From: Janusz Dobrowolski <janusz@frontaccounting.eu>
Date: Thu, 15 Oct 2009 12:17:30 +0000 (+0000)
Subject: Added html_entity_decode in db_escape() for correct INSERT>SELECT>INSERT
X-Git-Tag: 2.3-final~1133
X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=commitdiff_plain;h=d630f596623009712db8e8b3e8b53a949d83c824;p=fa-stable.git

Added html_entity_decode in db_escape() for correct INSERT>SELECT>INSERT
operations.
---

diff --git a/includes/db/connect_db.inc b/includes/db/connect_db.inc
index f848f900..7f0911dc 100644
--- a/includes/db/connect_db.inc
+++ b/includes/db/connect_db.inc
@@ -99,6 +99,7 @@ function db_num_fields ($result)
 
 function db_escape($value = "", $nullify = false)
 {
+	$value = @html_entity_decode($value, ENT_QUOTES, $_SESSION['language']->encoding);
 	$value = @htmlspecialchars($value, ENT_QUOTES, $_SESSION['language']->encoding);
 
   	//reset default if second parameter is skipped