[0002340] Fixed problem with login after intallation, when special chars are used...

diff --git a/install/isession.inc b/install/isession.inc
index 25a5519c1f5eef284c3bd80d9625a2730c73ded5..3c861792f27f240c90c3fbad2aaf76a04141cc5d 100644 (file)
--- a/install/isession.inc
+++ b/install/isession.inc
@@ -39,6 +39,19 @@ function strip_quotes($data)
        return $data;
 }
 
+function html_cleanup(&$parms)
+{
+       foreach($parms as $name => $value) {
+//             $value = @html_entity_decode($value, ENT_QUOTES, $_SESSION['language']->encoding);
+               if (is_array($value))
+                       html_cleanup($parms[$name]);
+               else
+                       $parms[$name] = @htmlspecialchars($value, ENT_QUOTES, $_SESSION['language']->encoding);
+       }
+       reset($parms); // needed for direct key() usage later throughout the sources
+}
+
+
 function check_page_security($page_security)
 {
 }
@@ -128,6 +141,11 @@ ob_start('output_html',0);
 if (!isset($_SESSION["wa_current_user"]))
        $_SESSION["wa_current_user"] = new current_user();
 
+html_cleanup($_GET);
+html_cleanup($_POST);
+html_cleanup($_REQUEST);
+html_cleanup($_SERVER);
+
 $SysPrefs = &$_SESSION['SysPrefs'];
 
 // POST vars cleanup needed for direct reuse.