5694 added various html...decode and stripslashes to cleanup output a…

…ffected by superglobal filtering

mods/_standard/patcher/classes/PatchCreator.class.php

@@ -84,8 +84,8 @@ function PatchCreator($patch_info_array, $patch_id)
 			{
 				$patch_info_array["files"][$i]["directory"] = addslashes($patch_info_array["files"][$i]["directory"]);
 				$patch_info_array["files"][$i]["upload_tmp_name"] = addslashes($patch_info_array["files"][$i]["upload_tmp_name"]);
-				$patch_info_array["files"][$i]["code_from"] = addslashes($patch_info_array["files"][$i]["code_from"]);
-				$patch_info_array["files"][$i]["code_to"] = addslashes($patch_info_array["files"][$i]["code_to"]);
+				$patch_info_array["files"][$i]["code_from"] = $patch_info_array["files"][$i]["code_from"];
+				$patch_info_array["files"][$i]["code_to"] = $patch_info_array["files"][$i]["code_to"];
 			}
 		}
 
@@ -211,8 +211,8 @@ function saveInfo()
 				                                $file_info["action"],
 				                                my_add_null_slashes($file_info["file_name"]),
 				                                my_add_null_slashes($file_info["directory"]),
-				                                my_add_null_slashes($file_info["code_from"]),
-				                                my_add_null_slashes($file_info["code_to"]),
+				                                my_add_null_slashes(htmlspecialchars_decode($file_info["code_from"])),
+				                                my_add_null_slashes(htmlspecialchars_decode($file_info["code_to"])),
 				                                my_add_null_slashes($upload_to)), FALSE, FALSE);			
 			}
 		}
@@ -267,8 +267,8 @@ function createXML()
 				{
 					$action_details .= str_replace(array('{TYPE}', '{CODE_FROM}', '{CODE_TO}'), 
 									  array('replace', 
-									  			htmlspecialchars(stripslashes($file_info["code_from"]), ENT_QUOTES), 
-									  			htmlspecialchars(stripslashes($file_info["code_to"]), ENT_QUOTES)),
+									  			htmlspecialchars(stripslashes($file_info["code_from"]), ENT_QUOTES, $double_encode =false), 
+									  			htmlspecialchars(stripslashes($file_info["code_to"]), ENT_QUOTES,  $double_encode =false)),
 									  $patch_action_detail_xml);
 				}
 
@@ -287,8 +287,8 @@ function createXML()
 		                         '{FILES}'), 
 							         array($this->patch_info_array["atutor_patch_id"], 
 							               $this->patch_info_array["atutor_version_to_apply"], 
-							               htmlspecialchars(stripslashes($this->htmlNewLine($this->patch_info_array["description"])), ENT_QUOTES), 
-							               htmlspecialchars(stripslashes($this->patch_info_array["sql_statement"]), ENT_QUOTES), 
+							               htmlspecialchars_decode(stripslashes($this->htmlNewLine($this->patch_info_array["description"])), ENT_QUOTES), 
+							               htmlspecialchars_decode(stripslashes($this->patch_info_array["sql_statement"]), ENT_QUOTES), 
 							               $dependent_patches,
 							               $xml_files),
 							         $patch_xml);

mods/_standard/patcher/include/common.inc.php

@@ -132,7 +132,6 @@ function is_patch_installed($patch_id)
 	       " and applied_version = '%s'".
 	       " and status like '%%Installed'";
 	$row = queryDB($sql,array(TABLE_PREFIX, $patch_id, VERSION), TRUE);
-
 
 	if ($row["num_of_installed"] > 0) return true;
 	else return false;

mods/_standard/patcher/myown_patches.php

@@ -80,7 +80,7 @@
 			<td width="10"><input type="radio" name="myown_patch_id" value="<?php echo $row['myown_patch_id']; ?>" id="m<?php echo $row['myown_patch_id']; ?>" <?php if ($row['myown_patch_id']==$_POST['myown_patch_id']) echo 'checked'; ?> /></td>
 			<td><label for="m<?php echo $row['myown_patch_id']; ?>"><?php echo $row['atutor_patch_id']; ?></label></td>
 			<td class="hidecol700"><?php echo $row['applied_version']; ?></td>
-			<td><?php echo $row['description']; ?></td>
+			<td><?php echo htmlspecialchars_decode(stripslashes($row['description'])); ?></td>
 			<td class="hidecol700"><?php echo $row['last_modified']; ?></td>
 		</tr>
 <?php 

mods/_standard/patcher/patch_creator.php

@@ -111,8 +111,8 @@ function sanitizeDir($dir) {
 					$patch_info["files"][] = array("action"=>$action,
 					                           "file_name"=>$_POST['alter_filename'][$i],
 					                           "directory"=>$_POST['alter_dir'][$i],
-					                           "code_from"=>$_POST['alter_code_from'][$i],
-					                           "code_to"=>$_POST['alter_code_to'][$i]);
+					                           "code_from"=>htmlspecialchars_decode(stripslashes($_POST['alter_code_from'][$i])),
+					                           "code_to"=>htmlspecialchars_decode(stripslashes($_POST['alter_code_to'][$i])));
 				}
 
 				if ($action == "delete" && $_POST['delete_filename'][$i] <> "") {

mods/_standard/patcher/patch_edit_interface.tmpl.php

@@ -36,12 +36,12 @@
 
 	<div class="row">
 		<label for="description"><?php echo _AT('description'); ?></label><br />
-		<textarea id="description" name="description" cols="40" rows="4"><?php echo $row_patches['description']; ?></textarea><br />
+		<textarea id="description" name="description" cols="40" rows="4"><?php echo htmlspecialchars_decode(stripslashes($row_patches['description'])); ?></textarea><br />
 	</div>
 
 	<div class="row">
 		<label for="sql_statement"><?php echo _AT('sql_statement'); ?></label><br />
-		<textarea id="sql_statement" name="sql_statement" cols="40" rows="8"><?php echo $row_patches['sql_statement']; ?></textarea><br />
+		<textarea id="sql_statement" name="sql_statement" cols="40" rows="8"><?php echo htmlspecialchars_decode(stripslashes($row_patches['sql_statement'])); ?></textarea><br />
 	</div>
 
 	<div class="row">