From 8812a2432bf847dc654094702eeef4b82e89ccac Mon Sep 17 00:00:00 2001
From: Janusz Dobrowolski <janusz@frontaccounting.eu>
Date: Mon, 16 Sep 2013 12:49:29 +0200
Subject: [PATCH] [0002340] Fixed problem with login after intallation, when
 special chars are used in password.

---
 install/isession.inc | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/install/isession.inc b/install/isession.inc
index 25a5519c..3c861792 100644
--- a/install/isession.inc
+++ b/install/isession.inc
@@ -39,6 +39,19 @@ function strip_quotes($data)
 	return $data;
 }
 
+function html_cleanup(&$parms)
+{
+	foreach($parms as $name => $value) {
+//		$value = @html_entity_decode($value, ENT_QUOTES, $_SESSION['language']->encoding);
+		if (is_array($value))
+			html_cleanup($parms[$name]);
+		else
+			$parms[$name] = @htmlspecialchars($value, ENT_QUOTES, $_SESSION['language']->encoding);
+	}
+	reset($parms); // needed for direct key() usage later throughout the sources
+}
+
+
 function check_page_security($page_security)
 {
 }
@@ -128,6 +141,11 @@ ob_start('output_html',0);
 if (!isset($_SESSION["wa_current_user"]))
 	$_SESSION["wa_current_user"] = new current_user();
 
+html_cleanup($_GET);
+html_cleanup($_POST);
+html_cleanup($_REQUEST);
+html_cleanup($_SERVER);
+
 $SysPrefs = &$_SESSION['SysPrefs'];
 
 // POST vars cleanup needed for direct reuse.
-- 
2.30.2