From 60a854e5fddab8c327ac68d5bb5ec440acf34d2c Mon Sep 17 00:00:00 2001
From: slawkens <slawkens@gmail.com>
Date: Mon, 6 Feb 2023 17:39:23 +0100
Subject: [PATCH] new function> escapeHtml + fix css in admin menus

---
 admin/pages/menus.php | 4 ++--
 admin/pages/news.php  | 2 +-
 admin/pages/pages.php | 2 +-
 system/functions.php  | 4 ++++
 4 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/admin/pages/menus.php b/admin/pages/menus.php
index 7562d20f..573f683d 100644
--- a/admin/pages/menus.php
+++ b/admin/pages/menus.php
@@ -89,7 +89,7 @@ if (isset($_REQUEST['template'])) {
 		if (isset($menus[$id])) {
 			$i = 0;
 			foreach ($menus[$id] as $menu) {
-				echo '<li class="ui-state-default" id="list-' . $id . '-' . $i . '"><label>Name:</label><input type="text" name="menu[' . $id . '][]" value="' . $menu['name'] . '"/>
+				echo '<li class="ui-state-default" id="list-' . $id . '-' . $i . '"><label>Name:</label><input type="text" name="menu[' . $id . '][]" value="' . escapeHtml($menu['name']) . '"/>
 				<label>Link:</label><input type="text" name="menu_link[' . $id . '][]" value="' . $menu['link'] . '"/>
 				<input type="hidden" name="menu_blank[' . $id . '][]" value="0" />
 				<label><input class="blank-checkbox" type="checkbox" ' . ($menu['blank'] == 1 ? 'checked' : '') . '/><span title="Open in New Window">Open in New Window</span></label>
@@ -134,4 +134,4 @@ if (isset($_REQUEST['template'])) {
 	$twig->display('admin.menus.form.html.twig', array(
 		'templates' => $templates
 	));
-}
\ No newline at end of file
+}
diff --git a/admin/pages/news.php b/admin/pages/news.php
index 8838780a..20c2bbb8 100644
--- a/admin/pages/news.php
+++ b/admin/pages/news.php
@@ -117,7 +117,7 @@ if($action == 'edit' || $action == 'new') {
 		'news_link_form' => '?p=news&action=' . ($action == 'edit' ? 'edit' : 'add'),
 		'news_id' => isset($id) ? $id : null,
 		'title' => isset($p_title) ? $p_title : '',
-		'body' => isset($body) ? htmlentities($body, ENT_COMPAT, 'UTF-8') : '',
+		'body' => isset($body) ? escapeHtml($body) : '',
 		'type' => isset($type) ? $type : null,
 		'player' => isset($player) && $player->isLoaded() ? $player : null,
 		'player_id' => isset($player_id) ? $player_id : null,
diff --git a/admin/pages/pages.php b/admin/pages/pages.php
index 50ae59f4..68ca1d98 100644
--- a/admin/pages/pages.php
+++ b/admin/pages/pages.php
@@ -105,7 +105,7 @@ $twig->display('admin.pages.form.html.twig', array(
 	'title' => $p_title,
 	'php' => $php,
 	'enable_tinymce' => $enable_tinymce,
-	'body' => isset($body) ? htmlentities($body, ENT_COMPAT, 'UTF-8') : '',
+	'body' => isset($body) ? escapeHtml($body) : '',
 	'groups' => $groups->getGroups(),
 	'access' => $access
 ));
diff --git a/system/functions.php b/system/functions.php
index a332666d..49e31b2a 100644
--- a/system/functions.php
+++ b/system/functions.php
@@ -1244,6 +1244,10 @@ function getCustomPage($page, &$success)
 	return $content;
 }
 
+function escapeHtml($html) {
+	return htmlentities($html, ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8');
+}
+
 // validator functions
 require_once LIBS . 'validator.php';
 require_once SYSTEM . 'compat/base.php';