
$row['title'] = htmlspecialchars(addslashes($row['title'])); // If we use htmlspecialchars, it causes issues with mixed quotes. addslashes() seems to handle it.
$row['id_field'] = addslashes($row[$query['id_field']]);
$row['title'] = addslashes($row['title']);
$response->addScript("add_ajax_result('$result_id', '${row['id_field']}', '" . $row['title'] . "', '$html');"); $response->addScript("add_ajax_result('$result_id', '${row['id_field']}', '" . $row['title'] . "', '$html');");
$count++; $count++;
if($count > $GLOBALS['egw_info']['user']['preferences']['common']['maxmatchs']) { if($count > $GLOBALS['egw_info']['user']['preferences']['common']['maxmatchs']) {