diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php
index fae3c4eae5ee2..1bd2b770d1a3b 100644
--- a/htdocs/core/lib/functions.lib.php
+++ b/htdocs/core/lib/functions.lib.php
@@ -806,17 +806,19 @@ function dol_escape_js($stringtoescape, $mode=0, $noescapebackslashn=0)
* @param string $stringtoescape String to escape
* @param int $keepb 1=Preserve b tags (otherwise, remove them)
* @param int $keepn 1=Preserve \r\n strings (otherwise, remove them)
+ * @param int $onlytags Only special chars like (", &, >, > ...) are replaced, not all chars that has an existing entity.
* @return string Escaped string
*
* @see dol_string_nohtmltag
*/
-function dol_escape_htmltag($stringtoescape, $keepb=0, $keepn=0)
+function dol_escape_htmltag($stringtoescape, $keepb=0, $keepn=0, $onlytags=0)
{
// escape quotes and backslashes, newlines, etc.
$tmp=dol_html_entity_decode($stringtoescape,ENT_COMPAT,'UTF-8');
if (! $keepb) $tmp=strtr($tmp, array(""=>'',''=>''));
if (! $keepn) $tmp=strtr($tmp, array("\r"=>'\\r',"\n"=>'\\n'));
- return dol_htmlentities($tmp,ENT_COMPAT,'UTF-8');
+ if ($onlytags) return htmlspecialchars($tmp,ENT_COMPAT,'UTF-8');
+ else return dol_htmlentities($tmp,ENT_COMPAT,'UTF-8');
}
diff --git a/htdocs/websites/index.php b/htdocs/websites/index.php
index 1cc8fffaa2085..de292128ef5ee 100644
--- a/htdocs/websites/index.php
+++ b/htdocs/websites/index.php
@@ -450,15 +450,16 @@ function llxHeader($head='', $title='', $help_url='', $target='', $disablejs=0,
$tplcontent.= ''."\n";
$tplcontent.= ''."\n";
$tplcontent.= ''."\n";
- $tplcontent.= ''.dol_escape_htmltag($objectpage->title).''."\n";
+ $tplcontent.= ''.dol_escape_htmltag($objectpage->title, 0, 0, 1).''."\n";
+ $tplcontent.= ''."\n";
$tplcontent.= ''."\n";
$tplcontent.= ''."\n";
$tplcontent.= ''."\n";
$tplcontent.= ''."\n";
$tplcontent.= ''."\n";
- $tplcontent.= ''."\n";
- $tplcontent.= ''."\n";
- $tplcontent.= ''."\n";
+ $tplcontent.= ''."\n";
+ $tplcontent.= ''."\n";
+ $tplcontent.= ''."\n";
$tplcontent.= ''."\n";
$tplcontent.= ''."\n";
$tplcontent.= ''."\n";
@@ -607,14 +608,15 @@ function llxHeader($head='', $title='', $help_url='', $target='', $disablejs=0,
$tplcontent.= "// END PHP ?>\n";
$tplcontent.= ''."\n";
$tplcontent.= ''."\n";
- $tplcontent.= ''.dol_escape_htmltag($objectpage->title).''."\n";
+ $tplcontent.= ''.dol_escape_htmltag($objectpage->title, 0, 0, 1).''."\n";
+ $tplcontent.= ''."\n";
$tplcontent.= ''."\n";
$tplcontent.= ''."\n";
$tplcontent.= ''."\n";
$tplcontent.= ''."\n";
- $tplcontent.= ''."\n";
- $tplcontent.= ''."\n";
- $tplcontent.= ''."\n";
+ $tplcontent.= ''."\n";
+ $tplcontent.= ''."\n";
+ $tplcontent.= ''."\n";
$tplcontent.= ''."\n";
$tplcontent.= ''."\n";
$tplcontent.= ''."\n";