Some security fixes backported from unstable code.

[fa-stable.git] / includes / db / connect_db.inc

diff --git a/includes/db/connect_db.inc b/includes/db/connect_db.inc
index fa57b678fc4d530e3f98961a96725ee93cb74487..f848f900081bc78fe71c60b78abb66d6ac32dd36 100644 (file)
--- a/includes/db/connect_db.inc
+++ b/includes/db/connect_db.inc
@@ -99,7 +99,7 @@ function db_num_fields ($result)
 
 function db_escape($value = "", $nullify = false)
 {
-       $value = @htmlspecialchars($value, ENT_COMPAT, $_SESSION['language']->encoding);
+       $value = @htmlspecialchars($value, ENT_QUOTES, $_SESSION['language']->encoding);
 
        //reset default if second parameter is skipped
        $nullify = ($nullify === null) ? (false) : ($nullify);