Security update of sql statements, a couple of smaller fixes.

[fa-stable.git] / sales / includes / cart_class.inc

diff --git a/sales/includes/cart_class.inc b/sales/includes/cart_class.inc
index 286ada110dfad40eee5c2133c843f1e84eb6111d..45ca476cf6dde1121f6941fcabd747bf01e717d0 100644 (file)
--- a/sales/includes/cart_class.inc
+++ b/sales/includes/cart_class.inc
@@ -222,11 +222,11 @@ class cart
                        $this->trans_no = 0;
                        $this->order_no= $this->trans_type==13 ? key($src->trans_no) : $src->order_no;
                }
-               $this->reference = @html_entity_decode($this->reference);
-               $this->Comments = @html_entity_decode($this->Comments);
+               $this->reference = @html_entity_decode($this->reference, ENT_QUOTES);
+               $this->Comments = @html_entity_decode($this->Comments, ENT_QUOTES);
                foreach($this->line_items as $lineno => $line) {
-                       $this->line_items[$lineno]->stock_id = @html_entity_decode($line->stock_id);
-                       $this->line_items[$lineno]->item_description = @html_entity_decode($line->item_description);
+                       $this->line_items[$lineno]->stock_id = @html_entity_decode($line->stock_id, ENT_QUOTES);
+                       $this->line_items[$lineno]->item_description = @html_entity_decode($line->item_description, ENT_QUOTES);
                }
                switch($this->trans_type) {
                        case 10: