Returned LANG variables from Template Class now exactly the same as f…

…ound in language files Initially htmlspecialchars was used on the return language variable to convert HTML into entities. Not sure why this is done as some language variables have HTML tags in them for formatting reasons. When these language variables are used in code htmlspecialchars is not used. If language variables need to display actual HTML tags then they should already use HTML entities and not need to be converted.
Geeklog-Core · Apr 1, 2022 · 351ba07 · 351ba07
1 parent 96629c9
commit 351ba07
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/system/classes/template.class.php b/system/classes/template.class.php
@@ -1499,9 +1499,9 @@ function mod_echo($val, $modifier = '')
             return $ret;
         }
         if ($this->unknowns == 'comment') {
-            return '<!-- Template variable ' . htmlspecialchars($val) . ' undefined -->';
+			return '<!-- Template variable ' . $val . ' undefined -->'; // Do not need to use htmlspecialchars on $ val as in html comment
         } elseif ($this->unknowns == 'keep') {
-            return '{' . htmlspecialchars($val . $modifier) . '}';
+			return '{' . htmlspecialchars($val . $modifier) . '}';
         }
 
         return '';
@@ -1525,11 +1525,11 @@ function lang_echo($val)
                 }
             }
             if (is_scalar($var)) {
-                return htmlspecialchars($var);
+				return $var; // Changed from "return htmlspecialchars($var);" as lang should translate exactly. If need entities then should be that way in language string
             }
         }
         if ($this->unknowns == 'comment') {
-            return '<!-- Language variable ' . htmlspecialchars($val) . ' undefined -->';
+			return '<!-- Language variable ' . $val . ' undefined -->'; // Do not need to use htmlspecialchars on $ val as in html comment
         } elseif ($this->unknowns == 'keep') {
             return '{' . htmlspecialchars($val) . '}';
         }