From ed84a68f6303bf1f0ceb40245fa520ada013d92f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20=C4=8Ciha=C5=99?= <michal@cihar.com>
Date: Tue, 2 May 2006 13:28:35 +0000
Subject: [PATCH] Use htmlspecialchars instead of htmlentities, it doesn't
 break utf-8.

---
 ChangeLog                | 2 ++
 libraries/common.lib.php | 4 ++--
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 166eae22b..cb4e2d288 100755
--- a/ChangeLog
+++ b/ChangeLog
@@ -9,6 +9,8 @@ $Source$
     * libraries/select_lang.lib.php, libraries/Theme_Manager.class.php: Escape
       user input (CVE-2006-2031).
     * server_databases.php: Fix path to image (needs to be lower case).
+    * libraries/common.lib.php: Use htmlspecialchars instead of htmlentities,
+      it doesn't break utf-8.
 
 2006-04-28 Michal Čihař  <michal@cihar.com>
     * Documentation.html, main.php, libraries/config.default.php: Possibility
diff --git a/libraries/common.lib.php b/libraries/common.lib.php
index 8ef0c59d8..e61492e7f 100644
--- a/libraries/common.lib.php
+++ b/libraries/common.lib.php
@@ -2038,10 +2038,10 @@ window.parent.updateTableTitle('<?php echo $uni_tbl; ?>', '<?php echo PMA_jsForm
 
         $tag_params_strings = array();
         foreach ($tag_params as $par_name => $par_value) {
-            // htmlentities() only on non javascript
+            // htmlspecialchars() only on non javascript
             $par_value = substr($par_name, 0, 2) == 'on'
                 ? $par_value
-                : htmlentities($par_value);
+                : htmlspecialchars($par_value);
             $tag_params_strings[] = $par_name . '="' . $par_value . '"';
         }