From 0fb09adccd5c3b305d56f1b267dbd3bf836fd17f Mon Sep 17 00:00:00 2001
From: arno <arno@renevier.net>
Date: Sat, 19 Mar 2011 15:33:18 +0100
Subject: [PATCH] provide charset argument when calling htmlspecialchars

---
 application/controllers/GeomController.php     | 10 ++++++----
 application/forms/Pending/ResetPassword.php    |  2 +-
 application/forms/Pending/ValidateCreation.php |  4 ++--
 3 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/application/controllers/GeomController.php b/application/controllers/GeomController.php
index 0c399fe..1a860b6 100644
--- a/application/controllers/GeomController.php
+++ b/application/controllers/GeomController.php
@@ -56,9 +56,11 @@ class GeomController extends Zend_Controller_Action
         $data .= '<kml xmlns="http://www.opengis.net/kml/2.2" xmlns:atom="http://www.w3.org/2005/Atom">';
         $data .= '<Placemark>';
         if ($path->creator) {
-            $data .= '<atom:author><atom:name>' . htmlspecialchars($path->creator->pseudo) . '</atom:name></atom:author>';
+            $data .= '<atom:author><atom:name>'
+                        . htmlspecialchars($path->creator->pseudo, ENT_COMPAT, "UTF-8")
+                        . '</atom:name></atom:author>';
         }
-        $data .= '<name>' . htmlspecialchars($path->displayTitle) . '</name>';
+        $data .= '<name>' . htmlspecialchars($path->displayTitle, ENT_COMPAT, "UTF-8") . '</name>';
         $data .= $path->geom->toKML();
         $data .= '</Placemark>';
         $data .= '</kml>';
@@ -72,9 +74,9 @@ class GeomController extends Zend_Controller_Action
         $data .= '<gpx creator="syj" version="1.0" xmlns="http://www.topografix.com/GPX/1/0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.topografix.com/GPX/1/0 http://www.topografix.com/GPX/1/0/gpx.xsd">';
         $data .= '<trk>';
         if ($path->creator) {
-            $data .= '<author>' . htmlspecialchars($path->creator->pseudo) . '</author>';
+            $data .= '<author>' . htmlspecialchars($path->creator->pseudo, ENT_COMPAT, "UTF-8") . '</author>';
         }
-        $data .= '<name>' . htmlspecialchars($path->displayTitle) . '</name>';
+        $data .= '<name>' . htmlspecialchars($path->displayTitle, ENT_COMPAT, "UTF-8") . '</name>';
         $data .= $path->geom->toGPX();
         $data .= '</trk>';
         $data .= '</gpx>';
diff --git a/application/forms/Pending/ResetPassword.php b/application/forms/Pending/ResetPassword.php
index a18c071..bcba21a 100644
--- a/application/forms/Pending/ResetPassword.php
+++ b/application/forms/Pending/ResetPassword.php
@@ -9,7 +9,7 @@ class Syj_Form_Pending_ResetPassword extends Syj_Form_Pending
 
         $translator = $this->getTranslator();
         $activatetext = $translator->translate("Hi %s. Someone, probably you, has asked to reset password for your account. To get a new password, validate with following button.");
-        $pseudo = htmlspecialchars($user->pseudo);
+        $pseudo = htmlspecialchars($user->pseudo, ENT_COMPAT, "UTF-8");
         $activatetext = vsprintf ($activatetext, array($pseudo));
 
         return array(
diff --git a/application/forms/Pending/ValidateCreation.php b/application/forms/Pending/ValidateCreation.php
index f8a20f5..5028471 100644
--- a/application/forms/Pending/ValidateCreation.php
+++ b/application/forms/Pending/ValidateCreation.php
@@ -9,8 +9,8 @@ class Syj_Form_Pending_ValidateCreation extends Syj_Form_Pending
 
         $translator = $this->getTranslator();
         $activatetext = $translator->translate("Someone, probably you, has registered an account %s with email address %s on syj. To confirm this account creation, validate with following button.");
-        $pseudo = '<strong>' . htmlspecialchars('"' . $user->pseudo . '"') . '</strong>';
-        $email = '<strong>' . htmlspecialchars('"' . $user->email . '"') . '</strong>';
+        $pseudo = '<strong>' . htmlspecialchars('"' . $user->pseudo . '"', ENT_COMPAT, "UTF-8") . '</strong>';
+        $email = '<strong>' . htmlspecialchars('"' . $user->email . '"', ENT_COMPAT, "UTF-8") . '</strong>';
         $activatetext = vsprintf ($activatetext, array($pseudo, $email));
 
         return array(
-- 
2.39.2