JavaScript help alerts can now contain all manner of special characte…

…rs (single quote, double quote, newlines, returns, tabs).

git-svn-id: file:///Users/Shitiz/Downloads/lssvn/trunk/unstable@78 b72ed6b6-b9f8-46b5-92b4-906544132732

admin/dataentry.php

@@ -502,7 +502,8 @@
 			//DIFFERENT TYPES OF DATA FIELD HERE
 			if ($deqrow[6])
 				{
-				$hh=str_replace("'", "\'", strip_tags($deqrow['help']));
+				$hh = addcslashes($deqrow['help'], "\0..\37'\""); //Escape ASCII decimal 0-32 plus single and double quotes to make JavaScript happy.
+				$hh = htmlspecialchars($hh, ENT_QUOTES); //Change & " ' < > to HTML entities to make HTML happy.
 				echo "<IMG SRC='help.gif' ALT='Help about this question' ALIGN='RIGHT' onClick=\"javascript:alert('Question {$deqrow['title']} Help: $hh')\">";
 				}
 			switch($deqrow['type'])