Merge pull request #8214 from Sesquipedalian/warning_template_htmlspe…

…cialchars

Fixes issues with broken HTML entities in warning templates

Sources/ModerationCenter.php

@@ -1708,7 +1708,8 @@ function ModifyWarningTemplate()
 		{
 			$context['template_data'] = array(
 				'title' => $row['template_title'],
-				'body' => $smcFunc['htmlspecialchars']($row['body']),
+				// Redo htmlspecialchars for the sake of old data that might have incorrectly encoded entities.
+				'body' => $smcFunc['htmlspecialchars'](un_htmlspecialchars($row['body'])),
 				'personal' => $row['id_recipient'],
 				'can_edit_personal' => $row['id_member'] == $user_info['id'],
 			);
@@ -1734,6 +1735,7 @@ function ModifyWarningTemplate()
 		{
 			// Safety first.
 			$_POST['template_title'] = $smcFunc['htmlspecialchars']($_POST['template_title']);
+			$_POST['template_body'] = $smcFunc['htmlspecialchars']($_POST['template_body']);
 
 			// Clean up BBC.
 			preparsecode($_POST['template_body']);

Sources/Profile-Actions.php

@@ -415,7 +415,8 @@ function issueWarning($memID)
 
 		$context['notification_templates'][] = array(
 			'title' => $row['template_title'],
-			'body' => $row['body'],
+			// un_htmlspecialchars because this will be passed through JavaScriptEscape()
+			'body' => un_htmlspecialchars($row['body']),
 		);
 	}
 	$smcFunc['db_free_result']($request);

Themes/default/Profile.template.php

@@ -2382,7 +2382,7 @@ function populateNotifyTemplate()
 	foreach ($context['notification_templates'] as $k => $type)
 		echo '
 			if (index == ', $k, ')
-				document.getElementById(\'warn_body\').value = "', strtr($type['body'], array('"' => "'", "\n" => '\\n', "\r" => '')), '";';
+				document.getElementById(\'warn_body\').value = ', JavaScriptEscape($type['body']), ';';
 
 	echo '
 		}