Some security fixes backported from unstable code.

[fa-stable.git] / admin / db / maintenance_db.inc

diff --git a/admin/db/maintenance_db.inc b/admin/db/maintenance_db.inc
index 29790b6658ad29bebd26aa92dbd8d7fae718c479..829328e87b16b17b36ab22fe69422fb0c5c366eb 100644 (file)
--- a/admin/db/maintenance_db.inc
+++ b/admin/db/maintenance_db.inc
@@ -325,7 +325,7 @@ function db_export($conn, $filename, $zip='no', $comment='', $tbpref = TB_PREF)
     $out.="# Backup Date and Time: ".date("Y-m-d H:i")."\n";
     $out.="# Built by " . $app_title . " " . $version ."\n";
     $out.="# ".$power_url."\n";
-    $out.="# Company: ". @html_entity_decode($company, ENT_COMPAT, $_SESSION['language']->encoding)."\n";
+    $out.="# Company: ". @html_entity_decode($company, ENT_QUOTES, $_SESSION['language']->encoding)."\n";
     $out.="# User: ".$_SESSION["wa_current_user"]->name."\n\n";
 
        // write users comment
@@ -423,7 +423,7 @@ function db_export($conn, $filename, $zip='no', $comment='', $tbpref = TB_PREF)
                                        // run through each field
                                        for ($k = 0; $k < $nf = db_num_fields($res2); $k++)
                                        {
-                                               $out .= db_escape(@html_entity_decode($row2[$k], ENT_COMPAT, $_SESSION['language']->encoding));
+                                               $out .= db_escape(@html_entity_decode($row2[$k], ENT_QUOTES, $_SESSION['language']->encoding));
                                                if ($k < ($nf - 1))
                                                        $out .= ", ";
                                        }