From f14b0f4962c37571d20e91db78667f6b124ef38d Mon Sep 17 00:00:00 2001
From: nao-pon <hypweb@gmail.com>
Date: Sat, 24 Aug 2013 09:43:29 +0900
Subject: [PATCH] correction of htmlspecialchars() for PHP 5.4 on non UTF-8

---
 .../xpwiki/skin/pukiwiki/pukiwiki.skin.php    |   2 +-
 .../VerUp/3/skin/pukiwiki/pukiwiki.skin.php   |   2 +-
 .../modules/xpwiki/blocks/block_functions.php |  16 +--
 .../modules/xpwiki/class/attach.php           |  38 +++---
 .../modules/xpwiki/class/convert_html.php     |  10 +-
 .../modules/xpwiki/class/ext_autolink.php     |   6 +-
 .../xpwiki/class/extension/xoopsSearch.php    |   2 +-
 .../modules/xpwiki/class/func/base_func.php   |   2 +-
 .../xpwiki/class/func/pukiwiki_func.php       | 120 +++++++++---------
 .../xpwiki/class/func/xoops_wrapper.php       |  10 +-
 .../modules/xpwiki/class/func/xpwiki_func.php |  64 ++++++----
 .../modules/xpwiki/class/include/init.php     |  13 +-
 .../modules/xpwiki/class/make_link.php        |  30 ++---
 .../modules/xpwiki/class/xpwiki.php           |  16 ++-
 .../xpwiki/include/DifferenceEngine.php       |   2 +-
 .../modules/xpwiki/include/check.func.php     |   2 +-
 .../xpwiki/include/stand_alone_functions.php  |   4 +-
 .../modules/xpwiki/ini/rules.ini.php          |   2 +-
 xoops_trust_path/modules/xpwiki/loader.php    |   2 +-
 xoops_trust_path/modules/xpwiki/oninstall.php |  18 +--
 .../modules/xpwiki/onuninstall.php            |   6 +-
 xoops_trust_path/modules/xpwiki/onupdate.php  |  18 +--
 .../modules/xpwiki/plugin/addline.inc.php     |  12 +-
 .../modules/xpwiki/plugin/ajaxtree.inc.php    |  12 +-
 .../modules/xpwiki/plugin/amazon.inc.php      |  10 +-
 .../modules/xpwiki/plugin/aname.inc.php       |   8 +-
 .../modules/xpwiki/plugin/areaedit.inc.php    |  22 ++--
 .../modules/xpwiki/plugin/article.inc.php     |  10 +-
 .../modules/xpwiki/plugin/attach.inc.php      |  22 ++--
 .../modules/xpwiki/plugin/aws.inc.php         |   2 +-
 .../modules/xpwiki/plugin/back.inc.php        |   2 +-
 .../modules/xpwiki/plugin/backup.inc.php      |  30 ++---
 .../modules/xpwiki/plugin/bitly.inc.php       |   6 +-
 .../modules/xpwiki/plugin/boxdate.inc.php     |   2 +-
 .../modules/xpwiki/plugin/bugtrack.inc.php    |  40 +++---
 .../modules/xpwiki/plugin/build_js.inc.php    |   4 +-
 .../modules/xpwiki/plugin/calendar.inc.php    |   2 +-
 .../modules/xpwiki/plugin/calendar2.inc.php   |  12 +-
 .../modules/xpwiki/plugin/calendar9.inc.php   |  14 +-
 .../xpwiki/plugin/calendar_viewer.inc.php     |  12 +-
 .../modules/xpwiki/plugin/code.inc.php        |  20 +--
 .../xpwiki/plugin/code/codehighlight.php      |  52 ++++----
 .../modules/xpwiki/plugin/color.inc.php       |   6 +-
 .../modules/xpwiki/plugin/comment.inc.php     |   2 +-
 .../modules/xpwiki/plugin/conf.inc.php        |   8 +-
 .../modules/xpwiki/plugin/dbsync.inc.php      |   4 +-
 .../modules/xpwiki/plugin/deldel.inc.php      |  28 ++--
 .../modules/xpwiki/plugin/diff.inc.php        |   8 +-
 .../modules/xpwiki/plugin/dump.inc.php        |  16 +--
 .../modules/xpwiki/plugin/edit.inc.php        |  24 ++--
 .../xpwiki/plugin/exifshowcase.inc.php        |   2 +-
 .../modules/xpwiki/plugin/font.inc.php        |  14 +-
 .../modules/xpwiki/plugin/footnotes.inc.php   |   2 +-
 .../modules/xpwiki/plugin/freeze.inc.php      |   2 +-
 .../modules/xpwiki/plugin/fusen.inc.php       |   6 +-
 .../modules/xpwiki/plugin/gmap.inc.php        |  14 +-
 .../modules/xpwiki/plugin/gmap_draw.inc.php   |   2 +-
 .../modules/xpwiki/plugin/gmap_icon.inc.php   |   2 +-
 .../xpwiki/plugin/gmap_insertmarker.inc.php   |  14 +-
 .../modules/xpwiki/plugin/gmap_mark.inc.php   |   4 +-
 .../modules/xpwiki/plugin/gmap_street.inc.php |   2 +-
 .../modules/xpwiki/plugin/googlemaps2.inc.php |  10 +-
 .../xpwiki/plugin/googlemaps2_draw.inc.php    |   2 +-
 .../xpwiki/plugin/googlemaps2_icon.inc.php    |   2 +-
 .../plugin/googlemaps2_insertmarker.inc.php   |  14 +-
 .../xpwiki/plugin/googlemaps2_mark.inc.php    |   4 +-
 .../modules/xpwiki/plugin/gsearch.inc.php     |  12 +-
 .../modules/xpwiki/plugin/html.inc.php        |   2 +-
 .../modules/xpwiki/plugin/iframe.inc.php      |   6 +-
 .../modules/xpwiki/plugin/import.inc.php      |  12 +-
 .../modules/xpwiki/plugin/include.inc.php     |   4 +-
 .../xpwiki/plugin/includesubmenu.inc.php      |   2 +-
 .../modules/xpwiki/plugin/insert.inc.php      |  10 +-
 .../modules/xpwiki/plugin/interwiki.inc.php   |   2 +-
 .../modules/xpwiki/plugin/isbn.inc.php        |  12 +-
 .../modules/xpwiki/plugin/jsmath.inc.php      |   4 +-
 .../modules/xpwiki/plugin/lookup.inc.php      |  10 +-
 .../modules/xpwiki/plugin/ls2.inc.php         |  10 +-
 .../modules/xpwiki/plugin/lsx.inc.php         |  18 ++-
 .../modules/xpwiki/plugin/map.inc.php         |   2 +-
 .../modules/xpwiki/plugin/md5.inc.php         |   2 +-
 .../modules/xpwiki/plugin/memo.inc.php        |  12 +-
 .../modules/xpwiki/plugin/menu.inc.php        |   8 +-
 .../modules/xpwiki/plugin/navi.inc.php        |  16 +--
 .../modules/xpwiki/plugin/new.inc.php         |   2 +-
 .../modules/xpwiki/plugin/newpage.inc.php     |   8 +-
 .../xpwiki/plugin/page_comments.inc.php       |   2 +-
 .../modules/xpwiki/plugin/paint.inc.php       |   6 +-
 .../modules/xpwiki/plugin/pcomment.inc.php    |  14 +-
 .../modules/xpwiki/plugin/pginfo.inc.php      |  12 +-
 .../modules/xpwiki/plugin/random.inc.php      |   2 +-
 .../modules/xpwiki/plugin/read.inc.php        |   2 +-
 .../modules/xpwiki/plugin/recent.inc.php      |   2 +-
 .../xpwiki/plugin/recentchanges.inc.php       |   2 +-
 .../modules/xpwiki/plugin/redirect.inc.php    |  10 +-
 .../modules/xpwiki/plugin/ref.inc.php         |  48 +++----
 .../modules/xpwiki/plugin/referer.inc.php     |   8 +-
 .../modules/xpwiki/plugin/related.inc.php     |   2 +-
 .../modules/xpwiki/plugin/relatedview.inc.php |   2 +-
 .../modules/xpwiki/plugin/rename.inc.php      |  32 ++---
 .../modules/xpwiki/plugin/replacer.inc.php    |  10 +-
 .../modules/xpwiki/plugin/rss.inc.php         |  18 +--
 .../modules/xpwiki/plugin/rsslink.inc.php     |   4 +-
 .../modules/xpwiki/plugin/ruby.inc.php        |   2 +-
 .../modules/xpwiki/plugin/rws.inc.php         |   2 +-
 .../modules/xpwiki/plugin/search.inc.php      |   6 +-
 .../xpwiki/plugin/setlinebreak.inc.php        |   2 +-
 .../modules/xpwiki/plugin/showrss.inc.php     |  12 +-
 .../modules/xpwiki/plugin/siteimage.inc.php   |   4 +-
 .../modules/xpwiki/plugin/sitemap.inc.php     |   2 +-
 .../xpwiki/plugin/skin_changer.inc.php        |  14 +-
 .../modules/xpwiki/plugin/skype.inc.php       |   2 +-
 .../modules/xpwiki/plugin/source.inc.php      |   2 +-
 .../modules/xpwiki/plugin/stationary.inc.php  |   4 +-
 .../modules/xpwiki/plugin/sub.inc.php         |   2 +-
 .../modules/xpwiki/plugin/subnote.inc.php     |   8 +-
 .../modules/xpwiki/plugin/sup.inc.php         |   2 +-
 .../modules/xpwiki/plugin/tag.inc.php         |   4 +-
 .../modules/xpwiki/plugin/tb.inc.php          |   4 +-
 .../modules/xpwiki/plugin/template.inc.php    |   6 +-
 .../modules/xpwiki/plugin/topicpath.inc.php   |   6 +-
 .../modules/xpwiki/plugin/tracker.inc.php     |  62 ++++-----
 .../modules/xpwiki/plugin/twitter.inc.php     |   2 +-
 .../modules/xpwiki/plugin/ucomedit.inc.php    |   2 +-
 .../modules/xpwiki/plugin/unfreeze.inc.php    |   2 +-
 .../modules/xpwiki/plugin/urlbookmark.inc.php |   2 +-
 .../modules/xpwiki/plugin/user_pref.inc.php   |  10 +-
 .../modules/xpwiki/plugin/versionlist.inc.php |   4 +-
 .../modules/xpwiki/plugin/vote.inc.php        |   8 +-
 .../modules/xpwiki/plugin/xoopsblock.inc.php  |   2 +-
 .../modules/xpwiki/plugin/yahoo.inc.php       |  14 +-
 .../modules/xpwiki/plugin/yetlist.inc.php     |   4 +-
 .../modules/xpwiki/skin/keitai.skin.php       |   4 +-
 .../modules/xpwiki/skin/print.skin.php        |   8 +-
 .../modules/xpwiki/skin/pukiwiki.skin.php     |   4 +-
 .../modules/xpwiki/skin/tdiary.skin.php       |  10 +-
 .../modules/xpwiki/util/plugin_conv/index.php |   9 +-
 .../modules/xpwiki/util/skin_conv/index.php   |   3 +-
 .../modules/xpwiki/ways/redirect_SJIS.php     |   2 +-
 .../modules/xpwiki/ways/w2x_php5.php          |  50 +++++---
 140 files changed, 765 insertions(+), 722 deletions(-)

diff --git a/html/modules/xpwiki/skin/pukiwiki/pukiwiki.skin.php b/html/modules/xpwiki/skin/pukiwiki/pukiwiki.skin.php
index 755d5ea4..d5e752f1 100644
--- a/html/modules/xpwiki/skin/pukiwiki/pukiwiki.skin.php
+++ b/html/modules/xpwiki/skin/pukiwiki/pukiwiki.skin.php
@@ -86,7 +86,7 @@
 <?php if ($this->root->nofollow || ! $is_read)  {?> <meta name="robots" content="NOINDEX,NOFOLLOW" /><?php }?>
 <?php if ($this->cont['PKWK_ALLOW_JAVASCRIPT'] && isset($this->root->javascript)) {?> <meta http-equiv="Content-Script-Type" content="text/javascript" /><?php }?>
 
- <title><?php echo htmlspecialchars($this->root->pagetitle) ?> - <?php echo $this->root->siteinfo['sitename'] ?></title>
+ <title><?php echo htmlspecialchars($this->root->pagetitle, ENT_COMPAT, $this->cont['SOURCE_ENCODING']) ?> - <?php echo $this->root->siteinfo['sitename'] ?></title>
 
 <?php echo $head_pre_tag?>
 <?php echo <<<EOD
diff --git a/xoops_trust_path/modules/xpwiki/ID/VerUp/3/skin/pukiwiki/pukiwiki.skin.php b/xoops_trust_path/modules/xpwiki/ID/VerUp/3/skin/pukiwiki/pukiwiki.skin.php
index 3b1013f4..757a8f03 100644
--- a/xoops_trust_path/modules/xpwiki/ID/VerUp/3/skin/pukiwiki/pukiwiki.skin.php
+++ b/xoops_trust_path/modules/xpwiki/ID/VerUp/3/skin/pukiwiki/pukiwiki.skin.php
@@ -88,7 +88,7 @@
 <?php if ($this->root->nofollow || ! $is_read)  {?> <meta name="robots" content="NOINDEX,NOFOLLOW" /><?php }?>
 <?php if ($this->cont['PKWK_ALLOW_JAVASCRIPT'] && isset($this->root->javascript)) {?> <meta http-equiv="Content-Script-Type" content="text/javascript" /><?php }?>
 
- <title><?php echo htmlspecialchars($this->root->pagetitle) ?> - <?php echo $this->root->siteinfo['sitename'] ?></title>
+ <title><?php echo $this->htmlspecialchars($this->root->pagetitle) ?> - <?php echo $this->root->siteinfo['sitename'] ?></title>
 
 <?php echo $head_pre_tag?>
 <?php echo <<<EOD
diff --git a/xoops_trust_path/modules/xpwiki/blocks/block_functions.php b/xoops_trust_path/modules/xpwiki/blocks/block_functions.php
index 0d58752e..b89b2f7f 100644
--- a/xoops_trust_path/modules/xpwiki/blocks/block_functions.php
+++ b/xoops_trust_path/modules/xpwiki/blocks/block_functions.php
@@ -42,7 +42,7 @@ function b_xpwiki_notification_edit( $options )
 	$form = "
 		<input type='hidden' name='options[0]' value='$mydirname' />
 		<label for='this_template'>"._MB_XPWIKI_THISTEMPLATE."</label>&nbsp;:
-		<input type='text' size='40' name='options[1]' id='this_template' value='".htmlspecialchars($this_template,ENT_QUOTES)."' /> ( {$defs[1]} )
+		<input type='text' size='40' name='options[1]' id='this_template' value='".htmlspecialchars($this_template,ENT_QUOTES,_CHARSET)."' /> ( {$defs[1]} )
 		<br />
 	\n" ;
 
@@ -162,13 +162,13 @@ function b_xpwiki_a_page_edit( $options )
 		<input type='text' size='20' name='options[2]' id='blockwidth' value='".$width."' /> ( {$defs[2]} )
 		<br />
 		<label for='this_template'>"._MB_XPWIKI_THISTEMPLATE."</label>&nbsp;:
-		<input type='text' size='40' name='options[3]' id='this_template' value='".htmlspecialchars($this_template,ENT_QUOTES)."' /> ( {$defs[3]} )
+		<input type='text' size='40' name='options[3]' id='this_template' value='".htmlspecialchars($this_template,ENT_QUOTES,_CHARSET)."' /> ( {$defs[3]} )
 		<br />
 		<label for='divclass'>"._MB_XPWIKI_DIVCLASS."</label>&nbsp;:
-		<input type='text' size='30' name='options[4]' id='divclass' value='".htmlspecialchars($div_class,ENT_QUOTES)."' /> ( {$defs[4]} )
+		<input type='text' size='30' name='options[4]' id='divclass' value='".htmlspecialchars($div_class,ENT_QUOTES,_CHARSET)."' /> ( {$defs[4]} )
 		<br />
 		<label for='this_css'>"._MB_XPWIKI_THISCSS."</label>&nbsp;:
-		<input type='text' size='30' name='options[5]' id='this_css' value='".htmlspecialchars($css,ENT_QUOTES)."' /> ( {$defs[5]} )
+		<input type='text' size='30' name='options[5]' id='this_css' value='".htmlspecialchars($css,ENT_QUOTES,_CHARSET)."' /> ( {$defs[5]} )
 		<br />
 		<label>"._MB_XPWIKI_DISABLEDPAGECACHE."</label>&nbsp;:
 		<input type='radio' name='options[6]' value='1'{$check_pagecache[0]} />Yes &nbsp; <input type='radio' name='options[6]' value='0'{$check_pagecache[1]} />No &nbsp; ( {$defs[6]} )
@@ -177,7 +177,7 @@ function b_xpwiki_a_page_edit( $options )
 		<input type='radio' name='options[7]' value='module'{$check_headtag['module']} id='headtag_module' /><label for='headtag_module'>xoops_module_header</label> &nbsp; <input type='radio' name='options[7]' value='block'{$check_headtag['block']} id='headtag_block' /><label for='headtag_block'>xoops_block_header</label> &nbsp; <input type='radio' name='options[7]' value='body'{$check_headtag['body']} id='headtag_body' /><label for='headtag_body'>&lt;body&gt;(Inline)</label>
 		<br />( {$defs[7]} )<br />
 		<label for='target_page'>"._MB_XPWIKI_TARGETPAGE."</label>&nbsp;:
-		<input type='text' size='30' name='options[8]' id='target_page' value='".htmlspecialchars($target_page,ENT_QUOTES)."' /><br />( \"PageName\" or \"xpWiki module dirname::PageName\" )
+		<input type='text' size='30' name='options[8]' id='target_page' value='".htmlspecialchars($target_page,ENT_QUOTES,_CHARSET)."' /><br />( \"PageName\" or \"xpWiki module dirname::PageName\" )
 		<br />
 		\n" ;
 	return $form;
@@ -283,13 +283,13 @@ function b_xpwiki_block_edit( $options )
 		<input type='text' size='20' name='options[1]' id='blockwidth' value='".$width."' /> ( {$defs[1]} )
 		<br />
 		<label for='this_template'>"._MB_XPWIKI_THISTEMPLATE."</label>&nbsp;:
-		<input type='text' size='40' name='options[2]' id='this_template' value='".htmlspecialchars($this_template,ENT_QUOTES)."' /> ( {$defs[2]} )
+		<input type='text' size='40' name='options[2]' id='this_template' value='".htmlspecialchars($this_template,ENT_QUOTES,_CHARSET)."' /> ( {$defs[2]} )
 		<br />
 		<label for='divclass'>"._MB_XPWIKI_DIVCLASS."</label>&nbsp;:
-		<input type='text' size='30' name='options[3]' id='divclass' value='".htmlspecialchars($div_class,ENT_QUOTES)."' /> ( {$defs[3]} )
+		<input type='text' size='30' name='options[3]' id='divclass' value='".htmlspecialchars($div_class,ENT_QUOTES,_CHARSET)."' /> ( {$defs[3]} )
 		<br />
 		<label for='this_css'>"._MB_XPWIKI_THISCSS."</label>&nbsp;:
-		<input type='text' size='30' name='options[4]' id='this_css' value='".htmlspecialchars($css,ENT_QUOTES)."' /> ( {$defs[4]} )
+		<input type='text' size='30' name='options[4]' id='this_css' value='".htmlspecialchars($css,ENT_QUOTES,_CHARSET)."' /> ( {$defs[4]} )
 		<br />
 		<label>"._MB_XPWIKI_HEAD_TAG_PLACE."</label>&nbsp;:
 		<input type='radio' name='options[5]' value='module'{$check_headtag['module']} id='headtag_module' /><label for='headtag_module'>xoops_module_header</label> &nbsp; <input type='radio' name='options[5]' value='block'{$check_headtag['block']} id='headtag_block' /><label for='headtag_block'>xoops_block_header</label> &nbsp; <input type='radio' name='options[5]' value='body'{$check_headtag['body']} id='headtag_body' /><label for='headtag_body'>&lt;body&gt;(Inline)</label>
diff --git a/xoops_trust_path/modules/xpwiki/class/attach.php b/xoops_trust_path/modules/xpwiki/class/attach.php
index b1bdd62b..79ef9f54 100644
--- a/xoops_trust_path/modules/xpwiki/class/attach.php
+++ b/xoops_trust_path/modules/xpwiki/class/attach.php
@@ -182,7 +182,7 @@ function getstatus()
 		$user = $user['uname_s'];
 		if (!$this->status['owner']) {
 			if ($this->status['uname']) {
-				$user = htmlspecialchars($this->status['uname']);
+				$user = $this->func->htmlspecialchars($this->status['uname']);
 			}
 			$user = $user . " [".$this->status['ucd'] . "]";
 		}
@@ -254,7 +254,7 @@ function toString($showicon,$showinfo,$mode="")
 		       . '&amp;';
 		$param2 = 'file='.$file_e;
 		$title = $this->time_str.' '.$this->size_str;
-		$label = ($showicon ? $this->cont['FILE_ICON'] : '').htmlspecialchars($this->status['org_fname']);
+		$label = ($showicon ? $this->cont['FILE_ICON'] : '').$this->func->htmlspecialchars($this->status['org_fname']);
 		if ($this->age) {
 			if ($mode == "imglist"){
 				$label = 'backup No.'.$this->age;
@@ -275,7 +275,7 @@ function toString($showicon,$showinfo,$mode="")
 					if ($is_owner) $info .= ' &build_js(attachDel,'.str_replace('|', '&#124;', $this->page).','.str_replace('|', '&#124;', $this->file).','.$this->age.','.$returi.');';
 				} else {
 					$info = "\n<span class=\"small\">[<a href=\"{$this->root->script}?plugin=attach&amp;pcmd=info{$param}{$param2}\" title=\"$_title\">{$this->root->_attach_messages['btn_info']}</a>]</span>";
-					if ($is_owner) $info .= '<a href="'.$this->root->script.'?plugin=attach&pcmd=delete'.$param.$param2.'&amp;returi='.rawurlencode($returi).'" title="'.$this->root->_btn_delete.'" onclick="return confirm(\''.htmlspecialchars($this->file, ENT_QUOTES).': '.htmlspecialchars($this->root->_attach_messages['msg_delete'], ENT_QUOTES).'\')"><img src="'.$this->cont['LOADER_URL'].'?src=trash_16.gif" alt="'.$this->root->_btn_delete.'" /></a>';
+					if ($is_owner) $info .= '<a href="'.$this->root->script.'?plugin=attach&pcmd=delete'.$param.$param2.'&amp;returi='.rawurlencode($returi).'" title="'.$this->root->_btn_delete.'" onclick="return confirm(\''.$this->func->htmlspecialchars($this->file, ENT_QUOTES).': '.$this->func->htmlspecialchars($this->root->_attach_messages['msg_delete'], ENT_QUOTES).'\')"><img src="'.$this->cont['LOADER_URL'].'?src=trash_16.gif" alt="'.$this->root->_btn_delete.'" /></a>';
 				}
 			}
 			$count = ($showicon and !empty($this->status['count'][$this->age])) ?
@@ -308,8 +308,8 @@ function toString($showicon,$showinfo,$mode="")
 	function info($err) {
 
 		$r_page = rawurlencode($this->page);
-		$s_page = htmlspecialchars($this->page);
-		$s_file = htmlspecialchars($this->file);
+		$s_page = $this->func->htmlspecialchars($this->page);
+		$s_file = $this->func->htmlspecialchars($this->file);
 		$s_err = ($err == '') ? '' : '<p style="font-weight:bold">'.$this->root->_attach_messages[$err].'</p>';
 		$ref = "";
 		$img_info = "";
@@ -423,7 +423,7 @@ function info($err) {
 						'<label for="_p_attach_newname">' . $this->root->_attach_messages['msg_newname'] .
 						':</label> ' .
 						'<input type="text" name="newname" id="_p_attach_newname" size="40" value="' .
-						(htmlspecialchars(empty($this->status['org_fname'])? $this->file : $this->status['org_fname'])) . '" /><br />';
+						($this->func->htmlspecialchars(empty($this->status['org_fname'])? $this->file : $this->status['org_fname'])) . '" /><br />';
 				}
 				if ($this->status['copyright']) {
 					$msg_copyright  = '<input type="radio" id="pcmd_c" name="pcmd" value="copyright0" /><label for="pcmd_c">'.$this->root->_attach_messages['msg_copyright0'].'</label>';
@@ -447,7 +447,7 @@ function info($err) {
 		$info = $this->toString(TRUE,FALSE);
 		$copyright = ($this->status['copyright'])? ' checked=TRUE' : '';
 
-		$retval = array('msg'=>sprintf($this->root->_attach_messages['msg_info'],htmlspecialchars($this->file)));
+		$retval = array('msg'=>sprintf($this->root->_attach_messages['msg_info'],$this->func->htmlspecialchars($this->file)));
 		$page_link = $this->func->make_pagelink($s_page);
 		$ex_tags = '';
 		if ($this->status['imagesize']) {
@@ -609,7 +609,7 @@ function delete($pass)
 			$this->putstatus(TRUE);
 		}
 		if ($this->func->is_page($this->page)) {
-			$this->root->rtf['esummary'] = 'Deleted an attach file: ' . htmlspecialchars($this->file);
+			$this->root->rtf['esummary'] = 'Deleted an attach file: ' . $this->func->htmlspecialchars($this->file);
 			$this->func->touch_page($this->page, NULL, TRUE);
 		}
 
@@ -781,7 +781,7 @@ function reinfo() {
 			($this->age ? '&age='.$this->age : '');
 		$redirect = "{$this->root->script}?plugin=attach&pcmd=info$param";
 
-		$msg = str_replace('$1', htmlspecialchars($this->status['org_fname']), $this->root->_title_updated);
+		$msg = str_replace('$1', $this->func->htmlspecialchars($this->status['org_fname']), $this->root->_title_updated);
 
 		return array('msg' => $msg, 'redirect' => $redirect);
 
@@ -1109,7 +1109,7 @@ function toString($flat,$fromall=FALSE,$mode="")
 				if ($this->is_popup) {
 					continue;
 				}
-				$_files[0] = htmlspecialchars($file);
+				$_files[0] = $this->func->htmlspecialchars($file);
 			}
 			ksort($_files);
 			$_file = $_files[0];
@@ -1170,7 +1170,7 @@ function toString($flat,$fromall=FALSE,$mode="")
 		$showall = ($fromall && $this->max < $this->count)? " [&nbsp;<a href=\"{$showall_href}\">Show All</a>&nbsp;]" : "";
 		if ($this->is_popup) {
 			if ($fromall) {
-				$showall = "<div class=\"filelist_page\"><a href=\"{$showall_href}\">" . htmlspecialchars($this->page) . '</a>' . $filecount . '<small>' . $showall . '</small></div>';
+				$showall = "<div class=\"filelist_page\"><a href=\"{$showall_href}\">" . $this->func->htmlspecialchars($this->page) . '</a>' . $filecount . '<small>' . $showall . '</small></div>';
 			} else {
 				$showall = '';
 			}
@@ -1338,11 +1338,11 @@ function toString($page='',$flat=FALSE)
 		$hiddens = array();
 		$hiddens['plugin'] = 'attach';
 		$hiddens['pcmd'] = $pcmd;
-		$hiddens['refer'] = (isset($this->root->vars['refer']))? htmlspecialchars($this->root->vars['refer']) : '';
+		$hiddens['refer'] = (isset($this->root->vars['refer']))? $this->func->htmlspecialchars($this->root->vars['refer']) : '';
 		foreach($otherkeys as $key) {
 			if (isset($this->root->vars[$key])) {
 				$otherprams[] = rawurlencode($key) . '=' . rawurlencode($this->root->vars[$key]);
-				$hiddens[htmlspecialchars($key)] = htmlspecialchars($this->root->vars[$key]);
+				$hiddens[$this->func->htmlspecialchars($key)] = $this->func->htmlspecialchars($this->root->vars[$key]);
 			}
 		}
 
@@ -1372,7 +1372,7 @@ function toString($page='',$flat=FALSE)
 					if ($this->root->vars['basedir'] === $dir) {
 						$defaultpage = $this->root->vars['base'];
 					}
-					$otherDirs[] = '<option value="' . $dir . '#' . htmlspecialchars($defaultpage) . '"' . $selected . '>' . htmlspecialchars($val['title']) . '</option>';
+					$otherDirs[] = '<option value="' . $dir . '#' . $this->func->htmlspecialchars($defaultpage) . '"' . $selected . '>' . $this->func->htmlspecialchars($val['title']) . '</option>';
 				}
 				$otherDir = '<form><img src="' . $this->cont['LOADER_URL'] . '?src=folder_go.png" alt="Dir" /> <select name="otherdir" style="max-width:85%;" onchange="xpwiki_dir_selector_change(this.options[this.selectedIndex].value)">' . join('', $otherDirs) . '</select></form>';
 			}
@@ -1412,7 +1412,7 @@ function toString($page='',$flat=FALSE)
 							$_class = 'attachable';
 							if ($this->cont['UA_PROFILE'] !== 'default') $_attachable = '&uarr;';
 						}
-						$otherPages[] = '<option class="'.$_class.'" value="' . rawurlencode($_page) . '"' . $selected . '>' . $_attachable . htmlspecialchars($_page) . $count . '</option>';
+						$otherPages[] = '<option class="'.$_class.'" value="' . rawurlencode($_page) . '"' . $selected . '>' . $_attachable . $this->func->htmlspecialchars($_page) . $count . '</option>';
 					}
 				}
 				$otherPages[] = '</optgroup>';
@@ -1425,14 +1425,14 @@ function toString($page='',$flat=FALSE)
 					if ($this->func->check_readable($row[0], false, false)) {
 						if (in_array($row[0], $shown)) continue;
 						$selected = ($row[0] === $page)? ' selected="selected"' : '';
-						$_page = htmlspecialchars($row[0]);
+						$_page = $this->func->htmlspecialchars($row[0]);
 						$_attachable = '';
 						$_class = 'readable';
 						if ($attach->attachable($_page)) {
 							$_class = 'attachable';
 							if ($this->cont['UA_PROFILE'] !== 'default') $_attachable = '&uarr;';
 						}
-						$otherPages[] = '<option class="'.$_class.'" value="' . rawurlencode($_page) . '"' . $selected . '>' . $_attachable . htmlspecialchars($_page) . ' (' . $row[1] . ')</option>';
+						$otherPages[] = '<option class="'.$_class.'" value="' . rawurlencode($_page) . '"' . $selected . '>' . $_attachable . $this->func->htmlspecialchars($_page) . ' (' . $row[1] . ')</option>';
 					}
 				}
 				$otherPages[] = '</optgroup>';
@@ -1441,7 +1441,7 @@ function toString($page='',$flat=FALSE)
 				$thisPage = '<option value="">--- ' . $this->root->_attach_messages['msg_page_select'] . ' ---</option>';
 				if ($this->root->vars['basedir'] === $this->root->mydirname) {
 					$selected = ($this->root->vars['base'] === $page)? ' selected="selected"' : '';
-					$thisPage .= '<option value="'.rawurlencode($this->root->vars['base']).'"' . $selected . '>' . htmlspecialchars($this->root->vars['base']) . $this->root->_attach_messages['msg_select_current'] . '</option>';
+					$thisPage .= '<option value="'.rawurlencode($this->root->vars['base']).'"' . $selected . '>' . $this->func->htmlspecialchars($this->root->vars['base']) . $this->root->_attach_messages['msg_select_current'] . '</option>';
 				}
 				if (! empty($this->root->vars['refer'])) $thisPage .= '<option value="#">'.$this->root->_attach_messages['msg_show_all_pages'].'</option>';
 				$base = rawurlencode($this->root->vars['base']);
@@ -1470,7 +1470,7 @@ function xpwiki_dir_selector_change(dir) {
 EOD;
 		}
 
-		$sword = (isset($this->root->vars['word']))? htmlspecialchars($this->root->vars['word']) : '';
+		$sword = (isset($this->root->vars['word']))? $this->func->htmlspecialchars($this->root->vars['word']) : '';
 		$hidden = '';
 		unset($hiddens['word']);
 		foreach($hiddens as $key=> $val) {
diff --git a/xoops_trust_path/modules/xpwiki/class/convert_html.php b/xoops_trust_path/modules/xpwiki/class/convert_html.php
index 8df7b5a6..06eb5298 100644
--- a/xoops_trust_path/modules/xpwiki/class/convert_html.php
+++ b/xoops_trust_path/modules/xpwiki/class/convert_html.php
@@ -391,11 +391,11 @@ function XpWikiTableCell(& $xpwiki, $text, $is_template = FALSE) {
 			} else
 				if ($matches[3]) {
 					$name = $matches[2] ? 'background-color' : 'color';
-					$this->style[$name] = $name.':'.htmlspecialchars($matches[3]).';';
+					$this->style[$name] = $name.':'.$this->func->htmlspecialchars($matches[3]).';';
 					$text = $matches[5];
 				} else
 					if ($matches[4]) {
-						$this->style['size'] = 'font-size:'.htmlspecialchars($matches[4]).'px;';
+						$this->style['size'] = 'font-size:'.$this->func->htmlspecialchars($matches[4]).'px;';
 						$text = $matches[5];
 					}
 		}
@@ -504,7 +504,7 @@ function get_cell_style($string) {
 		// セル背景画
 		if (preg_match("/(?:[SCB]C):\(([^),]*)(,once|,1)?\) ?/i",$cells[0],$tmp)) {
 			if (strpos($tmp[1], $this->cont['ROOT_URL']) === 0) {
-				$tmp[1] = htmlspecialchars($tmp[1]);
+				$tmp[1] = $this->func->htmlspecialchars($tmp[1]);
 				$this->style['background-image'] .= "background-image: url(".$tmp[1].");";
 				if (!empty($tmp[2])) $this->style['background-image'] .= "background-repeat: no-repeat;";
 			}
@@ -813,7 +813,7 @@ function get_table_style($string) {
 		// テーブル背景画像指定
 		if (preg_match("/TC:\(([^),]*)(,(?:no|one(?:ce)?|1))?\) ?/i",$string,$reg)) {
 			if (strpos($reg[1], $this->cont['ROOT_URL']) === 0) {
-				$reg[1] = htmlspecialchars($reg[1]);
+				$reg[1] = $this->func->htmlspecialchars($reg[1]);
 				$this->table_sheet .= "background-image: url(".$reg[1].");";
 				if (!empty($reg[2])) $this->table_sheet .= "background-repeat: no-repeat;";
 			}
@@ -926,7 +926,7 @@ function toString() {
 class XpWikiPre extends XpWikiElement {
 	function XpWikiPre(& $root, $text) {
 		parent :: XpWikiElement($root->xpwiki);
-		$this->elements[] = htmlspecialchars((!$this->root->preformat_ltrim || $text === '' || $text {
+		$this->elements[] = $this->func->htmlspecialchars((!$this->root->preformat_ltrim || $text === '' || $text {
 			0}
 		!= ' ') ? $text : substr($text, 1));
 	}
diff --git a/xoops_trust_path/modules/xpwiki/class/ext_autolink.php b/xoops_trust_path/modules/xpwiki/class/ext_autolink.php
index 9046de8b..f25be5af 100644
--- a/xoops_trust_path/modules/xpwiki/class/ext_autolink.php
+++ b/xoops_trust_path/modules/xpwiki/class/ext_autolink.php
@@ -49,7 +49,7 @@ function ext_autolink_replace($match) {
 		if (strlen($name) < $this->ext_autolink_len) {return $match[0];}
 
 		$page = $this->ext_autolink_base.$name;
-		$title = htmlspecialchars(str_replace('[KEY]', $this->ext_autolink_base.$name, $this->ext_autolink_title));
+		$title = $this->func->htmlspecialchars(str_replace('[KEY]', $this->ext_autolink_base.$name, $this->ext_autolink_title));
 
 		if ($this->ext_autolink_own !== false) {
 			// own site
@@ -69,9 +69,9 @@ function ext_autolink_replace($match) {
 				if (isset($this->ext_autolink_replace['from'])) {
 					$_url = str_replace($this->ext_autolink_replace['from'], $this->ext_autolink_replace['func']($page), $this->ext_autolink_pat);
 				}
-				return '<a href="'.$_url.'" title="'.$title.'" class="' . $this->ext_autolink_a_class . '"' . $target . '>'.htmlspecialchars($name).'</a>';
+				return '<a href="'.$_url.'" title="'.$title.'" class="' . $this->ext_autolink_a_class . '"' . $target . '>'.$this->func->htmlspecialchars($name).'</a>';
 			} else {
-				return '<a href="'.$this->ext_autolink_url.'?'.rawurlencode($page).'" title="'.$title.'" class="' . $this->ext_autolink_a_class . '"' . $target . '>'.htmlspecialchars($name).'</a>';
+				return '<a href="'.$this->ext_autolink_url.'?'.rawurlencode($page).'" title="'.$title.'" class="' . $this->ext_autolink_a_class . '"' . $target . '>'.$this->func->htmlspecialchars($name).'</a>';
 			}
 		}
 	}
diff --git a/xoops_trust_path/modules/xpwiki/class/extension/xoopsSearch.php b/xoops_trust_path/modules/xpwiki/class/extension/xoopsSearch.php
index bc12bd97..49eb9473 100644
--- a/xoops_trust_path/modules/xpwiki/class/extension/xoopsSearch.php
+++ b/xoops_trust_path/modules/xpwiki/class/extension/xoopsSearch.php
@@ -89,7 +89,7 @@ function get ($keywords , $andor , $limit , $offset , $userid) {
 			$link = $this->func->get_page_uri($myrow['name']);
 			$ret[] = array(
 				'link'    => $link . ((strpos($link, '?') === false)? '?' : '&amp;') . 'word=' . $sword,
-				'title'   => htmlspecialchars($myrow['name'].$title, ENT_QUOTES),
+				'title'   => htmlspecialchars($myrow['name'].$title, ENT_QUOTES ,_CHARSET),
 				'image'   => 'skin/loader.php?src=xoops_search.png',
 				'time'    => $myrow['editedtime'] + $this->cont['LOCALZONE'],
 				'uid'     => $myrow['uid'],
diff --git a/xoops_trust_path/modules/xpwiki/class/func/base_func.php b/xoops_trust_path/modules/xpwiki/class/func/base_func.php
index 6f7a35d2..ce7e1514 100644
--- a/xoops_trust_path/modules/xpwiki/class/func/base_func.php
+++ b/xoops_trust_path/modules/xpwiki/class/func/base_func.php
@@ -44,7 +44,7 @@ function get_userinfo_by_id ($uid, $defname=NULL) {
 			'admin' => FALSE,
 			'uid' => 0,
 			'uname' => $defname,
-			'uname_s' => htmlspecialchars($defname),
+			'uname_s' => $this->htmlspecialchars($defname),
 			'email' => '',
 			'gids' => array(),
 			);
diff --git a/xoops_trust_path/modules/xpwiki/class/func/pukiwiki_func.php b/xoops_trust_path/modules/xpwiki/class/func/pukiwiki_func.php
index d3efe6d0..a7270820 100644
--- a/xoops_trust_path/modules/xpwiki/class/func/pukiwiki_func.php
+++ b/xoops_trust_path/modules/xpwiki/class/func/pukiwiki_func.php
@@ -180,7 +180,7 @@ function page_write($page, $postdata, $notimestamp = FALSE)
 		if ($this->root->vars['cmd'] === 'edit' && isset($this->root->vars['esummary'])) {
 			$esummary = $this->root->vars['esummary'];
 			$esummary = str_replace(array("\r", "\n", "\t"), ' ', $esummary);
-			$esummary = htmlspecialchars($esummary);
+			$esummary = $this->htmlspecialchars($esummary);
 		} else {
 			if (! empty($this->root->rtf['esummary'])) {
 				$esummary = $this->root->rtf['esummary'];
@@ -252,7 +252,7 @@ function page_write($page, $postdata, $notimestamp = FALSE)
 			$pginfo['lastucd'] = $this->root->userinfo['ucd'];
 			$pginfo['lastuname'] = $this->root->userinfo['uname_s'];
 			if ($this->root->cookie['name'] && $this->root->userinfo['uname'] !== $this->root->cookie['name']) {
-				$pginfo['lastuname'] = htmlspecialchars($this->root->cookie['name']);
+				$pginfo['lastuname'] = $this->htmlspecialchars($this->root->cookie['name']);
 				if ($mode === 'insert') {
 					$pginfo['uname'] = $pginfo['lastuname'];
 				}
@@ -260,7 +260,7 @@ function page_write($page, $postdata, $notimestamp = FALSE)
 					$pginfo['lastuname'] .= '('.$pginfo['lastuname'].')';
 				}
 			}
-			$pginfo['lastuname'] = htmlspecialchars($pginfo['lastuname']);
+			$pginfo['lastuname'] = $this->htmlspecialchars($pginfo['lastuname']);
 			if (! is_null($pgorder)) $pginfo['pgorder'] = $pgorder;
 			$pginfo['esummary'] = $esummary;
 			$pginfo_str = '#pginfo('.join("\t",$pginfo).')'."\n";
@@ -655,7 +655,7 @@ function file_write($dir, $page, $str, $notimestamp = FALSE)
 		// File replacement (Edit)
 
 		if (! $this->is_pagename($page))
-			$this->die_message(str_replace('$1', htmlspecialchars($page),
+			$this->die_message(str_replace('$1', $this->htmlspecialchars($page),
 			            str_replace('$2', 'WikiName', $this->root->_msg_invalidiwn)));
 
 		$str = rtrim(preg_replace('/' . "\r" . '/', '', $str)) . "\n";
@@ -663,12 +663,12 @@ function file_write($dir, $page, $str, $notimestamp = FALSE)
 
 		if (! HypCommonFunc::flock_put_contents($file, $str)) {
 			die('fopen() failed: ' .
-			htmlspecialchars(basename($dir) . '/' . $this->encode($page) . '.txt') .
+			$this->htmlspecialchars(basename($dir) . '/' . $this->encode($page) . '.txt') .
 			'<br />' . "\n" .
 			'Maybe permission is not writable or filename is too long');
 		}
 //		$fp = fopen($file, 'a') or die('fopen() failed: ' .
-//			htmlspecialchars(basename($dir) . '/' . $this->encode($page) . '.txt') .
+//			$this->htmlspecialchars(basename($dir) . '/' . $this->encode($page) . '.txt') .
 //			'<br />' . "\n" .
 //			'Maybe permission is not writable or filename is too long');
 //		set_file_buffer($fp, 0);
@@ -722,7 +722,7 @@ function add_recent($page, $recentpage, $subject = '', $limit = 0)
 
 		// Add
 		array_unshift($lines, '-' . $this->format_date($this->cont['UTIME']) . ' - ' . $_page .
-			htmlspecialchars($subject) . "\n");
+			$this->htmlspecialchars($subject) . "\n");
 
 		// Get latest $limit reports
 		$lines = array_splice($lines, 0, $limit);
@@ -1016,7 +1016,7 @@ function pkwk_chown($filename, $preserve_time = TRUE)
 
 		// Check owner
 		$stat = stat($filename) or
-			die('pkwk_chown(): stat() failed for: '  . basename(htmlspecialchars($filename)));
+			die('pkwk_chown(): stat() failed for: '  . basename($this->htmlspecialchars($filename)));
 		if ($stat[4] === $php_uid) {
 			// NOTE: Windows always here
 			$result = TRUE; // Seems the same UID. Nothing to do
@@ -1033,10 +1033,10 @@ function pkwk_chown($filename, $preserve_time = TRUE)
 			if ($donot) {
 				if (filemtime($tmp) + 30 < time()) {
 					if (! @ unlink($tmp)) {
-						die('pkwk_chown(): failed. Not writable a flie. "'.basename(htmlspecialchars($tmp)).'"');
+						die('pkwk_chown(): failed. Not writable a flie. "'.basename($this->htmlspecialchars($tmp)).'"');
 					}
 				} else {
-					die('pkwk_chown(): failed. Already exists "'.basename(htmlspecialchars($tmp)).'"');
+					die('pkwk_chown(): failed. Already exists "'.basename($this->htmlspecialchars($tmp)).'"');
 				}
 			}
 
@@ -1045,7 +1045,7 @@ function pkwk_chown($filename, $preserve_time = TRUE)
 			// NOTE: Not 'r+'. Don't check write permission here
 			$ffile = fopen($filename, 'r') or
 				die('pkwk_chown(): fopen() failed for: ' .
-					basename(htmlspecialchars($filename)));
+					basename($this->htmlspecialchars($filename)));
 
 			// Try to chown by re-creating files
 			// NOTE:
@@ -1068,7 +1068,7 @@ function pkwk_chown($filename, $preserve_time = TRUE)
 				fclose($ffile);
 				@unlink($tmp);
 				die('pkwk_chown(): flock() failed for: ' .
-					basename(htmlspecialchars($filename)));
+					basename($this->htmlspecialchars($filename)));
 			}
 		}
 
@@ -1090,7 +1090,7 @@ function pkwk_touch_file($filename, $time = FALSE, $atime = FALSE)
 			return $result;
 		} else {
 			die('pkwk_touch_file(): Invalid UID and (not writable for the directory or not a flie): ' .
-				htmlspecialchars(basename($filename)));
+				$this->htmlspecialchars(basename($filename)));
 		}
 	}
 //----- End file.php -----//
@@ -1495,12 +1495,12 @@ function is_freeze($page, $clearcache = FALSE)
 			return FALSE;
 		} else {
 			$fp = fopen($this->get_filename($page), 'rb') or
-				die('is_freeze(): fopen() failed: ' . htmlspecialchars($page));
+				die('is_freeze(): fopen() failed: ' . $this->htmlspecialchars($page));
 			flock($fp, LOCK_SH);
 			rewind($fp);
 			$buffer = fgets($fp, 9);
 			flock($fp, LOCK_UN);
-			fclose($fp) or die('is_freeze(): fclose() failed: ' . htmlspecialchars($page));
+			fclose($fp) or die('is_freeze(): fclose() failed: ' . $this->htmlspecialchars($page));
 
 			$is_freeze[$this->root->mydirname][$page] = ($buffer !== FALSE && rtrim($buffer, "\r\n") === '#freeze');
 			return $is_freeze[$this->root->mydirname][$page];
@@ -1613,7 +1613,7 @@ function get_search_words($words = array(), $do_escape = FALSE)
 				$char = mb_substr($word_nm, $pos, 1, $this->cont['SOURCE_ENCODING']);
 
 				// Just normalized one? (ASCII char or Zenkaku-Katakana?)
-				$or = array(preg_quote($do_escape ? htmlspecialchars($char) : $char, $quote));
+				$or = array(preg_quote($do_escape ? $this->htmlspecialchars($char) : $char, $quote));
 				if (strlen($char) === 1) {
 					// An ASCII (single-byte) character
 					foreach (array(strtoupper($char), strtolower($char)) as $_char) {
@@ -1690,7 +1690,7 @@ function do_search($word, $type = 'AND', $non_format = FALSE, $base = '')
 		if ($non_format) return array_keys($pages);
 
 		$r_word = rawurlencode($word);
-		$s_word = htmlspecialchars($word);
+		$s_word = $this->htmlspecialchars($word);
 		if (empty($pages))
 			return str_replace('$1', $s_word, $this->root->_msg_notfoundresult);
 
@@ -1699,7 +1699,7 @@ function do_search($word, $type = 'AND', $non_format = FALSE, $base = '')
 		$retval = '<ul class="list1">' . "\n";
 		foreach (array_keys($pages) as $page) {
 			$r_page  = rawurlencode($page);
-			$s_page  = htmlspecialchars($page);
+			$s_page  = $this->htmlspecialchars($page);
 			$passage = $this->root->show_passage ? ' ' . $this->get_passage($this->get_filetime($page)) : '';
 			$retval .= ' <li><a href="' . $this->root->script . '?' .
 				$r_page . '&amp;word=' . $r_word . '">' . $s_page .
@@ -1789,15 +1789,15 @@ function page_list($pages, $cmd = 'read', $withfilename = FALSE)
 
 		foreach($pages as $file=>$page) {
 			$r_page  = ($cmd === 'read' && $this->root->static_url)? $this->get_page_uri($page) : rawurlencode($page);
-			$s_page  = htmlspecialchars($page, ENT_QUOTES);
+			$s_page  = $this->htmlspecialchars($page, ENT_QUOTES);
 			$passage = $this->get_pg_passage($page);
-			$title = (empty($titles[$page]))? '' : ' [ ' . htmlspecialchars($titles[$page]) . ' ]';
+			$title = (empty($titles[$page]))? '' : ' [ ' . $this->htmlspecialchars($titles[$page]) . ' ]';
 
 			$str = '   <li><a href="' . $href . $r_page . '">' .
 				$s_page . '</a>' . $passage . $title;
 
 			if ($withfilename) {
-				$s_file = htmlspecialchars($file);
+				$s_file = $this->htmlspecialchars($file);
 				$str .= "\n" . '    <ul class="list3"><li>' . $s_file . '</li></ul>' .
 					"\n" . '   ';
 			}
@@ -1871,7 +1871,7 @@ function page_list($pages, $cmd = 'read', $withfilename = FALSE)
 	function catrule()
 	{
 		if (! $this->is_page($this->root->rule_page)) {
-			return '<p>Sorry, page \'' . htmlspecialchars($this->root->rule_page) .
+			return '<p>Sorry, page \'' . $this->htmlspecialchars($this->root->rule_page) .
 				'\' unavailable.</p>';
 		} else {
 			return $this->convert_html($this->get_source($this->root->rule_page));
@@ -2326,7 +2326,7 @@ function make_pagelink($page, $alias = '', $anchor = '', $refer = '', $class = '
 		static $popup_pos = array();
 
 		$_page = $page;
-		$s_page = htmlspecialchars($this->strip_bracket($page));
+		$s_page = $this->htmlspecialchars($this->strip_bracket($page));
 
 		if ($this->root->page_case_insensitive) {
 			$this->get_pagename_realcase($page);
@@ -2363,14 +2363,14 @@ function make_pagelink($page, $alias = '', $anchor = '', $refer = '', $class = '
 			$s_alias = ($this->root->pagename_num2str && $this->is_page($page)) ? preg_replace('/\/(?:[0-9\-]+|[B0-9][A-Z0-9]{9})$/', '/'.str_replace('/', '&#47;', $this->get_heading($page)), $s_page) : $s_page;
 		}
 		if ($compact_base) {
-			$s_alias = preg_replace('/^'.preg_quote(htmlspecialchars($compact_base).'/', '/').'/', '', $s_alias);
+			$s_alias = preg_replace('/^'.preg_quote($this->htmlspecialchars($compact_base).'/', '/').'/', '', $s_alias);
 		}
 		if ($this->root->hierarchy_insert) {
 			$s_alias = preg_replace('#((?:^|\G|>)[^<]*?)/#', '$1' . $this->root->hierarchy_insert . '/', $s_alias);
 		}
 
 		// Remake
-		$s_page = htmlspecialchars($page);
+		$s_page = $this->htmlspecialchars($page);
 
 		// Anchor only
 		if ($page === '') return '<a href="' . $anchor . '" class="'.$class.'">' . $s_alias . '</a>';
@@ -2391,7 +2391,7 @@ function make_pagelink($page, $alias = '', $anchor = '', $refer = '', $class = '
 					if ($compact_base && $compact_base === $_landing) {
 						break;
 					}
-					$element = htmlspecialchars(array_pop($parts));
+					$element = $this->htmlspecialchars(array_pop($parts));
 					$topic_path[] = $this->make_pagelink($_landing, $element);
 				}
 				if ($topic_path) {
@@ -2432,8 +2432,8 @@ function make_pagelink($page, $alias = '', $anchor = '', $refer = '', $class = '
 				}
 				$options['popup']['position'] = $popup_pos[$this->root->mydirname];
 			}
-			$onclick = ' onclick="return XpWiki.pagePopup({dir:\'' . htmlspecialchars($this->root->mydirname, ENT_QUOTES) .
-			'\',page:\'' . htmlspecialchars(str_replace('\'', '\\\'', $page) . $anchor) . '\'' .
+			$onclick = ' onclick="return XpWiki.pagePopup({dir:\'' . $this->htmlspecialchars($this->root->mydirname, ENT_QUOTES) .
+			'\',page:\'' . $this->htmlspecialchars(str_replace('\'', '\\\'', $page) . $anchor) . '\'' .
 			$options['popup']['position'] . '});"';
 			$class .= '_popup';
 		}
@@ -2467,7 +2467,7 @@ function make_pagelink($page, $alias = '', $anchor = '', $refer = '', $class = '
 			// Dangling link
 			if ($this->cont['PKWK_READONLY'] === 1 || ! $this->check_editable($page,false,false)) return $s_alias; // No dacorations
 
-			$title = htmlspecialchars(str_replace('$1', $page, $this->root->_title_edit));
+			$title = $this->htmlspecialchars(str_replace('$1', $page, $this->root->_title_edit));
 			$retval = $basepath  . '<!--NA-->' . $s_alias . '<!--/NA--><a href="' .
 				$this->root->script . '?cmd=edit&amp;page=' . $r_page . $r_refer . '" class="' . $class . '" title="' . $title . '"' . $onclick . '>' .
 				$this->root->_symbol_noexists . '</a>';
@@ -3027,7 +3027,7 @@ function check_editable($page, $auth_flag = TRUE, $exit_flag = TRUE)
 			} else {
 				// With exit
 				$body = $title = str_replace('$1',
-					htmlspecialchars($this->strip_bracket($page)), $this->root->_title_cannotedit);
+					$this->htmlspecialchars($this->strip_bracket($page)), $this->root->_title_cannotedit);
 				if ($this->is_freeze($page))
 					$body .= '(<a href="' . $this->root->script . '?cmd=unfreeze&amp;page=' .
 						rawurlencode($page) . '">' . $this->root->_msg_unfreeze . '</a>)';
@@ -3110,7 +3110,7 @@ function basic_auth($page, $auth_flag, $exit_flag, $auth_pages, $title_cannot)
 				}
 				if ($exit_flag) {
 					$body = $title = str_replace('$1',
-						htmlspecialchars($this->strip_bracket($page)), $title_cannot);
+						$this->htmlspecialchars($this->strip_bracket($page)), $title_cannot);
 					$page = str_replace('$1', $this->make_search($page), $title_cannot);
 					$this->catbody($title, $page, $body);
 					exit;
@@ -3183,7 +3183,7 @@ function make_backup($page, $delete = FALSE, $notimestamp = FALSE)
 			$body = preg_replace("/\n*$/", "\n", $body);
 
 			$fp = $this->_backup_fopen($page, 'wb')
-				or $this->die_message('Cannot open ' . htmlspecialchars($this->_backup_get_filename($page)) .
+				or $this->die_message('Cannot open ' . $this->htmlspecialchars($this->_backup_get_filename($page)) .
 				'<br />Maybe permission is not writable or filename is too long');
 			$this->_backup_fputs($fp, $strout);
 			$this->_backup_fputs($fp, $body);
@@ -3306,7 +3306,7 @@ function do_update_diff($pagestr, $poststr, $original)
 				$this->root->do_update_diff_table .= '<tr>';
 				$params = array($_obj->get('left'), $_obj->get('right'), $_obj->text());
 				foreach ($params as $key=>$text) {
-					$text = htmlspecialchars($text);
+					$text = $this->htmlspecialchars($text);
 					if (trim($text) === '') $text = '&nbsp;';
 					$this->root->do_update_diff_table .= '<' . $tags[$key] .
 						' class="style_' . $tags[$key] . '">' . $text .
@@ -3398,7 +3398,7 @@ function catbody($title, $page, $body)
 		// Set skin functions
 		$navigator = create_function('&$this, $key, $value = \'\', $javascript = \'\', $withIcon = FALSE, $x = 20, $y = 20',    'return XpWikiFunc::skin_navigator($this, $key, $value, $javascript, $withIcon, $x, $y);');
 		$toolbar   = create_function('&$this, $key, $x = 20, $y = 20, $javascript = \'\'', 'return XpWikiFunc::skin_toolbar($this, $key, $x, $y, $javascript);');
-		$ajax_edit_js = ($this->root->use_ajax_edit)? ' onclick="return xpwiki_ajax_edit(\''.htmlspecialchars($r_page, ENT_QUOTES).'\');"' : '';
+		$ajax_edit_js = ($this->root->use_ajax_edit)? ' onclick="return xpwiki_ajax_edit(\''.$this->htmlspecialchars($r_page, ENT_QUOTES).'\');"' : '';
 
 		// Set $_LINK for skin
 		$_LINK['add']      = "{$this->root->script}?cmd=add&amp;page=$r_page#{$this->root->mydirname}_header";
@@ -3547,7 +3547,7 @@ function catbody($title, $page, $body)
 		// Search words
 		if ($this->root->search_word_color && isset($this->root->vars['word'])) {
 			$body = '<div class="small">' . $this->root->_msg_word
-			      . preg_replace('/&amp;#(\d+;)/', '&#$1', htmlspecialchars($this->root->vars['word']))
+			      . preg_replace('/&amp;#(\d+;)/', '&#$1', $this->htmlspecialchars($this->root->vars['word']))
 			      . '</div>' . $this->root->hr . "\n" . $body;
 
 			list($body, $notes) = $this->word_highlight(array($body, $notes), $this->root->vars['word']);
@@ -3591,7 +3591,7 @@ function edit_form($page, $postdata, $digest = FALSE, $b_template = TRUE, $optio
 			foreach($this->get_existpages() as $_page) {
 				if ($_page === $this->root->whatsnew || $this->check_non_list($_page))
 					continue;
-				$s_page = htmlspecialchars($_page);
+				$s_page = $this->htmlspecialchars($_page);
 				$pages[$_page] = '   <option value="' . $s_page . '">' .
 				$s_page . '</option>';
 			}
@@ -3612,8 +3612,8 @@ function edit_form($page, $postdata, $digest = FALSE, $b_template = TRUE, $optio
 		}
 
 		$r_page      = rawurlencode($page);
-		$s_page      = htmlspecialchars($page);
-		$s_id        = isset($this->root->vars['paraid']) ? htmlspecialchars($this->root->vars['paraid']) : '';
+		$s_page      = $this->htmlspecialchars($page);
+		$s_id        = isset($this->root->vars['paraid']) ? $this->htmlspecialchars($this->root->vars['paraid']) : '';
 
 		if (!$s_id) {
 			if (isset($_COOKIE['_xweop'])) {
@@ -3626,14 +3626,14 @@ function edit_form($page, $postdata, $digest = FALSE, $b_template = TRUE, $optio
 
 			// Othor options
 			if (!empty($this->root->rtf['preview'])) {
-				$pgtitle_str = isset($this->root->vars['pgtitle'])? htmlspecialchars($this->root->vars['pgtitle']) : '';
-				$reading_str = isset($this->root->vars['reading'])? htmlspecialchars($this->root->vars['reading']) : '';
-				$alias_str = isset($this->root->vars['alias'])? htmlspecialchars($this->root->vars['alias']) : '';
+				$pgtitle_str = isset($this->root->vars['pgtitle'])? $this->htmlspecialchars($this->root->vars['pgtitle']) : '';
+				$reading_str = isset($this->root->vars['reading'])? $this->htmlspecialchars($this->root->vars['reading']) : '';
+				$alias_str = isset($this->root->vars['alias'])? $this->htmlspecialchars($this->root->vars['alias']) : '';
 				$order_val = isset($this->root->vars['pgorder'])? floatval($this->root->vars['pgorder']) : 1;
 			} else {
 				$pgtitle_str = $this->extract_pgtitle($postdata);
-				$reading_str = htmlspecialchars($this->get_page_reading($page));
-				$alias_str = htmlspecialchars($this->get_page_alias($page, false, false, 'relative'));
+				$reading_str = $this->htmlspecialchars($this->get_page_reading($page));
+				$alias_str = $this->htmlspecialchars($this->get_page_alias($page, false, false, 'relative'));
 				$order_val = floatval($this->get_page_order($page));
 			}
 
@@ -3671,9 +3671,9 @@ function edit_form($page, $postdata, $digest = FALSE, $b_template = TRUE, $optio
 		}
 
 		$originalkey = '';
-		$s_postdata  = htmlspecialchars($refer . $postdata);
-		$originalkey = htmlspecialchars((string)$this->root->vars['orgkey']);
-		$s_digest    = htmlspecialchars($digest);
+		$s_postdata  = $this->htmlspecialchars($refer . $postdata);
+		$originalkey = $this->htmlspecialchars((string)$this->root->vars['orgkey']);
+		$s_digest    = $this->htmlspecialchars($digest);
 		$b_preview   = isset($this->root->vars['preview']); // TRUE when preview
 		$btn_preview = $b_preview ? $this->root->_btn_repreview : $this->root->_btn_preview;
 
@@ -3681,8 +3681,8 @@ function edit_form($page, $postdata, $digest = FALSE, $b_template = TRUE, $optio
 		if ($this->root->userinfo['uid']) {
 			$uname = '<input type="hidden" name="uname" value="'.$this->cont['USER_NAME_REPLACE'].'" />';
 		} else {
-			$_uname = (!empty($this->root->rtf['preview']) && isset($this->root->vars['uname']))? htmlspecialchars($this->root->vars['uname']) : $this->cont['USER_NAME_REPLACE'];
-			$_anonymous = (!empty($this->root->rtf['preview']) && !empty($this->root->vars['anonymous']))? htmlspecialchars($this->root->vars['anonymous']) : $this->root->cookie['name'];
+			$_uname = (!empty($this->root->rtf['preview']) && isset($this->root->vars['uname']))? $this->htmlspecialchars($this->root->vars['uname']) : $this->cont['USER_NAME_REPLACE'];
+			$_anonymous = (!empty($this->root->rtf['preview']) && !empty($this->root->vars['anonymous']))? $this->htmlspecialchars($this->root->vars['anonymous']) : $this->root->cookie['name'];
 			$_anonymous_checked = (!empty($this->root->vars['anonymous']))? ' checked="checked"' : '';
 			$uname = '<label for="_edit_form_uname"><span class="edit_form_title">'
 			       . $this->root->_btn_name . '</span></label>';
@@ -3706,14 +3706,14 @@ function edit_form($page, $postdata, $digest = FALSE, $b_template = TRUE, $optio
 		}
 
 		// edit summary
-		$_esummary = (! empty($this->root->rtf['preview']) && isset($this->root->vars['esummary']))? htmlspecialchars($this->root->vars['esummary']) : '';
+		$_esummary = (! empty($this->root->rtf['preview']) && isset($this->root->vars['esummary']))? $this->htmlspecialchars($this->root->vars['esummary']) : '';
 		$esummary = '<div><label for="_edit_form_esummary"><span class="edit_form_title">' . $this->root->_btn_esummary . ':</span></label> <input type="text" name="esummary" id="_edit_form_esummary" value="' . $_esummary . '" size="60" />'.$twitter.'</div>';
 
 		// Q & A 認証
 		$riddle = '';
 		if (isset($options['riddle'])) {
 			$riddle = '<div><span class="edit_form_title">' . $this->root->_btn_riddle . '</span><br />' .
-				'&nbsp;&nbsp;<span class="edit_form_title">Q:</span> ' . htmlspecialchars($options['riddle']) . '<br />' .
+				'&nbsp;&nbsp;<span class="edit_form_title">Q:</span> ' . $this->htmlspecialchars($options['riddle']) . '<br />' .
 				'&nbsp;&nbsp;<span class="edit_form_title">A:</span> <input type="text" name="riddle'.md5($this->cont['HOME_URL'].$options['riddle']) .
 				'" size="30" value="" autocomplete="off" onkeyup="(function(e){if(e.value&&!$(\'edit_write_hidden\')){var w=document.createElement(\'input\');w.id=\'edit_write_hidden\';w.type=\'hidden\';w.name=\'write\';e.parentNode.appendChild(w);}})(this)" />' .
 				'</div>';
@@ -3746,7 +3746,7 @@ function edit_form($page, $postdata, $digest = FALSE, $b_template = TRUE, $optio
 			$nonconvert = (empty($this->vars['nonconvert']))? '' : '<input type="hidden" name="nonconvert" value="1" />';
 			$enc_hint = '<input type="hidden" name="encode_hint" value="' . $this->cont['PKWK_ENCODING_HINT'] . '" />'
 			          . '<input type="hidden" name="charset" value="UTF-8" />';
-			$csrf_protect = isset($_SESSION['HYP_CSRF_TOKEN'])? '<input type="hidden" name="HypToken" value="'.htmlspecialchars($_SESSION['HYP_CSRF_TOKEN']).'" />' : '';
+			$csrf_protect = isset($_SESSION['HYP_CSRF_TOKEN'])? '<input type="hidden" name="HypToken" value="'.$this->htmlspecialchars($_SESSION['HYP_CSRF_TOKEN']).'" />' : '';
 			$attaches = '';
 			if ($s_id) {
 				$other_option = $template = $reading = $alias = $pageorder = '';
@@ -3769,7 +3769,7 @@ function edit_form($page, $postdata, $digest = FALSE, $b_template = TRUE, $optio
 		if (isset($this->root->vars['help'])) {
 			$help = $this->root->hr . $this->catrule();
 		} else {
-			$sdir = htmlspecialchars($this->root->mydirname, ENT_QUOTES);
+			$sdir = $this->htmlspecialchars($this->root->mydirname, ENT_QUOTES);
 			$popup_pos = $this->get_popup_pos($this->root->page_popup_position);
 			$help = '<ul class="list1"><li><a class="pagelink_popup" href="' .
 				$this->root->script . '?cmd=edit&amp;help=true&amp;page=' . $r_page .
@@ -3948,7 +3948,7 @@ function strip_autolink($str)
 	// Make a backlink. searching-link of the page name, by the page name, for the page name
 	function make_search($page)
 	{
-		$s_page = htmlspecialchars($page);
+		$s_page = $this->htmlspecialchars($page);
 		$r_page = rawurlencode($page);
 
 		$title = sprintf($this->root->_title_backlink, $s_page);
@@ -4018,7 +4018,7 @@ function pkwk_headers_sent($buf_clear = true)
 		if (version_compare(PHP_VERSION, '4.3.0', '>=')) {
 			if (headers_sent($file, $line))
 			    die('Headers already sent at ' .
-			    	htmlspecialchars($file) .
+			    	$this->htmlspecialchars($file) .
 				' line ' . $line . '.');
 		} else {
 			if (headers_sent())
@@ -4087,7 +4087,7 @@ function pkwk_output_dtd($pkwk_dtd = NULL, $charset = NULL)
 			break;
 		}
 
-		$charset = htmlspecialchars($charset);
+		$charset = $this->htmlspecialchars($charset);
 
 		// Output XML or not
 		if ($type === $this->cont['PKWK_DTD_TYPE_XHTML']) echo '<?xml version="1.0" encoding="' . $charset . '" ?>' . "\n";
@@ -4521,7 +4521,7 @@ function links_update($page)
 			// ページが存在している
 			if (! empty($rel_new)) {
 	    			$fp = fopen($rel_file, 'w')
-	    				or $this->die_message('cannot write ' . htmlspecialchars($rel_file));
+	    				or $this->die_message('cannot write ' . $this->htmlspecialchars($rel_file));
 				fputs($fp, join("\t", $rel_new));
 				fclose($fp);
 			}
@@ -4598,7 +4598,7 @@ function links_init()
 			$rel = array_unique($rel);
 			if (! empty($rel)) {
 				$fp = fopen($this->cont['CACHE_DIR'] . $this->encode($page) . '.rel', 'w')
-					or $this->die_message('cannot write ' . htmlspecialchars($this->cont['CACHE_DIR'] . $this->encode($page) . '.rel'));
+					or $this->die_message('cannot write ' . $this->htmlspecialchars($this->cont['CACHE_DIR'] . $this->encode($page) . '.rel'));
 				fputs($fp, join("\t", $rel));
 				fclose($fp);
 			}
@@ -4606,7 +4606,7 @@ function links_init()
 
 		foreach ($ref as $page=>$arr) {
 			$fp  = fopen($this->cont['CACHE_DIR'] . $this->encode($page) . '.ref', 'w')
-				or $this->die_message('cannot write ' . htmlspecialchars($this->cont['CACHE_DIR'] . $this->encode($page) . '.ref'));
+				or $this->die_message('cannot write ' . $this->htmlspecialchars($this->cont['CACHE_DIR'] . $this->encode($page) . '.ref'));
 			foreach ($arr as $ref_page=>$ref_auto)
 				fputs($fp, $ref_page . "\t" . $ref_auto . "\n");
 			fclose($fp);
@@ -4635,7 +4635,7 @@ function links_add($page, $add, $rel_auto)
 			}
 			if ($is_page || ! $all_auto) {
 				$fp = fopen($ref_file, 'w')
-					 or $this->die_message('cannot write ' . htmlspecialchars($ref_file));
+					 or $this->die_message('cannot write ' . $this->htmlspecialchars($ref_file));
 				fputs($fp, $ref);
 				fclose($fp);
 			}
@@ -4664,7 +4664,7 @@ function links_delete($page, $del)
 			unlink($ref_file);
 			if (($is_page || ! $all_auto) && $ref !== '') {
 				$fp = fopen($ref_file, 'w')
-					or $this->die_message('cannot write ' . htmlspecialchars($ref_file));
+					or $this->die_message('cannot write ' . $this->htmlspecialchars($ref_file));
 				fputs($fp, $ref);
 				fclose($fp);
 			}
diff --git a/xoops_trust_path/modules/xpwiki/class/func/xoops_wrapper.php b/xoops_trust_path/modules/xpwiki/class/func/xoops_wrapper.php
index 4d7e101c..f58f2fa6 100644
--- a/xoops_trust_path/modules/xpwiki/class/func/xoops_wrapper.php
+++ b/xoops_trust_path/modules/xpwiki/class/func/xoops_wrapper.php
@@ -88,7 +88,7 @@ function set_userinfo ($uid = NULL) {
 			$this->root->userinfo['uid'] = (int)$user->uid();
 			$this->root->userinfo['email'] = $user->email();
 			$this->root->userinfo['uname'] = $user->uname('n');
-			$this->root->userinfo['uname_s'] = htmlspecialchars($this->root->userinfo['uname']);
+			$this->root->userinfo['uname_s'] = $this->htmlspecialchars($this->root->userinfo['uname']);
 			$this->root->userinfo['name'] = $user->name('s');
 			$this->root->userinfo['gids'] = $user->getGroups();
 		}
@@ -117,7 +117,7 @@ function get_userinfo_by_id ($uid = 0) {
 				$result['admin'] = $user->isAdmin($this->root->module['mid']);
 				$result['email'] = $user->email();
 				$result['uname'] = $user->uname('n');
-				$result['uname_s'] = htmlspecialchars($result['uname']);
+				$result['uname_s'] = $this->htmlspecialchars($result['uname']);
 				$result['uid'] = $uid;
 				$result['gids'] = $user->getGroups();
 			}
@@ -161,7 +161,7 @@ function check_editable($page, $auth_flag = TRUE, $exit_flag = TRUE)
 			} else {
 				// With exit
 				$body = $title = str_replace('$1',
-					htmlspecialchars($this->strip_bracket($page)), $this->root->_title_cannotedit);
+					$this->htmlspecialchars($this->strip_bracket($page)), $this->root->_title_cannotedit);
 				if ($this->is_freeze($page))
 					$body .= '(<a href="' . $this->root->script . '?cmd=unfreeze&amp;page=' .
 						rawurlencode($page) . '">' . $this->root->_msg_unfreeze . '</a>)';
@@ -395,7 +395,7 @@ function get_groupname ($id) {
 			$list = $XM->getGroupList();
 		}
 		if (isset($list[$id])) {
-			return htmlspecialchars($list[$id]);
+			return $this->htmlspecialchars($list[$id]);
 		} else {
 			return '';
 		}
@@ -425,7 +425,7 @@ function make_userlink ($uid, $uname = '') {
 			$user = $this->get_userinfo_by_id($uid);
 			$uname = $user['uname'];
 		}
-		$uname = htmlspecialchars($uname);
+		$uname = $this->htmlspecialchars($uname);
 
 		if (! $uid) {
 			return $uname;
diff --git a/xoops_trust_path/modules/xpwiki/class/func/xpwiki_func.php b/xoops_trust_path/modules/xpwiki/class/func/xpwiki_func.php
index 5b9c787b..a54fb429 100644
--- a/xoops_trust_path/modules/xpwiki/class/func/xpwiki_func.php
+++ b/xoops_trust_path/modules/xpwiki/class/func/xpwiki_func.php
@@ -101,7 +101,7 @@ function exist_plugin($name) {
 		$name = strtolower($name);
 		if(isset($exist[$this->xpwiki->pid][$name])) {
 			if (++$count[$this->xpwiki->pid][$name] > $this->cont['PKWK_PLUGIN_CALL_TIME_LIMIT'])
-				die('Alert: plugin "' . htmlspecialchars($name) .
+				die('Alert: plugin "' . $this->htmlspecialchars($name) .
 				'" was called over ' . $this->cont['PKWK_PLUGIN_CALL_TIME_LIMIT'] .
 				' times. SPAM or someting?<br />' . "\n" .
 				'<a href="' . $this->cont['HOME_URL'] . '?cmd=edit&amp;page='.
@@ -280,7 +280,7 @@ function do_plugin_convert($name, $args = '', $body = NULL) {
 		array_pop($this->root->plugin_stack);
 
 		if ($retvar === FALSE) {
-			return htmlspecialchars('#' . $name .
+			return $this->htmlspecialchars('#' . $name .
 				($args != '' ? '(' . $args . ')' : ''));
 		}
 
@@ -343,7 +343,7 @@ function do_plugin_inline($name, $args = '', $body = '') {
 
 		if($retvar === FALSE) {
 			// Do nothing
-			return htmlspecialchars('&' . $name . ($args ? '(' . $args . ')' : '') . ';');
+			return $this->htmlspecialchars('&' . $name . ($args ? '(' . $args . ')' : '') . ';');
 		} else {
 			if (in_array($name, $this->root->description_ignore_inlines)) {
 				return $this->wrap_description_ignore($retvar);
@@ -359,7 +359,7 @@ function plugin_page_touch($name) {
 				$log = join(', ', $log);
 				if ($this->is_page($page)) {
 					if ($log) {
-						$this->root->rtf['esummary'] = $log; // $log require htmlspecialchars()
+						$this->root->rtf['esummary'] = $log; // $log require $this->htmlspecialchars()
 						$this->push_page_changes($page, $log);
 					} else {
 						$this->root->rtf['esummary'] = str_replace('$name', $name, $this->root->plugin_edit_summary);
@@ -440,7 +440,7 @@ function load_cookie () {
 			} else {
 				$this->root->userinfo['uname'] = $this->root->cookie['name'];
 			}
-			$this->root->userinfo['uname_s'] = htmlspecialchars($this->root->userinfo['uname']);
+			$this->root->userinfo['uname_s'] = $this->htmlspecialchars($this->root->userinfo['uname']);
 		}
 
 		// 他の言語切り替えシステムをチェック
@@ -780,7 +780,7 @@ function get_pginfo ($page = '', $src = '', $cache_clr = FALSE) {
 			$_tmp = array_pad(explode("\t",$match[1]), 14, '');
 			$pginfo['uid']       = (int)$_tmp[0];
 			$pginfo['ucd']       = $_tmp[1];
-			$pginfo['uname']     = $_tmp[2];      // already htmlspecialchars()
+			$pginfo['uname']     = $_tmp[2];      // already $this->htmlspecialchars()
 			$pginfo['einherit']  = (int)$_tmp[3];
 			$pginfo['eaids']     = $_tmp[4];
 			$pginfo['egids']     = $_tmp[5];
@@ -789,7 +789,7 @@ function get_pginfo ($page = '', $src = '', $cache_clr = FALSE) {
 			$pginfo['vgids']     = $_tmp[8];
 			$pginfo['lastuid']   = (int)$_tmp[9];
 			$pginfo['lastucd']   = $_tmp[10];
-			$pginfo['lastuname'] = $_tmp[11];     // already htmlspecialchars()
+			$pginfo['lastuname'] = $_tmp[11];     // already $this->htmlspecialchars()
 			$pginfo['pgorder']   = min(9, max(0, ($_tmp[12] === '')? 1 : floatval($_tmp[12])));
 			$pginfo['esummary']  = $_tmp[13];
 		} else {
@@ -835,7 +835,7 @@ function pageinfo_inherit ($page) {
 		if (in_array($user_check, $this->root->user_pages)) {
 			$uname = $this->page_basename($page);
 			$pginfo['uid'] = $this->get_uid_by_uname($uname);
-			$pginfo['uname']     = htmlspecialchars($uname);
+			$pginfo['uname']     = $this->htmlspecialchars($uname);
 			$pginfo['einherit']  = 1;
 			$pginfo['eaids']     = $pginfo['uid'];
 			$pginfo['egids']     = 'none';
@@ -1158,7 +1158,7 @@ function add_js_var_head ($name, $var = NULL, $pre = FALSE) {
 			} else if (is_bool($var)) {
 				$var = ($var)? 'true' : 'false';
 			} else {
-				$var = '"' . htmlspecialchars($var) . '"';
+				$var = '"' . $this->htmlspecialchars($var) . '"';
 			}
 			$key = $src = $name . ' = ' . $var . ';';
 		}
@@ -1484,6 +1484,20 @@ function unhtmlspecialchars ($str, $quote_style = ENT_COMPAT) {
 		return htmlspecialchars_decode($str, $quote_style);
 	}
 
+	// htmlspecialchars compat to PHP <= 5.3
+	function htmlspecialchars ($str, $flags = ENT_COMPAT, $encoding = null, $double_encode = true) {
+		if (is_null($encoding)) {
+			$encoding = $this->cont['CONTENT_CHARSET'];
+			switch ($encoding) {
+				case 'EUCJP-WIN':
+				case 'EUCJP':
+					$encoding = 'EUC-JP';
+					break;
+			}
+		}
+		return htmlspecialchars($str, $flags, $encoding, $double_encode);
+	}
+
 	// ページ頭文字読みの配列を取得
 	function get_readings() {
 		$readings = array();
@@ -1660,7 +1674,7 @@ function skin_navigator (& $obj, $key, $value = '', $javascript = '', $withIcon
 			if (! isset($link[$key])) { echo $key.' LINK NOT FOUND'; return FALSE; }
 			if (! $obj->cont['PKWK_ALLOW_JAVASCRIPT']) $javascript = '';
 
-			$title = (isset($lang[$key]))? htmlspecialchars($lang[$key]) : '';
+			$title = (isset($lang[$key]))? $obj->htmlspecialchars($lang[$key]) : '';
 			$ret = ($withIcon? $obj->skin_getIcon($obj, $key, $x, $y) : '');
 			if ($withIcon !== 'icon') {
 				$ret .= ($value === '') ? (isset($lang[$key.'_s'])? $lang[$key.'_s'] : $lang[$key]) : $value;
@@ -1696,7 +1710,7 @@ function skin_getIcon(&$obj, $key, $x = 20, $y = 20) {
 		$lang  = & $obj->root->_LANG['skin'];
 		$image = & $obj->root->_IMAGE['skin'];
 		if (! isset($image[$key])) return ' | ';
-		$alt = (isset($lang[$key]))? htmlspecialchars($lang[$key]) : '';
+		$alt = (isset($lang[$key]))? $obj->htmlspecialchars($lang[$key]) : '';
 		$src = (strpos($image[$key], 'src=') === 0)? $obj->cont['LOADER_URL'] . '?' . $image[$key] : $obj->cont['IMAGE_DIR'] . $image[$key];
 		return '<img src="' . $src . '" width="' . $x . '" height="' . $y . '" ' .
 				'alt="' . $alt . '" title="' . $alt . '" />';
@@ -1735,7 +1749,7 @@ function get_breadcrumbs_array ($page, $name = 'name', $url = 'url') {
 		//$ret[] = array($name => $self, $url = '');
 		while (! empty($parts)) {
 			$landing = join('/', $parts);
-			$element = htmlspecialchars(array_pop($parts));
+			$element = $this->htmlspecialchars(array_pop($parts));
 
 			if (! $this->is_page($landing)) {
 				// Page not exists
@@ -1818,7 +1832,7 @@ function send_location ($page='', $hash='', $url='', $title='', $buf_clear=true)
 		if ($page !== '') {
 			$url = $this->get_page_uri($page, true);
 			if (!$title) {
-				$title = str_replace('$1', htmlspecialchars($page), $this->root->_title_updated);
+				$title = str_replace('$1', $this->htmlspecialchars($page), $this->root->_title_updated);
 			}
 		}
 		if (!$url) {
@@ -1916,7 +1930,7 @@ function send_json ($res) {
 		// clear output buffer
 		$this->clear_output_buffer();
 
-		$json = htmlspecialchars(json_encode($res), ENT_NOQUOTES);
+		$json = $this->htmlspecialchars(json_encode($res), ENT_NOQUOTES, 'UTF-8');
 
 		header('Content-Type: text/javascript; charset=utf-8');
 		header('Content-Length: '. strlen($json));
@@ -1992,7 +2006,7 @@ function output_ajax ($body) {
 
 	function output_popup ($body) {
 		// set target
-		$body = preg_replace('/(<a[^>]+)(href=(?:"|\')[^#])/isS', '$1target="' . ((intval($this->root->vars['popup']) === 1)? '_parent' : htmlspecialchars(substr($this->root->vars['popup'],0,30))) . '" $2', $body);
+		$body = preg_replace('/(<a[^>]+)(href=(?:"|\')[^#])/isS', '$1target="' . ((intval($this->root->vars['popup']) === 1)? '_parent' : $this->htmlspecialchars(substr($this->root->vars['popup'],0,30))) . '" $2', $body);
 
 		// Head Tags
 		list($head_pre_tag, $head_tag) = $this->get_additional_headtags();
@@ -2313,7 +2327,7 @@ function convert_finisher (& $body) {
 		}
 
 		if ($this->cont['PageForRef'] !== $this->cont['PAGENAME']) {
-			$body = preg_replace('/(<form[^>]*?>)/' , '$1<input type="hidden" name="uploadpage" value="'.htmlspecialchars($this->cont['PageForRef']).'" />', $body);
+			$body = preg_replace('/(<form[^>]*?>)/' , '$1<input type="hidden" name="uploadpage" value="'.$this->htmlspecialchars($this->cont['PageForRef']).'" />', $body);
 		}
 
 		// TextArea id
@@ -2345,7 +2359,7 @@ function get_favicon_img ($url, $size = 16, $alt = '', $class = 'xpwikiFavicon')
 
 		if (!$alt) $alt = $url;
 
-		$favicon = '<img src="'.$this->cont['LOADER_URL'].'?src=favicon&amp;url='.rawurlencode($url).'" width="'.$size.'" height="'.$size.'" border="0" alt="'.htmlspecialchars($alt).'" class="'.$class.'" />';
+		$favicon = '<img src="'.$this->cont['LOADER_URL'].'?src=favicon&amp;url='.rawurlencode($url).'" width="'.$size.'" height="'.$size.'" border="0" alt="'.$this->htmlspecialchars($alt).'" class="'.$class.'" />';
 
 		return $favicon;
 	}
@@ -2780,7 +2794,7 @@ function word_highlight ($body, $word) {
 		$keys = $this->get_search_words(array_keys($keys), TRUE);
 		$id = 0;
 		foreach ($keys as $key=>$pattern) {
-			$s_key    = htmlspecialchars($key);
+			$s_key    = $this->htmlspecialchars($key);
 			$pattern  = '/' .
 				'<(textarea|script|style)[^>]*>.*?<\/\\1>' .	// Ignore textareas
 				'|' . '<[^>]*>' .			// Ignore tags
@@ -3028,8 +3042,8 @@ function substr_entity($str, $start, $len = null, $htmlspecialchar = true) {
 		// 末尾に分断された実態参照があれば削除
 		$str = preg_replace('/&([^;]+)?$/', '', $str);
 		// サニタイズ
-		//if ($htmlspecialchar) $str = str_replace('&amp;', '&', htmlspecialchars($str));
-		if ($htmlspecialchar) $str = htmlspecialchars($str);
+		//if ($htmlspecialchar) $str = str_replace('&amp;', '&', $this->htmlspecialchars($str));
+		if ($htmlspecialchar) $str = $this->htmlspecialchars($str);
 		return $str;
 	}
 	
@@ -3148,8 +3162,8 @@ function get_heading($page, $init=false)
 		if (!$res) return "";
 		$_ret = $db->fetchRow($res);
 		if ($_ret[0] === '- no title -') $_ret[0] = $page;
-		$_ret = preg_replace('/&amp;(#?[a-z0-9]+?);/i', '&$1;', htmlspecialchars($_ret[0], ENT_QUOTES));
-		return $ret[$this->root->mydirname][$page] = ($_ret || $init)? $_ret : htmlspecialchars($page,ENT_NOQUOTES);
+		$_ret = preg_replace('/&amp;(#?[a-z0-9]+?);/i', '&$1;', $this->htmlspecialchars($_ret[0], ENT_QUOTES));
+		return $ret[$this->root->mydirname][$page] = ($_ret || $init)? $_ret : $this->htmlspecialchars($page,ENT_NOQUOTES);
 	}
 
 	// 全ページ名を配列にDB版
@@ -4153,7 +4167,7 @@ function do_search($words, $type = 'AND', $non_format = FALSE, $base = '', $opti
 		if ($non_format) return array_keys($pages);
 
 		$r_word = rawurlencode($words);
-		$s_word = preg_replace('/&amp;#(\d+;)/', '&#$1', htmlspecialchars($words));
+		$s_word = preg_replace('/&amp;#(\d+;)/', '&#$1', $this->htmlspecialchars($words));
 
 		if (empty($pages))
 			return str_replace('$1', $s_word, $this->root->_msg_notfoundresult);
@@ -4171,10 +4185,10 @@ function do_search($words, $type = 'AND', $non_format = FALSE, $base = '', $opti
 		foreach ($pages as $page => $data) {
 			if (empty($data[0])) $data[0] = $this->get_filetime($page);
 			if (empty($data[1])) $data[1] = $this->get_heading($page);
-			$s_page  = htmlspecialchars($page);
+			$s_page  = $this->htmlspecialchars($page);
 			$passage = $this->root->show_passage ? ' ' . $this->get_passage($data[0]) : '';
 			$retval .= ' <li><a href="' . $this->get_page_uri($page, TRUE) . ($this->root->static_url ? '?' : '&amp;') . 'word=' . $r_word . '">' . $s_page .
-				'</a><small>' . $passage . '</small> [ ' . htmlspecialchars($data[1]) . ' ]' . "\n";
+				'</a><small>' . $passage . '</small> [ ' . $this->htmlspecialchars($data[1]) . ' ]' . "\n";
 			if ($options['context'] === 'db') {
 				$retval .= '<div class="context">' . HypCommonFunc::make_context($data[2], $keywords) . '</div>';
 			} else if ($options['context'] === 'conv') {
diff --git a/xoops_trust_path/modules/xpwiki/class/include/init.php b/xoops_trust_path/modules/xpwiki/class/include/init.php
index ffedf0ab..db4ed99b 100644
--- a/xoops_trust_path/modules/xpwiki/class/include/init.php
+++ b/xoops_trust_path/modules/xpwiki/class/include/init.php
@@ -48,12 +48,6 @@
 // Compat
 $root->anonymous = $root->_no_name = $root->siteinfo['anonymous'];
 
-// アクセスユーザーの情報読み込み
-$this->set_userinfo();
-
-// cookie 用ユーザーコード取得 & cookie読み書き
-$this->load_usercookie();
-
 /////////////////////////////////////////////////
 // Language / Encoding settings
 
@@ -72,6 +66,13 @@
 // Locale
 if (empty($const['LC_CTYPE'])) $const['LC_CTYPE'] = $this->get_LC_CTYPE();
 
+/////////////////////////////////////////////////
+// アクセスユーザーの情報読み込み
+$this->set_userinfo();
+
+// cookie 用ユーザーコード取得 & cookie読み書き
+$this->load_usercookie();
+
 /////////////////////////////////////////////////
 // INI_FILE: Require Lang Conf
 
diff --git a/xoops_trust_path/modules/xpwiki/class/make_link.php b/xoops_trust_path/modules/xpwiki/class/make_link.php
index aa0fce0b..27507673 100644
--- a/xoops_trust_path/modules/xpwiki/class/make_link.php
+++ b/xoops_trust_path/modules/xpwiki/class/make_link.php
@@ -77,7 +77,7 @@ function convert($string, $page) {
 
 		$string = preg_replace_callback('/'.$this->pattern.'/xS', array (& $this, 'replace'), $string);
 
-		$retval = $this->func->make_line_rules(htmlspecialchars($string));
+		$retval = $this->func->make_line_rules($this->func->htmlspecialchars($string));
 
 		$i = 0;
 		$found = strpos($retval, "\x08");
@@ -92,7 +92,7 @@ function convert($string, $page) {
 	function replace($arr) {
 		$obj = $this->get_converter($arr);
 
-		$this->result[] = ($obj !== NULL && $obj->set($arr, $this->page) !== FALSE) ? $obj->toString() : $this->func->make_line_rules(htmlspecialchars($arr[0]));
+		$this->result[] = ($obj !== NULL && $obj->set($arr, $this->page) !== FALSE) ? $obj->toString() : $this->func->make_line_rules($this->func->htmlspecialchars($arr[0]));
 
 		return "\x08"; // Add a mark into latest processed part
 	}
@@ -191,7 +191,7 @@ function setParam($page, $name, $body, $type = '', $alias = '') {
 				$alias = preg_replace('/\s*title="[^"]*"/', '', $alias);
 				$this->use_lightbox = FALSE;
 			} else {
-				$alias = '<img src="'.htmlspecialchars($alias).'" alt="'.$name.'" />';
+				$alias = '<img src="'.$this->func->htmlspecialchars($alias).'" alt="'.$name.'" />';
 				$this->use_lightbox = TRUE;
 			}
 			//if ($alias === $name) {
@@ -300,7 +300,7 @@ function toString() {
 		} else {
 			// No such plugin, or Failed
 			$body = (($body === '') ? '' : '{'.$body.'}').';';
-			return $this->func->make_line_rules(htmlspecialchars('&'.$this->plain).$body);
+			return $this->func->make_line_rules($this->func->htmlspecialchars('&'.$this->plain).$body);
 		}
 	}
 }
@@ -506,7 +506,7 @@ function set($arr, $page) {
 		list (,, $alias, $name) = $this->splice($arr);
 		// https?:/// -> $this->cont['ROOT_URL']
 		$name = preg_replace('#^(?:site:|https?:/)//#', $this->cont['ROOT_URL'], $name);
-		return parent :: setParam($page, htmlspecialchars($name), '', 'url', $alias === '' ? $name : $alias);
+		return parent :: setParam($page, $this->func->htmlspecialchars($name), '', 'url', $alias === '' ? $name : $alias);
 	}
 
 	function toString() {
@@ -566,7 +566,7 @@ function set($arr, $page) {
 				$alias = mb_convert_encoding(rawurldecode($alias), $this->cont['SOURCE_ENCODING'], 'AUTO');
 			}
 		}
-		return parent :: setParam($page, htmlspecialchars($name), '', ($mail? 'mailto' : 'url'), $alias);
+		return parent :: setParam($page, $this->func->htmlspecialchars($name), '', ($mail? 'mailto' : 'url'), $alias);
 	}
 
 	function toString() {
@@ -582,9 +582,9 @@ function toString() {
 		if ($this->root->bitly_clickable && ! $this->has_bracket && ! $this->is_image && $this->type !== 'mailto') {
 			$_name = str_replace('&amp;', '&', $this->name);
 			$this->name = $this->func->bitly($_name);
-			$this->alias = htmlspecialchars($this->name);
+			$this->alias = $this->func->htmlspecialchars($this->name);
 			if ($this->root->bitly_clickable === 2 && $_name !== $this->name && !($this->root->bitly_domain_internal && strpos($this->name, 'http://' . $this->root->bitly_domain_internal) === 0)) {
-				$host = '<span class="modest"> (' . htmlspecialchars($this->host) . ')</span>';
+				$host = '<span class="modest"> (' . $this->func->htmlspecialchars($this->host) . ')</span>';
 			}
 		}
 		return '<a href="'.$this->name.'"'.$title.$rel.$class.$img.$target.'>'.$this->alias.'</a>'.$host;
@@ -618,7 +618,7 @@ function set($arr, $page) {
 		list (, $name, $alias) = $this->splice($arr);
 		// https?:/// -> $this->cont['ROOT_URL']
 		$name = preg_replace('#^(?:site:|https?:/)//#', $this->cont['ROOT_URL'], $name);
-		return parent :: setParam($page, htmlspecialchars($name), '', 'url', $alias);
+		return parent :: setParam($page, $this->func->htmlspecialchars($name), '', 'url', $alias);
 	}
 
 	function toString() {
@@ -657,9 +657,9 @@ function set($arr, $page) {
 	}
 
 	function toString() {
-		$title = ' title="' . htmlspecialchars($this->name) . '"';
-		$href = 'file://' . htmlspecialchars(str_replace(array('|','\\'), array(':','/'), $this->name));
-		return '<a href="'.$href.'"'.$title.'>'.htmlspecialchars($this->alias).'</a>';
+		$title = ' title="' . $this->func->htmlspecialchars($this->name) . '"';
+		$href = 'file://' . $this->func->htmlspecialchars(str_replace(array('|','\\'), array(':','/'), $this->name));
+		return '<a href="'.$href.'"'.$title.'>'.$this->func->htmlspecialchars($this->alias).'</a>';
 	}
 }
 
@@ -789,15 +789,15 @@ function set($arr, $page) {
 
 		if (is_object($url)) {
 			$this->otherObj =& $url;
-			return parent :: setParam($page, htmlspecialchars($_param), '', 'pagename', $alias === '' ? $name.':'.$this->param : $alias);
+			return parent :: setParam($page, $this->func->htmlspecialchars($_param), '', 'pagename', $alias === '' ? $name.':'.$this->param : $alias);
 		}
 
 		$this->otherObj = NULL;
 
 		if (!$url) return false;
-		$this->url = htmlspecialchars($url);
+		$this->url = $this->func->htmlspecialchars($url);
 
-		return parent :: setParam($page, htmlspecialchars($name.':'.$this->param), '', 'InterWikiName', $alias === '' ? $name.':'.$this->param : $alias);
+		return parent :: setParam($page, $this->func->htmlspecialchars($name.':'.$this->param), '', 'InterWikiName', $alias === '' ? $name.':'.$this->param : $alias);
 	}
 
 	function toString() {
diff --git a/xoops_trust_path/modules/xpwiki/class/xpwiki.php b/xoops_trust_path/modules/xpwiki/class/xpwiki.php
index 56e812b1..1f0f913d 100644
--- a/xoops_trust_path/modules/xpwiki/class/xpwiki.php
+++ b/xoops_trust_path/modules/xpwiki/class/xpwiki.php
@@ -27,6 +27,7 @@ class XpWiki {
 	var $pid;
 
 	var $isXpWiki = TRUE;
+	var $isSinglton = FALSE;
 
 	var $admin_messages = array();
 
@@ -71,6 +72,7 @@ function & getSingleton ($mddir, $iniClear = true) {
 		static $obj;
 		if (! isset($obj[$mddir])) {
 			$obj[$mddir] = new XpWiki($mddir);
+			$obj[$mddir]->isSinglton = true;
 		}
 		if ($iniClear) {
 			$obj[$mddir]->clearIniRoot();
@@ -176,7 +178,7 @@ function execute() {
 		if (isset($root->vars['plugin'])) {
 			// Plug-in action
 			if (! $func->exist_plugin_action($root->vars['plugin'])) {
-				$s_plugin = htmlspecialchars($root->vars['plugin']);
+				$s_plugin = $func->htmlspecialchars($root->vars['plugin']);
 				$msg      = "plugin=$s_plugin is not implemented.";
 				$retvars  = array('msg'=>$msg,'body'=>$msg);
 			} else {
@@ -190,7 +192,7 @@ function execute() {
 		} else if (isset($root->vars['cmd'])) {
 			// Command action
 			if (! $func->exist_plugin_action($root->vars['cmd'])) {
-				$s_cmd   = htmlspecialchars($root->vars['cmd']);
+				$s_cmd   = $func->htmlspecialchars($root->vars['cmd']);
 				$msg     = "cmd=$s_cmd is not implemented.";
 				$retvars = array('msg'=>$msg,'body'=>$msg);
 			} else {
@@ -215,7 +217,7 @@ function execute() {
 				}
 				exit();
 			}
-			$title = htmlspecialchars($func->strip_bracket($base));
+			$title = $func->htmlspecialchars($func->strip_bracket($base));
 			$page  = $func->make_search($base);
 
 			if (! empty($retvars['msg'])) {
@@ -270,7 +272,7 @@ function execute() {
 										array('$page_title', '$content_title', '$module_title'),
 										array($page_title, $content_title, $root->module_title),
 										$root->html_head_title));
-				$root->pagetitle_action = isset($root->_LANG['skin'][$root->vars['cmd']])? htmlspecialchars($root->_LANG['skin'][$root->vars['cmd']]) : '';
+				$root->pagetitle_action = isset($root->_LANG['skin'][$root->vars['cmd']])? $func->htmlspecialchars($root->_LANG['skin'][$root->vars['cmd']]) : '';
 				$this->title         = $title;
 				$this->page          = $base;
 				$this->skin_title    = $page;
@@ -656,9 +658,9 @@ function get_BBCode_switch_js($id, $mydirname = null) {
 			$langman->read( 'modinfo.php' , $mydirname , 'xpwiki' ) ;
 		}
 		
-		$msgToBBcode = htmlspecialchars(constant($constpref . '_MSG_TO_BBCODE_EDITOR'), ENT_QUOTES);
-		$msgToWiki = htmlspecialchars(constant($constpref . '_MSG_TO_WIKI_EDITOR'), ENT_QUOTES);
-		$msgSwitch = htmlspecialchars(constant($constpref . '_MSG_TO_SWITCH_EDITOR'), ENT_QUOTES);
+		$msgToBBcode = htmlspecialchars(constant($constpref . '_MSG_TO_BBCODE_EDITOR'), ENT_QUOTES, _CHARSET);
+		$msgToWiki = htmlspecialchars(constant($constpref . '_MSG_TO_WIKI_EDITOR'), ENT_QUOTES, _CHARSET);
+		$msgSwitch = htmlspecialchars(constant($constpref . '_MSG_TO_SWITCH_EDITOR'), ENT_QUOTES, _CHARSET);
 		
 		return <<<EOD
 <script type="text/javascript">
diff --git a/xoops_trust_path/modules/xpwiki/include/DifferenceEngine.php b/xoops_trust_path/modules/xpwiki/include/DifferenceEngine.php
index dbbd1d7d..7b0b454f 100644
--- a/xoops_trust_path/modules/xpwiki/include/DifferenceEngine.php
+++ b/xoops_trust_path/modules/xpwiki/include/DifferenceEngine.php
@@ -991,7 +991,7 @@ function TableDiffFormatter() {
   }
 
   function _pre($text){
-    $text = htmlspecialchars($text);
+    $text = str_replace(array('&', '<', '>', '"'), array('&amp;', '&lt;', '&gt;', '&quot;'), $text);
     $text = str_replace('  ',' &nbsp;',$text);
     return $text;
   }
diff --git a/xoops_trust_path/modules/xpwiki/include/check.func.php b/xoops_trust_path/modules/xpwiki/include/check.func.php
index d6b6d177..7cf77e2b 100644
--- a/xoops_trust_path/modules/xpwiki/include/check.func.php
+++ b/xoops_trust_path/modules/xpwiki/include/check.func.php
@@ -137,7 +137,7 @@ function xpwikifunc_defdata_check ($mydirname, $mode = 'install') {
 							// touch page
 							$xpwiki->func->touch_page($page, $timestamp[$file]);
 
-							$msg[] = "Updated a page '" . htmlspecialchars($page) . "'.<br />";
+							$msg[] = "Updated a page '" . $xpwiki->func->htmlspecialchars($page) . "'.<br />";
 						}
 					}
 				}
diff --git a/xoops_trust_path/modules/xpwiki/include/stand_alone_functions.php b/xoops_trust_path/modules/xpwiki/include/stand_alone_functions.php
index 68c37c8f..1c5ebe52 100644
--- a/xoops_trust_path/modules/xpwiki/include/stand_alone_functions.php
+++ b/xoops_trust_path/modules/xpwiki/include/stand_alone_functions.php
@@ -68,12 +68,12 @@ function xpwiki_saf_getRecentPages_base( $options ) {
 
 		$entry = array(
 			'id'          => $xpwiki->func->get_pgid_by_name($page),
-			'pagename'    => htmlspecialchars($page),
+			'pagename'    => htmlspecialchars($page, ENT_COMPAT, $xpwiki->cont['SOURCE_ENCODING']),
 			'views'       => $xpwiki->func->get_page_views($page),
 			'replies'     => $xpwiki->func->count_page_comments($page),
 			'pubtime'     => ($time + date('Z')),
 			'link'        => $xpwiki->func->get_page_uri($page, true),
-			'headline'    => htmlspecialchars($title),
+			'headline'    => htmlspecialchars($title, ENT_COMPAT, $xpwiki->cont['SOURCE_ENCODING']),
 			'description' => $description,
 			'pginfo'      => $pginfo,
 		);
diff --git a/xoops_trust_path/modules/xpwiki/ini/rules.ini.php b/xoops_trust_path/modules/xpwiki/ini/rules.ini.php
index 29237874..b9d799b3 100644
--- a/xoops_trust_path/modules/xpwiki/ini/rules.ini.php
+++ b/xoops_trust_path/modules/xpwiki/ini/rules.ini.php
@@ -44,7 +44,7 @@
 	'&page;'	=> array_pop($page_array),
 	'&fpage;'	=> $root->vars['page'],
 	'&t;'   	=> "\t",
-	'&ua;'      => htmlspecialchars($root->ua),
+	'&ua;'      => $this->htmlspecialchars($root->ua),
 );
 
 //  preg_replace_callback を使用する置換
diff --git a/xoops_trust_path/modules/xpwiki/loader.php b/xoops_trust_path/modules/xpwiki/loader.php
index 8a60a314..dd464067 100644
--- a/xoops_trust_path/modules/xpwiki/loader.php
+++ b/xoops_trust_path/modules/xpwiki/loader.php
@@ -497,7 +497,7 @@
 function xpwiki_make_facemarks (& $wiki, $skin_dirname, $cache, $face_tag_ver) {
 	$fck_face = $tags_full = $tags = array();
 	foreach($wiki->root->wikihelper_facemarks as $key => $img) {
-		$key = htmlspecialchars($key, ENT_QUOTES);
+		$key = $wiki->func->htmlspecialchars($key, ENT_QUOTES);
 		$q_key = str_replace("'", "\\'", $key);
 		if ($img{0} === '*') {
 			$img = substr($img, 1);
diff --git a/xoops_trust_path/modules/xpwiki/oninstall.php b/xoops_trust_path/modules/xpwiki/oninstall.php
index 80bf1e62..85d37a84 100644
--- a/xoops_trust_path/modules/xpwiki/oninstall.php
+++ b/xoops_trust_path/modules/xpwiki/oninstall.php
@@ -28,7 +28,7 @@ function xpwiki_oninstall_base( $module , $mydirname )
 	$sql_file_path = dirname(__FILE__).'/sql/mysql.sql' ;
 	$prefix_mod = $db->prefix() . '_' . $mydirname ;
 	if( file_exists( $sql_file_path ) ) {
-		$ret[] = "SQL file found at <b>".htmlspecialchars($sql_file_path)."</b>.<br /> Creating tables...";
+		$ret[] = "SQL file found at <b>".htmlspecialchars($sql_file_path, ENT_COMPAT, _CHARSET)."</b>.<br /> Creating tables...";
 
 		if( is_file( XOOPS_ROOT_PATH.'/class/database/oldsqlutility.php' ) ) {
 			include_once XOOPS_ROOT_PATH.'/class/database/oldsqlutility.php' ;
@@ -56,19 +56,19 @@ function xpwiki_oninstall_base( $module , $mydirname )
 		foreach( $pieces as $piece ) {
 			$prefixed_query = $sqlutil->prefixQuery( $piece , $prefix_mod ) ;
 			if( ! $prefixed_query ) {
-				$ret[] = "Invalid SQL <b>".htmlspecialchars($piece)."</b><br />";
+				$ret[] = "Invalid SQL <b>".htmlspecialchars($piece, ENT_COMPAT, _CHARSET)."</b><br />";
 				return false ;
 			}
 			if( ! $db->query( $prefixed_query[0] ) ) {
-				$ret[] = '<b>'.htmlspecialchars( $db->error() ).'</b><br />' ;
+				$ret[] = '<b>'.htmlspecialchars( $db->error(), ENT_COMPAT, _CHARSET ).'</b><br />' ;
 				//var_dump( $db->error() ) ;
 				return false ;
 			} else {
 				if( ! in_array( $prefixed_query[4] , $created_tables ) ) {
-					$ret[] = 'Table <b>'.htmlspecialchars($prefix_mod.'_'.$prefixed_query[4]).'</b> created.<br />';
+					$ret[] = 'Table <b>'.htmlspecialchars($prefix_mod.'_'.$prefixed_query[4], ENT_COMPAT, _CHARSET).'</b> created.<br />';
 					$created_tables[] = $prefixed_query[4];
 				} else {
-					$ret[] = 'Data inserted to table <b>'.htmlspecialchars($prefix_mod.'_'.$prefixed_query[4]).'</b>.</br />';
+					$ret[] = 'Data inserted to table <b>'.htmlspecialchars($prefix_mod.'_'.$prefixed_query[4], ENT_COMPAT, _CHARSET).'</b>.</br />';
 				}
 			}
 		}
@@ -94,17 +94,17 @@ function xpwiki_oninstall_base( $module , $mydirname )
 				$tplfile->setVar( 'tpl_lastimported' , 0 ) ;
 				$tplfile->setVar( 'tpl_type' , 'module' ) ;
 				if( ! $tplfile_handler->insert( $tplfile ) ) {
-					$ret[] = '<span style="color:#ff0000;">ERROR: Could not insert template <b>'.htmlspecialchars($mydirname.'_'.$file).'</b> to the database.</span><br />';
+					$ret[] = '<span style="color:#ff0000;">ERROR: Could not insert template <b>'.htmlspecialchars($mydirname.'_'.$file, ENT_COMPAT, _CHARSET).'</b> to the database.</span><br />';
 				} else {
 					$tplid = $tplfile->getVar( 'tpl_id' ) ;
-					$ret[] = 'Template <b>'.htmlspecialchars($mydirname.'_'.$file).'</b> added to the database. (ID: <b>'.$tplid.'</b>)<br />';
+					$ret[] = 'Template <b>'.htmlspecialchars($mydirname.'_'.$file, ENT_COMPAT, _CHARSET).'</b> added to the database. (ID: <b>'.$tplid.'</b>)<br />';
 					// generate compiled file
 					include_once XOOPS_ROOT_PATH.'/class/xoopsblock.php' ;
 					include_once XOOPS_ROOT_PATH.'/class/template.php' ;
 					if( ! xoops_template_touch( $tplid ) ) {
-						$ret[] = '<span style="color:#ff0000;">ERROR: Failed compiling template <b>'.htmlspecialchars($mydirname.'_'.$file).'</b>.</span><br />';
+						$ret[] = '<span style="color:#ff0000;">ERROR: Failed compiling template <b>'.htmlspecialchars($mydirname.'_'.$file, ENT_COMPAT, _CHARSET).'</b>.</span><br />';
 					} else {
-						$ret[] = 'Template <b>'.htmlspecialchars($mydirname.'_'.$file).'</b> compiled.</span><br />';
+						$ret[] = 'Template <b>'.htmlspecialchars($mydirname.'_'.$file, ENT_COMPAT, _CHARSET).'</b> compiled.</span><br />';
 					}
 				}
 			}
diff --git a/xoops_trust_path/modules/xpwiki/onuninstall.php b/xoops_trust_path/modules/xpwiki/onuninstall.php
index f1d1cc09..613d8027 100644
--- a/xoops_trust_path/modules/xpwiki/onuninstall.php
+++ b/xoops_trust_path/modules/xpwiki/onuninstall.php
@@ -27,15 +27,15 @@ function xpwiki_onuninstall_base( $module , $mydirname )
 	$sql_file_path = dirname(__FILE__).'/sql/mysql.sql' ;
 	$prefix_mod = $db->prefix() . '_' . $mydirname ;
 	if( file_exists( $sql_file_path ) ) {
-		$ret[] = "SQL file found at <b>".htmlspecialchars($sql_file_path)."</b>.<br  /> Deleting tables...<br />";
+		$ret[] = "SQL file found at <b>".htmlspecialchars($sql_file_path, ENT_COMPAT, _CHARSET)."</b>.<br  /> Deleting tables...<br />";
 		$sql_lines = file( $sql_file_path ) ;
 		foreach( $sql_lines as $sql_line ) {
 			if( preg_match( '/^CREATE TABLE \`?([a-zA-Z0-9_-]+)\`? /i' , $sql_line , $regs ) ) {
 				$sql = 'DROP TABLE '.addslashes($prefix_mod.'_'.$regs[1]);
 				if (!$db->query($sql)) {
-					$ret[] = '<span style="color:#ff0000;">ERROR: Could not drop table <b>'.htmlspecialchars($prefix_mod.'_'.$regs[1]).'<b>.</span><br />';
+					$ret[] = '<span style="color:#ff0000;">ERROR: Could not drop table <b>'.htmlspecialchars($prefix_mod.'_'.$regs[1], ENT_COMPAT, _CHARSET).'<b>.</span><br />';
 				} else {
-					$ret[] = 'Table <b>'.htmlspecialchars($prefix_mod.'_'.$regs[1]).'</b> dropped.<br />';
+					$ret[] = 'Table <b>'.htmlspecialchars($prefix_mod.'_'.$regs[1], ENT_COMPAT, _CHARSET).'</b> dropped.<br />';
 				}
 			}
 		}
diff --git a/xoops_trust_path/modules/xpwiki/onupdate.php b/xoops_trust_path/modules/xpwiki/onupdate.php
index e4e00c14..8deb0ae3 100644
--- a/xoops_trust_path/modules/xpwiki/onupdate.php
+++ b/xoops_trust_path/modules/xpwiki/onupdate.php
@@ -31,7 +31,7 @@ function xpwiki_onupdate_base( $module , $mydirname )
 		$sql_file_path = dirname(__FILE__).'/sql/mysql.sql' ;
 		$prefix_mod = $db->prefix() . '_' . $mydirname ;
 		if( file_exists( $sql_file_path ) ) {
-			$ret[] = "SQL file found at <b>".htmlspecialchars($sql_file_path)."</b>.<br /> Creating tables...";
+			$ret[] = "SQL file found at <b>".htmlspecialchars($sql_file_path, ENT_COMPAT, _CHARSET)."</b>.<br /> Creating tables...";
 
 			if( is_file( XOOPS_ROOT_PATH.'/class/database/oldsqlutility.php' ) ) {
 				include_once XOOPS_ROOT_PATH.'/class/database/oldsqlutility.php' ;
@@ -47,19 +47,19 @@ function xpwiki_onupdate_base( $module , $mydirname )
 			foreach( $pieces as $piece ) {
 				$prefixed_query = $sqlutil->prefixQuery( $piece , $prefix_mod ) ;
 				if( ! $prefixed_query ) {
-					$ret[] = "Invalid SQL <b>".htmlspecialchars($piece)."</b><br />";
+					$ret[] = "Invalid SQL <b>".htmlspecialchars($piece, ENT_COMPAT, _CHARSET)."</b><br />";
 					return false ;
 				}
 				if( ! $db->query( $prefixed_query[0] ) ) {
-					$ret[] = '<b>'.htmlspecialchars( $db->error() ).'</b><br />' ;
+					$ret[] = '<b>'.htmlspecialchars( $db->error(), ENT_COMPAT, _CHARSET ).'</b><br />' ;
 					//var_dump( $db->error() ) ;
 					return false ;
 				} else {
 					if( ! in_array( $prefixed_query[4] , $created_tables ) ) {
-						$ret[] = 'Table <b>'.htmlspecialchars($prefix_mod.'_'.$prefixed_query[4]).'</b> created.<br />';
+						$ret[] = 'Table <b>'.htmlspecialchars($prefix_mod.'_'.$prefixed_query[4], ENT_COMPAT, _CHARSET).'</b> created.<br />';
 						$created_tables[] = $prefixed_query[4];
 					} else {
-						$ret[] = 'Data inserted to table <b>'.htmlspecialchars($prefix_mod.'_'.$prefixed_query[4]).'</b>.</br />';
+						$ret[] = 'Data inserted to table <b>'.htmlspecialchars($prefix_mod.'_'.$prefixed_query[4], ENT_COMPAT, _CHARSET).'</b>.</br />';
 					}
 				}
 			}
@@ -234,17 +234,17 @@ function xpwiki_onupdate_base( $module , $mydirname )
 				$tplfile->setVar( 'tpl_lastimported' , 0 ) ;
 				$tplfile->setVar( 'tpl_type' , 'module' ) ;
 				if( ! $tplfile_handler->insert( $tplfile ) ) {
-					$msgs[] = '<span style="color:#ff0000;">ERROR: Could not insert template <b>'.htmlspecialchars($mydirname.'_'.$file).'</b> to the database.</span>';
+					$msgs[] = '<span style="color:#ff0000;">ERROR: Could not insert template <b>'.htmlspecialchars($mydirname.'_'.$file, ENT_COMPAT, _CHARSET).'</b> to the database.</span>';
 				} else {
 					$tplid = $tplfile->getVar( 'tpl_id' ) ;
-					$msgs[] = 'Template <b>'.htmlspecialchars($mydirname.'_'.$file).'</b> added to the database. (ID: <b>'.$tplid.'</b>)';
+					$msgs[] = 'Template <b>'.htmlspecialchars($mydirname.'_'.$file, ENT_COMPAT, _CHARSET).'</b> added to the database. (ID: <b>'.$tplid.'</b>)';
 					// generate compiled file
 					include_once XOOPS_ROOT_PATH.'/class/xoopsblock.php' ;
 					include_once XOOPS_ROOT_PATH.'/class/template.php' ;
 					if( ! xoops_template_touch( $tplid ) ) {
-						$msgs[] = '<span style="color:#ff0000;">ERROR: Failed compiling template <b>'.htmlspecialchars($mydirname.'_'.$file).'</b>.</span>';
+						$msgs[] = '<span style="color:#ff0000;">ERROR: Failed compiling template <b>'.htmlspecialchars($mydirname.'_'.$file, ENT_COMPAT, _CHARSET).'</b>.</span>';
 					} else {
-						$msgs[] = 'Template <b>'.htmlspecialchars($mydirname.'_'.$file).'</b> compiled.</span>';
+						$msgs[] = 'Template <b>'.htmlspecialchars($mydirname.'_'.$file, ENT_COMPAT, _CHARSET).'</b> compiled.</span>';
 					}
 				}
 			}
diff --git a/xoops_trust_path/modules/xpwiki/plugin/addline.inc.php b/xoops_trust_path/modules/xpwiki/plugin/addline.inc.php
index d579edd4..3ee8532e 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/addline.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/addline.inc.php
@@ -66,7 +66,7 @@ function plugin_addline_convert() {
 				else if (preg_match("/btn:(.+)/i",$opt,$args)){
 					$btn_text = $args[1];
 					if (strtolower(substr($btn_text, -4)) === "auth") {
-						$btn_text = htmlspecialchars(rtrim(substr($btn_text, 0, strlen($btn_text)-4), ':'));
+						$btn_text = $this->func->htmlspecialchars(rtrim(substr($btn_text, 0, strlen($btn_text)-4), ':'));
 						$auth = 1;
 						if ($this->cont['PKWK_READONLY'] || ! $this->func->check_editable($this->root->vars['page'], FALSE, FALSE)) {
 							$disabled = ' disabled="disabled"';
@@ -74,10 +74,10 @@ function plugin_addline_convert() {
 					}
 				}
 				else if (preg_match("/rtext:(.+)/i",$opt,$args)){
-					$right_text = htmlspecialchars($args[1]);
+					$right_text = $this->func->htmlspecialchars($args[1]);
 				}
 				else if (preg_match("/ltext:(.+)/i",$opt,$args)){
-					$left_text = htmlspecialchars($args[1]);
+					$left_text = $this->func->htmlspecialchars($args[1]);
 				}
 				else if ( $opt === 'below' || $opt === 'down' ){
 					$above = 0;
@@ -96,8 +96,8 @@ function plugin_addline_convert() {
 			if (! $disabled && $no_flag[$this->xpwiki->pid]) $btn_text .= "[$addline_no]";
 		}
 	
-		$f_page	  = htmlspecialchars($this->root->vars['page']);
-		$f_config = htmlspecialchars($configname);
+		$f_page	  = $this->func->htmlspecialchars($this->root->vars['page']);
+		$f_config = $this->func->htmlspecialchars($configname);
 	
 		$string = '';
 		$script = $this->func->get_script_uri();
@@ -203,7 +203,7 @@ function plugin_addline_action()
 		$config = new XpWikiConfig($this->xpwiki, 'plugin/addline/'.$configname);
 		if (!$config->read())
 		{
-			return array( 'msg' => 'addline error', 'body' => "<p>config file '".htmlspecialchars($configname)."' is not exist.");
+			return array( 'msg' => 'addline error', 'body' => "<p>config file '".$this->func->htmlspecialchars($configname)."' is not exist.");
 		}
 		$config->config_name = $configname;
 		$addline = join('', $this->addline_get_source($config->page));
diff --git a/xoops_trust_path/modules/xpwiki/plugin/ajaxtree.inc.php b/xoops_trust_path/modules/xpwiki/plugin/ajaxtree.inc.php
index 7b1cd1c1..71f33455 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/ajaxtree.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/ajaxtree.inc.php
@@ -227,7 +227,7 @@ function plugin_ajaxtree_get_html()
 		$this->func->add_tag_head('ajaxtree.css');
 		$this->func->add_tag_head('ajaxtree.js');
 
-		$html = '<h5>' . htmlspecialchars($this->root->_ajaxtree_messages['title']) . '</h5>' . "\n"
+		$html = '<h5>' . $this->func->htmlspecialchars($this->root->_ajaxtree_messages['title']) . '</h5>' . "\n"
 		  . '<div id="' . $this->root->mydirname . '_ajaxtree" class="xpwiki_ajaxtree">' . "\n"
 		  . $this->plugin_ajaxtree_read_file($file) . "\n"
 		  . '</div>' . "\n";
@@ -252,7 +252,7 @@ function plugin_ajaxtree_modify_html(&$html, $current)
 
 		$pos = 0;
 		foreach ($ancestors as $ancestor) {
-			$search = '<a title="' . htmlspecialchars($ancestor) . '"';
+			$search = '<a title="' . $this->func->htmlspecialchars($ancestor) . '"';
 			$pos	= strpos($html, $search, $pos);
 			if ($pos === false) {
 				continue;
@@ -369,8 +369,8 @@ function plugin_ajaxtree_get_root_html()
 			} else {
 				$url = $this->plugin_ajaxtree_get_script_uri();
 			}
-			$title	 = htmlspecialchars('/');
-			$s_label = htmlspecialchars($this->root->_ajaxtree_messages['toppage']);
+			$title	 = $this->func->htmlspecialchars('/');
+			$s_label = $this->func->htmlspecialchars($this->root->_ajaxtree_messages['toppage']);
 			$count	 = isset($counts['/']) ? ' <span class="count">(' . $counts['/'] . ')</span>' : '';
 			$html	 = '<a title="' . $title . '" href="' . $url . '" class="block">' . $s_label . $count . '</a>' . "\n";
 		}
@@ -420,10 +420,10 @@ function plugin_ajaxtree_get_subtree($current)
 		$html = '<ul class="depth_'.$depth.'">';
 		foreach ($pages as $page) {
 			$indents = str_repeat(' ', $depth);
-			$title	 = htmlspecialchars($page);
+			$title	 = $this->func->htmlspecialchars($page);
 			$url = $this->func->get_page_uri($page, true);
 			$label = substr($page, $offset);
-			$s_label = htmlspecialchars($label);
+			$s_label = $this->func->htmlspecialchars($label);
 			if ($this->root->pagename_num2str && $this->func->is_page($page)) {
 				$s_label = preg_replace('/^(?:[0-9\-]+|[B0-9][A-Z0-9]{9})$/', $this->func->get_heading($page), $s_label);
 			}
diff --git a/xoops_trust_path/modules/xpwiki/plugin/amazon.inc.php b/xoops_trust_path/modules/xpwiki/plugin/amazon.inc.php
index 5bbf8894..4c9674b0 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/amazon.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/amazon.inc.php
@@ -136,7 +136,7 @@ function plugin_amazon_convert()
 
 			if ($this->cont['PKWK_READONLY']) return ''; // Show nothing
 
-			$s_page = htmlspecialchars($this->root->vars['page']);
+			$s_page = $this->func->htmlspecialchars($this->root->vars['page']);
 			if ($s_page == '') $s_page = isset($this->root->vars['refer']) ? $this->root->vars['refer'] : '';
 			$script = $this->func->get_script_uri();
 			$ret = <<<EOD
@@ -159,12 +159,12 @@ function plugin_amazon_convert()
 		if ($align == 'clear') return '<div style="clear:both"></div>'; // 改行挿入
 		if ($align != 'left') $align = 'right'; // 配置決定
 
-		$this->asin_all = htmlspecialchars($aryargs[0]);  // for XSS
+		$this->asin_all = $this->func->htmlspecialchars($aryargs[0]);  // for XSS
 		if ($this->is_asin() == FALSE && $align != 'clear') return FALSE;
 
 		if ($aryargs[2] != '') {
 			// タイトル指定
-			$title = $alt = htmlspecialchars($aryargs[2]); // for XSS
+			$title = $alt = $this->func->htmlspecialchars($aryargs[2]); // for XSS
 			if ($alt == 'image') {
 				$alt = $this->plugin_amazon_get_asin_title();
 				if ($alt[0] === "\t") {
@@ -215,7 +215,7 @@ function plugin_amazon_action()
 
 		$s_page   = isset($this->root->vars['refer']) ? $this->root->vars['refer'] : '';
 		$this->asin_all = isset($this->root->vars['asin']) ?
-			htmlspecialchars(rawurlencode($this->func->strip_bracket($this->root->vars['asin']))) : '';
+			$this->func->htmlspecialchars(rawurlencode($this->func->strip_bracket($this->root->vars['asin']))) : '';
 
 		if (! $this->is_asin()) {
 			$retvars['msg']   = $this->msg['edit_title'];
@@ -261,7 +261,7 @@ function plugin_amazon_inline()
 
 		list($this->asin_all) = func_get_args();
 
-		$this->asin_all = htmlspecialchars($this->asin_all); // for XSS
+		$this->asin_all = $this->func->htmlspecialchars($this->asin_all); // for XSS
 		if (! $this->is_asin()) return FALSE;
 
 		$title = $this->plugin_amazon_get_asin_title();
diff --git a/xoops_trust_path/modules/xpwiki/plugin/aname.inc.php b/xoops_trust_path/modules/xpwiki/plugin/aname.inc.php
index 76eafca6..1f6ea11d 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/aname.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/aname.inc.php
@@ -102,7 +102,7 @@ function plugin_aname_tag($args = array(), $convert = TRUE)
 				return $this->plugin_aname_usage($convert, 'ID too long');
 			if (! preg_match($this->cont['PLUGIN_ANAME_ID_REGEX'], $id))
 				return $this->plugin_aname_usage($convert, 'Invalid ID string: ' .
-				htmlspecialchars($id));
+				$this->func->htmlspecialchars($id));
 			$_id[$this->xpwiki->pid][$id] = TRUE; // Set
 		}
 	
@@ -120,16 +120,16 @@ function plugin_aname_tag($args = array(), $convert = TRUE)
 				$height = ($height)? ' height="' . $height . '"' : '';
 				$width = min($this->max_image_size, intval($options['width']));
 				$width = ($width)? ' width="' . $width . '"' : '';
-				$alt = ' alt="' . htmlspecialchars($options['alt']? $options['alt'] : $options['src']) . '"';
+				$alt = ' alt="' . $this->func->htmlspecialchars($options['alt']? $options['alt'] : $options['src']) . '"';
 				$body = '<img src="' . $this->cont['LOADER_URL'] . '?src=' . $options['src'] . '"' . $alt . $height . $width . ' />';
 				$convert = FALSE;
 			}
 		}
 		if ($convert) {
-			$body = htmlspecialchars($body);
+			$body = $this->func->htmlspecialchars($body);
 		}
 		
-		$id = htmlspecialchars($id); // Insurance
+		$id = $this->func->htmlspecialchars($id); // Insurance
 		$class   = $f_super ? 'anchor_super' : 'anchor';
 		$attr_id = $f_noid  ? '' : ' id="' . $id . '" name="' . $id . '"';
 		$url     = $f_full  ? $this->func->get_page_uri($this->root->vars['page'], true) : '';
diff --git a/xoops_trust_path/modules/xpwiki/plugin/areaedit.inc.php b/xoops_trust_path/modules/xpwiki/plugin/areaedit.inc.php
index 1d777321..49bd45f1 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/areaedit.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/areaedit.inc.php
@@ -95,9 +95,9 @@ function plugin_areaedit_convert() {
 			if ( $btn_name == $this->msg['btn_name'] ) {
 				$btn_name  = $this->msg['btn_name_collect'];
 			}
-			$s_page	  = htmlspecialchars($page);
-			$s_refer  = htmlspecialchars($collect);
-			$s_digest = htmlspecialchars($this->root->digest);
+			$s_page	  = $this->func->htmlspecialchars($page);
+			$s_refer  = $this->func->htmlspecialchars($collect);
+			$s_digest = $this->func->htmlspecialchars($this->root->digest);
 			$script = $this->func->get_script_uri();
 			return <<<EOD
 <div style="margin:0px auto 0px 0px;text-align:left;" title="collect">
@@ -651,7 +651,7 @@ function plugin_areaedit_write($refer, $postdata_input, $postdata)
 		$oldpagesrc = $this->func->remove_pginfo($oldpagesrc);
 
 		if ($oldpagemd5 != $this->root->vars['digest']) {
-			$retvars['msg'] = str_replace('$1',htmlspecialchars($this->func->strip_bracket($this->root->vars['page'])),$this->root->_title_collided);
+			$retvars['msg'] = str_replace('$1',$this->func->htmlspecialchars($this->func->strip_bracket($this->root->vars['page'])),$this->root->_title_collided);
 			$retvars['body'] = str_replace('$1',$this->func->make_pagelink($this->root->vars['page']),$this->msg['msg__collided']);
 			$retvars['body'] .= "<p>|--> ".$this->func->make_pagelink($this->root->vars['page'])."</p>";
 
@@ -672,7 +672,7 @@ function plugin_areaedit_write($refer, $postdata_input, $postdata)
 			}
 
 			$retvars['msg'] = $this->root->_title_deleted;
-			$retvars['body'] = str_replace('$1',htmlspecialchars($refer),$this->root->_title_deleted);
+			$retvars['body'] = str_replace('$1',$this->func->htmlspecialchars($refer),$this->root->_title_deleted);
 			$this->func->tb_delete($refer);
 		}
 
@@ -689,13 +689,13 @@ function areaedit_form($page, $postdata_input, $headdata, $taildata, $digest = 0
 		$checked_time = array_key_exists('notimestamp',$this->root->vars) ? ' checked="checked"' : '';
 
 		$r_page	  = rawurlencode($page);
-		$s_page	  = htmlspecialchars($page);
+		$s_page	  = $this->func->htmlspecialchars($page);
 		$r_digest = rawurlencode($digest);
-		$s_digest = htmlspecialchars($digest);
-		$s_postdata_input = htmlspecialchars(str_replace("&br;","\n",$postdata_input));
-		$s_headdata = htmlspecialchars( $headdata );
-		$s_taildata = htmlspecialchars( $taildata );
-		$s_original = array_key_exists('original',$this->root->vars) ? htmlspecialchars($this->root->vars['original']) : $s_headdata . $s_postdata_input . $s_taildata;
+		$s_digest = $this->func->htmlspecialchars($digest);
+		$s_postdata_input = $this->func->htmlspecialchars(str_replace("&br;","\n",$postdata_input));
+		$s_headdata = $this->func->htmlspecialchars( $headdata );
+		$s_taildata = $this->func->htmlspecialchars( $taildata );
+		$s_original = array_key_exists('original',$this->root->vars) ? $this->func->htmlspecialchars($this->root->vars['original']) : $s_headdata . $s_postdata_input . $s_taildata;
 		$b_preview = array_key_exists('preview',$this->root->vars); // プレビュー中TRUE
 		$btn_preview = $b_preview ? $this->root->_btn_repreview : $this->root->_btn_preview;
 		$timestamp_tag = ($this->root->userinfo['admin'] || (($this->root->userinfo['uid'] == $this->func->get_pg_auther($this->root->vars['page'])) && $this->root->userinfo['uid']))?
diff --git a/xoops_trust_path/modules/xpwiki/plugin/article.inc.php b/xoops_trust_path/modules/xpwiki/plugin/article.inc.php
index ac70debe..73f5208b 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/article.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/article.inc.php
@@ -100,9 +100,9 @@ function plugin_article_action()
 	
 			$body = $this->root->_msg_collided . "\n";
 	
-			$s_refer    = htmlspecialchars($this->root->post['refer']);
-			$s_digest   = htmlspecialchars($this->root->post['digest']);
-			$s_postdata = htmlspecialchars($postdata_input);
+			$s_refer    = $this->func->htmlspecialchars($this->root->post['refer']);
+			$s_digest   = $this->func->htmlspecialchars($this->root->post['digest']);
+			$s_postdata = $this->func->htmlspecialchars($postdata_input);
 			$script = $this->func->get_script_uri();
 			$body .= <<<EOD
 <form action="{$script}?cmd=preview" method="post">
@@ -163,8 +163,8 @@ function plugin_article_convert()
 	
 		$article_no = $numbers[$this->xpwiki->pid][$this->root->vars['page']]++;
 	
-		$s_page   = htmlspecialchars($this->root->vars['page']);
-		$s_digest = htmlspecialchars($this->root->digest);
+		$s_page   = $this->func->htmlspecialchars($this->root->vars['page']);
+		$s_digest = $this->func->htmlspecialchars($this->root->digest);
 		$name_cols = $this->cont['PLUGIN_ARTICLE_NAME_COLS'];
 		$subject_cols = $this->cont['PLUGIN_ARTICLE_SUBJECT_COLS'];
 		$article_rows = $this->cont['PLUGIN_ARTICLE_ROWS'];
diff --git a/xoops_trust_path/modules/xpwiki/plugin/attach.inc.php b/xoops_trust_path/modules/xpwiki/plugin/attach.inc.php
index 700f73d2..c70a4514 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/attach.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/attach.inc.php
@@ -529,7 +529,7 @@ function do_upload($page,$fname,$tmpname,$copyright=FALSE,$pass=NULL,$notouch=FA
 		$allow_extensions = $this->get_allow_extensions();
 		if (empty($options['asSystem']) && !$overwrite && $allow_extensions && !$this->func->is_owner($page)
 			 && !preg_match("/\.(".join("|",$allow_extensions).")$/i",$fname)) {
-			return array('result'=>FALSE,'msg'=>str_replace('$1',htmlspecialchars(preg_replace('/.*\.([^.]*)$/',"$1",$fname)),$this->root->_attach_messages['err_extension']));
+			return array('result'=>FALSE,'msg'=>str_replace('$1',$this->func->htmlspecialchars(preg_replace('/.*\.([^.]*)$/',"$1",$fname)),$this->root->_attach_messages['err_extension']));
 		}
 
 		$_size = @ getimagesize($tmpname);
@@ -614,7 +614,7 @@ function do_upload($page,$fname,$tmpname,$copyright=FALSE,$pass=NULL,$notouch=FA
 
 		if ($this->func->is_page($page)) {
 			if (!$notouch) {
-				if (!$changelog) $changelog = 'Attached file: ' . htmlspecialchars($obj->file);
+				if (!$changelog) $changelog = 'Attached file: ' . $this->func->htmlspecialchars($obj->file);
 				$this->root->rtf['page_touch'][$page][] = $changelog;
 			}
 			$this->func->clear_page_cache($page);
@@ -674,13 +674,13 @@ function ref_replace($page, $refid, $name, $imagesize) {
 		$prm = '';
 		if (!empty($this->root->vars['make_thumb']) && $imagesize) {
 			if (!empty($this->root->vars['thumb_r'])) {
-				$prm = ','.htmlspecialchars((int)$this->root->vars['thumb_r']).'%';
+				$prm = ','.$this->func->htmlspecialchars((int)$this->root->vars['thumb_r']).'%';
 			} else {
 				if (!empty($this->root->vars['thumb_w'])) {
-					$prm = ',mw:'.htmlspecialchars((int)$this->root->vars['thumb_w']);
+					$prm = ',mw:'.$this->func->htmlspecialchars((int)$this->root->vars['thumb_w']);
 				}
 				if (!empty($this->root->vars['thumb_h'])) {
-					$prm .= ',mh:'.htmlspecialchars((int)$this->root->vars['thumb_h']);
+					$prm .= ',mh:'.$this->func->htmlspecialchars((int)$this->root->vars['thumb_h']);
 				}
 			}
 		}
@@ -974,7 +974,7 @@ function attach_form($page) {
 		$this->root->pagecache_profiles = 'default';
 
 		if ($this->cont['ATTACH_UPLOAD_EDITER_ONLY'] && ! $this->func->check_editable($page, false, false)) {
-			return str_replace('$1', htmlspecialchars($page), $this->root->_attach_messages['msg_noupload']);
+			return str_replace('$1', $this->func->htmlspecialchars($page), $this->root->_attach_messages['msg_noupload']);
 		}
 
 		// Use fileuploader.js
@@ -993,7 +993,7 @@ function attach_form($page) {
 
 		// refid 指定
 		$_refid = (!empty($this->root->vars['refid']))? $this->root->vars['refid'] : '';
-		$refid = ($_refid)? '<input type="hidden" name="refid" value="'.htmlspecialchars($_refid).'" />' : '';
+		$refid = ($_refid)? '<input type="hidden" name="refid" value="'.$this->func->htmlspecialchars($_refid).'" />' : '';
 
 		$thumb_px = $this->cont['ATTACH_CONFIG_REF_THUMB'];
 		$thumb = (!empty($this->root->vars['refid']) && !empty($this->root->vars['thumb']))?
@@ -1003,10 +1003,10 @@ function attach_form($page) {
 			'W:<input type="text" name="thumb_w" size="3" value="'.$thumb_px.'" /> x ' .
 			'H:<input type="text" name="thumb_h" size="3" value="'.$thumb_px.'" />(Max)</p>' : '';
 		$_filename = (!empty($this->root->vars['filename']))? $this->root->vars['filename'] : '';
-		$filename = ($_filename)? '<input type="hidden" name="filename" value="'.htmlspecialchars($this->root->vars['filename']).'" />' : '';
+		$filename = ($_filename)? '<input type="hidden" name="filename" value="'.$this->func->htmlspecialchars($this->root->vars['filename']).'" />' : '';
 
 		$r_page = rawurlencode($page);
-		$s_page = htmlspecialchars($page);
+		$s_page = $this->func->htmlspecialchars($page);
 		$is_popup = isset($this->root->vars['popup']);
 
 		$target = '';
@@ -1021,7 +1021,7 @@ function attach_form($page) {
 		}
 
 		$_returi = (!empty($this->root->vars['returi']))? $this->root->vars['returi'] : '';
-		$returi = ($_returi)? '<input type="hidden" name="returi" value="'.htmlspecialchars($this->root->vars['returi']).'" />' : '';
+		$returi = ($_returi)? '<input type="hidden" name="returi" value="'.$this->func->htmlspecialchars($this->root->vars['returi']).'" />' : '';
 		
 		$navi = '';
 		if (! $is_popup) {
@@ -1343,7 +1343,7 @@ function attach_return() {
 		if (!empty($this->root->vars['to'])) {
 			if ($to = $this->func->cache_get_db($this->root->vars['to'], 'attach:to')) {
 				$url = $this->root->siteinfo['host'] . $to;
-				$s_url = str_replace('&amp;', '&', htmlspecialchars($url));
+				$s_url = str_replace('&amp;', '&', $this->func->htmlspecialchars($url));
 				// clear output buffer
 				$this->func->clear_output_buffer();
 				$output = <<<EOD
diff --git a/xoops_trust_path/modules/xpwiki/plugin/aws.inc.php b/xoops_trust_path/modules/xpwiki/plugin/aws.inc.php
index c2041b84..22b34596 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/aws.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/aws.inc.php
@@ -175,7 +175,7 @@ function plugin_aws_get($f, $m, $k, $b, $s) {
 
 			//if (! empty($this->root->rtf['preview'])) {$html .= $ama->url;}
 
-			$header = ($k && ! is_null($ama->compactArray['totalresults']))? $ama->makeSearchLink($k, sprintf($this->msg['more_search'], htmlspecialchars($k)), TRUE) : '';
+			$header = ($k && ! is_null($ama->compactArray['totalresults']))? $ama->makeSearchLink($k, sprintf($this->msg['more_search'], $this->func->htmlspecialchars($k)), TRUE) : '';
 			$ret = $header . "\x08" . $html;
 
 			// remove wrong characters
diff --git a/xoops_trust_path/modules/xpwiki/plugin/back.inc.php b/xoops_trust_path/modules/xpwiki/plugin/back.inc.php
index e01e83c0..96e10b55 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/back.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/back.inc.php
@@ -29,7 +29,7 @@ function plugin_back_convert()
 		list($word, $align, $hr, $href) = array_pad(func_get_args(), 4, '');
 	
 		$word = trim($word);
-		$word = ($word == '') ? $this->root->_msg_back_word : htmlspecialchars($word);
+		$word = ($word == '') ? $this->root->_msg_back_word : $this->func->htmlspecialchars($word);
 	
 		$align = strtolower(trim($align));
 		switch($align){
diff --git a/xoops_trust_path/modules/xpwiki/plugin/backup.inc.php b/xoops_trust_path/modules/xpwiki/plugin/backup.inc.php
index cdd3ad66..a0180588 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/backup.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/backup.inc.php
@@ -34,7 +34,7 @@ function plugin_backup_action() {
 		if ($page === '') return array('msg'=>$this->root->_title_backuplist, 'body'=>$this->plugin_backup_get_list_all());
 
 		$this->func->check_readable($page, true, true);
-		$s_page = htmlspecialchars($page);
+		$s_page = $this->func->htmlspecialchars($page);
 		$pgid = $this->func->get_pgid_by_name($page);
 		$isowner = $this->func->is_owner($page);
 		$s_age = (isset($this->root->vars['age'])) ? $this->root->vars['age'] : 0;
@@ -56,7 +56,7 @@ function plugin_backup_action() {
 
 		$s_action = $r_action = '';
 		if ($action != '') {
-			$s_action = htmlspecialchars($action);
+			$s_action = $this->func->htmlspecialchars($action);
 			$r_action = rawurlencode($action);
 		}
 
@@ -64,9 +64,9 @@ function plugin_backup_action() {
 
 		$view_now = ($action === 'diff' || $action === 'source');
 
-		$edit_icon = '<a href="' . $this->cont['HOME_URL'] . '?cmd=edit&amp;pgid=' . $pgid . '&amp;backup=$1" title="' . htmlspecialchars($this->root->_msg_backupedit) . '"><img src="' . $this->icons['edit']['url'] . '" alt="' . htmlspecialchars($this->root->_msg_backupedit) . '" width="' . $this->icons['edit']['width'] . '" height="' . $this->icons['edit']['height'] . '" /></a>';
-		$source_icon = '<a href="' . $this->cont['HOME_URL'] . '?cmd=backup&amp;pgid=' . $pgid . '&amp;action=source&amp;age=$1" title="' . htmlspecialchars($this->root->_msg_source) . '"><img src="' . $this->icons['source']['url'] . '" alt="' . htmlspecialchars($this->root->_msg_source) . '" width="' . $this->icons['source']['width'] . '" height="' . $this->icons['source']['height'] . '" /></a>';
-		$rewind_icon = '<a href="' . $this->cont['HOME_URL'] . '?cmd=backup&amp;pgid=' . $pgid . '&amp;action=rewind&amp;age=$1" title="' . htmlspecialchars($this->root->_msg_rewind) . '"><img src="' . $this->icons['rewind']['url'] . '" alt="' . htmlspecialchars($this->root->_msg_rewind) . '" width="' . $this->icons['rewind']['width'] . '" height="' . $this->icons['rewind']['height'] . '" /></a>';
+		$edit_icon = '<a href="' . $this->cont['HOME_URL'] . '?cmd=edit&amp;pgid=' . $pgid . '&amp;backup=$1" title="' . $this->func->htmlspecialchars($this->root->_msg_backupedit) . '"><img src="' . $this->icons['edit']['url'] . '" alt="' . $this->func->htmlspecialchars($this->root->_msg_backupedit) . '" width="' . $this->icons['edit']['width'] . '" height="' . $this->icons['edit']['height'] . '" /></a>';
+		$source_icon = '<a href="' . $this->cont['HOME_URL'] . '?cmd=backup&amp;pgid=' . $pgid . '&amp;action=source&amp;age=$1" title="' . $this->func->htmlspecialchars($this->root->_msg_source) . '"><img src="' . $this->icons['source']['url'] . '" alt="' . $this->func->htmlspecialchars($this->root->_msg_source) . '" width="' . $this->icons['source']['width'] . '" height="' . $this->icons['source']['height'] . '" /></a>';
+		$rewind_icon = '<a href="' . $this->cont['HOME_URL'] . '?cmd=backup&amp;pgid=' . $pgid . '&amp;action=rewind&amp;age=$1" title="' . $this->func->htmlspecialchars($this->root->_msg_rewind) . '"><img src="' . $this->icons['rewind']['url'] . '" alt="' . $this->func->htmlspecialchars($this->root->_msg_rewind) . '" width="' . $this->icons['rewind']['width'] . '" height="' . $this->icons['rewind']['height'] . '" /></a>';
 
 		if ($view_now && ($s_age === 'Cur' || !$s_age)) {
 			$s_age = 'Cur';
@@ -155,9 +155,9 @@ function plugin_backup_action() {
 			// list
 			$_name = '_title_backup' . $action;
 			$title = $this->root->$_name;
-			$list .= '<li>'.htmlspecialchars(str_replace(array('$1', '$2'), array($page, ' All'), $title)) . "\n";
+			$list .= '<li>'.$this->func->htmlspecialchars(str_replace(array('$1', '$2'), array($page, ' All'), $title)) . "\n";
 			foreach($backups as $age => $val) {
-				$s_title = htmlspecialchars(str_replace(array('$1', '$2'), array($page, $age), $title));
+				$s_title = $this->func->htmlspecialchars(str_replace(array('$1', '$2'), array($page, $age), $title));
 				$date = $this->func->format_date($val['time']);
 				$pginfo = $this->func->get_pginfo('',$val['data']);
 				$lasteditor = $this->func->get_lasteditor($pginfo);
@@ -183,7 +183,7 @@ function plugin_backup_action() {
 				} else {
 					$title = '';
 				}
-				$s_title = htmlspecialchars(str_replace('$1', $page, $title));
+				$s_title = $this->func->htmlspecialchars(str_replace('$1', $page, $title));
 				$date = $this->func->format_date($this->func->get_filetime($page));
 				$pginfo = $this->func->get_pginfo($page);
 				$esummary = $this->make_esummary($pginfo['esummary']);
@@ -214,7 +214,7 @@ function plugin_backup_action() {
 				$date = $this->func->format_date($backups[$age]['time']);
 				$pginfo = $this->func->get_pginfo('',$backups[$age]['data']);
 				$lasteditor = $this->func->get_lasteditor($pginfo);
-				$title = htmlspecialchars(strip_tags($this->make_age_label($age, $date, $lasteditor)));
+				$title = $this->func->htmlspecialchars(strip_tags($this->make_age_label($age, $date, $lasteditor)));
 
 				$navi_link[0] = '<a href="'.$nav_href . $age .'" title="' . $title . '">&#171; ' . $this->root->_navi_prev . '</a>';
 			}
@@ -229,7 +229,7 @@ function plugin_backup_action() {
 					$pginfo = $this->func->get_pginfo($page);
 				}
 				$lasteditor = $this->func->get_lasteditor($pginfo);
-				$title = htmlspecialchars(strip_tags($this->make_age_label($age, $date, $lasteditor)));
+				$title = $this->func->htmlspecialchars(strip_tags($this->make_age_label($age, $date, $lasteditor)));
 				$navi_link[1] = '<a href="'.$nav_href . $age .'" title="' . $title . '">' . $this->root->_navi_next . ' &#187;</a>';
 			}
 			$navi = '<div>' . $navi_link[0] . '&nbsp;&nbsp;' . $navi_link[1] .'</div>';
@@ -285,7 +285,7 @@ function plugin_backup_action() {
 				$title = $this->root->_title_backupsource;
 				$data = join('', $backups[$s_age]['data']);
 			}
-			$sorce = htmlspecialchars($this->func->remove_pginfo($data));
+			$sorce = $this->func->htmlspecialchars($this->func->remove_pginfo($data));
 			if ($this->root->viewmode === 'print' || $this->cont['UA_PROFILE'] === 'keitai') {
 				$body .=<<<EOD
 <pre class="code">
@@ -354,7 +354,7 @@ function plugin_backup_delete($page) {
 		}
 
 		$script = $this->func->get_script_uri();
-		$s_page = htmlspecialchars($page);
+		$s_page = $this->func->htmlspecialchars($page);
 		$s_title = str_replace('$1', $s_page, $this->root->_title_backup_delete);
 		$body .= <<<EOD
 <p>$s_title</p>
@@ -379,12 +379,12 @@ function plugin_backup_diff($str) {
 </ul>
 EOD;
 
-		return $ul . '<pre>' . $this->func->diff_style_to_css(htmlspecialchars($str)) . '</pre>' . "\n";
+		return $ul . '<pre>' . $this->func->diff_style_to_css($this->func->htmlspecialchars($str)) . '</pre>' . "\n";
 	}
 
 	function plugin_backup_get_list($page) {
 		$script = $this->func->get_script_uri();
-		$s_page = htmlspecialchars($page);
+		$s_page = $this->func->htmlspecialchars($page);
 		$pgid = $this->func->get_pgid_by_name($page);
 		$retval = array();
 		$page_link = $this->func->make_pagelink($page);
@@ -482,7 +482,7 @@ function do_rewind($page, $age) {
 			$this->func->touch_page($page, $time);
 			//$this->root->rtf['page_touch'][$page][] = 'Rewound to ' . ($count - $age + 2) . ' ages ago.';
 
-			$s_page = htmlspecialchars($page);
+			$s_page = $this->func->htmlspecialchars($page);
 			return array(
 				'msg'  => str_replace('$1', $age, $this->root->_msg_rewinded),
 				'body' => ''
diff --git a/xoops_trust_path/modules/xpwiki/plugin/bitly.inc.php b/xoops_trust_path/modules/xpwiki/plugin/bitly.inc.php
index 0af0df02..b394693e 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/bitly.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/bitly.inc.php
@@ -29,7 +29,7 @@ function plugin_bitly_inline() {
 			$url = array_shift($args);
 			$title = preg_replace('#^https?://#i', '', $url);
 			if ($title !== $url) {
-				$title = htmlspecialchars($title);
+				$title = $this->func->htmlspecialchars($title);
 				$url = $this->func->bitly($url, FALSE);
 				if (in_array('qrcode', $args)) {
 					$body = '<img src="'.$url.'.qrcode" alt="QR Code" width="80" height="80" />';
@@ -37,9 +37,9 @@ function plugin_bitly_inline() {
 				if ($body) {
 					$body = preg_replace('#</?a[^>]*?>#i', '', $body);
 				} else {
-					$body = htmlspecialchars($url);
+					$body = $this->func->htmlspecialchars($url);
 				}
-				return '<a href="' . htmlspecialchars($url) . '" title="' . $title . '">' . $body . '</a>';
+				return '<a href="' . $this->func->htmlspecialchars($url) . '" title="' . $title . '">' . $body . '</a>';
 			}
 		}
 		return FALSE;
diff --git a/xoops_trust_path/modules/xpwiki/plugin/boxdate.inc.php b/xoops_trust_path/modules/xpwiki/plugin/boxdate.inc.php
index e9e353dd..34de3b69 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/boxdate.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/boxdate.inc.php
@@ -47,7 +47,7 @@ function plugin_boxdate_convert() {
 
 		$time = strtotime($date);
 		if ($time === -1 || $time === FALSE) {
-			$s_page = htmlspecialchars($page); // Failed. Why?
+			$s_page = $this->func->htmlspecialchars($page); // Failed. Why?
 		} else {
 			$this->func->add_tag_head('calendar.css');
 			$week   = $this->root->weeklabels[date('w', $time)];
diff --git a/xoops_trust_path/modules/xpwiki/plugin/bugtrack.inc.php b/xoops_trust_path/modules/xpwiki/plugin/bugtrack.inc.php
index 5a85719e..6cdff9e0 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/bugtrack.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/bugtrack.inc.php
@@ -75,14 +75,14 @@ function plugin_bugtrack_print_form($base, $category)
 		$selected = '';
 		for ($i = 0; $i < $count; ++$i) {
 			if ($i == ($count - 1)) $selected = ' selected="selected"'; // The last one
-			$priority_list = htmlspecialchars($this->root->_plugin_bugtrack['priority_list'][$i]);
+			$priority_list = $this->func->htmlspecialchars($this->root->_plugin_bugtrack['priority_list'][$i]);
 			$select_priority .= '    <option value="' . $priority_list . '"' .
 			$selected . '>' . $priority_list . '</option>' . "\n";
 		}
 	
 		$select_state = "\n";
 		for ($i = 0; $i < count($this->root->_plugin_bugtrack['state_list']); ++$i) {
-			$state_list = htmlspecialchars($this->root->_plugin_bugtrack['state_list'][$i]);
+			$state_list = $this->func->htmlspecialchars($this->root->_plugin_bugtrack['state_list'][$i]);
 			$select_state .= '    <option value="' . $state_list . '">' .
 			$state_list . '</option>' . "\n";
 		}
@@ -93,7 +93,7 @@ function plugin_bugtrack_print_form($base, $category)
 		} else {
 			$encoded_category = '<select name="category" id="_p_bugtrack_category_' . $id[$this->xpwiki->pid] . '">';
 			foreach ($category as $_category) {
-				$s_category = htmlspecialchars($_category);
+				$s_category = $this->func->htmlspecialchars($_category);
 				$encoded_category .= '<option value="' . $s_category . '">' .
 				$s_category . '</option>' . "\n";
 			}
@@ -101,18 +101,18 @@ function plugin_bugtrack_print_form($base, $category)
 		}
 	
 		$script     = $this->func->get_script_uri();
-		$s_base     = htmlspecialchars($base);
-		$s_name     = htmlspecialchars($this->root->_plugin_bugtrack['name']);
-		$s_category = htmlspecialchars($this->root->_plugin_bugtrack['category']);
-		$s_priority = htmlspecialchars($this->root->_plugin_bugtrack['priority']);
-		$s_state    = htmlspecialchars($this->root->_plugin_bugtrack['state']);
-		$s_pname    = htmlspecialchars($this->root->_plugin_bugtrack['pagename']);
-		$s_pnamec   = htmlspecialchars($this->root->_plugin_bugtrack['pagename_comment']);
-		$s_version  = htmlspecialchars($this->root->_plugin_bugtrack['version']);
-		$s_versionc = htmlspecialchars($this->root->_plugin_bugtrack['version_comment']);
-		$s_summary  = htmlspecialchars($this->root->_plugin_bugtrack['summary']);
-		$s_body     = htmlspecialchars($this->root->_plugin_bugtrack['body']);
-		$s_submit   = htmlspecialchars($this->root->_plugin_bugtrack['submit']);
+		$s_base     = $this->func->htmlspecialchars($base);
+		$s_name     = $this->func->htmlspecialchars($this->root->_plugin_bugtrack['name']);
+		$s_category = $this->func->htmlspecialchars($this->root->_plugin_bugtrack['category']);
+		$s_priority = $this->func->htmlspecialchars($this->root->_plugin_bugtrack['priority']);
+		$s_state    = $this->func->htmlspecialchars($this->root->_plugin_bugtrack['state']);
+		$s_pname    = $this->func->htmlspecialchars($this->root->_plugin_bugtrack['pagename']);
+		$s_pnamec   = $this->func->htmlspecialchars($this->root->_plugin_bugtrack['pagename_comment']);
+		$s_version  = $this->func->htmlspecialchars($this->root->_plugin_bugtrack['version']);
+		$s_versionc = $this->func->htmlspecialchars($this->root->_plugin_bugtrack['version_comment']);
+		$s_summary  = $this->func->htmlspecialchars($this->root->_plugin_bugtrack['summary']);
+		$s_body     = $this->func->htmlspecialchars($this->root->_plugin_bugtrack['body']);
+		$s_submit   = $this->func->htmlspecialchars($this->root->_plugin_bugtrack['submit']);
 		$body = <<<EOD
 <form action="$script" method="post">
  <table border="0">
@@ -277,12 +277,12 @@ function plugin_bugtrack_list_convert()
 		foreach ($data as $line) {
 			list($page, $no, $summary, $name, $priority, $state, $category) = $line;
 			foreach (array('summary', 'name', 'priority', 'state', 'category') as $item)
-				$$item = htmlspecialchars($$item);
+				$$item = $this->func->htmlspecialchars($$item);
 			$page_link = $this->func->make_pagelink($page, $page);
 	
 			$state_no = array_search($state, $this->root->_plugin_bugtrack['state_sort']);
 			if ($state_no === NULL || $state_no === FALSE) $state_no = $count_list;
-			$bgcolor = htmlspecialchars($this->root->_plugin_bugtrack['state_bgcolor'][$state_no]);
+			$bgcolor = $this->func->htmlspecialchars($this->root->_plugin_bugtrack['state_bgcolor'][$state_no]);
 	
 			$row = <<<EOD
  <tr>
@@ -298,11 +298,11 @@ function plugin_bugtrack_list_convert()
 		}
 	
 		$table_html = ' <tr>' . "\n";
-		$color = htmlspecialchars($this->root->_plugin_bugtrack['header_color']);
-		$bgcolor = htmlspecialchars($this->root->_plugin_bugtrack['header_bgcolor']);
+		$color = $this->func->htmlspecialchars($this->root->_plugin_bugtrack['header_color']);
+		$bgcolor = $this->func->htmlspecialchars($this->root->_plugin_bugtrack['header_bgcolor']);
 		foreach (array('pagename', 'state', 'priority', 'category', 'name', 'summary') as $item)
 			$table_html .= '  <th style="color:' . $color . ';background-color:' . $bgcolor . '">' .
-			htmlspecialchars($this->root->_plugin_bugtrack[$item]) . '</th>' . "\n";
+			$this->func->htmlspecialchars($this->root->_plugin_bugtrack[$item]) . '</th>' . "\n";
 		$table_html .= ' </tr>' . "\n";
 	
 		for ($i = 0; $i <= $count_list; ++$i) {
diff --git a/xoops_trust_path/modules/xpwiki/plugin/build_js.inc.php b/xoops_trust_path/modules/xpwiki/plugin/build_js.inc.php
index d6bde3b5..f652464a 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/build_js.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/build_js.inc.php
@@ -43,7 +43,7 @@ function plugin_build_js_inline() {
 				$attr = ' class="button"';
 			}
 
-			return '<span'.$attr.' onclick="' . $jsfunc . '(\''.htmlspecialchars($args[1], ENT_QUOTES).'\',\''.$args[2].'\')">'.$this->root->_attach_messages['msg_insert'].'</span>';
+			return '<span'.$attr.' onclick="' . $jsfunc . '(\''.$this->func->htmlspecialchars($args[1], ENT_QUOTES).'\',\''.$args[2].'\')">'.$this->root->_attach_messages['msg_insert'].'</span>';
 
 			break;
 		case 'attachDel':
@@ -58,7 +58,7 @@ function plugin_build_js_inline() {
 			$param .= 'file='.rawurlencode($file);
 			if ($returi) $param .= '&amp;returi='.rawurlencode($returi);
 
-			return '<a href="'.$this->root->script.'?plugin=attach&pcmd=delete'.$param.'" title="'.$this->root->_btn_delete.'" onclick="return confirm(\''.htmlspecialchars($file, ENT_QUOTES).': '.htmlspecialchars($this->root->_attach_messages['msg_delete'], ENT_QUOTES).'\')"><img src="'.$this->cont['LOADER_URL'].'?src=trash_16.gif" alt="'.$this->root->_btn_delete.'" /></a>';
+			return '<a href="'.$this->root->script.'?plugin=attach&pcmd=delete'.$param.'" title="'.$this->root->_btn_delete.'" onclick="return confirm(\''.$this->func->htmlspecialchars($file, ENT_QUOTES).': '.$this->func->htmlspecialchars($this->root->_attach_messages['msg_delete'], ENT_QUOTES).'\')"><img src="'.$this->cont['LOADER_URL'].'?src=trash_16.gif" alt="'.$this->root->_btn_delete.'" /></a>';
 
 			break;
 		default :
diff --git a/xoops_trust_path/modules/xpwiki/plugin/calendar.inc.php b/xoops_trust_path/modules/xpwiki/plugin/calendar.inc.php
index 348d09be..80acc5e0 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/calendar.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/calendar.inc.php
@@ -106,7 +106,7 @@ function plugin_calendar_convert()
 			$dt     = sprintf('%04d%02d%02d', $year, $m_num, $day);
 			$name   = $prefix . $dt;
 			$r_page = rawurlencode($name);
-			$s_page = htmlspecialchars($name);
+			$s_page = $this->func->htmlspecialchars($name);
 	
 			$refer = ($cmd == 'edit') ? '&amp;refer=' . rawurlencode($page) : '';
 	
diff --git a/xoops_trust_path/modules/xpwiki/plugin/calendar2.inc.php b/xoops_trust_path/modules/xpwiki/plugin/calendar2.inc.php
index 0e0701dc..d339633e 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/calendar2.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/calendar2.inc.php
@@ -48,7 +48,7 @@ function plugin_calendar2_inline() {
 				}
 			}
 		}
-		$options['class'] = htmlspecialchars($options['class']);
+		$options['class'] = $this->func->htmlspecialchars($options['class']);
 
 		$date = date('Y-m-d');
 		$page .= '/' . $date;
@@ -86,7 +86,7 @@ function plugin_calendar2_convert() {
 
 				// for PukiWikiMod compat
 				} else if(strtolower(substr($arg,0,9)) == "category:"){
-					$category_view = htmlspecialchars(substr($arg,8));
+					$category_view = $this->func->htmlspecialchars(substr($arg,8));
 				} else if(strtolower(substr($arg,0,9)) == "contents:"){
 					$contents_lev = (int)substr($arg,9);
 
@@ -102,9 +102,9 @@ function plugin_calendar2_convert() {
 			$prefix = $base . '/';
 		}
 		$r_base   = rawurlencode($base);
-		$s_base   = htmlspecialchars($base);
+		$s_base   = $this->func->htmlspecialchars($base);
 		$r_prefix = rawurlencode($prefix);
-		$s_prefix = htmlspecialchars($prefix);
+		$s_prefix = $this->func->htmlspecialchars($prefix);
 
 		$yr  = substr($date_str, 0, 4);
 		$mon = substr($date_str, 4, 2);
@@ -191,7 +191,7 @@ function plugin_calendar2_convert() {
 			$dt     = sprintf('%4d-%02d-%02d', $year, $m_num, $day);
 			$page   = $prefix . $dt;
 			$r_page = rawurlencode($page);
-			$s_page = htmlspecialchars($page);
+			$s_page = $this->func->htmlspecialchars($page);
 
 			if ($wday == 0 && $day > 1) {
 				$ret .=
@@ -282,7 +282,7 @@ function plugin_calendar2_action() {
 		}
 
 		//$aryargs = array($this->root->vars['page'], $date, 'off');
-		$s_page  = htmlspecialchars($this->root->vars['page']);
+		$s_page  = $this->func->htmlspecialchars($this->root->vars['page']);
 
 		// Set nest level
 		if (!isset($this->root->rtf['convert_nest'])) {
diff --git a/xoops_trust_path/modules/xpwiki/plugin/calendar9.inc.php b/xoops_trust_path/modules/xpwiki/plugin/calendar9.inc.php
index c44b86a3..28bbb5a4 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/calendar9.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/calendar9.inc.php
@@ -78,9 +78,9 @@ function plugin_calendar9_convert()
 			$prefix = $base.'/';
 		}
 		$r_base = rawurlencode($base);
-		$s_base = htmlspecialchars($base);
+		$s_base = $this->func->htmlspecialchars($base);
 		$r_prefix = rawurlencode($prefix);
-		$s_prefix = htmlspecialchars($prefix);
+		$s_prefix = $this->func->htmlspecialchars($prefix);
 		
 		$yr = substr($date_str,0,4);
 		$mon = substr($date_str,4,2);
@@ -100,7 +100,7 @@ function plugin_calendar9_convert()
 		$day_title = array();
 		$page = $prefix.'DayOff';
 		$r_page = rawurlencode($page);
-		$s_page = htmlspecialchars($page);
+		$s_page = $this->func->htmlspecialchars($page);
 		foreach ($this->func->get_source($s_page) as $line) {
 			$line = trim($line);
 			if (! $line || $line[0] === '/') continue;
@@ -190,7 +190,7 @@ function plugin_calendar9_convert()
 			$titlecolor = '';
 			$page = $prefix.$dt;
 			$r_page = rawurlencode($page);
-			$s_page = htmlspecialchars($page);
+			$s_page = $this->func->htmlspecialchars($page);
 			
 			if (($wday + $diffday) % 7 == 0 and $day > 1) {
 				$ret .= "    </tr>\n    <tr>\n";
@@ -273,8 +273,8 @@ function plugin_calendar9_convert()
 						$href = $this->func->get_page_uri($_page, true);
 						$linkstr = '<a href="' . $href . '" onclick="return xpwiki_cal9_day_edit(\''.$this->root->mydirname.':'.$_page.'\',\'read\',event);">' . $this->func->get_heading($_page) . '</a>'."\n";
 						if ($this->func->check_editable($_page, false, false)) {
-							$short = htmlspecialchars('Edit');
-							$title = htmlspecialchars(str_replace('$1', $s_page.$page, $this->root->_title_edit));
+							$short = $this->func->htmlspecialchars('Edit');
+							$title = $this->func->htmlspecialchars(str_replace('$1', $s_page.$page, $this->root->_title_edit));
 							$icon = '<img src="' . $this->cont['IMAGE_DIR'] . 'paraedit.png' .
 								'" width="9" height="9" alt="' .
 								$short . '" title="' . $title . '" /> ';
@@ -339,7 +339,7 @@ function plugin_calendar9_action()
 		$yy = sprintf("%04d.%02d",substr($date,0,4),substr($date,4,2));
 		
 		$aryargs = array($this->root->vars['page'],$date);
-		$s_page = htmlspecialchars($this->root->vars['page']);
+		$s_page = $this->func->htmlspecialchars($this->root->vars['page']);
 		
 		$ret['msg'] = "calendar $s_page/$yy";
 		$ret['body'] = call_user_func_array (array(& $this, "plugin_calendar9_convert"),$aryargs);
diff --git a/xoops_trust_path/modules/xpwiki/plugin/calendar_viewer.inc.php b/xoops_trust_path/modules/xpwiki/plugin/calendar_viewer.inc.php
index 6cd02dec..729765a1 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/calendar_viewer.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/calendar_viewer.inc.php
@@ -134,7 +134,7 @@ function plugin_calendar_viewer_convert()
 
 		// Avoid Loop etc.
 		if (isset($viewed[$this->xpwiki->pid][$pagename])) {
-			$s_page = htmlspecialchars($pagename);
+			$s_page = $this->func->htmlspecialchars($pagename);
 			return "#calendar_viewer(): You already view: $s_page<br />";
 		} else {
 			$viewed[$this->xpwiki->pid][$pagename] = TRUE; // Valid
@@ -207,7 +207,7 @@ function plugin_calendar_viewer_convert()
 				if ($this->cont['PLUGIN_CALENDAR_VIEWER_DATE_FORMAT'] !== FALSE) {
 					$time = strtotime($this->func->basename($page)); // $date_sep must be assumed '-' or ''!
 					if ($time === -1 || $time === FALSE) {
-						$s_page = htmlspecialchars($page); // Failed. Why?
+						$s_page = $this->func->htmlspecialchars($page); // Failed. Why?
 					} else {
 						$week   = $this->root->weeklabels[date('w', $time)];
 						$D      = date('D', $time);
@@ -219,7 +219,7 @@ function plugin_calendar_viewer_convert()
 					}
 
 				} else {
-					$s_page = htmlspecialchars($page);
+					$s_page = $this->func->htmlspecialchars($page);
 				}
 				$s_page = $this->func->make_pagelink($page, $s_page);
 			}
@@ -293,7 +293,7 @@ function plugin_calendar_viewer_convert()
 
 		// ナビゲート用のリンクを末尾に追加
 		if ($left_YM != '' || $right_YM != '') {
-			$s_date_sep = htmlspecialchars($date_sep);
+			$s_date_sep = $this->func->htmlspecialchars($date_sep);
 			$left_link = $right_link = '';
 			if ($page_YM != '') {
 				$link = $this->root->script . '?plugin=calendar2&amp;file=' . $enc_pagename . '&amp;';
@@ -350,12 +350,12 @@ function plugin_calendar_viewer_action()
 		--$this->root->rtf['convert_nest'];
 
 		//$return_vars_array['msg'] = 'calendar_viewer ' . $vars['page'] . '/' . $page_YM;
-		$return_vars_array['msg'] = 'Calendar view ' . $this->func->make_pagelink($this->root->vars['page'], htmlspecialchars($this->root->vars['page']));
+		$return_vars_array['msg'] = 'Calendar view ' . $this->func->make_pagelink($this->root->vars['page'], $this->func->htmlspecialchars($this->root->vars['page']));
 		if ($this->root->vars['page'] != '') $return_vars_array['msg'] .= ' : ';
 		if (preg_match('/\*/', $page_YM)) {
 			// うーん、n件表示の時はなんてページ名にしたらいい？
 		} else {
-			$return_vars_array['msg'] .= htmlspecialchars($page_YM);
+			$return_vars_array['msg'] .= $this->func->htmlspecialchars($page_YM);
 		}
 
 		$this->root->vars['page'] = $page;
diff --git a/xoops_trust_path/modules/xpwiki/plugin/code.inc.php b/xoops_trust_path/modules/xpwiki/plugin/code.inc.php
index 741de96d..df9329ba 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/code.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/code.inc.php
@@ -134,7 +134,7 @@ function plugin_code_convert()
 	        return $this->cont['PLUGIN_CODE_USAGE'];
 	    }
 		if ($num_of_arg != 1 && ! $this->_plugin_code_check_argment($args[0], $option))
-	        $lang = htmlspecialchars(strtolower($args[0])); // 言語名かオプションの判定
+	        $lang = $this->func->htmlspecialchars(strtolower($args[0])); // 言語名かオプションの判定
 
 		$begin = 1;
 		$end = null;
@@ -353,7 +353,7 @@ function plugin_pre_convert()
 			// Invalid color
 			foreach(array($color, $bgcolor) as $col){
 				if ($col != '' && ! preg_match($this->cont['PLUGIN_PRE_COLOR_REGEX'], $col))
-					return '<p class="error">#pre():Invalid color: '.htmlspecialchars($col).';</p>';
+					return '<p class="error">#pre():Invalid color: '.$this->func->htmlspecialchars($col).';</p>';
 			}
 			if ($color != '' ) {
 				$style   = ' style="color:'.$color;
@@ -380,7 +380,7 @@ function plugin_pre_convert()
 			$end = substr_count($text, "\n") + $begin -1;
 
 		if ($this->cont['PLUGIN_PRE_VERVATIM_HARD']  && ! $option['soft']  || $option['hard']) {
-			$text = htmlspecialchars($text);
+			$text = $this->func->htmlspecialchars($text);
 		} else {
 			$text = $this->func->make_link($text);
 		}
@@ -416,7 +416,7 @@ function _plugin_code_multiline_argment(& $arg, & $data, & $lang, & $option, $en
 			}
 			if ($lang === null) {
 				if ($this->_plugin_code_mimetype($arg)) {
-					$data['_error'] = '<p class="error">Maybe file extension like binary. '.htmlspecialchars($arg).';</p>';
+					$data['_error'] = '<p class="error">Maybe file extension like binary. '.$this->func->htmlspecialchars($arg).';</p>';
 					return 0;
 				} else {
 					$lang = 'pre';
@@ -430,7 +430,7 @@ function _plugin_code_multiline_argment(& $arg, & $data, & $lang, & $option, $en
 	        }
 	        $data['data'] = $params['data'];
 	        if ($data['data'] == "\n" || $data['data'] == '' || $data['data'] == null) {
-	            $data['_error'] ='<p class="error">file '.htmlspecialchars($params['title']).' is empty.</p>';
+	            $data['_error'] ='<p class="error">file '.$this->func->htmlspecialchars($params['title']).' is empty.</p>';
 	            return 0;
 	        }
 			if ($this->cont['PLUGIN_CODE_FILE_ICON'] && !$option['noicon'] || $option['icon']) {
@@ -443,7 +443,7 @@ function _plugin_code_multiline_argment(& $arg, & $data, & $lang, & $option, $en
 
 		} else {
 			$data['data'] = $arg;
-			if ($option['title']) $data['title'] = '<h5 class="'.$this->cont['PLUGIN_CODE_HEADER'].'title">'.htmlspecialchars($option['title']).'</h5>'."\n";
+			if ($option['title']) $data['title'] = '<h5 class="'.$this->cont['PLUGIN_CODE_HEADER'].'title">'.$this->func->htmlspecialchars($option['title']).'</h5>'."\n";
 			return 1;
 		}
 		return 0;
@@ -537,8 +537,8 @@ function _plugin_code_read_file_data($name, $end = null, $begin = 1) {
 	            $params['_error'] = 'Cannot assign URL';
 	            return $params;
 	        }
-	        $url = htmlspecialchars($fname);
-	        $params['title'] = htmlspecialchars(preg_match('/([^\/]+)$/', $fname, $matches) ? $matches[1] : $url);
+	        $url = $this->func->htmlspecialchars($fname);
+	        $params['title'] = $this->func->htmlspecialchars(preg_match('/([^\/]+)$/', $fname, $matches) ? $matches[1] : $url);
 	    } else {  // 添付ファイル
 	        if (! is_dir($this->cont['UPLOAD_DIR'])) {
 	            $params['_error'] = 'No UPLOAD_DIR';
@@ -562,10 +562,10 @@ function _plugin_code_read_file_data($name, $end = null, $begin = 1) {
 	        }
 
 	        if (! $is_file) {
-	            $params['_error'] = htmlspecialchars('File not found: "' .$fname . '" at page "' . $page . '"');
+	            $params['_error'] = $this->func->htmlspecialchars('File not found: "' .$fname . '" at page "' . $page . '"');
 	            return $params;
 	        }
-	        $params['title'] = htmlspecialchars($fname);
+	        $params['title'] = $this->func->htmlspecialchars($fname);
 	        $fname = $file;
 
 			$url = $this->root->script . '?plugin=attach' . '&amp;refer=' . rawurlencode($page) .
diff --git a/xoops_trust_path/modules/xpwiki/plugin/code/codehighlight.php b/xoops_trust_path/modules/xpwiki/plugin/code/codehighlight.php
index 8314e137..ce9f25de 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/code/codehighlight.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/code/codehighlight.php
@@ -100,7 +100,7 @@ function highlight(& $lang, & $src, & $option, $end = null, $begin = 1) {
 			if ('php' == $lang) // PHPは標準機能を使う
 				$src =  '<pre class="code">'.$this->highlightPHP($src). '</pre>';
 			else // 未定義言語
-				$src =  '<pre class="code"><code class="unknown">' .htmlspecialchars($src). '</code></pre>';
+				$src =  '<pre class="code"><code class="unknown">' .$this->func->htmlspecialchars($src). '</code></pre>';
 		}
 		$option['menu']  = ($this->cont['PLUGIN_CODE_MENU']  && ! $option['nomenu']  || $option['menu']);
 		$option['menu']  = ($option['menu'] && $option['outline']);
@@ -214,7 +214,7 @@ function lineToHTML(& $string, & $lang, & $option, $end = null, $begin = 1) {
 			case $this->cont['PLUGIN_CODE_HEAD_COMMENT']:
 			case $this->cont['PLUGIN_CODE_COMMENT_CHAR']:
 				// 行頭の1文字でコメントと判断できるもの
-				$line = htmlspecialchars(substr($line,0,-1), ENT_QUOTES);
+				$line = $this->func->htmlspecialchars(substr($line,0,-1), ENT_QUOTES);
 				if ($option['link']) 
 					$line = preg_replace('/(s?https?:\/\/|ftp:\/\/|mailto:)([-_.!~*()a-zA-Z0-9;\/:@?=+$,%#]|&amp;)+/',
 										 '<a href="$0">$0</a>',$line);
@@ -242,7 +242,7 @@ function lineToHTML(& $string, & $lang, & $option, $end = null, $begin = 1) {
 			case $this->cont['PLUGIN_CODE_COMMENT_WORD']:
 				// 2文字以上のパターンから始まるコメント
 				if (strncmp($line, $commentpattern, strlen($commentpattern)) == 0) {
-					$line = htmlspecialchars(substr($line,0,-1), ENT_QUOTES);
+					$line = $this->func->htmlspecialchars(substr($line,0,-1), ENT_QUOTES);
 					if ($option['link']) 
 						$line = preg_replace('/(s?https?:\/\/|ftp:\/\/|mailto:)([-_.!~*()a-zA-Z0-9;\/:@?=+$,%#]|&amp;)+/',
 											 '<a href="$0">$0</a>',$line);
@@ -276,7 +276,7 @@ function lineToHTML(& $string, & $lang, & $option, $end = null, $begin = 1) {
 					$str_continue = 0;
 				}
 				$index = $code_keyword[$line[0]];
-				$line = htmlspecialchars($line, ENT_QUOTES);
+				$line = $this->func->htmlspecialchars($line, ENT_QUOTES);
 				if ($option['link']) 
 					$line = preg_replace('/(s?https?:\/\/|ftp:\/\/|mailto:)([-_.!~*()a-zA-Z0-9;\/:@?=+$,%#]|&amp;)+/',
 										 '<a href="$0">$0</a>',$line);
@@ -301,7 +301,7 @@ function lineToHTML(& $string, & $lang, & $option, $end = null, $begin = 1) {
 					if (strncmp($line, $pattern, strlen($pattern)) == 0) {
 						$index = $code_keyword[$pattern];
 						// htmlに追加
-						$line = htmlspecialchars($line, ENT_QUOTES);
+						$line = $this->func->htmlspecialchars($line, ENT_QUOTES);
 						if ($option['link']) 
 							$line = preg_replace('/(s?https?:\/\/|ftp:\/\/|mailto:)([-_.!~*()a-zA-Z0-9;\/:@?=+$,%#]|&amp;)+/',
 												 '<a href="$0">$0</a>',$line);
@@ -317,7 +317,7 @@ function lineToHTML(& $string, & $lang, & $option, $end = null, $begin = 1) {
 				// 行頭の1文字が意味を持つものか判定
 				$index = $code_keyword[$line[0]];
 				if ($index != '') {
-					$line = htmlspecialchars($line, ENT_QUOTES);
+					$line = $this->func->htmlspecialchars($line, ENT_QUOTES);
 					$html .= '<span class="'.$this->cont['PLUGIN_CODE_HEADER'].$code_css[$index-1].'">'.$line.'</span>';
 					$line = $this->getline($string); // next line
 					continue 2;
@@ -335,8 +335,8 @@ function lineToHTML(& $string, & $lang, & $option, $end = null, $begin = 1) {
 				// makeのターゲット用 識別子(アルファベットから始まっている)
 				$str_pos = strpos($line, $post_identifire);
 				if ($str_pos !== false) {
-					$result  = htmlspecialchars(substr($line, 0, $str_pos), ENT_QUOTES);
-					$result2 = htmlspecialchars(substr($line, $str_pos+1), ENT_QUOTES);
+					$result  = $this->func->htmlspecialchars(substr($line, 0, $str_pos), ENT_QUOTES);
+					$result2 = $this->func->htmlspecialchars(substr($line, $str_pos+1), ENT_QUOTES);
 					$html .= '<span class="'.$this->cont['PLUGIN_CODE_HEADER'].'target">'.$result.$post_identifire.'</span>'
 						.'<span class="'.$this->cont['PLUGIN_CODE_HEADER'].'src">'.$result2.'</span>';
 					$line = $this->getline($string); // next line
@@ -354,7 +354,7 @@ function lineToHTML(& $string, & $lang, & $option, $end = null, $begin = 1) {
 				}
 
 				$index = $code_keyword[$line[0]];
-				$src = rtrim(htmlspecialchars($line, ENT_QUOTES));
+				$src = rtrim($this->func->htmlspecialchars($line, ENT_QUOTES));
 				if ($option['link']) 
 					$src = preg_replace('/(s?https?:\/\/|ftp:\/\/|mailto:)([-_.!~*()a-zA-Z0-9;\/:@?=+$,%#]|&amp;)+/',
 										'<a href="$0">$0</a>',$src);
@@ -373,7 +373,7 @@ function lineToHTML(& $string, & $lang, & $option, $end = null, $begin = 1) {
 				$result = '';
 				while (in_array($line[0], $multilineEOL) === false && $line !== false) {
 					// 効果の範囲内を取得する
-					$src = htmlspecialchars($line, ENT_QUOTES);
+					$src = $this->func->htmlspecialchars($line, ENT_QUOTES);
 					if ($option['link']) 
 						$src = preg_replace('/(s?https?:\/\/|ftp:\/\/|mailto:)([-_.!~*()a-zA-Z0-9;\/:@?=+$,%#]|&amp;)+/',
 											 '<a href="$0">$0</a>',$src);
@@ -416,7 +416,7 @@ function lineToHTML(& $string, & $lang, & $option, $end = null, $begin = 1) {
 					$index = $code_keyword[strtolower($result)];// 大文字小文字を区別しない
 				else
 					$index = $code_keyword[$result];
-				$result = htmlspecialchars($result, ENT_QUOTES);
+				$result = $this->func->htmlspecialchars($result, ENT_QUOTES);
  				if ($index != '')
 					$html .= '<span class="'.$this->cont['PLUGIN_CODE_HEADER'].$code_css[$index-1].'">'.$result.'</span>';
 				else
@@ -448,7 +448,7 @@ function lineToHTML(& $string, & $lang, & $option, $end = null, $begin = 1) {
  			default:
 				// 行内を解析せずにHTMLに追加する (diff)
 				if($linemode) {
-					$line = htmlspecialchars($line, ENT_QUOTES);
+					$line = $this->func->htmlspecialchars($line, ENT_QUOTES);
 					if ($option['link']) 
 						$html .= preg_replace('/(s?https?:\/\/|ftp:\/\/|mailto:)([-_.!~*()a-zA-Z0-9;\/:@?=+$,%#]|&amp;)+/',
 											  '<a href="$0">$0</a>',$line);
@@ -483,7 +483,7 @@ function lineToHTML(& $string, & $lang, & $option, $end = null, $begin = 1) {
 						$index = $code_keyword[strtolower($result)];// 大文字小文字を区別しない
 					else
 						$index = $code_keyword[$result];
-					$result = htmlspecialchars($result, ENT_QUOTES);
+					$result = $this->func->htmlspecialchars($result, ENT_QUOTES);
 
 					if ($index!='')
 						$html .= '<span class="'.$this->cont['PLUGIN_CODE_HEADER'].$code_css[$index-1].'">'.$result.'</span>';
@@ -512,7 +512,7 @@ function lineToHTML(& $string, & $lang, & $option, $end = null, $begin = 1) {
 						$index = $code_keyword[strtolower($result)];// 大文字小文字を区別しない
 					else
 						$index = $code_keyword[$result];
-					$result = htmlspecialchars($result, ENT_QUOTES);
+					$result = $this->func->htmlspecialchars($result, ENT_QUOTES);
 					if ($index != '')
 						$html .= '<span class="'.$this->cont['PLUGIN_CODE_HEADER'].$code_css[$index-1].'">'.$result.'</span>';
 					else
@@ -555,7 +555,7 @@ function lineToHTML(& $string, & $lang, & $option, $end = null, $begin = 1) {
 							$str_pos = 0;
 							$string = '';
 							$code = false;
-							$result = htmlspecialchars($result, ENT_QUOTES);
+							$result = $this->func->htmlspecialchars($result, ENT_QUOTES);
 							if ($option['link']) 
 								$result = preg_replace('/(s?https?:\/\/|ftp:\/\/|mailto:)([-_.!~*()a-zA-Z0-9;\/:@?=+$,%#]|&amp;)+/',
 													   '<a href="$0">$0</a>',$result);
@@ -581,7 +581,7 @@ function lineToHTML(& $string, & $lang, & $option, $end = null, $begin = 1) {
 						$result = $code.substr($line, $pos, $str_pos - $pos);
 					}
 					// htmlに追加
-					$result = htmlspecialchars($result, ENT_QUOTES);
+					$result = $this->func->htmlspecialchars($result, ENT_QUOTES);
 					if ($option['link']) 
 						$result = preg_replace('/(s?https?:\/\/|ftp:\/\/|mailto:)([-_.!~*()a-zA-Z0-9;\/:@?=+$,%#]|&amp;)+/',
 											   '<a href="$0">$0</a>',$result);
@@ -593,7 +593,7 @@ function lineToHTML(& $string, & $lang, & $option, $end = null, $begin = 1) {
 
 				case $this->cont['PLUGIN_CODE_COMMENT_CHAR']: // 1文字で決まるコメント
 					$line = substr($line, $str_pos-1, $str_len-$str_pos);
-					$line = htmlspecialchars($line, ENT_QUOTES);
+					$line = $this->func->htmlspecialchars($line, ENT_QUOTES);
 					if ($option['link']) 
 						$line = preg_replace('/(s?https?:\/\/|ftp:\/\/|mailto:)([-_.!~*()a-zA-Z0-9;\/:@?=+$,%#]|&amp;)+/',
 											 '<a href="$0">$0</a>',$line);
@@ -746,7 +746,7 @@ function srcToHTML(& $string, & $lang, & $option, $end = null, $begin = 1) {
 					if ($code == "\n") ++$num_of_line;
 				}
 				// htmlに追加
-				$html .= htmlspecialchars($start.$result, ENT_QUOTES);
+				$html .= $this->func->htmlspecialchars($start.$result, ENT_QUOTES);
 				
 				// 次の検索用に読み込み
 				if ($str_len == $str_pos) $code = false; else $code = $string[$str_pos++]; // getc
@@ -819,7 +819,7 @@ function srcToHTML(& $string, & $lang, & $option, $end = null, $begin = 1) {
 						}
 						
 						// htmlに追加
-						$result = str_replace('\t', $this->cont['PLUGIN_CODE_WIDTHOFTAB'], htmlspecialchars($result, ENT_QUOTES));
+						$result = str_replace('\t', $this->cont['PLUGIN_CODE_WIDTHOFTAB'], $this->func->htmlspecialchars($result, ENT_QUOTES));
 						if ($option['link']) 
 							$result = preg_replace('/(s?https?:\/\/|ftp:\/\/|mailto:)([-_.!~*()a-zA-Z0-9;\/:@?=+$,%#]|&amp;)+/',
 												   '<a href="$0">$0</a>',$result);
@@ -881,7 +881,7 @@ function srcToHTML(& $string, & $lang, & $option, $end = null, $begin = 1) {
 						++$num_of_line;
 						$startline = 1;
 						// htmlに追加
-						$result = str_replace('\t', $this->cont['PLUGIN_CODE_WIDTHOFTAB'], htmlspecialchars($result, ENT_QUOTES));
+						$result = str_replace('\t', $this->cont['PLUGIN_CODE_WIDTHOFTAB'], $this->func->htmlspecialchars($result, ENT_QUOTES));
 						if ($option['link']) 
 							$result = preg_replace('/(s?https?:\/\/|ftp:\/\/|mailto:)([-_.!~*()a-zA-Z0-9;\/:@?=+$,%#]|&amp;)+/',
 												   '<a href="$0">$0</a>',$result);
@@ -908,7 +908,7 @@ function srcToHTML(& $string, & $lang, & $option, $end = null, $begin = 1) {
 					$index = $code_keyword[strtolower($result)];// 大文字小文字を区別しない
 				else
 					$index = $code_keyword[$result];
-				$result = htmlspecialchars($result, ENT_QUOTES);
+				$result = $this->func->htmlspecialchars($result, ENT_QUOTES);
 
 				if ($str_continue != 0) {
 					$this->endRegion($num_of_line);
@@ -961,7 +961,7 @@ function srcToHTML(& $string, & $lang, & $option, $end = null, $begin = 1) {
 					$index = $code_keyword[strtolower($result)];// 大文字小文字を区別しない
 				else
 					$index = $code_keyword[$result];
-				$result = htmlspecialchars($result, ENT_QUOTES);
+				$result = $this->func->htmlspecialchars($result, ENT_QUOTES);
 				
 				if ($str_continue != 0) {
 					$this->endRegion($num_of_line);
@@ -1029,7 +1029,7 @@ function srcToHTML(& $string, & $lang, & $option, $end = null, $begin = 1) {
 				$num_of_line += substr_count($result,"\n");
 				$startline = 0;		
 				// htmlに追加
-				$result = htmlspecialchars($result, ENT_QUOTES);
+				$result = $this->func->htmlspecialchars($result, ENT_QUOTES);
 				if ($option['link']) 
 					$result = preg_replace('/(s?https?:\/\/|ftp:\/\/|mailto:)([-_.!~*()a-zA-Z0-9;\/:@?=+$,%#]|&amp;)+/',
 										   '<a href="$0">$0</a>',$result);
@@ -1069,7 +1069,7 @@ function srcToHTML(& $string, & $lang, & $option, $end = null, $begin = 1) {
 				$num_of_line+=substr_count($result,"\n");
 				$startline = 0;
 				// htmlに追加
-				$result = htmlspecialchars($result, ENT_QUOTES);
+				$result = $this->func->htmlspecialchars($result, ENT_QUOTES);
 				if ($option['link']) 
 					$result = preg_replace('/(s?https?:\/\/|ftp:\/\/|mailto:)([-_.!~*()a-zA-Z0-9;\/:@?=+$,%#]|&amp;)+/',
 										   '<a href="$0">$0</a>',$result);
@@ -1111,7 +1111,7 @@ function srcToHTML(& $string, & $lang, & $option, $end = null, $begin = 1) {
 				$num_of_line+=substr_count($result,"\n");
 				
 				// htmlに追加
-				$result = htmlspecialchars($result, ENT_QUOTES);
+				$result = $this->func->htmlspecialchars($result, ENT_QUOTES);
 				if ($option['link']) 
 					$result = preg_replace('/(s?https?:\/\/|ftp:\/\/|mailto:)([-_.!~*()a-zA-Z0-9;\/:@?=+$,%#]|&amp;)+/',
 										   '<a href="$0">$0</a>',$result);
@@ -1149,7 +1149,7 @@ function srcToHTML(& $string, & $lang, & $option, $end = null, $begin = 1) {
 				$result = $code.substr($string, $pos, $str_pos - $pos);
 				
 				// htmlに追加
-				$result = htmlspecialchars($result, ENT_QUOTES);
+				$result = $this->func->htmlspecialchars($result, ENT_QUOTES);
 				if ($option['link']) 
 					$result = preg_replace('/(s?https?:\/\/|ftp:\/\/|mailto:)([-_.!~*()a-zA-Z0-9;\/:@?=+$,%#]|&amp;)+/',
 										   '<a href="$0">$0</a>',$result);
diff --git a/xoops_trust_path/modules/xpwiki/plugin/color.inc.php b/xoops_trust_path/modules/xpwiki/plugin/color.inc.php
index 4b59d654..0249e0db 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/color.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/color.inc.php
@@ -23,12 +23,12 @@ function plugin_color_inline()
 	//	global $pkwk_dtd;
 	
 		$args = func_get_args();
-		$text = $this->func->strip_autolink(array_pop($args)); // Already htmlspecialchars(text)
+		$text = $this->func->strip_autolink(array_pop($args)); // Already $this->func->htmlspecialchars(text)
 	
 		list($color, $bgcolor) = array_pad($args, 2, '');
 		if ($color != '' && $bgcolor != '' && $text == '') {
 			// Maybe the old style: '&color(foreground,text);'
-			$text    = htmlspecialchars($bgcolor);
+			$text    = $this->func->htmlspecialchars($bgcolor);
 			$bgcolor = '';
 		}
 		if (($color == '' && $bgcolor == '') || $text == '' || func_num_args() > 3)
@@ -37,7 +37,7 @@ function plugin_color_inline()
 		// Invalid color
 		foreach(array($color, $bgcolor) as $col){
 			if ($col != '' && ! preg_match($this->cont['PLUGIN_COLOR_REGEX'], $col))
-				return '&color():Invalid color: ' . htmlspecialchars($col) . ';';
+				return '&color():Invalid color: ' . $this->func->htmlspecialchars($col) . ';';
 		}
 	
 		if ($this->cont['PLUGIN_COLOR_ALLOW_CSS'] === TRUE || ! isset($this->root->pkwk_dtd) || $this->root->pkwk_dtd == $this->cont['PKWK_DTD_XHTML_1_1']) {
diff --git a/xoops_trust_path/modules/xpwiki/plugin/comment.inc.php b/xoops_trust_path/modules/xpwiki/plugin/comment.inc.php
index 4b84718a..022d6efc 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/comment.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/comment.inc.php
@@ -153,7 +153,7 @@ function plugin_comment_convert()
 		$emojipad = (! $options['emoji'] || $options['noemoji'])? '' : '<div'.$emoji_style.'>' . $this->func->get_emoji_pad($domid, FALSE) . '</div>';
 
 		$script = $this->func->get_script_uri();
-		$s_page = htmlspecialchars($this->root->vars['page']);
+		$s_page = $this->func->htmlspecialchars($this->root->vars['page']);
 		$string = <<<EOD
 <br />
 <form action="$script" method="post">
diff --git a/xoops_trust_path/modules/xpwiki/plugin/conf.inc.php b/xoops_trust_path/modules/xpwiki/plugin/conf.inc.php
index 18652d4a..1bcb701d 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/conf.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/conf.inc.php
@@ -479,9 +479,9 @@ function show_form() {
 			$description = ! empty($conf['description'])? $conf['description'] : (! empty($this->msg[$key]['description'])? $this->msg[$key]['description'] : '');
 			$description = preg_replace('/\{\$root->(.+?)\}/e', '$this->root->$1', $description);
 			$value = ($conf['kind'] === 'root')? $this->root->$key : $this->cont[$key];
-			$value4disp = htmlspecialchars($value);
-			$name4disp = htmlspecialchars((($conf['kind'] === 'root')? 'root_' : 'const_') . $key);
-			$real = htmlspecialchars(($conf['kind'] === 'root')? '$root->'.$key : '$const[\''.$key.'\']');
+			$value4disp = $this->func->htmlspecialchars($value);
+			$name4disp = $this->func->htmlspecialchars((($conf['kind'] === 'root')? 'root_' : 'const_') . $key);
+			$real = $this->func->htmlspecialchars(($conf['kind'] === 'root')? '$root->'.$key : '$const[\''.$key.'\']');
 			$extention = ! empty($this->msg[$key]['extention'])? $this->msg[$key]['extention'] : '';
 			list($form, $attr) = array_pad(explode(',', $conf['form'], 2), 2, '');
 			switch ($form) {
@@ -581,7 +581,7 @@ function post_save() {
 <p>{$msg_done}</p>
 <hr />
 EOD;
-		$body .= '<pre>'.htmlspecialchars($data).'</pre>';
+		$body .= '<pre>'.$this->func->htmlspecialchars($data).'</pre>';
 		return array('msg'=>$this->msg['title_done'], 'body'=>$body);
 	}
 
diff --git a/xoops_trust_path/modules/xpwiki/plugin/dbsync.inc.php b/xoops_trust_path/modules/xpwiki/plugin/dbsync.inc.php
index bf5d56a5..721e792e 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/dbsync.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/dbsync.inc.php
@@ -680,7 +680,7 @@ function plain_db_init()
 					$mode = "insert";
 				}
 
-				$s_page = htmlspecialchars($page);
+				$s_page = $this->func->htmlspecialchars($page);
 				if ($this->root->post['p_info']) { echo 'Start: '. $s_page . '<br />'; }
 				if ($this->root->post['plain_bg'] || $this->func->plain_db_write($page,$mode,TRUE))
 				{
@@ -871,7 +871,7 @@ function plugin_dbsync_next_do()
 	{
 
 		//$token = $this->func->get_token_html();
-		$token = !empty($_SESSION['HYP_CSRF_TOKEN'])? '<input type="hidden" name="HypToken" value="'.htmlspecialchars($_SESSION['HYP_CSRF_TOKEN']).'" />' : '';
+		$token = !empty($_SESSION['HYP_CSRF_TOKEN'])? '<input type="hidden" name="HypToken" value="'.$this->func->htmlspecialchars($_SESSION['HYP_CSRF_TOKEN']).'" />' : '';
 		$script = $this->func->get_script_uri();
 		$html = <<<__EOD__
 <form method="POST" action="{$script}" onsubmit="return pukiwiki_check(this);">
diff --git a/xoops_trust_path/modules/xpwiki/plugin/deldel.inc.php b/xoops_trust_path/modules/xpwiki/plugin/deldel.inc.php
index 66c863bd..22c35c95 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/deldel.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/deldel.inc.php
@@ -125,7 +125,7 @@ function plugin_deldel_action() {
 					1 => $this->msg['btn_exec']);
 		$is_cascade = (empty($this->root->vars['cascade'])) ? false : true;
 		$move_to = (empty($this->root->vars['move'])) ? '' : $this->root->vars['movedir'];
-		$this->root->vars['s_regxp'] = (empty($this->root->vars['regexp']))? "" : htmlspecialchars($this->root->vars['regexp']);
+		$this->root->vars['s_regxp'] = (empty($this->root->vars['regexp']))? "" : $this->func->htmlspecialchars($this->root->vars['regexp']);
 		$body = '';
 		$moved = false;
 		$script = $this->func->get_script_uri();
@@ -179,7 +179,7 @@ function plugin_deldel_action() {
 					}
 					if(is_null($target)){
 						$error_msg = "<p>{$this->msg['msg_regexp_error']}</p>\n";
-						$error_msg .= "<p>". htmlspecialchars($this->root->vars['regexp']) ."</p>";
+						$error_msg .= "<p>". $this->func->htmlspecialchars($this->root->vars['regexp']) ."</p>";
 						$error_msg .= $this->make_body($this->root->vars['cmd'], $this->cont['DATA_DIR'], true);
 						$error_msg .= "<p><a href=\"{$this->root->script}?cmd=deldel\">".$this->msg['msg_back_word']."</a></p>";
 						return array('msg'=>$this->msg['title_delete_error'] ,'body'=>$error_msg);
@@ -259,7 +259,7 @@ function plugin_deldel_action() {
 					{
 						@set_time_limit($execution_time);
 
-						$s_page = htmlspecialchars($page, ENT_QUOTES);
+						$s_page = $this->func->htmlspecialchars($page, ENT_QUOTES);
 						if (!empty($this->root->vars['move_to'])) {
 							static $to_obj;
 							if (!$to_obj) {
@@ -340,7 +340,7 @@ function plugin_deldel_action() {
 					$mes = 'backup';
 					foreach($this->root->vars['pages'] as $page){
 						@set_time_limit($execution_time);
-						$s_page = htmlspecialchars($page, ENT_QUOTES);
+						$s_page = $this->func->htmlspecialchars($page, ENT_QUOTES);
 						$f_page = $this->get_filename2($mes,$page);
 						if(is_file($f_page) && !$this->func->is_freeze($page)){
 							$flag[$s_page] = unlink($f_page);
@@ -377,7 +377,7 @@ function plugin_deldel_action() {
 					$mes = 'diff';
 					foreach($this->root->vars['pages'] as $page){
 						@set_time_limit($execution_time);
-						$s_page = htmlspecialchars($page, ENT_QUOTES);
+						$s_page = $this->func->htmlspecialchars($page, ENT_QUOTES);
 						$f_page = $this->get_filename2($mes,$page);
 						if(is_file($f_page) && !$this->func->is_freeze($spage)){
 							$flag[$s_page] = unlink($f_page);
@@ -390,7 +390,7 @@ function plugin_deldel_action() {
 					$mes = 'referer';
 					foreach($this->root->vars['pages'] as $page){
 						@set_time_limit($execution_time);
-						$s_page = htmlspecialchars($page, ENT_QUOTES);
+						$s_page = $this->func->htmlspecialchars($page, ENT_QUOTES);
 						$f_page = $this->get_filename2($mes,$page);
 						if(is_file($f_page) && !$this->func->is_freeze($spage)){
 							$flag[$s_page] = unlink($f_page);
@@ -403,7 +403,7 @@ function plugin_deldel_action() {
 					$mes = 'counter';
 					foreach($this->root->vars['pages'] as $page){
 						@set_time_limit($execution_time);
-						$s_page = htmlspecialchars($page, ENT_QUOTES);
+						$s_page = $this->func->htmlspecialchars($page, ENT_QUOTES);
 						$f_page = $this->get_filename2($mes,$page);
 						if(is_file($f_page)){
 							$flag[$s_page] = unlink($f_page);
@@ -466,7 +466,7 @@ function page_list2($pages, $cmd = 'read', $withfilename = FALSE, $checked=FALSE
 		foreach($pages as $file=>$page) {
 		//foreach($pages as $page) {
 			$r_page	 = rawurlencode($page);
-			$s_page	 = htmlspecialchars($page, ENT_QUOTES);
+			$s_page	 = $this->func->htmlspecialchars($page, ENT_QUOTES);
 			$passage = $this->func->get_pg_passage($page);
 			// 変更ココから by okkez
 			$checked = ($checked || !empty($this->root->post['no_page']))? " checked=\"true\"" : "";
@@ -479,7 +479,7 @@ function page_list2($pages, $cmd = 'read', $withfilename = FALSE, $checked=FALSE
 			// ココまで
 
 			if ($withfilename) {
-				$s_file = htmlspecialchars($file);
+				$s_file = $this->func->htmlspecialchars($file);
 				$str .= "\n" . '	<ul><li>' . $s_file . '</li></ul>' .
 			"\n" . '   ';
 			}
@@ -659,14 +659,14 @@ function make_confirm($cmd, $dir, $pages, $is_cascade=false, $move_to = '')
 		  case 'REFERER' :
 		  case 'COUNTER':
 			foreach($pages as $page){
-				$s_page = htmlspecialchars($page,ENT_QUOTES);
+				$s_page = $this->func->htmlspecialchars($page,ENT_QUOTES);
 				$body .= "<li><input type=\"hidden\" name=\"pages[$i]\" value=\"$s_page\"/>$s_page<br/></li>\n";
 				$i++;
 			}
 			break;
 		  case 'UPLOAD' :
 			foreach($pages as $page){
-				$s_page = htmlspecialchars($page,ENT_QUOTES);
+				$s_page = $this->func->htmlspecialchars($page,ENT_QUOTES);
 				$temp = split("=|&amp;",$s_page);
 				$file = rawurldecode($temp[1]);
 				$refer = rawurldecode($temp[3]);
@@ -691,7 +691,7 @@ function make_confirm($cmd, $dir, $pages, $is_cascade=false, $move_to = '')
 				$cascade_disabled = ' disabled="disabled"';
 			}
 			$body .= "<input type=\"checkbox\" name=\"cascade\" value=\"1\"".(($is_cascade)? " checked=\"true\"" : "").$cascade_disabled." /> <span>{$this->msg['msg_together_flag']}</span><br />\n";
-			$body .= ($move_to)? '<div>' . $this->msg['msg_move_flag'] . htmlspecialchars($move_to).'<input type="hidden" name="move_to" value="'.htmlspecialchars($move_to).'" /></div>' : '';
+			$body .= ($move_to)? '<div>' . $this->msg['msg_move_flag'] . $this->func->htmlspecialchars($move_to).'<input type="hidden" name="move_to" value="'.$this->func->htmlspecialchars($move_to).'" /></div>' : '';
 		}
 		$body .= "<input type=\"submit\" value=\"{$this->msg['btn_exec']}\"/>\n</div></form>\n";
 		$body .= "<p>{$this->msg['msg_auth']}</p>";
@@ -852,7 +852,7 @@ function toString($showicon, $showinfo)
 		$param	= 'file=' . rawurlencode($this->file) . '&amp;refer=' . rawurlencode($this->page) .
 		($this->age ? '&amp;age=' . $this->age : '');
 		$title = $this->time_str . ' ' . $this->size_str;
-		$label = ($showicon ? $this->cont['PLUGIN_ATTACH_FILE_ICON'] : '') . htmlspecialchars($this->file);
+		$label = ($showicon ? $this->cont['PLUGIN_ATTACH_FILE_ICON'] : '') . $this->func->htmlspecialchars($this->file);
 		if ($this->age) {
 			$label .= ' (backup No.' . $this->age . ')';
 		}
@@ -899,7 +899,7 @@ function toString($flat)
 				$_files[$age] = $this->files[$file][$age]->toString(FALSE, TRUE);
 			}
 			if (! isset($_files[0])) {
-				$_files[0] = htmlspecialchars($file);
+				$_files[0] = $this->func->htmlspecialchars($file);
 			}
 			ksort($_files);
 			$_file = $_files[0];
diff --git a/xoops_trust_path/modules/xpwiki/plugin/diff.inc.php b/xoops_trust_path/modules/xpwiki/plugin/diff.inc.php
index c2e201ff..7d2e7ecf 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/diff.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/diff.inc.php
@@ -36,7 +36,7 @@ function plugin_diff_view($page)
 	//	global $_title_diff_delete;
 	
 		$r_page = rawurlencode($page);
-		$s_page = htmlspecialchars($page);
+		$s_page = $this->func->htmlspecialchars($page);
 		$lasteditor = $this->func->get_lasteditor($this->func->get_pginfo($page));
 		$menu = array(
 			'<li>' . $this->root->_LANG['skin']['recent'] . ': ' . $lasteditor . '</li>',
@@ -58,9 +58,9 @@ function plugin_diff_view($page)
 				$menu[] = '<li><a href="' . $this->root->script . '?cmd=diff&amp;action=delete&amp;page=' .
 				$r_page . '">' . str_replace('$1', $s_page, $this->root->_title_diff_delete) . '</a></li>';
 			}
-			$msg = '<pre>' . $this->func->diff_style_to_css(htmlspecialchars(file_get_contents($filename))) . '</pre>' . "\n";
+			$msg = '<pre>' . $this->func->diff_style_to_css($this->func->htmlspecialchars(file_get_contents($filename))) . '</pre>' . "\n";
 		} else if ($is_page) {
-			$diffdata = trim(htmlspecialchars($this->func->get_source($page, TRUE, TRUE)));
+			$diffdata = trim($this->func->htmlspecialchars($this->func->get_source($page, TRUE, TRUE)));
 			$msg = '<pre><span class="diff_added">' . $diffdata . '</span></pre>' . "\n";
 		} else {
 			return array('msg'=>$this->root->_title_diff, 'body'=>$this->root->_msg_notfound);
@@ -101,7 +101,7 @@ function plugin_diff_delete($page)
 			}
 		}
 	
-		$s_page = htmlspecialchars($page);
+		$s_page = $this->func->htmlspecialchars($page);
 		$script = $this->func->get_script_uri();
 		$body .= <<<EOD
 <p>{$this->root->_msg_diff_adminpass}</p>
diff --git a/xoops_trust_path/modules/xpwiki/plugin/dump.inc.php b/xoops_trust_path/modules/xpwiki/plugin/dump.inc.php
index c8d05116..be848613 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/dump.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/dump.inc.php
@@ -209,7 +209,7 @@ function plugin_dump_action()
 					} else {
 						$this->func->redirect_header($this->cont['HOME_URL'] . '?cmd=dump',
 							1,
-							htmlspecialchars($this->root->vars['file']) . 'was not found.');
+							$this->func->htmlspecialchars($this->root->vars['file']) . 'was not found.');
 					}
 
 					return array('exit' => 0);	// 正常終了
@@ -508,7 +508,7 @@ function plugin_dump_upload($filename = '')
 			foreach($files['ng'] as $type => $errors) {
 				foreach($errors as $name) {
 					$filename = basename($name);
-					$filename = htmlspecialchars($tar->decode_filename($filename));
+					$filename = $this->func->htmlspecialchars($tar->decode_filename($filename));
 					$msg .= "<li><span class=\"dump_result_error\">$type: $name</span><br />( $filename )</li>\n";
 				}
 			}
@@ -559,10 +559,10 @@ function restore_sql($sql_files) {
 					if ($query) {
 						if ($this->xpwiki->db->query($query)) {
 							if (! empty($this->root->vars['show_sql'])) {
-								$msg['ok'][] = htmlspecialchars($query);
+								$msg['ok'][] = $this->func->htmlspecialchars($query);
 							}
 						} else {
-							$msg['ng']['SQL Error'][] = '<span class="diff_removed">' . htmlspecialchars($query) . '</span>';
+							$msg['ng']['SQL Error'][] = '<span class="diff_removed">' . $this->func->htmlspecialchars($query) . '</span>';
 						}
 					}
 				}
@@ -785,18 +785,18 @@ function plugin_dump_disp_form($reqfile = '')
 				foreach($tars as $name => $tars) {
 					if (count($tars) === 1) {
 						$tar = $tars[0];
-						$tar_view = htmlspecialchars($tar);
+						$tar_view = $this->func->htmlspecialchars($tar);
 						$checked = ($reqfile)? ' checked="checked"' : '';
 						$fsize = filesize($this->cont['CACHE_DIR'].$tar);
 						$radio .= '    <input type="radio" name="localfile" id="_p_dump_localfile'.$i.'" value="'.$tar_view.'"' . $checked . ' /><label for="_p_dump_localfile'.$i++.'"> '.$tar_view .' ( '. $this->func->bytes2KMT($fsize) . ' )</label>';
 						$radio .= '    <a target="xpwiki_dump" href="'.$this->cont['HOME_URL'].'?cmd=dump&amp;act=download&amp;file='.rawurlencode($tar).'"'.$t_dl.'>'.$image.'</a><br />' . "\n";
 					} else {
 						natsort($tars);
-						$radio .= '    <input type="radio" disabled="disabled" /> ' . htmlspecialchars($name) . '<br />';
+						$radio .= '    <input type="radio" disabled="disabled" /> ' . $this->func->htmlspecialchars($name) . '<br />';
 						foreach($tars as $tar) {
-							$tar_view = htmlspecialchars(substr($tar, strlen($name)));
+							$tar_view = $this->func->htmlspecialchars(substr($tar, strlen($name)));
 							$fsize = filesize($this->cont['CACHE_DIR'].$tar);
-							$radio .= '    &nbsp;&nbsp;&nbsp;&nbsp;<input type="radio" name="localfile" id="_p_dump_localfile'.$i.'" value="'.htmlspecialchars($tar).'" /><label for="_p_dump_localfile'.$i++.'"> '.$tar_view .' ( '. $this->func->bytes2KMT($fsize) . ' )</label>';
+							$radio .= '    &nbsp;&nbsp;&nbsp;&nbsp;<input type="radio" name="localfile" id="_p_dump_localfile'.$i.'" value="'.$this->func->htmlspecialchars($tar).'" /><label for="_p_dump_localfile'.$i++.'"> '.$tar_view .' ( '. $this->func->bytes2KMT($fsize) . ' )</label>';
 							$radio .= '    <a target="xpwiki_dump" href="'.$this->cont['HOME_URL'].'?cmd=dump&amp;act=download&amp;file='.rawurlencode($tar).'"'.$t_dl.'>'.$image.'</a><br />' . "\n";
 						}
 					}
diff --git a/xoops_trust_path/modules/xpwiki/plugin/edit.inc.php b/xoops_trust_path/modules/xpwiki/plugin/edit.inc.php
index d9353b3d..01ce9c5e 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/edit.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/edit.inc.php
@@ -162,7 +162,7 @@ function plugin_edit_preview($ng_riddle = FALSE)
 			$this->func->convert_finisher($body);
 
 			$title = (!$ng_riddle)? $this->root->_title_preview : $this->root->_title_ng_riddle;
-			$title = '<h3>'.str_replace('$1', htmlspecialchars($page), $title).'</h3>';
+			$title = '<h3>'.str_replace('$1', $this->func->htmlspecialchars($page), $title).'</h3>';
 			$body = $title.$body;
 
 			if (preg_match('/\(\([eisv]:[0-9a-f]{4}\)\)|\[emj:\d{1,4}(?::(?:im|ez|sb))?\]/S', $body)) {
@@ -237,16 +237,16 @@ function plugin_edit_inline()
 		if ($isfreeze || !$is_editable) return ''; // Show nothing
 
 		// Paragraph edit enabled or not
-		$short = htmlspecialchars('Edit');
+		$short = $this->func->htmlspecialchars('Edit');
 		$js = $ajax = '';
-		$ajaxurl = htmlspecialchars(rawurlencode($s_page), ENT_QUOTES);
+		$ajaxurl = $this->func->htmlspecialchars(rawurlencode($s_page), ENT_QUOTES);
 		if ($this->root->fixed_heading_anchor_edit && $editable && $ispage && ! $isfreeze) {
 			// Paragraph editing
-			$js = ' onmouseover="wikihelper_area_highlite(\'' . htmlspecialchars($id) . '\',1);"' .
-					' onmouseout="wikihelper_area_highlite(\'' . htmlspecialchars($id) . '\',0);"';
-			$ajax = ($this->root->use_ajax_edit && $this->root->render_mode === 'main')? ' onclick="return xpwiki_ajax_edit(\'' . $ajaxurl . '\',\'' . htmlspecialchars($id) . '\');"' : '';
+			$js = ' onmouseover="wikihelper_area_highlite(\'' . $this->func->htmlspecialchars($id) . '\',1);"' .
+					' onmouseout="wikihelper_area_highlite(\'' . $this->func->htmlspecialchars($id) . '\',0);"';
+			$ajax = ($this->root->use_ajax_edit && $this->root->render_mode === 'main')? ' onclick="return xpwiki_ajax_edit(\'' . $ajaxurl . '\',\'' . $this->func->htmlspecialchars($id) . '\');"' : '';
 			$id    = rawurlencode($id);
-			$title = htmlspecialchars(str_replace('$1', $s_page.$page, $this->root->_title_edit));
+			$title = $this->func->htmlspecialchars(str_replace('$1', $s_page.$page, $this->root->_title_edit));
 			$icon = '<img src="' . $this->cont['IMAGE_DIR'] . 'paraedit.png' .
 			'" width="9" height="9" alt="' .
 			$short . '" title="' . $title . '" /> ';
@@ -262,7 +262,7 @@ function plugin_edit_inline()
 				$icon  = 'edit.png';
 				$ajax = ($this->root->use_ajax_edit && $this->root->render_mode === 'main')? ' onclick="return xpwiki_ajax_edit(\'' . $ajaxurl . '\');"' : '';
 			}
-			$title = htmlspecialchars(sprintf($title, $s_page));
+			$title = $this->func->htmlspecialchars(sprintf($title, $s_page));
 			$icon = '<img src="' . $this->cont['IMAGE_DIR'] . $icon .
 			'" width="20" height="20" alt="' .
 			$short . '" title="' . $title . '" />';
@@ -416,10 +416,10 @@ function plugin_edit_write()
 			} else {
 				$url = $this->cont['HOME_URL'];
 			}
-			$title = str_replace('$1', htmlspecialchars($page), $this->root->_title_deleted);
+			$title = str_replace('$1', $this->func->htmlspecialchars($page), $this->root->_title_deleted);
 
 			if (isset($this->root->vars['ajax'])) {
-				$url = htmlspecialchars($url, ENT_QUOTES);
+				$url = $this->func->htmlspecialchars($url, ENT_QUOTES);
 				$body = <<<EOD
 <xpwiki>
 <content><![CDATA[{$title}]]></content>
@@ -447,7 +447,7 @@ function plugin_edit_write()
 			} else {
 				$obj = new XpWiki($this->root->mydirname);
 				$obj->init($page);
-				$obj->root->userinfo['uname_s'] = htmlspecialchars($this->root->cookie['name']);
+				$obj->root->userinfo['uname_s'] = $this->func->htmlspecialchars($this->root->cookie['name']);
 				$obj->execute();
 				if (isset($obj->root->rtf['useJavascriptInHead'])) {
 					$body = '<script src="" />';
@@ -455,7 +455,7 @@ function plugin_edit_write()
 					$body = $obj->body;
 					// set target
 					if (isset($this->root->vars['popup'])) {
-						$body = preg_replace('/(<a[^>]+)(href=(?:"|\')[^#])/isS', '$1target="' . ((intval($this->root->vars['popup']) === 1)? '_parent' : htmlspecialchars(substr($this->root->vars['popup'],0,30))) . '" $2', $body);
+						$body = preg_replace('/(<a[^>]+)(href=(?:"|\')[^#])/isS', '$1target="' . ((intval($this->root->vars['popup']) === 1)? '_parent' : $this->func->htmlspecialchars(substr($this->root->vars['popup'],0,30))) . '" $2', $body);
 					}
 					$body = str_replace(array('<![CDATA[', ']]>'), '', $body);
 				}
diff --git a/xoops_trust_path/modules/xpwiki/plugin/exifshowcase.inc.php b/xoops_trust_path/modules/xpwiki/plugin/exifshowcase.inc.php
index 6624a2f4..0a9faafe 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/exifshowcase.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/exifshowcase.inc.php
@@ -220,7 +220,7 @@ function plugin_exifshowcase_body($args,$page)
 		}
 
 		if(!$files) {
-			$params['_body'] = $this->msg['err_noimage'] . ($pattern? '(' . htmlspecialchars($pattern) . ')': '');
+			$params['_body'] = $this->msg['err_noimage'] . ($pattern? '(' . $this->func->htmlspecialchars($pattern) . ')': '');
 			return $params;
 		}
 	
diff --git a/xoops_trust_path/modules/xpwiki/plugin/font.inc.php b/xoops_trust_path/modules/xpwiki/plugin/font.inc.php
index 1119a7a9..34061af0 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/font.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/font.inc.php
@@ -48,20 +48,20 @@ function plugin_font_inline()
 			{
 				if ($color_type)
 				{
-					$style .= "color:".htmlspecialchars($color[1]).";";
+					$style .= "color:".$this->func->htmlspecialchars($color[1]).";";
 					$color_type = false;
 				} else {
-					$style .= "background-color:".htmlspecialchars($color[1]).";";
+					$style .= "background-color:".$this->func->htmlspecialchars($color[1]).";";
 				}
 			}
 			elseif (preg_match('/^(\d+)$/',$prm,$size))
-				//$style .= "font-size:".htmlspecialchars($size[1])."px;display:inline-block;line-height:130%;text-indent:0px;";
-				$style .= "font-size:".htmlspecialchars($size[1])."px;line-height:130%;";
+				//$style .= "font-size:".$this->func->htmlspecialchars($size[1])."px;display:inline-block;line-height:130%;text-indent:0px;";
+				$style .= "font-size:".$this->func->htmlspecialchars($size[1])."px;line-height:130%;";
 			elseif (preg_match('/^(\d+(%|px|pt|em))$/',$prm,$size))
-				//$style .= "font-size:".htmlspecialchars($size[1]).";display:inline-block;line-height:130%;text-indent:0px;";
-				$style .= "font-size:".htmlspecialchars($size[1]).";line-height:130%;";
+				//$style .= "font-size:".$this->func->htmlspecialchars($size[1]).";display:inline-block;line-height:130%;text-indent:0px;";
+				$style .= "font-size:".$this->func->htmlspecialchars($size[1]).";line-height:130%;";
 			elseif (preg_match('/^class:(.+)$/',$prm,$arg))
-				$class = ' class="' . str_replace('"' , '', htmlspecialchars($arg[1])) . '"';
+				$class = ' class="' . str_replace('"' , '', $this->func->htmlspecialchars($arg[1])) . '"';
 			
 		}
 		if (count($decoration))
diff --git a/xoops_trust_path/modules/xpwiki/plugin/footnotes.inc.php b/xoops_trust_path/modules/xpwiki/plugin/footnotes.inc.php
index e08710d3..2c851f05 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/footnotes.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/footnotes.inc.php
@@ -75,7 +75,7 @@ function plugin_footnotes_convert() {
 							if ($options['category'] && !isset($catName[$category])) {
 								$idType = isset($this->root->footnote_categories[$category])? $this->root->footnote_categories[$category] : '*$1';
 								$catTitle = ($this->config['category_title'])? $this->config['category_title'] : $idType;
-								$catName[$category] = '<div class="' . $catClass . '">' . str_replace('$1', htmlspecialchars($category), $catTitle) . '</div>';
+								$catName[$category] = '<div class="' . $catClass . '">' . str_replace('$1', $this->func->htmlspecialchars($category), $catTitle) . '</div>';
 							}
 							$catSets[$category][$key] = $val;
 							if (!$options['noclear']) {
diff --git a/xoops_trust_path/modules/xpwiki/plugin/freeze.inc.php b/xoops_trust_path/modules/xpwiki/plugin/freeze.inc.php
index 3983de24..4787ca06 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/freeze.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/freeze.inc.php
@@ -43,7 +43,7 @@ function plugin_freeze_action()
 		} else {
 			// Show a freeze form
 			$msg    = & $this->root->_title_freeze;
-			$s_page = htmlspecialchars($page);
+			$s_page = $this->func->htmlspecialchars($page);
 			$script = $this->func->get_script_uri();
 			$body   = ($pass === NULL) ? '' : "<p><strong>{$this->root->_msg_invalidpass}</strong></p>\n";
 			$body  .= <<<EOD
diff --git a/xoops_trust_path/modules/xpwiki/plugin/fusen.inc.php b/xoops_trust_path/modules/xpwiki/plugin/fusen.inc.php
index 0316d370..124f3005 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/fusen.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/fusen.inc.php
@@ -163,7 +163,7 @@ function get_html($args, $base, $divclass) {
 		$X_ucd = ''; //WIKI_UCD_DEF;
 		$js_refer = $this->plugin_fusen_jsencode($refer);
 		$auth = $this->func->is_owner($refer)? 1 : 0;
-		$s_refer = htmlspecialchars($refer);
+		$s_refer = $this->func->htmlspecialchars($refer);
 
 		$burn = ($auth)? "(<a href=\"javascript:fusen_burn()\" title=\"{$this->msg['cap_dustbox_empty']}\">{$this->msg['cap_empty']}</a>)" : "";
 		$js_massages = '';
@@ -497,7 +497,7 @@ function plugin_fusen_action() {
 				$options = array('overwrite' => TRUE, 'asSystem' => TRUE);
 				if ($this->root->vars['mode'] == 'edit') {
 					// 編集時はタイムスタンプを更新する
-					$options['changelog'] = '[Fusen:' . $id . '] ' . htmlspecialchars($txt);
+					$options['changelog'] = '[Fusen:' . $id . '] ' . $this->func->htmlspecialchars($txt);
 					$ret = $atatch_obj->do_upload($refer, $this->cont['FUSEN_ATTACH_FILENAME'], $fname.".tmp",FALSE,NULL,FALSE,$options);
 				} else {
 					// その他はタイムスタンプを更新しない
@@ -608,7 +608,7 @@ function plugin_fusen_getjson($fusen_data)
 			$json .= '"tc":"' . $dat['tc'] . '",';
 			$json .= '"bg":"' . $dat['bg'] . '",';
 			$json .= '"disp":"' .$this->plugin_fusen_jsencode($dat['disp']) . '",';
-			$json .= '"txt":"' . $this->plugin_fusen_jsencode(htmlspecialchars($dat['txt'])) . '",';
+			$json .= '"txt":"' . $this->plugin_fusen_jsencode($this->func->htmlspecialchars($dat['txt'])) . '",';
 			$json .= '"name":"' . $this->plugin_fusen_jsencode($this->func->make_link($dat['name'])) . '",';
 			$json .= '"mt":"' . ($dat['mt']? $dat['mt'] : "" ) . '",';
 			$json .= '"et":"' . ($dat['et']? $dat['et'] : "" ) . '",';
diff --git a/xoops_trust_path/modules/xpwiki/plugin/gmap.inc.php b/xoops_trust_path/modules/xpwiki/plugin/gmap.inc.php
index 887d4a91..32105e09 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/gmap.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/gmap.inc.php
@@ -257,7 +257,7 @@ function plugin_gmap_action() {
 					if ($page == '') {
 						$page = '(Empty Page Name)';
 					}
-					$body = htmlspecialchars($page);
+					$body = $this->func->htmlspecialchars($page);
 					$body .= '<br>Unknown page name';
 				}
 				$this->func->pkwk_common_headers();
@@ -295,13 +295,13 @@ function action_static() {
 		$default_lng  = empty( $this->root->get['lng'] )  ? $this->cont['PLUGIN_GMAP_DEF_LNG']  : floatval( $this->root->get['lng'] ) ;
 		$default_zoom = empty( $this->root->get['zoom'] ) ? $this->cont['PLUGIN_GMAP_DEF_ZOOM'] : intval( $this->root->get['zoom'] ) ;
 
-		$markers = isset($this->root->get['markers'])? '&amp;markers=' . htmlspecialchars($this->root->get['markers']) : '';
+		$markers = isset($this->root->get['markers'])? '&amp;markers=' . $this->func->htmlspecialchars($this->root->get['markers']) : '';
 		$refer = isset($this->root->get['refer'])? $this->root->get['refer'] : '';
 		$title = isset($this->root->get['t'])? $this->root->get['t'] : '';
 
 		$back = '';
 		if ($refer) {
-			$refer = htmlspecialchars(preg_replace('#^[a-zA-Z]+://[^/]+#', '', $refer));
+			$refer = $this->func->htmlspecialchars(preg_replace('#^[a-zA-Z]+://[^/]+#', '', $refer));
 			$back = '[ <a href="'.$this->root->siteinfo['host'].$refer.'">' . $this->root->_msg_back_word . '</a> ]';
 			$refer = '&amp;refer=' . $refer;
 		}
@@ -367,7 +367,7 @@ function action_static() {
 			$zoomdown = '';
 		}
 		
-		$title = $title? '<h3>' . htmlspecialchars($title) . '</h3>' : '';
+		$title = $title? '<h3>' . $this->func->htmlspecialchars($title) . '</h3>' : '';
 		$ret = <<<EOD
 <a href="{$maplink}&amp;zoom={$mapkeys['zoom']}&amp;lng={$mapkeys['lngdown']}&amp;lat={$mapkeys['latup']}{$other}"  accesskey="1" ></a>
 <a href="{$maplink}&amp;zoom={$mapkeys['zoom']}&amp;lng={$mapkeys['lng']}&amp;lat={$mapkeys['latup']}{$other}"  accesskey="2" ></a>
@@ -480,7 +480,7 @@ function get_static_image_url($lat, $lng, $zoom, $markers = '', $useAction = 0,
 			$url = $this->google_staticmap_url.$params.'size='.$this->conf['StaticMapSize'].'&amp;type=mobile&amp;key='.$this->root->google_api_key;
 		}
 		if ($markers && $useAction < 2) {
-			$url .= '&amp;markers=' . htmlspecialchars($markers);
+			$url .= '&amp;markers=' . $this->func->htmlspecialchars($markers);
 		}
 		return $url;
 	}
@@ -522,7 +522,7 @@ function plugin_gmap_output($doInit, $params, $display) {
 				continue;
 			}
 			$index = trim(substr($param, 0, $pos));
-			$value = htmlspecialchars(trim(substr($param, $pos+1)), ENT_QUOTES);
+			$value = $this->func->htmlspecialchars(trim(substr($param, $pos+1)), ENT_QUOTES);
 			$inoptions[$index] = $value;
 			if ($index == 'cx') {$cx = (float)$value;}//for old api
 			if ($index == 'cy') {$cy = (float)$value;}//for old api
@@ -813,7 +813,7 @@ function plugin_gmap_output($doInit, $params, $display) {
 				}
 				$kml = $ref->get_ref_url($pagename, $kml, false, true);
 			} else {
-				$kml = htmlspecialchars($kml, ENT_QUOTES, $this->cont['SOURCE_ENCODING']);
+				$kml = $this->func->htmlspecialchars($kml, ENT_QUOTES, $this->cont['SOURCE_ENCODING']);
 			}
 			$kml = str_replace('&amp;', '&', $kml);
 			$output .= "var kmllayer = new google.maps.KmlLayer(\"$kml\");\n";
diff --git a/xoops_trust_path/modules/xpwiki/plugin/gmap_draw.inc.php b/xoops_trust_path/modules/xpwiki/plugin/gmap_draw.inc.php
index b30d574c..fa54669f 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/gmap_draw.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/gmap_draw.inc.php
@@ -104,7 +104,7 @@ function plugin_gmap_draw_output($command, $params) {
 				continue;
 			}
 			$index = trim(substr($param, 0, $pos));
-			$value = htmlspecialchars(trim(substr($param, $pos+1)), ENT_QUOTES);
+			$value = $this->func->htmlspecialchars(trim(substr($param, $pos+1)), ENT_QUOTES);
 	
 			$inoptions[$index] = $value;
 		}
diff --git a/xoops_trust_path/modules/xpwiki/plugin/gmap_icon.inc.php b/xoops_trust_path/modules/xpwiki/plugin/gmap_icon.inc.php
index 05916977..0c7fd1c1 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/gmap_icon.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/gmap_icon.inc.php
@@ -89,7 +89,7 @@ function plugin_gmap_icon_output($name, $params) {
 		foreach ($params as $param) {
 			list($index, $value) = array_pad(split('=', $param, 2), 2, '');
 			$index = trim($index);
-			$value = htmlspecialchars(trim($value), ENT_QUOTES);
+			$value = $this->func->htmlspecialchars(trim($value), ENT_QUOTES);
 			$inoptions[$index] = $value;
 		}
 		
diff --git a/xoops_trust_path/modules/xpwiki/plugin/gmap_insertmarker.inc.php b/xoops_trust_path/modules/xpwiki/plugin/gmap_insertmarker.inc.php
index 057a23e5..7ede7ac9 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/gmap_insertmarker.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/gmap_insertmarker.inc.php
@@ -43,8 +43,8 @@ function plugin_gmap_insertmarker_action() {
 		$maptypes = array('satellite', 'hybrid', 'physical', 'terrain');
 		$mtypename = in_array($mtype, $maptypes)? $mtype : 'roadmap';
 
-		$map    = htmlspecialchars(trim($this->root->vars['map']));
-		$icon   = htmlspecialchars($this->root->vars['icon']);
+		$map    = $this->func->htmlspecialchars(trim($this->root->vars['map']));
+		$icon   = $this->func->htmlspecialchars($this->root->vars['icon']);
 		$flat   = isset($this->root->vars['flat'])? true : false;
 		$title   = substr($this->root->vars['title'], 0, $this->cont['PLUGIN_GMAP_INSERTMARKER_TITLE_MAXLEN']);
 		$caption = substr(trim($this->root->vars['caption']), 0, $this->cont['PLUGIN_GMAP_INSERTMARKER_CAPTION_MAXLEN']);
@@ -66,10 +66,10 @@ function plugin_gmap_insertmarker_action() {
 		
 		$caption .= ($save_addr)? ($caption? '&br;' : '') . $this->msg['cap_addr'] . ': ' . $this->root->vars['addr'] : '';
 
-		$title   = htmlspecialchars(str_replace("\n", '', $title));
+		$title   = $this->func->htmlspecialchars(str_replace("\n", '', $title));
 		$caption = str_replace("\n", '&br;', $caption);
-		$image   = htmlspecialchars($image);
-		$maxurl  = htmlspecialchars($maxurl);
+		$image   = $this->func->htmlspecialchars($image);
+		$maxurl  = $this->func->htmlspecialchars($maxurl);
 
 		$marker = '-&'.$plugin.'_mark('.$lat.', '.$lng;
 		if ($title)         $marker .= ', title='.$title;
@@ -171,7 +171,7 @@ function plugin_gmap_insertmarker_convert() {
 			$pos = strpos($param, '=');
 			if ($pos == false) continue;
 			$index = trim(substr($param, 0, $pos));
-			$value = htmlspecialchars(trim(substr($param, $pos+1)), ENT_QUOTES);
+			$value = $this->func->htmlspecialchars(trim(substr($param, $pos+1)), ENT_QUOTES);
 			$inoptions[$index] = $value;
 		}
 
@@ -199,7 +199,7 @@ function plugin_gmap_insertmarker_convert() {
 		}
 		$direction = $options['direction'];
 		$this->root->script    = $this->func->get_script_uri();
-		$s_page    = htmlspecialchars($this->root->vars['page']);
+		$s_page    = $this->func->htmlspecialchars($this->root->vars['page']);
 		$page = $p_gmap->get_pgid($this->root->vars['page']);
 		$plugin = end($this->root->plugin_stack);
 
diff --git a/xoops_trust_path/modules/xpwiki/plugin/gmap_mark.inc.php b/xoops_trust_path/modules/xpwiki/plugin/gmap_mark.inc.php
index ddd1b00b..afbb6739 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/gmap_mark.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/gmap_mark.inc.php
@@ -115,7 +115,7 @@ function plugin_gmap_mark_output($lat, $lng, $params) {
 		foreach ($params as $param) {
 			list($index, $value) = array_pad(split('=', $param, 2), 2, '');
 			$index = trim($index);
-			if ($index !== 'caption2') $value = htmlspecialchars(trim($value), ENT_QUOTES);
+			if ($index !== 'caption2') $value = $this->func->htmlspecialchars(trim($value), ENT_QUOTES);
 			$inoptions[$index] = $value;
 			if ($index == 'zoom') {$isSetZoom = true;}//for old api
 		}
@@ -177,7 +177,7 @@ function plugin_gmap_mark_output($lat, $lng, $params) {
 		}
 
 	    if ($titleispagename) {
-	        $title = htmlspecialchars($this->root->vars['page'], ENT_QUOTES);
+	        $title = $this->func->htmlspecialchars($this->root->vars['page'], ENT_QUOTES);
 	    }
 
 		//携帯デバイス用リスト出力
diff --git a/xoops_trust_path/modules/xpwiki/plugin/gmap_street.inc.php b/xoops_trust_path/modules/xpwiki/plugin/gmap_street.inc.php
index 2756d34b..d224f123 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/gmap_street.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/gmap_street.inc.php
@@ -89,7 +89,7 @@ function get_body($params, $display) {
 				continue;
 			}
 			$index = trim(substr($param, 0, $pos));
-			$value = htmlspecialchars(trim(substr($param, $pos+1)), ENT_QUOTES);
+			$value = $this->func->htmlspecialchars(trim(substr($param, $pos+1)), ENT_QUOTES);
 			$inoptions[$index] = $value;
 		}
 		
diff --git a/xoops_trust_path/modules/xpwiki/plugin/googlemaps2.inc.php b/xoops_trust_path/modules/xpwiki/plugin/googlemaps2.inc.php
index fb2b56bd..ca020dfe 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/googlemaps2.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/googlemaps2.inc.php
@@ -190,7 +190,7 @@ function plugin_googlemaps2_action() {
 					if ($page == '') {
 						$page = '(Empty Page Name)';
 					}
-					$body = htmlspecialchars($page);
+					$body = $this->func->htmlspecialchars($page);
 					$body .= '<br>Unknown page name';
 				}
 				$this->func->pkwk_common_headers();
@@ -222,12 +222,12 @@ function action_static() {
 		$default_lng  = empty( $this->root->get['lng'] )  ? $this->cont['PLUGIN_GOOGLEMAPS2_DEF_LNG']  : floatval( $this->root->get['lng'] ) ;
 		$default_zoom = empty( $this->root->get['zoom'] ) ? $this->cont['PLUGIN_GOOGLEMAPS2_DEF_ZOOM'] : intval( $this->root->get['zoom'] ) ;
 
-		$markers = isset($this->root->get['markers'])? '&amp;markers=' . htmlspecialchars($this->root->get['markers']) : '';
+		$markers = isset($this->root->get['markers'])? '&amp;markers=' . $this->func->htmlspecialchars($this->root->get['markers']) : '';
 		$refer = isset($this->root->get['refer'])? $this->root->get['refer'] : '';
 
 		$back = '';
 		if ($refer) {
-			$refer = htmlspecialchars(preg_replace('#^[a-zA-Z]+://[^/]+#', '', $refer));
+			$refer = $this->func->htmlspecialchars(preg_replace('#^[a-zA-Z]+://[^/]+#', '', $refer));
 			$back = '[ <a href="'.$this->root->siteinfo['host'].$refer.'">' . $this->root->_msg_back_word . '</a> ]';
 			$refer = '&amp;refer=' . $refer;
 		}
@@ -362,7 +362,7 @@ function get_static_image_url($lat, $lng, $zoom, $markers = '', $useAction = 0)
 			$url = 'http://maps.google.com/staticmap?'.$params.'size='.$this->conf['StaticMapSize'].'&amp;type=mobile&amp;key='.$this->cont['PLUGIN_GOOGLEMAPS2_DEF_KEY'];
 		}
 		if ($markers && $useAction < 2) {
-			$url .= '&amp;markers=' . htmlspecialchars($markers);
+			$url .= '&amp;markers=' . $this->func->htmlspecialchars($markers);
 		}
 		return $url;
 	}
@@ -392,7 +392,7 @@ function plugin_googlemaps2_output($doInit, $params) {
 			$pos = strpos($param, '=');
 			if ($pos === false) continue;
 			$index = trim(substr($param, 0, $pos));
-			$value = htmlspecialchars(trim(substr($param, $pos+1)), ENT_QUOTES);
+			$value = $this->func->htmlspecialchars(trim(substr($param, $pos+1)), ENT_QUOTES);
 			$inoptions[$index] = $value;
 			if ($index == 'cx') {$cx = (float)$value;}//for old api
 			if ($index == 'cy') {$cy = (float)$value;}//for old api
diff --git a/xoops_trust_path/modules/xpwiki/plugin/googlemaps2_draw.inc.php b/xoops_trust_path/modules/xpwiki/plugin/googlemaps2_draw.inc.php
index 45902e23..f79d3ee8 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/googlemaps2_draw.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/googlemaps2_draw.inc.php
@@ -104,7 +104,7 @@ function plugin_googlemaps2_draw_output($command, $params) {
 				continue;
 			}
 			$index = trim(substr($param, 0, $pos));
-			$value = htmlspecialchars(trim(substr($param, $pos+1)), ENT_QUOTES);
+			$value = $this->func->htmlspecialchars(trim(substr($param, $pos+1)), ENT_QUOTES);
 	
 			$inoptions[$index] = $value;
 		}
diff --git a/xoops_trust_path/modules/xpwiki/plugin/googlemaps2_icon.inc.php b/xoops_trust_path/modules/xpwiki/plugin/googlemaps2_icon.inc.php
index 3c98fd91..04bf55a6 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/googlemaps2_icon.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/googlemaps2_icon.inc.php
@@ -86,7 +86,7 @@ function plugin_googlemaps2_icon_output($name, $params) {
 		foreach ($params as $param) {
 			list($index, $value) = array_pad(split('=', $param, 2), 2, '');
 			$index = trim($index);
-			$value = htmlspecialchars(trim($value), ENT_QUOTES);
+			$value = $this->func->htmlspecialchars(trim($value), ENT_QUOTES);
 			$inoptions[$index] = $value;
 		}
 		
diff --git a/xoops_trust_path/modules/xpwiki/plugin/googlemaps2_insertmarker.inc.php b/xoops_trust_path/modules/xpwiki/plugin/googlemaps2_insertmarker.inc.php
index 0ff0405c..b9f03991 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/googlemaps2_insertmarker.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/googlemaps2_insertmarker.inc.php
@@ -40,8 +40,8 @@ function plugin_googlemaps2_insertmarker_action() {
 		);
 		$mtypename = isset($maptypes[$mtype])? $maptypes[$mtype] : 'normal';
 
-		$map    = htmlspecialchars(trim($this->root->vars['map']));
-		$icon   = htmlspecialchars($this->root->vars['icon']);
+		$map    = $this->func->htmlspecialchars(trim($this->root->vars['map']));
+		$icon   = $this->func->htmlspecialchars($this->root->vars['icon']);
 		$title   = substr($this->root->vars['title'], 0, $this->cont['PLUGIN_GOOGLEMAPS2_INSERTMARKER_TITLE_MAXLEN']);
 		$caption = substr(trim($this->root->vars['caption']), 0, $this->cont['PLUGIN_GOOGLEMAPS2_INSERTMARKER_CAPTION_MAXLEN']);
 		$image   = substr($this->root->vars['image'], 0, $this->cont['PLUGIN_GOOGLEMAPS2_INSERTMARKER_URL_MAXLEN']);
@@ -52,10 +52,10 @@ function plugin_googlemaps2_insertmarker_action() {
 
 		$caption .= (isset($this->root->vars['save_addr']))? ($caption? '&br;' : '') . $this->msg['cap_addr'] . ': ' . $this->root->vars['addr'] : '';
 
-		$title   = htmlspecialchars(str_replace("\n", '', $title));
+		$title   = $this->func->htmlspecialchars(str_replace("\n", '', $title));
 		$caption = str_replace("\n", '&br;', $caption);
-		$image   = htmlspecialchars($image);
-		$maxurl  = htmlspecialchars($maxurl);
+		$image   = $this->func->htmlspecialchars($image);
+		$maxurl  = $this->func->htmlspecialchars($maxurl);
 
 		$marker = '-&googlemaps2_mark('.$lat.', '.$lng;
 		if ($title)         $marker .= ', title='.$title;
@@ -150,7 +150,7 @@ function plugin_googlemaps2_insertmarker_convert() {
 			$pos = strpos($param, '=');
 			if ($pos == false) continue;
 			$index = trim(substr($param, 0, $pos));
-			$value = htmlspecialchars(trim(substr($param, $pos+1)), ENT_QUOTES);
+			$value = $this->func->htmlspecialchars(trim(substr($param, $pos+1)), ENT_QUOTES);
 			$inoptions[$index] = $value;
 		}
 
@@ -178,7 +178,7 @@ function plugin_googlemaps2_insertmarker_convert() {
 		}
 		$direction = $options['direction'];
 		$this->root->script    = $this->func->get_script_uri();
-		$s_page    = htmlspecialchars($this->root->vars['page']);
+		$s_page    = $this->func->htmlspecialchars($this->root->vars['page']);
 		$page = $p_googlemaps2->get_pgid($this->root->vars['page']);
 
 		if (! isset($numbers[$this->xpwiki->pid][$page]))
diff --git a/xoops_trust_path/modules/xpwiki/plugin/googlemaps2_mark.inc.php b/xoops_trust_path/modules/xpwiki/plugin/googlemaps2_mark.inc.php
index 1dbc1ac8..65d8588d 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/googlemaps2_mark.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/googlemaps2_mark.inc.php
@@ -117,7 +117,7 @@ function plugin_googlemaps2_mark_output($lat, $lng, $params) {
 		foreach ($params as $param) {
 			list($index, $value) = array_pad(split('=', $param, 2), 2, '');
 			$index = trim($index);
-			if ($index !== 'caption2') $value = htmlspecialchars(trim($value), ENT_QUOTES);
+			if ($index !== 'caption2') $value = $this->func->htmlspecialchars(trim($value), ENT_QUOTES);
 			$inoptions[$index] = $value;
 			if ($index == 'zoom') {$isSetZoom = true;}//for old api
 		}
@@ -200,7 +200,7 @@ function plugin_googlemaps2_mark_output($lat, $lng, $params) {
 	    }
 
 	    if ($titleispagename) {
-	        $title = htmlspecialchars($this->root->vars['page'], ENT_QUOTES);
+	        $title = $this->func->htmlspecialchars($this->root->vars['page'], ENT_QUOTES);
 	    }
 
 	    if ($maxtitle == '') {
diff --git a/xoops_trust_path/modules/xpwiki/plugin/gsearch.inc.php b/xoops_trust_path/modules/xpwiki/plugin/gsearch.inc.php
index e1059cf1..3c133ec1 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/gsearch.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/gsearch.inc.php
@@ -116,7 +116,7 @@ function plugin_gsearch_gethtml($mode,$query)
 	{
 		$search_url = 'http://ajax.googleapis.com/ajax/services/search/$mode?v=1.0&userip='.$_SERVER['REMOTE_ADDR'];
 
-		$qs = htmlspecialchars($query);
+		$qs = $this->func->htmlspecialchars($query);
 		// REST リクエストの構築
 		$query = rawurlencode(mb_convert_encoding(trim($query),"UTF-8",$this->cont['SOURCE_ENCODING']));
 		$max = min((int)$this->params['max'], 8);
@@ -177,7 +177,7 @@ function plugin_gsearch_gethtml($mode,$query)
 		}
 
 		$func = "plugin_gsearch_build_".$mode;
-		$target = htmlspecialchars($this->params['target']);
+		$target = $this->func->htmlspecialchars($this->params['target']);
 		$html = $this->$func($res['responseData'],$target,$this->params['col']);
 		
 		if (isset($res['responseData']['cursor']) && isset($res['responseData']['cursor']['moreResultsUrl'])) {
@@ -251,9 +251,9 @@ function plugin_gsearch_build_images($res,$target,$col)
 			foreach ($dats as $dat)
 			{
 				if ($this->plugin_gsearch_check_ngsite($dat['url'])) {continue;}
-				$title = "[".$dat['titleNoFormatting']."]".htmlspecialchars($dat['contentNoFormatting']);
+				$title = "[".$dat['titleNoFormatting']."]".$this->func->htmlspecialchars($dat['contentNoFormatting']);
 				$size = $dat['width']." x ".$dat['height'];
-				$site = "[ <a href=\"".htmlspecialchars($dat['originalContextUrl'])."\" target='{$target}'>Site</a> ]";
+				$site = "[ <a href=\"".$this->func->htmlspecialchars($dat['originalContextUrl'])."\" target='{$target}'>Site</a> ]";
 
 				if ($cnt++ % $col === 0 && $cnt !== 1) $html .= "</tr><tr>";
 				$html .= "<td style='text-align:center;vertical-align:middle;'>";
@@ -288,8 +288,8 @@ function plugin_gsearch_build_video($res,$target,$col)
 			foreach ($dats as $dat)
 			{
 				if ($this->plugin_gsearch_check_ngsite($dat['url'])) {continue;}
-				$title = "[".$dat['titleNoFormatting']."]".htmlspecialchars($dat['contentNoFormatting']);
-				$site = " [ <a href=\"".htmlspecialchars($dat['url'])."\" target='{$target}'>Site</a> ]";
+				$title = "[".$dat['titleNoFormatting']."]".$this->func->htmlspecialchars($dat['contentNoFormatting']);
+				$site = " [ <a href=\"".$this->func->htmlspecialchars($dat['url'])."\" target='{$target}'>Site</a> ]";
 				$min = (int)($dat['duration'] / 60);
 				$sec = sprintf("%02d",($dat['duration'] % 60));
 				$length = $min.":".$sec;
diff --git a/xoops_trust_path/modules/xpwiki/plugin/html.inc.php b/xoops_trust_path/modules/xpwiki/plugin/html.inc.php
index bdc028e4..0edadf47 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/html.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/html.inc.php
@@ -46,7 +46,7 @@ function plugin_html_convert()
 	    	}
 	    } else {
 		    if (! $this->func->is_editable_only_admin($page)) {
-		        $page = htmlspecialchars($page);
+		        $page = $this->func->htmlspecialchars($page);
 		        if ($this->cont['UI_LANG'] === 'ja' && $this->cont['SOURCE_ENCODING'] === 'UTF-8') {
 		        	$this->msg['error_admin'] = mb_convert_encoding($this->msg['error_admin'], 'UTF-8', 'EUC-JP');
 		        }
diff --git a/xoops_trust_path/modules/xpwiki/plugin/iframe.inc.php b/xoops_trust_path/modules/xpwiki/plugin/iframe.inc.php
index 97552558..ff67a88d 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/iframe.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/iframe.inc.php
@@ -104,7 +104,7 @@ function plugin_iframe_body($args)
 		// CSS 読み込み
 		$this->func->add_tag_head('iframe.css');
 		
-		$url = htmlspecialchars($url); 
+		$url = $this->func->htmlspecialchars($url); 
 		$params = array(
 			'style'    => FALSE,
 			'iestyle'   => FALSE,
@@ -125,11 +125,11 @@ function plugin_iframe_body($args)
 			$class=" class=\"iframe_ie\"";
 			if ( $params['iestyle'] != FALSE )
 			{
-				$style = ' style="' . htmlspecialchars(strip_tags(trim($params['iestyle'], '"'))) . '"'; 
+				$style = ' style="' . $this->func->htmlspecialchars(strip_tags(trim($params['iestyle'], '"'))) . '"'; 
 			}
 			else if ( $params['style'] != FALSE )
 			{
-				$style = ' style="' . htmlspecialchars(strip_tags(trim($params['style'], '"'))) . '"';
+				$style = ' style="' . $this->func->htmlspecialchars(strip_tags(trim($params['style'], '"'))) . '"';
 			}
 			
 			return <<<HTML
diff --git a/xoops_trust_path/modules/xpwiki/plugin/import.inc.php b/xoops_trust_path/modules/xpwiki/plugin/import.inc.php
index bad491b0..76a1ff4b 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/import.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/import.inc.php
@@ -97,14 +97,14 @@ function select_option($msg = '') {
 		$keep_page_sel = array_pad(array(), 3, '');
 		$keep_page_sel[$keep_page] = ' checked';
 		
-		$target_module = $this->msg['target_module'] . htmlspecialchars($mdir) . htmlspecialchars(' -> ' . $this->root->mydirname);
+		$target_module = $this->msg['target_module'] . $this->func->htmlspecialchars($mdir) . $this->func->htmlspecialchars(' -> ' . $this->root->mydirname);
 		
 		$this->from_dir = $mdir;
 		$this->msg = array_map(array(& $this, 'replace_msg'), $this->msg);
 
 		$script = $this->func->get_script_uri();
 		$form = '<form action="'.$script.'" method="post">';
-		$form .= $this->msg['target_page'].$this->msg['target_page_note'].'<br /><input type="text" name="target_page" value="'.htmlspecialchars($target_page).'" size="50" /><br />';
+		$form .= $this->msg['target_page'].$this->msg['target_page_note'].'<br /><input type="text" name="target_page" value="'.$this->func->htmlspecialchars($target_page).'" size="50" /><br />';
 		if ($type === 'pwm') {
 			$form .= $this->msg['keep_pgid'].'<br />';
 			$form .= '&nbsp;&nbsp;<input type="radio" name="keep_pgid" value="1"'.$keep_pgid_sel[1].' /> '.$this->msg['keep_pgid_1'].'<br />';
@@ -117,7 +117,7 @@ function select_option($msg = '') {
 			$form .= '&nbsp;&nbsp;<input type="radio" name="keep_page" value="1"'.$keep_page_sel[1].' /> '.$this->msg['keep_page_1'].'<br />';
 			$form .= '&nbsp;&nbsp;<input type="radio" name="keep_page" value="2"'.$keep_page_sel[2].' /> '.$this->msg['keep_page_2'].'<br />';
 		}
-		$dir = htmlspecialchars($dir);
+		$dir = $this->func->htmlspecialchars($dir);
 		$form .= <<<EOD
 <input type="submit" value="{$this->msg['btn_do_next']}" />
 &nbsp;&nbsp;&nbsp;&nbsp;<input type="submit" name="go_first" value="{$this->msg['btn_go_first']}" />
@@ -152,9 +152,9 @@ function confirm() {
 
 		if (!$keep_pgid || !$keep_page) return $this->select_option($this->msg['invalid_option']);
 		
-		$target_module = $this->msg['target_module'] . htmlspecialchars($mdir) . htmlspecialchars(' -> ' . $this->root->mydirname);
+		$target_module = $this->msg['target_module'] . $this->func->htmlspecialchars($mdir) . $this->func->htmlspecialchars(' -> ' . $this->root->mydirname);
 		if ($target_page) $target_page = join(' & ', preg_split('/\s*&\s*/',$target_page));
-		$target_page = htmlspecialchars($target_page);
+		$target_page = $this->func->htmlspecialchars($target_page);
 		
 		$options = array();
 		$options[$this->msg['target_page']] = $target_page ? $this->msg['target_page_sel'] . $target_page : $this->msg['target_page_all'];
@@ -379,7 +379,7 @@ function file_check($op)
 			foreach ($array as $arr)
 			{
 				$pre .= ' '.$arr[1].$arr[2]."\n";
-				$dlist .= ':'.str_replace(array('|',':'),array('&#x7c;','&#x3a;'),htmlspecialchars($arr[0])).'|'.$arr[1].$arr[2]."\n";
+				$dlist .= ':'.str_replace(array('|',':'),array('&#x7c;','&#x3a;'),$this->func->htmlspecialchars($arr[0])).'|'.$arr[1].$arr[2]."\n";
 			}
 			$result .= $pre."\n\n".$dlist;
 		}
diff --git a/xoops_trust_path/modules/xpwiki/plugin/include.inc.php b/xoops_trust_path/modules/xpwiki/plugin/include.inc.php
index 3350cc57..0ed681b9 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/include.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/include.inc.php
@@ -109,7 +109,7 @@ function plugin_include_convert()
 		}
 
 		$with_title = ($options['title']? TRUE : ($options['notitle']? FALSE : $this->cont['PLUGIN_INCLUDE_WITH_TITLE']));
-		$s_page = htmlspecialchars($page);
+		$s_page = $this->func->htmlspecialchars($page);
 		$r_page = rawurlencode($page);
 		
 		// Include A page, that probably includes another pages
@@ -125,7 +125,7 @@ function plugin_include_convert()
 			$link = '<a href="' . $this->func->get_page_uri($page, TRUE) . '">' . $s_page . '</a>'; // Read link
 		
 			// I'm stuffed
-			$pageKey4disp = htmlspecialchars($pageKey);
+			$pageKey4disp = $this->func->htmlspecialchars($pageKey);
 			if ($this->root->render_mode === 'main' && isset($included[$this->xpwiki->pid][$pageKey])) {
 				return '#include('.$pageKey4disp.'): Included already: ' . $link . '<br />' . "\n";
 			} if (! $targetObj->func->is_page($page)) {
diff --git a/xoops_trust_path/modules/xpwiki/plugin/includesubmenu.inc.php b/xoops_trust_path/modules/xpwiki/plugin/includesubmenu.inc.php
index 9bcab44a..5ee2dec3 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/includesubmenu.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/includesubmenu.inc.php
@@ -58,7 +58,7 @@ function plugin_includesubmenu_convert()
 	
 	  if ($ShowPageName) {
 	    $r_page = rawurlencode($SubMenuPageName);
-	    $s_page = htmlspecialchars($SubMenuPageName);
+	    $s_page = $this->func->htmlspecialchars($SubMenuPageName);
 	    $link = "<a href=\"{$this->root->script}?cmd=edit&amp;page=$r_page\">$s_page</a>";
 	    $body = "<h1>$link</h1>\n$body";
 	  }
diff --git a/xoops_trust_path/modules/xpwiki/plugin/insert.inc.php b/xoops_trust_path/modules/xpwiki/plugin/insert.inc.php
index a1c506e3..24587503 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/insert.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/insert.inc.php
@@ -44,9 +44,9 @@ function plugin_insert_action()
 			$title = $this->root->_title_collided;
 			$body = $this->root->_msg_collided . "\n";
 	
-			$s_refer  = htmlspecialchars($this->root->vars['refer']);
-			$s_digest = htmlspecialchars($this->root->vars['digest']);
-			$s_postdata_input = htmlspecialchars($postdata_input);
+			$s_refer  = $this->func->htmlspecialchars($this->root->vars['refer']);
+			$s_digest = $this->func->htmlspecialchars($this->root->vars['digest']);
+			$s_postdata_input = $this->func->htmlspecialchars($postdata_input);
 			$script = $this->func->get_script_uri();
 			$body .= <<<EOD
 <form action="{$script}?cmd=preview" method="post">
@@ -84,8 +84,8 @@ function plugin_insert_convert()
 	
 		$insert_no = $numbers[$this->xpwiki->pid][$this->root->vars['page']]++;
 	
-		$s_page   = htmlspecialchars($this->root->vars['page']);
-		$s_digest = htmlspecialchars($this->root->digest);
+		$s_page   = $this->func->htmlspecialchars($this->root->vars['page']);
+		$s_digest = $this->func->htmlspecialchars($this->root->digest);
 		$s_cols = $this->cont['INSERT_COLS'];
 		$s_rows = $this->cont['INSERT_ROWS'];
 		$script = $this->func->get_script_uri();
diff --git a/xoops_trust_path/modules/xpwiki/plugin/interwiki.inc.php b/xoops_trust_path/modules/xpwiki/plugin/interwiki.inc.php
index 5b19b131..28da391f 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/interwiki.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/interwiki.inc.php
@@ -31,7 +31,7 @@ function plugin_interwiki_invalid()
 		return array(
 			'msg'  => $this->root->_title_invalidiwn,
 			'body' => str_replace(array('$1', '$2'),
-						array(htmlspecialchars($this->root->vars['page']),
+						array($this->func->htmlspecialchars($this->root->vars['page']),
 							$this->func->make_pagelink('InterWikiName')
 						),$this->root->_msg_invalidiwn)
 		);
diff --git a/xoops_trust_path/modules/xpwiki/plugin/isbn.inc.php b/xoops_trust_path/modules/xpwiki/plugin/isbn.inc.php
index 1a6dbf78..14293f31 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/isbn.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/isbn.inc.php
@@ -63,7 +63,7 @@ function plugin_isbn_convert() {
 		$this->root->rtf['disable_render_cache'] = true;
 
 		$aryargs = func_get_args();
-		$isbn = htmlspecialchars($aryargs[0]);	// for XSS
+		$isbn = $this->func->htmlspecialchars($aryargs[0]);	// for XSS
 		$isbn = str_replace("-","",$isbn);
 
 		$align = "right"; //規定値
@@ -78,14 +78,14 @@ function plugin_isbn_convert() {
 				elseif (strtolower($aryargs[2]) == 'header' || $aryargs[2] == 'h') $header = "header";
 				elseif (strtolower($aryargs[2]) == 'info') $header = "info";
 				elseif (strtolower($aryargs[2]) == 'img' || $aryargs[2] == 'image') $title = "image";
-				else $title = htmlspecialchars($aryargs[2]);
+				else $title = $this->func->htmlspecialchars($aryargs[2]);
 			case 2:
 				if (strtolower($aryargs[1]) == 'left') $align = "left";
 				elseif (strtolower($aryargs[1]) == 'clear') $align = "clear";
 				elseif (strtolower($aryargs[1]) == 'header' || $aryargs[1] == 'h') $header = "header";
 				elseif (strtolower($aryargs[1]) == 'info') $header = "info";
 				elseif (strtolower($aryargs[1]) == 'img' || $aryargs[1] == 'image') $title = "image";
-				else $title = htmlspecialchars($aryargs[1]);
+				else $title = $this->func->htmlspecialchars($aryargs[1]);
 			case 1:
 				if (strtolower($aryargs[0]) == 'clear')
 				{
@@ -146,8 +146,8 @@ function plugin_isbn_inline()
 		$body = preg_replace('#</?(a|span)[^>]*>#i','',$body);
 		$body = preg_replace('#(?:alt|title)=("|\').*\1#i','',$body);
 		list($isbn,$option) = array_pad($prms,2,"");
-		$option = htmlspecialchars($option); // for XSS
-		$isbn = htmlspecialchars($isbn); // for XSS
+		$option = $this->func->htmlspecialchars($option); // for XSS
+		$isbn = $this->func->htmlspecialchars($isbn); // for XSS
 		$isbn = str_replace("-","",$isbn);
 
 		$tmpary = array();
@@ -159,7 +159,7 @@ function plugin_isbn_inline()
 
 		if ($tmpary[2]) $price = "<div style=\"text-align:right;\">".str_replace('$1', $tmpary[2], $this->msg['currency'])."</div>";
 		$title = $tmpary[0];
-		//$text = htmlspecialchars(preg_replace('#</?(a|span)[^>]*>#i','',$option));
+		//$text = $this->func->htmlspecialchars(preg_replace('#</?(a|span)[^>]*>#i','',$option));
 		$alt = $this->plugin_isbn_get_caption($tmpary);
 		$amazon_a = '<a href="'.str_replace(array('_ISBN_', 'AMAZON_ASE_ID'), array($isbn, $this->config['AMAZON_ASE_ID']), $this->config['ISBN_AMAZON_SHOP']).'" target="_blank" title="'.$alt.'">';
 		$match = array();
diff --git a/xoops_trust_path/modules/xpwiki/plugin/jsmath.inc.php b/xoops_trust_path/modules/xpwiki/plugin/jsmath.inc.php
index 770f25be..6033dc23 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/jsmath.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/jsmath.inc.php
@@ -18,7 +18,7 @@ function plugin_jsmath_convert () {
 		
 		$args = func_get_args();
 		if ($body = $this->get_body($args)) {
-			return'<!--NA--><div class="math" style="text-aligh:left;">' . htmlspecialchars($body) . '</div><!--/NA-->';
+			return'<!--NA--><div class="math" style="text-aligh:left;">' . $this->func->htmlspecialchars($body) . '</div><!--/NA-->';
 		} else {
 			return '';
 		}
@@ -27,7 +27,7 @@ function plugin_jsmath_convert () {
 	function plugin_jsmath_inline () {
 		$args = func_get_args();
 		$_body = array_pop($args); // {}
-		$body =  htmlspecialchars($this->get_body($args));
+		$body =  $this->func->htmlspecialchars($this->get_body($args));
 		
 		$body = $_body? $_body : $body;
 		
diff --git a/xoops_trust_path/modules/xpwiki/plugin/lookup.inc.php b/xoops_trust_path/modules/xpwiki/plugin/lookup.inc.php
index a5480e10..2e41d504 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/lookup.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/lookup.inc.php
@@ -31,12 +31,12 @@ function plugin_lookup_convert()
 		if ($num == 0 || $num > 3) return $this->cont['PLUGIN_LOOKUP_USAGE'];
 
 		$args = func_get_args();
-		$interwiki = htmlspecialchars(trim($args[0]));
+		$interwiki = $this->func->htmlspecialchars(trim($args[0]));
 		$button    = isset($args[1]) ? trim($args[1]) : '';
-		$button    = ($button != '') ? htmlspecialchars($button) : 'lookup';
-		$default   = ($num > 2) ? htmlspecialchars(trim($args[2])) : '';
+		$button    = ($button != '') ? $this->func->htmlspecialchars($button) : 'lookup';
+		$default   = ($num > 2) ? $this->func->htmlspecialchars(trim($args[2])) : '';
 		$default = str_replace('$uname', $this->cont['USER_NAME_REPLACE'], $default);
-		$s_page    = htmlspecialchars($this->root->vars['page']);
+		$s_page    = $this->func->htmlspecialchars($this->root->vars['page']);
 		++$id[$this->xpwiki->pid];
 
 		$script = $this->func->get_script_uri();
@@ -67,7 +67,7 @@ function plugin_lookup_action()
 		$url = $this->func->get_interwiki_url($inter, $page);
 		if ($url === FALSE) {
 			$msg = sprintf('InterWikiName "%s" not found', $inter);
-			$msg = htmlspecialchars($msg);
+			$msg = $this->func->htmlspecialchars($msg);
 			return array('msg'=>'Not found', 'body'=>$msg);
 		}
 
diff --git a/xoops_trust_path/modules/xpwiki/plugin/ls2.inc.php b/xoops_trust_path/modules/xpwiki/plugin/ls2.inc.php
index 2f22865d..ef1aa230 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/ls2.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/ls2.inc.php
@@ -88,7 +88,7 @@ function plugin_ls2_action() {
 		$body = $this->plugin_ls2_show_lists($prefix, $params);
 
 		return array('body'=>$body,
-		'msg'=>str_replace('$1', htmlspecialchars($prefix), $this->root->_ls2_msg_title));
+		'msg'=>str_replace('$1', $this->func->htmlspecialchars($prefix), $this->root->_ls2_msg_title));
 	}
 
 	function can_call_otherdir_convert() {
@@ -114,8 +114,8 @@ function plugin_ls2_convert() {
 		if ($prefix === '/') $prefix = '';
 		$params['_base_lev'] = substr_count($prefix, '/');
 
-		$title = (! empty($params['_args'])) ? htmlspecialchars(join(',', $params['_args'])) :   // Manual
-			str_replace('$1', htmlspecialchars($prefix), $this->root->_ls2_msg_title); // Auto
+		$title = (! empty($params['_args'])) ? $this->func->htmlspecialchars(join(',', $params['_args'])) :   // Manual
+			str_replace('$1', $this->func->htmlspecialchars($prefix), $this->root->_ls2_msg_title); // Auto
 
 		$tmp = array();
 		$tmp[] = 'plugin=ls2&amp;prefix=$prefix';
@@ -220,7 +220,7 @@ function plugin_ls2_show_lists($prefix, & $params) {
 		if ($params['reverse']) $pages = array_reverse($pages);
 
 		if (empty($pages)) {
-			return str_replace('$1', htmlspecialchars($prefix), $this->root->_ls2_err_nopages);
+			return str_replace('$1', $this->func->htmlspecialchars($prefix), $this->root->_ls2_err_nopages);
 		} else {
 			$rows = ceil(count($pages) / $params['col']);
 			$pages_g = array_chunk($pages, $rows);
@@ -250,7 +250,7 @@ function plugin_ls2_get_headings($page, & $params, $level, $include = FALSE) {
 		if (! $is_done) $params["page_$page"] = ++$_ls2_anchor[$this->xpwiki->pid];
 
 		$r_page = rawurlencode($page);
-		$s_page = htmlspecialchars($page);
+		$s_page = $this->func->htmlspecialchars($page);
 		$title  = $s_page . ' ' . $this->func->get_pg_passage($page, FALSE);
 		if ($this->root->pagename_num2str && $this->func->is_page($page)) $s_page =  preg_replace('/\/(?:[0-9\-]+|[B0-9][A-Z0-9]{9})$/','/'.$this->func->get_heading($page),$s_page);
 		$margin_left = 0;
diff --git a/xoops_trust_path/modules/xpwiki/plugin/lsx.inc.php b/xoops_trust_path/modules/xpwiki/plugin/lsx.inc.php
index e91d72db..373f094d 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/lsx.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/lsx.inc.php
@@ -102,7 +102,7 @@ function action()
 
 	function body($args, $args_decomposed = FALSE)
 	{
-		$parser = new XpWikiPluginLsxOptionParser();
+		$parser = new XpWikiPluginLsxOptionParser($this->xpwiki);
 		$this->options = $parser->parse_options($args, $this->options, $args_decomposed);
 
 		if ($this->options['rtag'][1]) {
@@ -130,7 +130,7 @@ function narrow_metapages()
 	{
 		$this->filter_pages();
 
-		$parser = new XpWikiPluginLsxOptionParser();
+		$parser = new XpWikiPluginLsxOptionParser($this->xpwiki);
 		$mdepth = $this->depth_metapages();
 		$this->options['depth'][1] = $parser->parse_numoption($this->options['depth'][1], 1, $mdepth);
 		if ($parser->error != "") { $this->error = $parser->error; return; }
@@ -339,7 +339,7 @@ function list_pages()
 	function make_pagelink($page, $alias)
 	{
 		$tmp = $this->root->show_passage; $this->root->show_passage = 0;
-		$link = $this->func->make_pagelink($page, htmlspecialchars($alias));
+		$link = $this->func->make_pagelink($page, $this->func->htmlspecialchars($alias));
 		$this->root->show_passage = $tmp;
 		return $link;
 	}
@@ -626,7 +626,7 @@ function metapages()
 				$this->error  = 'The tag token, ' . $this->options['tag'][1] . ', is invalid. ';
 				$this->error .= 'Perhaps, the tag does not exist. ';
 			}
-			$this->title = $this->root->_title_list." [Tag: ".htmlspecialchars($this->options['tag'][1])." ]";
+			$this->title = $this->root->_title_list." [Tag: ".$this->func->htmlspecialchars($this->options['tag'][1])." ]";
 		}
 		$metapages = array();
 		foreach ($pages as $i => $page) {
@@ -732,7 +732,13 @@ function get_filetime($page)
 class XpWikiPluginLsxOptionParser
 {
 	var $error = "";
-
+	var $func;
+	
+	function __construct(& $xpwiki)
+	{
+		$this->func =& $xpwiki->func;
+	}
+	
 	function parse_options($args, $options, $decomposed = FALSE)
 	{
 		if (! $decomposed) {
@@ -762,7 +768,7 @@ function parse_options($args, $options, $decomposed = FALSE)
 				$options[$key][1] = $val;
 				break;
 			case 'sanitize':
-				$options[$key][1] = htmlspecialchars($val);
+				$options[$key][1] = $this->func->htmlspecialchars($val);
 				break;
 			case 'number':
 				// Do not parse yet, parse after getting min and max. Here, just format checking
diff --git a/xoops_trust_path/modules/xpwiki/plugin/map.inc.php b/xoops_trust_path/modules/xpwiki/plugin/map.inc.php
index 1a1dbc9b..6e676e5b 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/map.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/map.inc.php
@@ -81,7 +81,7 @@ function plugin_map_action()
 			
 			if ($this->show_not_related) {
 				$retval['body'] .= '<hr />' . "\n" .
-				'<p>Not related from ' . htmlspecialchars($refer) . '</p>' . "\n";
+				'<p>Not related from ' . $this->func->htmlspecialchars($refer) . '</p>' . "\n";
 				$keys = array_keys($nodes);
 				sort($keys);
 				$retval['body'] .= '<ul>' . "\n";
diff --git a/xoops_trust_path/modules/xpwiki/plugin/md5.inc.php b/xoops_trust_path/modules/xpwiki/plugin/md5.inc.php
index 34c1654e..08cb2335 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/md5.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/md5.inc.php
@@ -66,7 +66,7 @@ function plugin_md5_show_form($nophrase = FALSE, $value = '')
 		if (strlen($value) > $this->cont['PKWK_PASSPHRASE_LIMIT_LENGTH'])
 			$this->func->die_message('Limit: malicious message length');
 	
-		if ($value != '') $value = 'value="' . htmlspecialchars($value) . '" ';
+		if ($value != '') $value = 'value="' . $this->func->htmlspecialchars($value) . '" ';
 	
 		$sha1_enabled = function_exists('sha1');
 		$sha1_checked = $md5_checked = '';
diff --git a/xoops_trust_path/modules/xpwiki/plugin/memo.inc.php b/xoops_trust_path/modules/xpwiki/plugin/memo.inc.php
index dc2c1973..ba5ad515 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/memo.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/memo.inc.php
@@ -46,9 +46,9 @@ function plugin_memo_action()
 			$title = $this->root->_title_collided;
 			$body  = $this->root->_msg_collided . "\n";
 	
-			$s_refer  = htmlspecialchars($this->root->vars['refer']);
-			$s_digest = htmlspecialchars($this->root->vars['digest']);
-			$s_postdata_input = htmlspecialchars($postdata_input);
+			$s_refer  = $this->func->htmlspecialchars($this->root->vars['refer']);
+			$s_digest = $this->func->htmlspecialchars($this->root->vars['digest']);
+			$s_postdata_input = $this->func->htmlspecialchars($postdata_input);
 			$script = $this->func->get_script_uri();
 			$body .= <<<EOD
 <form action="{$script}?cmd=preview" method="post">
@@ -87,7 +87,7 @@ function plugin_memo_convert()
 		$data = implode(',', $data);	// Care all arguments
 		$data = str_replace('&#x2c;', ',', $data); // Unescape commas
 		$data = str_replace('&#x22;', '"', $data); // Unescape double quotes
-		$data = htmlspecialchars(str_replace('\n', "\n", $data));
+		$data = $this->func->htmlspecialchars(str_replace('\n', "\n", $data));
 	
 		if ($this->cont['PKWK_READONLY']) {
 			$_script = '';
@@ -97,8 +97,8 @@ function plugin_memo_convert()
 			$_submit = '<input type="submit" name="memo"    value="' . $this->root->_btn_memo_update . '" />';
 		}
 	
-		$s_page   = htmlspecialchars($this->root->vars['page']);
-		$s_digest = htmlspecialchars($this->root->digest);
+		$s_page   = $this->func->htmlspecialchars($this->root->vars['page']);
+		$s_digest = $this->func->htmlspecialchars($this->root->digest);
 		$s_cols   = $this->cont['MEMO_COLS'];
 		$s_rows   = $this->cont['MEMO_ROWS'];
 		$string   = <<<EOD
diff --git a/xoops_trust_path/modules/xpwiki/plugin/menu.inc.php b/xoops_trust_path/modules/xpwiki/plugin/menu.inc.php
index 9a3141f6..153b50e3 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/menu.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/menu.inc.php
@@ -35,7 +35,7 @@ function plugin_menu_action() {
 		$page_menus = array();
 		if (isset($this->root->vars['refer']) && $this->root->vars['refer'] !== '') {
 			$_page = $this->root->vars['refer'];
-			$msg = htmlspecialchars($_page) . ' - Menu';
+			$msg = $this->func->htmlspecialchars($_page) . ' - Menu';
 			
 			$is_editable =  $this->func->check_editable($_page, FALSE, FALSE);
 			$is_freeze = $this->func->is_freeze($_page);
@@ -85,8 +85,8 @@ function plugin_menu_convert() {
 		if ($num > 0) {
 			// Try to change default 'MenuBar' page name (only)
 			if ($num > 1)       return '#menu(): Zero or One argument needed';
-			//if ($menu[$this->root->mydirname] !== NULL) return '#menu(): Already set: ' . htmlspecialchars($menu[$this->root->mydirname]);
-			if (isset($GLOBALS['Xpwiki_'.$this->root->mydirname]['cache']['MenuPage'])) return '#menu(): Already set: ' . htmlspecialchars($GLOBALS['Xpwiki_'.$this->root->mydirname]['cache']['MenuPage']);
+			//if ($menu[$this->root->mydirname] !== NULL) return '#menu(): Already set: ' . $this->func->htmlspecialchars($menu[$this->root->mydirname]);
+			if (isset($GLOBALS['Xpwiki_'.$this->root->mydirname]['cache']['MenuPage'])) return '#menu(): Already set: ' . $this->func->htmlspecialchars($GLOBALS['Xpwiki_'.$this->root->mydirname]['cache']['MenuPage']);
 			$args = func_get_args();
 			$args[0] = $this->func->get_fullname($args[0], $this->root->vars['page']);
 			if (! $this->func->is_page($args[0])) {
@@ -121,7 +121,7 @@ function plugin_menu_convert() {
 			if (! $this->func->is_page($page)) {
 				return '';
 			} else if ($this->root->vars['page'] == $page) {
-				return '<!-- #menu(): You already view ' . htmlspecialchars($page) . ' -->';
+				return '<!-- #menu(): You already view ' . $this->func->htmlspecialchars($page) . ' -->';
 			} else {
 				// Cut fixed anchors
 				$menutext = preg_replace('/^(\*{1,5}.*)\[#[A-Za-z][_0-9a-zA-Z-]+\](.*)$/m', '$1$2', $this->func->get_source($page));
diff --git a/xoops_trust_path/modules/xpwiki/plugin/navi.inc.php b/xoops_trust_path/modules/xpwiki/plugin/navi.inc.php
index ddd5df84..5390bb10 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/navi.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/navi.inc.php
@@ -80,9 +80,9 @@ function plugin_navi_convert()
 			$is_home = ($home === $current);
 			if (! $is_home &&
 			    ! preg_match('/^' . preg_quote($home, '/') . '/', $current)) {
-				return '#navi(' . htmlspecialchars($home) .
+				return '#navi(' . $this->func->htmlspecialchars($home) .
 				'): Not a child page like: ' .
-				htmlspecialchars($home . '/' . $this->func->basename($current)) .
+				$this->func->htmlspecialchars($home . '/' . $this->func->basename($current)) .
 				'<br />';
 			}
 			$set_home = TRUE;
@@ -98,7 +98,7 @@ function plugin_navi_convert()
 		
 		if (! $this->func->is_page($home)) {
 			return '#navi(contents-page-name): No such page: ' .
-			htmlspecialchars($home) . '<br />';
+			$this->func->htmlspecialchars($home) . '<br />';
 		}		
 		
 		$key = $home_default? '/' : $home;
@@ -171,17 +171,17 @@ function plugin_navi_convert()
 			if (! $is_home) {
 				$navi[$this->xpwiki->pid][$key]['prev']  = $this->func->make_pagelink($prev, '#compact:' . $home);
 				$navi[$this->xpwiki->pid][$key]['prev1'] = $this->func->make_pagelink($prev, $this->root->_navi_prev);
-				$this->func->add_tag_head('<link rel="prev" title="' . htmlspecialchars($prev) . '" href="' . $this->func->get_page_uri($prev, TRUE) . '" />');
+				$this->func->add_tag_head('<link rel="prev" title="' . $this->func->htmlspecialchars($prev) . '" href="' . $this->func->get_page_uri($prev, TRUE) . '" />');
 			}
 			if ($next != '') {
 				$navi[$this->xpwiki->pid][$key]['next']  = $this->func->make_pagelink($next, '#compact:' . $home);
 				$navi[$this->xpwiki->pid][$key]['next1'] = $this->func->make_pagelink($next, $this->root->_navi_next);
-				$this->func->add_tag_head('<link rel="next" title="' . htmlspecialchars($next) . '" href="' . $this->func->get_page_uri($next, TRUE) . '" />');
+				$this->func->add_tag_head('<link rel="next" title="' . $this->func->htmlspecialchars($next) . '" href="' . $this->func->get_page_uri($next, TRUE) . '" />');
 			}
 			$navi[$this->xpwiki->pid][$key]['home']  = $this->func->make_pagelink($home);
 			if ($set_home) {
 				$navi[$this->xpwiki->pid][$key]['home1'] = $this->func->make_pagelink($home, $this->root->_navi_home);
-				$this->func->add_tag_head('<link rel="start" title="' . htmlspecialchars($home) . '" href="' . $this->func->get_page_uri($home, TRUE) . '" />');
+				$this->func->add_tag_head('<link rel="start" title="' . $this->func->htmlspecialchars($home) . '" href="' . $this->func->get_page_uri($home, TRUE) . '" />');
 			}
 			
 			// Generate <link> tag: start next prev(previous) parent(up)
@@ -190,7 +190,7 @@ function plugin_navi_convert()
 				foreach (array('start'=>$home, 'next'=>$next,
 			    'prev'=>$prev, 'up'=>$up) as $rel=>$_page) {
 					if ($_page !== '') {
-						$s_page = htmlspecialchars($_page);
+						$s_page = $this->func->htmlspecialchars($_page);
 						$r_page = rawurlencode($_page);
 						$this->root->head_tags[] = ' <link rel="' .
 						$rel . '" href="' . $this->root->script .
@@ -210,7 +210,7 @@ function plugin_navi_convert()
 				return '#navi(contents-page-name): You already view the result<br />';
 			} else if ($count == 1) {
 				// Sentinel only: Show usage and warning
-				$home = htmlspecialchars($home);
+				$home = $this->func->htmlspecialchars($home);
 				$ret .= '#navi(' . $home . '): No child page like: ' .
 				$home . '/Foo';
 			} else {
diff --git a/xoops_trust_path/modules/xpwiki/plugin/new.inc.php b/xoops_trust_path/modules/xpwiki/plugin/new.inc.php
index 6fae9d06..1844f893 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/new.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/new.inc.php
@@ -44,7 +44,7 @@ function plugin_new_inline()
 		
 		$this->fetch_options($options, $args);
 		
-		$options['class'] = htmlspecialchars($options['class']);
+		$options['class'] = $this->func->htmlspecialchars($options['class']);
 		
 		if($date !== '') {
 			// Show 'New!' message by the time of the $date string
diff --git a/xoops_trust_path/modules/xpwiki/plugin/newpage.inc.php b/xoops_trust_path/modules/xpwiki/plugin/newpage.inc.php
index 63a16d7e..f119b239 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/newpage.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/newpage.inc.php
@@ -24,14 +24,14 @@ function plugin_newpage_convert()
 			if ($default === '$uname') {
 				$default = $this->cont['USER_NAME_REPLACE'];
 			} else {
-				$default = htmlspecialchars($default);
+				$default = $this->func->htmlspecialchars($default);
 			}
 		}
 
 		if (! preg_match('/^' . $this->root->BracketName . '$/', $newpage)) $newpage = '';
 
 
-		$s_page = htmlspecialchars(isset($this->root->vars['refer']) ? $this->root->vars['refer'] : $this->root->vars['page']);
+		$s_page = $this->func->htmlspecialchars(isset($this->root->vars['refer']) ? $this->root->vars['refer'] : $this->root->vars['page']);
 
 		++$id[$this->xpwiki->pid];
 		$base_form = $newpage? $this->get_base_form($newpage, $id[$this->xpwiki->pid]) : '<label for="_p_newpage_'.$id[$this->xpwiki->pid].'">' . $this->root->_msg_newpage . ': </label>';
@@ -88,7 +88,7 @@ function get_base_form($base, $id) {
 		}
 
 		$form = array();
-		$base = htmlspecialchars($base) . '/';
+		$base = $this->func->htmlspecialchars($base) . '/';
 		if (count($pages) < 1) {
 			$form[] = '<input type="hidden" name="base" value="' . $base . '" />';
 			$form[] = '<label for="_p_newpage_'.$id.'">'.$base.'</label>';
@@ -96,7 +96,7 @@ function get_base_form($base, $id) {
 			$form[] = '<select name="base" size="1" onchange="$(\'_p_newpage_'.$id.'\').focus();">';
 			$form[] = '<option selected="selected">' . $base . '</option>';
 			foreach($pages as $page) {
-				$form[] = '<option>' . htmlspecialchars($page) . '/</option>';
+				$form[] = '<option>' . $this->func->htmlspecialchars($page) . '/</option>';
 			}
 			$form[] = '</select>';
 		}
diff --git a/xoops_trust_path/modules/xpwiki/plugin/page_comments.inc.php b/xoops_trust_path/modules/xpwiki/plugin/page_comments.inc.php
index 2d84c295..cc015367 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/page_comments.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/page_comments.inc.php
@@ -26,7 +26,7 @@ function plugin_page_comments_inline() {
 				}
 			}
 		}
-		$options['class'] = htmlspecialchars($options['class']);
+		$options['class'] = $this->func->htmlspecialchars($options['class']);
 
 		$comments = '';
 		if ($this->func->is_page($page) && $this->root->allow_pagecomment && $this->root->enable_pagecomment) {
diff --git a/xoops_trust_path/modules/xpwiki/plugin/paint.inc.php b/xoops_trust_path/modules/xpwiki/plugin/paint.inc.php
index f11f3a54..2d465103 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/paint.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/paint.inc.php
@@ -91,7 +91,7 @@ function plugin_paint_action()
 			if (array_key_exists('refer',$this->root->vars))
 			{
 				$r_refer = rawurlencode($this->root->vars['refer']);
-				$s_refer = htmlspecialchars($this->root->vars['refer']);
+				$s_refer = $this->func->htmlspecialchars($this->root->vars['refer']);
 			}
 			$link = "<p><a href=\"{$this->root->script}?$r_refer\">$s_refer</a></p>";;
 	
@@ -115,7 +115,7 @@ function plugin_paint_action()
 			$f_w = (is_numeric($width) and $width > 0) ? $width : $this->cont['PAINT_DEFAULT_WIDTH'];
 			$f_h = (is_numeric($height) and $height > 0) ? $height : $this->cont['PAINT_DEFAULT_HEIGHT'];
 			$f_refer = array_key_exists('refer',$this->root->vars) ? $this->func->encode($this->root->vars['refer']) : ''; // BBSPainter.jarがshift-jisに変換するのを回避
-			$f_digest = array_key_exists('digest',$this->root->vars) ? htmlspecialchars($this->root->vars['digest']) : '';
+			$f_digest = array_key_exists('digest',$this->root->vars) ? $this->func->htmlspecialchars($this->root->vars['digest']) : '';
 			$f_no = (array_key_exists('paint_no',$this->root->vars) and is_numeric($this->root->vars['paint_no'])) ?
 				$this->root->vars['paint_no'] + 0 : 0;
 	
@@ -193,7 +193,7 @@ function plugin_paint_convert()
 		}
 	
 		//XSS脆弱性問題 - 外部から来た変数をエスケープ
-		$f_page = htmlspecialchars($this->root->vars['page']);
+		$f_page = $this->func->htmlspecialchars($this->root->vars['page']);
 	
 		$max = sprintf($this->root->_paint_messages['msg_max'],$this->cont['PAINT_MAX_WIDTH'],$this->cont['PAINT_MAX_HEIGHT']);
 		$script = $this->func->get_script_uri();
diff --git a/xoops_trust_path/modules/xpwiki/plugin/pcomment.inc.php b/xoops_trust_path/modules/xpwiki/plugin/pcomment.inc.php
index 86c0eeda..5fc3eb39 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/pcomment.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/pcomment.inc.php
@@ -164,11 +164,11 @@ function plugin_pcomment_convert()
 		if (! $page ) $page = sprintf($this->conf['PAGE'], $this->func->strip_bracket($vars_page));
 		$count = isset($params['_args'][0]) ? intval($params['_args'][0]) : 0;
 		if ($count == 0) $count = $this->conf['NUM_COMMENTS'];
-		$temp = htmlspecialchars($params['template']);
+		$temp = $this->func->htmlspecialchars($params['template']);
 
 		$_page = $this->func->get_fullname($this->func->strip_bracket($page), $vars_page);
 		if (!$this->func->is_pagename($_page))
-			return sprintf($this->root->_pcmt_messages['err_pagename'], htmlspecialchars($_page));
+			return sprintf($this->root->_pcmt_messages['err_pagename'], $this->func->htmlspecialchars($_page));
 
 		$dir = $this->conf['DIRECTION_DEFAULT'];
 		if ($params['below']) {
@@ -232,13 +232,13 @@ function plugin_pcomment_convert()
 				$twitter = '<div><!--NA--><input type="checkbox" id="'.$domid.'" name="twitter" value="1"' . $twitter_disabled . $twitter_checked . ' /><label for="'.$domid.'"> ' . $this->msg['with_twitter'] . '</label>' . $twitter_note . '<!--/NA--></div>';
 			}
 
-			$s_page   = htmlspecialchars($_page);
+			$s_page   = $this->func->htmlspecialchars($_page);
 			if ($this->root->render_mode !== 'render') {
-				$s_refer = htmlspecialchars($vars_page);
+				$s_refer = $this->func->htmlspecialchars($vars_page);
 			} else {
-				$s_refer = htmlspecialchars($_SERVER['REQUEST_URI']);
+				$s_refer = $this->func->htmlspecialchars($_SERVER['REQUEST_URI']);
 			}
-			$s_nodate = htmlspecialchars($params['nodate']);
+			$s_nodate = $this->func->htmlspecialchars($params['nodate']);
 
 			$form_start = '<form action="' . $this->func->get_script_uri() . '" method="post">' . "\n";
 			$form = <<<EOD
@@ -356,7 +356,7 @@ function plugin_pcomment_insert()
 		if (! $this->func->is_page($page)) {
 			$this->func->make_empty_page($page);
 			if (! $new_page = $this->func->auto_template($page)) $new_page = $this->conf['NEW_PAGE_FORMAT'];
-			$postdata = str_replace('<_REFER_>', htmlspecialchars($this->func->strip_bracket($refer)), $new_page) . "\n" .
+			$postdata = str_replace('<_REFER_>', $this->func->htmlspecialchars($this->func->strip_bracket($refer)), $new_page) . "\n" .
 			'-' . $msg . "\n";
 		} else {
 			$postdata = $this->func->get_source($page);
diff --git a/xoops_trust_path/modules/xpwiki/plugin/pginfo.inc.php b/xoops_trust_path/modules/xpwiki/plugin/pginfo.inc.php
index 53809495..cc370572 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/pginfo.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/pginfo.inc.php
@@ -421,7 +421,7 @@ function get_form ($page = '') {
 			if ($pginfo['einherit'] === 3) $pginfo['einherit'] = 1;
 			if ($pginfo['vinherit'] === 3) $pginfo['vinherit'] = 1;
 		}
-		$spage = htmlspecialchars($page);
+		$spage = $this->func->htmlspecialchars($page);
 
 		$s_['einhelit'] = array_pad(array(), 4, '');
 		$s_['einhelit'][$pginfo['einherit']] = ' checked="checked"';
@@ -464,9 +464,9 @@ function get_form ($page = '') {
 				$eaid = intval($eaid);
 				if ($eaid && ! $this->func->check_admin($eaid)) {
 					if ($pginfo['einherit'] === 4) {
-						$edit_user_list .= htmlspecialchars($this->func->getUnameFromId($eaid)).'['.$eaid.'] ';
+						$edit_user_list .= $this->func->htmlspecialchars($this->func->getUnameFromId($eaid)).'['.$eaid.'] ';
 					} else {
-						$edit_user_list .= '<span class="exist">'.htmlspecialchars($this->func->getUnameFromId($eaid)).'['.$eaid.'] </span>';
+						$edit_user_list .= '<span class="exist">'.$this->func->htmlspecialchars($this->func->getUnameFromId($eaid)).'['.$eaid.'] </span>';
 					}
 				}
 			}
@@ -484,9 +484,9 @@ function get_form ($page = '') {
 				$vaid = intval($vaid);
 				if ($vaid && ! $this->func->check_admin($vaid)) {
 					if ($pginfo['vinherit'] === 4) {
-						$view_user_list .= htmlspecialchars($this->func->getUnameFromId($vaid)).'['.$vaid.'] ';
+						$view_user_list .= $this->func->htmlspecialchars($this->func->getUnameFromId($vaid)).'['.$vaid.'] ';
 					} else {
-						$view_user_list .= '<span class="exist">'.htmlspecialchars($this->func->getUnameFromId($vaid)).'['.$vaid.'] </span>';
+						$view_user_list .= '<span class="exist">'.$this->func->htmlspecialchars($this->func->getUnameFromId($vaid)).'['.$vaid.'] </span>';
 					}
 				}
 			}
@@ -503,7 +503,7 @@ function get_form ($page = '') {
 
 		$title_permission_default = ($page && $this->root->userinfo['admin'])? '<hr /><p><a href="'.$this->root->script.'?cmd=pginfo">'.$this->msg['title_permission_default'].'</a></p>' : '';
 
-		$uid_form = ($page && $this->root->userinfo['admin'])? '&nbsp;&nbsp;' . $this->root->_LANG['skin']['pageowner'] . ' User ID: <input type="text" name="uid" size="5" value="' . htmlspecialchars($pginfo['uid']) . '" />' : '';
+		$uid_form = ($page && $this->root->userinfo['admin'])? '&nbsp;&nbsp;' . $this->root->_LANG['skin']['pageowner'] . ' User ID: <input type="text" name="uid" size="5" value="' . $this->func->htmlspecialchars($pginfo['uid']) . '" />' : '';
 		$script = $this->func->get_script_uri();
 		$form = <<<EOD
 <script language="javascript">
diff --git a/xoops_trust_path/modules/xpwiki/plugin/random.inc.php b/xoops_trust_path/modules/xpwiki/plugin/random.inc.php
index 493f1fb5..7b913300 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/random.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/random.inc.php
@@ -36,7 +36,7 @@ function plugin_random_convert()
 	
 		return "<p><a href=\"{$this->root->script}?plugin=random&amp;refer=" .
 		rawurlencode($this->root->vars['page']) . '">' .
-		htmlspecialchars($title) . '</a></p>';
+		$this->func->htmlspecialchars($title) . '</a></p>';
 	}
 	
 	function plugin_random_action()
diff --git a/xoops_trust_path/modules/xpwiki/plugin/read.inc.php b/xoops_trust_path/modules/xpwiki/plugin/read.inc.php
index 823ae8ac..a983332d 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/read.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/read.inc.php
@@ -71,7 +71,7 @@ function plugin_read_action()
 			// 無効なページ名
 			return array(
 				'msg'=>$this->root->_title_invalidwn,
-				'body'=>str_replace('$1', htmlspecialchars($page),
+				'body'=>str_replace('$1', $this->func->htmlspecialchars($page),
 				str_replace('$2', 'WikiName', $this->root->_msg_invalidiwn))
 			);
 		}
diff --git a/xoops_trust_path/modules/xpwiki/plugin/recent.inc.php b/xoops_trust_path/modules/xpwiki/plugin/recent.inc.php
index 0073248d..adc03234 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/recent.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/recent.inc.php
@@ -134,7 +134,7 @@ function plugin_recent_convert()
 				'<ul class="recent_list">' . "\n";
 			}
 
-			$s_page = htmlspecialchars($page);
+			$s_page = $this->func->htmlspecialchars($page);
 			if($page === $this->root->vars['page']) {
 				// No need to link to the page you just read, or notify where you just read
 				$items .= ' <li><!--NA-->' . str_replace('/', '/' . $this->root->hierarchy_insert, $s_page) . '<!--/NA--></li>' . "\n";
diff --git a/xoops_trust_path/modules/xpwiki/plugin/recentchanges.inc.php b/xoops_trust_path/modules/xpwiki/plugin/recentchanges.inc.php
index a9db1101..258c00f7 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/recentchanges.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/recentchanges.inc.php
@@ -36,7 +36,7 @@ function plugin_recentchanges_action()
 				$lasteditor = $this->func->get_lasteditor($this->func->get_pginfo($page));
 				if ($lasteditor) $lasteditor = ' <small>by '.$lasteditor.'</small>';
 				$items .= '<li style="clear:both;">'.$this->func->make_pagelink($page).' '.$this->func->get_pg_passage($page).$tb_tag;
-				$items .= '<ul class="list2"><li>'.$lastmod.$lasteditor.' <a href="'.$this->root->script.'?cmd=backup&amp;page='.rawurlencode($page).'&amp;action=diff" title="'.htmlspecialchars($this->root->_msg_diff).'"><img src="'.$this->cont['LOADER_URL'].'?src=compare_diff.png" alt="'.htmlspecialchars($this->root->_msg_diff).'" width="16" height="16"></a>';
+				$items .= '<ul class="list2"><li>'.$lastmod.$lasteditor.' <a href="'.$this->root->script.'?cmd=backup&amp;page='.rawurlencode($page).'&amp;action=diff" title="'.$this->func->htmlspecialchars($this->root->_msg_diff).'"><img src="'.$this->cont['LOADER_URL'].'?src=compare_diff.png" alt="'.$this->func->htmlspecialchars($this->root->_msg_diff).'" width="16" height="16"></a>';
 				$added = $this->func->get_page_changes($page);
 				if ($this->show_recent && $added) {
 					list($added) = explode('&#182;<!--ADD_TEXT_SEP-->',$added);
diff --git a/xoops_trust_path/modules/xpwiki/plugin/redirect.inc.php b/xoops_trust_path/modules/xpwiki/plugin/redirect.inc.php
index a49c167f..7d2e7d0b 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/redirect.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/redirect.inc.php
@@ -15,12 +15,16 @@ function plugin_redirect_convert() {
 		if ($arg = func_get_args()) {
 		    $page = $this->root->vars['page'];
 		    if (! $this->func->is_editable_only_admin($page)) {
-		        $page = htmlspecialchars($page);
+		        $page = $this->func->htmlspecialchars($page);
 		        return str_replace('$page', $page, '<p>#redirect([path]): require set to editable only admin</p>');
 		    }
 			$path = $arg[0];
-			$location = $this->cont['ROOT_URL'] . ltrim($path, '/');
-			$this->func->send_location('', '', $location);
+			if (! $this->xpwiki->isSinglton) {
+				$location = $this->cont['ROOT_URL'] . ltrim($path, '/');
+				$this->func->send_location('', '', $location);
+			} else {
+				return '<p>#redirect('.$this->func->htmlspecialchars($path).')</p>';
+			}
 		}
 		return '<p>#redirect([path])</p>';
 	}
diff --git a/xoops_trust_path/modules/xpwiki/plugin/ref.inc.php b/xoops_trust_path/modules/xpwiki/plugin/ref.inc.php
index 548c29d9..be425d47 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/ref.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/ref.inc.php
@@ -370,7 +370,7 @@ function get_body($args, $inline = false){
 			return $params;
 		}
 
-		if ($params['_title']) $lvar['caption'] = htmlspecialchars(join(', ', $params['_title']));
+		if ($params['_title']) $lvar['caption'] = $this->func->htmlspecialchars(join(', ', $params['_title']));
 
 		// ファイルタイプの設定
 		$this->get_type($lvar, $args, $params);
@@ -493,15 +493,15 @@ function get_body($args, $inline = false){
 					// サムネイルあり
 					// URL のローカルパスをURIパスに変換
 					$lvar['url'] = str_replace($this->cont['DATA_HOME'], $this->cont['HOME_URL'], $lvar['url']);
-					$lvar['link'] = htmlspecialchars($lvar['name']);
+					$lvar['link'] = $this->func->htmlspecialchars($lvar['name']);
 				} else {
 					// サムネイルなし
-					$lvar['url'] = htmlspecialchars($lvar['name']);
+					$lvar['url'] = $this->func->htmlspecialchars($lvar['name']);
 					$lvar['link'] = $lvar['url'];
 				}
 
 			} else {
-				$lvar['url'] = htmlspecialchars($lvar['name']);
+				$lvar['url'] = $this->func->htmlspecialchars($lvar['name']);
 				$lvar['link'] = $lvar['url'];
 			}
 
@@ -518,16 +518,16 @@ function get_body($args, $inline = false){
 			if (in_array('name', $this->conf['imgTitles'])) $lvar['title'][] = $_filename;
 			if (in_array('name', $this->conf['imgAlts'])) $lvar['alt'][] = $_filename;
 
-			$lvar['title'] = htmlspecialchars(join(', ', $lvar['title']));
+			$lvar['title'] = $this->func->htmlspecialchars(join(', ', $lvar['title']));
 
 		} else if ($lvar['type'] === 2) {
 			// URL画像以外
 			$lvar['url'] = '';
 			if (empty($lvar['text'])) {
-				$lvar['link'] = htmlspecialchars($lvar['name']);
-				$lvar['text'] = htmlspecialchars($lvar['name']);
+				$lvar['link'] = $this->func->htmlspecialchars($lvar['name']);
+				$lvar['text'] = $this->func->htmlspecialchars($lvar['name']);
 				$lvar['title'][] = (preg_match('/([^\/]+)$/', $lvar['name'], $match))? $match[1] : '';
-				$lvar['title'] = htmlspecialchars(join(', ', $lvar['title']));
+				$lvar['title'] = $this->func->htmlspecialchars(join(', ', $lvar['title']));
 			}
 		} else if ($lvar['type'] === 3) {
 			// 添付画像
@@ -539,7 +539,7 @@ function get_body($args, $inline = false){
 			}
 
 			if ($lvar['isurl']) {
-				$lvar['link'] = htmlspecialchars($lvar['isurl']);
+				$lvar['link'] = $this->func->htmlspecialchars($lvar['isurl']);
 			} else {
 				$lvar['link'] = '';
 			}
@@ -648,7 +648,7 @@ function get_body($args, $inline = false){
 
 			$lvar['text'] = '';
 			if (! empty($lvar['title'])) {
-				$lvar['title'] = $this->func->make_line_rules(htmlspecialchars(join(', ', $lvar['title'])));
+				$lvar['title'] = $this->func->make_line_rules($this->func->htmlspecialchars(join(', ', $lvar['title'])));
 			} else {
 				$lvar['title'] = '';
 			}
@@ -669,16 +669,16 @@ function get_body($args, $inline = false){
 				}
 				if (! empty($lvar['title'])) {
 					// タイトルが指定されている
-					$lvar['text'] = htmlspecialchars(join(', ', $lvar['title']));
-					$lvar['title'] = htmlspecialchars(preg_replace('/([^\/]+)$/', "$1", $lvar['status']['org_fname']? $lvar['status']['org_fname'] : $lvar['name']) . ', ' . $lvar['info']);
+					$lvar['text'] = $this->func->htmlspecialchars(join(', ', $lvar['title']));
+					$lvar['title'] = $this->func->htmlspecialchars(preg_replace('/([^\/]+)$/', "$1", $lvar['status']['org_fname']? $lvar['status']['org_fname'] : $lvar['name']) . ', ' . $lvar['info']);
 				} else {
-					$lvar['text'] = htmlspecialchars(preg_replace('/([^\/]+)$/', "$1", $lvar['status']['org_fname']? $lvar['status']['org_fname'] : $lvar['name']));
-					$lvar['title'] = htmlspecialchars($lvar['info']);
+					$lvar['text'] = $this->func->htmlspecialchars(preg_replace('/([^\/]+)$/', "$1", $lvar['status']['org_fname']? $lvar['status']['org_fname'] : $lvar['name']));
+					$lvar['title'] = $this->func->htmlspecialchars($lvar['info']);
 				}
 			} else {
 				$lvar['text'] = $lvar['link'];
 				//$lvar['title'][] = (preg_match('/([^\/]+)$/', $lvar['link'], $match))? $match[1] : '';
-				$lvar['title'] = htmlspecialchars(join(', ', $lvar['title']));
+				$lvar['title'] = $this->func->htmlspecialchars(join(', ', $lvar['title']));
 			}
 		}
 
@@ -687,7 +687,7 @@ function get_body($args, $inline = false){
 		if (empty($lvar['alt'])) {
 			$lvar['alt'] = '';
 		} elseif (is_array($lvar['alt'])) {
-			$lvar['alt'] = $this->func->make_line_rules(htmlspecialchars(join(', ', $lvar['alt'])));
+			$lvar['alt'] = $this->func->make_line_rules($this->func->htmlspecialchars(join(', ', $lvar['alt'])));
 		}
 
 		// 出力組み立て
@@ -763,7 +763,7 @@ function set_object_tag(&$params, $lvar) {
 
 				if ($lvar['isurl']) {
 					// Net Video
-					$url = htmlspecialchars($lvar['name']);
+					$url = $this->func->htmlspecialchars($lvar['name']);
 				} else {
 					$url = $this->get_ref_url($lvar['page'], $lvar['name'], true);
 				}
@@ -817,7 +817,7 @@ function set_object_tag(&$params, $lvar) {
 						$object_attr = '';
 						foreach(array('classid', 'codebase') as $key) {
 							if (!empty($this->cont['PLUGIN_REF_PLAYERS'][$object_type][$key])) {
-								$object_attr = ' '. $key . '="' . htmlspecialchars($this->cont['PLUGIN_REF_PLAYERS'][$object_type][$key]) .'"';
+								$object_attr = ' '. $key . '="' . $this->func->htmlspecialchars($this->cont['PLUGIN_REF_PLAYERS'][$object_type][$key]) .'"';
 							}
 						}
 
@@ -1250,7 +1250,7 @@ function get_type(& $lvar, & $args, & $params) {
 										$size = '';
 									}
 									$lvar['text'] = str_replace('$size', $size, $lvar['text']);
-									$link = htmlspecialchars($lvar['name']);
+									$link = $this->func->htmlspecialchars($lvar['name']);
 									$link = '<a href="'.$link.'">'.$link.'</a>';
 									//$lvar['text'] = '<div class="video">' . str_replace('$link', $link, $lvar['text']) . '</div>';
 									$lvar['text'] = str_replace('$link', $link, $lvar['text']);
@@ -1279,7 +1279,7 @@ function get_type(& $lvar, & $args, & $params) {
 											'imagesize' => $size
 										);
 										$lvar['status']['noinline'] = -1;
-										$lvar['link'] = htmlspecialchars($lvar['name']);
+										$lvar['link'] = $this->func->htmlspecialchars($lvar['name']);
 										$lvar['file'] = '';
 										$lvar['name'] = trim($netvideo['src']);
 										$lvar['attrs'] = (isset($netvideo['attribute']))? $netvideo['attribute'] : '';
@@ -1347,7 +1347,7 @@ function get_type(& $lvar, & $args, & $params) {
 					// Promote new design
 					if ($is_file_default && $is_file_second) {
 						// Because of race condition NOW
-						$params['_error'] = htmlspecialchars('The same file name "' .
+						$params['_error'] = $this->func->htmlspecialchars('The same file name "' .
 						$lvar['name'] . '" at both page: "' .  $lvar['page'] . '" and "' .  $_page .
 						'". Try ref(pagename/filename) to specify one of them');
 					} else {
@@ -1365,7 +1365,7 @@ function get_type(& $lvar, & $args, & $params) {
 			}
 			if (! $is_file) {
 				if ($this->root->render_mode !== 'render' && !$this->func->is_page($lvar['page'])) {
-					$params['_error'] = $this->root->_msg_notfound . '(' . htmlspecialchars($lvar['page']) .  ')';
+					$params['_error'] = $this->root->_msg_notfound . '(' . $this->func->htmlspecialchars($lvar['page']) .  ')';
 				} else {
 					if ($lvar['name'] === '') {
 						$params['_error'] = 'Require File Name [ &ref(FILE NAME); or #ref(FILE NAME) ]';
@@ -1661,7 +1661,7 @@ function check_arg_ex (& $params) {
 			} else if (preg_match("/^([0-9.]+)%$/i",$arg,$m)){
 				$params['_%'] = $m[1];
 			} else if (preg_match("/^t:(.*)$/i",$arg,$m)){
-				$m[1] = htmlspecialchars(str_replace("&amp;quot;","",$m[1]));
+				$m[1] = $this->func->htmlspecialchars(str_replace("&amp;quot;","",$m[1]));
 				if ($m[1]) $this->lvar['title'][] = $m[1];
 			} else if (preg_match('/^([0-9]+)x([0-9]+)$/', $arg, $m)) {
 				$params['_size'] = TRUE;
@@ -1689,7 +1689,7 @@ function make_uploadlink(& $params, & $lvar, $args) {
 		if (! $params['btn']) {
 			$params['btn'] = '[' . $this->root->_LANG['skin']['upload'] . ']';
 		} else {
-			$params['btn'] = htmlspecialchars($params['btn']);
+			$params['btn'] = $this->func->htmlspecialchars($params['btn']);
 		}
 
 		if (! $_attach = $this->func->get_plugin_instance('attach')) {
diff --git a/xoops_trust_path/modules/xpwiki/plugin/referer.inc.php b/xoops_trust_path/modules/xpwiki/plugin/referer.inc.php
index 0fce8650..8f769ee0 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/referer.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/referer.inc.php
@@ -117,7 +117,7 @@ function plugin_referer_body($page, $sort)
 		$arg = array();
 		$arg[] = 'plugin=referer';
 		$arg[] = 'page=' . rawurlencode($page);
-		if (isset($this->root->vars['sort'])){ $arg[] = 'sort=' . htmlspecialchars($this->root->vars['sort']); }
+		if (isset($this->root->vars['sort'])){ $arg[] = 'sort=' . $this->func->htmlspecialchars($this->root->vars['sort']); }
 		
 		$nav = $this->func->getPageNav($total, $max, $start,  'start', join('&amp;', $arg));
 		$navi = 'Total: ' . number_format($total) . ' links ' . $nav->renderNav();
@@ -146,8 +146,8 @@ function plugin_referer_body($page, $sort)
 			$i++;
 			
 			// 非ASCIIキャラクタ(だけ)をURLエンコードしておく BugTrack/440
-			$e_url = htmlspecialchars(preg_replace('/([" \x80-\xff]+)/e', 'rawurlencode("$1")', $url));
-			$s_url = htmlspecialchars(mb_convert_encoding(rawurldecode($url), $this->cont['SOURCE_ENCODING'], 'auto'));
+			$e_url = $this->func->htmlspecialchars(preg_replace('/([" \x80-\xff]+)/e', 'rawurlencode("$1")', $url));
+			$s_url = $this->func->htmlspecialchars(mb_convert_encoding(rawurldecode($url), $this->cont['SOURCE_ENCODING'], 'auto'));
 			$s_url = str_replace('&amp;amp;', '&amp;', $s_url);
 			
 			$s_url = preg_replace('#^https?://#i', '', $s_url);
@@ -220,7 +220,7 @@ function plugin_referer_set_color()
 			// BGCOLOR(#88ff88)
 			$matches = array();
 			foreach ($pconfig_color as $x)
-				$color[$this->xpwiki->pid][$x[0]] = htmlspecialchars(
+				$color[$this->xpwiki->pid][$x[0]] = $this->func->htmlspecialchars(
 					preg_match('/BGCOLOR\(([^)]+)\)/si', $x[1], $matches) ?
 						$matches[1] : $x[1]);
 		}
diff --git a/xoops_trust_path/modules/xpwiki/plugin/related.inc.php b/xoops_trust_path/modules/xpwiki/plugin/related.inc.php
index 74b96ef6..cf791d18 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/related.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/related.inc.php
@@ -93,7 +93,7 @@ function plugin_related_action()
 		}
 	
 		// Result
-		$s_word = htmlspecialchars($_page);
+		$s_word = $this->func->htmlspecialchars($_page);
 		$msg = 'Backlinks for: ' . $s_word;
 		$retval = $this->func->make_pagelink($_page, 'Return to ' . $s_word) . '<br />'. "\n";
 		
diff --git a/xoops_trust_path/modules/xpwiki/plugin/relatedview.inc.php b/xoops_trust_path/modules/xpwiki/plugin/relatedview.inc.php
index b45ba28e..ca54f4b0 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/relatedview.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/relatedview.inc.php
@@ -94,7 +94,7 @@ function plugin_relatedview_convert()
 		if ($arg) {
 			$this->fetch_options($args, $arg, array(), '_args', ' *(?:=>|=|:) *');
 			if (! empty($args['_args'])) {
-				return '<p>relatedview : unknown option(s). '.htmlspecialchars(join(',', $args['_args'])).'</p>';
+				return '<p>relatedview : unknown option(s). '.$this->func->htmlspecialchars(join(',', $args['_args'])).'</p>';
 			}
 		}
 		$category = isset($this->cont['PageForRef']) ? $this->func->strip_bracket($this->cont['PageForRef']) : '';
diff --git a/xoops_trust_path/modules/xpwiki/plugin/rename.inc.php b/xoops_trust_path/modules/xpwiki/plugin/rename.inc.php
index 0eed0f0b..597680c5 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/rename.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/rename.inc.php
@@ -138,8 +138,8 @@ function plugin_rename_phase1($err = '', $page = '')
 		}
 		$select_refer = $this->plugin_rename_getselecttag($refer);
 
-		$s_src = htmlspecialchars($this->plugin_rename_getvar('src'));
-		$s_dst = htmlspecialchars($this->plugin_rename_getvar('dst'));
+		$s_src = $this->func->htmlspecialchars($this->plugin_rename_getvar('src'));
+		$s_dst = $this->func->htmlspecialchars($this->plugin_rename_getvar('dst'));
 		$script = $this->func->get_script_uri();
 		$ret = array();
 		$ret['msg']  = $this->root->_rename_messages['msg_title'];
@@ -182,9 +182,9 @@ function plugin_rename_phase2($err = '', $page = '')
 			$msg_related = '<label for="_p_rename_related">' . $this->root->_rename_messages['msg_do_related'] . '</label>' .
 		'<input type="checkbox" name="related" id="_p_rename_related" value="1" checked="checked" /><br />';
 
-		$msg_rename = sprintf($this->root->_rename_messages['msg_rename'], $this->func->make_pagelink($refer, htmlspecialchars($refer), '', '', 'pagelink', $this->make_pagelink_options));
-		$s_page  = htmlspecialchars($page);
-		$s_refer = htmlspecialchars($refer);
+		$msg_rename = sprintf($this->root->_rename_messages['msg_rename'], $this->func->make_pagelink($refer, $this->func->htmlspecialchars($refer), '', '', 'pagelink', $this->make_pagelink_options));
+		$s_page  = $this->func->htmlspecialchars($page);
+		$s_refer = $this->func->htmlspecialchars($refer);
 		$script = $this->func->get_script_uri();
 		$ret = array();
 		$ret['msg']  = $this->root->_rename_messages['msg_title'];
@@ -206,7 +206,7 @@ function plugin_rename_phase2($err = '', $page = '')
 			$ret['body'] .= '<hr /><p>' . $this->root->_rename_messages['msg_related'] . '</p><ul>';
 			sort($related);
 			foreach ($related as $name)
-				$ret['body'] .= '<li>' . $this->func->make_pagelink($name, htmlspecialchars($name), '', '', 'pagelink', $this->make_pagelink_options) . '</li>';
+				$ret['body'] .= '<li>' . $this->func->make_pagelink($name, $this->func->htmlspecialchars($name), '', '', 'pagelink', $this->make_pagelink_options) . '</li>';
 			$ret['body'] .= '</ul>';
 		}
 		return $ret;
@@ -287,16 +287,16 @@ function plugin_rename_phase3($pages)
 
 		$method = $this->plugin_rename_getvar('method');
 		if ($method == 'regex') {
-			$s_src = htmlspecialchars($this->plugin_rename_getvar('src'));
-			$s_dst = htmlspecialchars($this->plugin_rename_getvar('dst'));
+			$s_src = $this->func->htmlspecialchars($this->plugin_rename_getvar('src'));
+			$s_dst = $this->func->htmlspecialchars($this->plugin_rename_getvar('dst'));
 			$msg   .= $this->root->_rename_messages['msg_part_rep'] . '<br />';
 			$input .= '<input type="hidden" name="method" value="regex" />';
 			$input .= '<input type="hidden" name="src"    value="' . $s_src . '" />';
 			$input .= '<input type="hidden" name="dst"    value="' . $s_dst . '" />';
 		} else {
-			$s_refer   = htmlspecialchars($this->plugin_rename_getvar('refer'));
-			$s_page    = htmlspecialchars($this->plugin_rename_getvar('page'));
-			$s_related = htmlspecialchars($this->plugin_rename_getvar('related'));
+			$s_refer   = $this->func->htmlspecialchars($this->plugin_rename_getvar('refer'));
+			$s_page    = $this->func->htmlspecialchars($this->plugin_rename_getvar('page'));
+			$s_related = $this->func->htmlspecialchars($this->plugin_rename_getvar('related'));
 			$msg   .= $this->root->_rename_messages['msg_page'] . '<br />';
 			$input .= '<input type="hidden" name="method"  value="page" />';
 			$input .= '<input type="hidden" name="refer"   value="' . $s_refer   . '" />';
@@ -308,9 +308,9 @@ function plugin_rename_phase3($pages)
 			$msg .= $this->root->_rename_messages['err_already_below'] . '<ul>';
 			foreach ($exists as $page=>$arr) {
 				$pname = $this->func->decode($page);
-				$msg .= '<li>' . $this->func->make_pagelink($pname, htmlspecialchars($pname), '', '', 'pagelink', $this->make_pagelink_options);
+				$msg .= '<li>' . $this->func->make_pagelink($pname, $this->func->htmlspecialchars($pname), '', '', 'pagelink', $this->make_pagelink_options);
 				$msg .= $this->root->_rename_messages['msg_arrow'];
-				$msg .= htmlspecialchars($pname);
+				$msg .= $this->func->htmlspecialchars($pname);
 				if (! empty($arr)) {
 					$msg .= '<ul>' . "\n";
 					foreach ($arr as $ofile=>$nfile)
@@ -353,9 +353,9 @@ function plugin_rename_phase3($pages)
 		$ret['body'] .= '<ul>' . "\n";
 		foreach ($pages as $old=>$new)
 			$oldname = $this->func->decode($old);
-			$ret['body'] .= '<li>' .  $this->func->make_pagelink($oldname, htmlspecialchars($oldname), '', '', 'pagelink',$this->make_pagelink_options) .
+			$ret['body'] .= '<li>' .  $this->func->make_pagelink($oldname, $this->func->htmlspecialchars($oldname), '', '', 'pagelink',$this->make_pagelink_options) .
 			$this->root->_rename_messages['msg_arrow'] .
-			htmlspecialchars($this->func->decode($new)) .  '</li>' . "\n";
+			$this->func->htmlspecialchars($this->func->decode($new)) .  '</li>' . "\n";
 		$ret['body'] .= '</ul>' . "\n";
 		return $ret;
 	}
@@ -490,7 +490,7 @@ function plugin_rename_getselecttag($page)
 			if ($_page === $this->root->whatsnew) continue;
 
 			$selected = ($_page === $page) ? ' selected' : '';
-			$s_page = htmlspecialchars($_page);
+			$s_page = $this->func->htmlspecialchars($_page);
 			$pages[$_page] = '<option value="' . $s_page . '"' . $selected . '>' .
 			$s_page . '</option>';
 		}
diff --git a/xoops_trust_path/modules/xpwiki/plugin/replacer.inc.php b/xoops_trust_path/modules/xpwiki/plugin/replacer.inc.php
index 0f0dd054..d233340a 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/replacer.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/replacer.inc.php
@@ -90,14 +90,14 @@ function make_form() {
 		
 		$script = $this->func->get_script_uri();
 		
-		$spage = htmlspecialchars($this->vars['spage']);
+		$spage = $this->func->htmlspecialchars($this->vars['spage']);
 		
 		$regpage = array_pad(array(), 3, '');
 		if ($this->vars['regpage'] > 2) $this->vars['regpage'] = 0;
 		$regpage[(int)$this->vars['regpage']] = ' checked="checked"';
 		
-		$sword = htmlspecialchars($this->vars['sword']);
-		$rword = htmlspecialchars($this->vars['rword']);
+		$sword = $this->func->htmlspecialchars($this->vars['sword']);
+		$rword = $this->func->htmlspecialchars($this->vars['rword']);
 		
 		$reg = array_pad(array(), 3, '');
 		if (!$this->vars['reg'] || $this->vars['reg']  > 2) $this->vars['reg'] = 0;
@@ -163,7 +163,7 @@ function make_do_btn() {
 			$vars = $this->vars;
 			$vars['pcmd'] = 'do';
 			foreach($vars as $key => $val) {
-				$doform .= '<input type="hidden" name="'.$key.'" value="'.htmlspecialchars($val).'">';
+				$doform .= '<input type="hidden" name="'.$key.'" value="'.$this->func->htmlspecialchars($val).'">';
 			}
 			$doform .= <<<EOD
 <p><input type="submit" name="" value="{$this->msg['doReplace']}" /></p>
@@ -283,7 +283,7 @@ function doit() {
 					$retstr .= '<li><span style="font-size:150%;">' . $this->func->make_pagelink($page, $page) . '</span>';
 					$retstr .= '<ul style="font-size:130%;">';
 					foreach($arr['from'] as $i => $from) {
-						$retstr .= '<li>' . htmlspecialchars($from) . ' &#8658; ' .htmlspecialchars($arr['to'][$i]) . '</li>';
+						$retstr .= '<li>' . $this->func->htmlspecialchars($from) . ' &#8658; ' .$this->func->htmlspecialchars($arr['to'][$i]) . '</li>';
 					}
 					$retstr .= '</ul>';
 					$retstr .= $this->func->compare_diff($arr['src'], $arr['result']);
diff --git a/xoops_trust_path/modules/xpwiki/plugin/rss.inc.php b/xoops_trust_path/modules/xpwiki/plugin/rss.inc.php
index f3596ee3..bdd4133b 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/rss.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/rss.inc.php
@@ -78,7 +78,7 @@ function get_content ($page, $get_body = true) {
 			}
 		}
 
-		$description = ($added ? ($this->func->substr_entity(htmlspecialchars(trim(preg_replace('/\s+/', ' ', strip_tags($added)))), 0, 250) . '&#182;') : '') . $description;
+		$description = ($added ? ($this->func->substr_entity($this->func->htmlspecialchars(trim(preg_replace('/\s+/', ' ', strip_tags($added)))), 0, 250) . '&#182;') : '') . $description;
 
 		$tags = array();
 		if (is_file($this->cont['CACHE_DIR'] . $this->func->encode($page) . '_page.tag')) {
@@ -141,7 +141,7 @@ function plugin_rss_action()
 			ob_start();
 
 			$lang = $this->cont['LANG'];
-			$page_title = htmlspecialchars($this->root->siteinfo['sitename'] . '::' . $this->root->module_title . $s_base);
+			$page_title = $this->func->htmlspecialchars($this->root->siteinfo['sitename'] . '::' . $this->root->module_title . $s_base);
 			$self = $this->func->get_script_uri();
 			$maketime = $date = substr_replace($this->func->get_date('Y-m-d\TH:i:sO'), ':', -2, 0);
 			$buildtime = $this->func->get_date('r');
@@ -160,7 +160,7 @@ function plugin_rss_action()
 				list($time, $page) = explode("\t", rtrim($line));
 				$r_page = rawurlencode($page);
 				$link = $this->func->get_page_uri($page, true, 'keitai');
-				$title = htmlspecialchars($this->root->pagename_num2str ? preg_replace('/\/(?:[0-9\-]+|[B0-9][A-Z0-9]{9})$/','/'.$this->func->strip_emoji(htmlspecialchars_decode($this->func->get_heading($page))),$page) : $page);
+				$title = $this->func->htmlspecialchars($this->root->pagename_num2str ? preg_replace('/\/(?:[0-9\-]+|[B0-9][A-Z0-9]{9})$/','/'.$this->func->strip_emoji(htmlspecialchars_decode($this->func->get_heading($page))),$page) : $page);
 				if ($base) $title = substr($title, (strlen($base) + 1));
 				if (!$pubtime) $pubtime = $this->func->get_date('r', $time);
 
@@ -180,7 +180,7 @@ function plugin_rss_action()
 
 				case '2.0':
 					list($description, $html, $pginfo) = $this->get_content($page);
-					$author = htmlspecialchars($pginfo['uname']);
+					$author = $this->func->htmlspecialchars($pginfo['uname']);
 					$date = $this->func->get_date('r', $time);
 					$items .= <<<EOD
 <item>
@@ -200,11 +200,11 @@ function plugin_rss_action()
 				case '1.0':
 					// Add <item> into <items>
 					list($description, $html, $pginfo, $tags) = $this->get_content($page);
-					$author = htmlspecialchars($pginfo['uname']);
+					$author = $this->func->htmlspecialchars($pginfo['uname']);
 
 					$tag = '';
 					if ($tags) {
-						$tags = array_map('htmlspecialchars',array_map('rtrim',$tags));
+						$tags = array_map('$this->func->htmlspecialchars',array_map('rtrim',$tags));
 						$tag = '<dc:subject>' . join("</dc:subject>\n <dc:subject>", $tags).'</dc:subject>';
 					}
 
@@ -239,11 +239,11 @@ function plugin_rss_action()
 					break;
 				case 'atom':
 					list($description, $html, $pginfo, $tags) = $this->get_content($page);
-					$author = htmlspecialchars($pginfo['uname']);
+					$author = $this->func->htmlspecialchars($pginfo['uname']);
 
 					$tag = '';
 					if ($tags) {
-						$tags = array_map('htmlspecialchars',array_map('rtrim',$tags));
+						$tags = array_map('$this->func->htmlspecialchars',array_map('rtrim',$tags));
 						foreach($tags as $_tag) {
 							$tag .= '<category term="'.str_replace('"', '\\"',$_tag).'"/>'."\n";
 						}
@@ -360,7 +360,7 @@ function plugin_rss_action()
 				$rpage = ($base)? '&amp;p='.rawurlencode($base) : '';
 				$feedurl = $this->cont['HOME_URL'].'?cmd=rss'.$rpage.'&amp;ver=atom';
 				$rpage = ($base)? '&amp;p='.rawurlencode($base) : '';
-				$modifier = htmlspecialchars($this->root->modifier);
+				$modifier = $this->func->htmlspecialchars($this->root->modifier);
 				print <<<EOD
 <feed xmlns="http://www.w3.org/2005/Atom" xml:lang="$lang">
  <title>$page_title</title>
diff --git a/xoops_trust_path/modules/xpwiki/plugin/rsslink.inc.php b/xoops_trust_path/modules/xpwiki/plugin/rsslink.inc.php
index 7b6fd42a..aa2e1fb7 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/rsslink.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/rsslink.inc.php
@@ -70,12 +70,12 @@ function plugin_rsslink_inline()
 		if ($this->func->is_page($page))
 		{
 			$s_page = '&amp;p='.rawurlencode($page);
-			$page = ' of '.htmlspecialchars($page);
+			$page = ' of '.$this->func->htmlspecialchars($page);
 		}
 		else
 		{
 			$s_page = '';
-			$page = ' of '.htmlspecialchars($this->root->module['name']);
+			$page = ' of '.$this->func->htmlspecialchars($this->root->module['name']);
 		}
 		
 		$title = 'RSS' . $ver . $page;
diff --git a/xoops_trust_path/modules/xpwiki/plugin/ruby.inc.php b/xoops_trust_path/modules/xpwiki/plugin/ruby.inc.php
index 772990c1..aebd00ae 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/ruby.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/ruby.inc.php
@@ -29,7 +29,7 @@ function plugin_ruby_inline()
 		if ($ruby == '' || $body == '') return $this->cont['PLUGIN_RUBY_USAGE'];
 	
 		return '<ruby><rb>' . $body . '</rb>' . '<rp>(</rp>' .
-		'<rt>' .  htmlspecialchars($ruby) . '</rt>' . '<rp>)</rp>' .
+		'<rt>' .  $this->func->htmlspecialchars($ruby) . '</rt>' . '<rp>)</rp>' .
 		'</ruby>';
 	}
 }
diff --git a/xoops_trust_path/modules/xpwiki/plugin/rws.inc.php b/xoops_trust_path/modules/xpwiki/plugin/rws.inc.php
index 2d19be33..9e9016b5 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/rws.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/rws.inc.php
@@ -163,7 +163,7 @@ function plugin_rws_get($f, $m, $k, $b, $s) {
 
 			$html = $srv->getHTML($f);
 
-			$header = ($k && ! is_null($srv->compactArray['totalresults']))? $srv->makeSearchLink($k, sprintf($this->msg['more_search'], htmlspecialchars($k)), TRUE) : '';
+			$header = ($k && ! is_null($srv->compactArray['totalresults']))? $srv->makeSearchLink($k, sprintf($this->msg['more_search'], $this->func->htmlspecialchars($k)), TRUE) : '';
 			$ret = $header . "\x08" . $html;
 
 			// remove wrong characters
diff --git a/xoops_trust_path/modules/xpwiki/plugin/search.inc.php b/xoops_trust_path/modules/xpwiki/plugin/search.inc.php
index fccad5f5..29e7aad9 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/search.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/search.inc.php
@@ -42,9 +42,9 @@ function plugin_search_action()
 	{
 	
 		if ($this->cont['PLUGIN_SEARCH_DISABLE_GET_ACCESS']) {
-			$s_word = isset($this->root->post['word']) ? htmlspecialchars($this->root->post['word']) : '';
+			$s_word = isset($this->root->post['word']) ? $this->func->htmlspecialchars($this->root->post['word']) : '';
 		} else {
-			$s_word = isset($this->root->vars['word']) ? htmlspecialchars($this->root->vars['word']) : '';
+			$s_word = isset($this->root->vars['word']) ? $this->func->htmlspecialchars($this->root->vars['word']) : '';
 		}
 		$s_word = preg_replace('/&amp;#(\d+;)/', '&#$1', $s_word);
 		
@@ -121,7 +121,7 @@ function plugin_search_search_form($s_word = '', $type = '', $bases = array())
 				++$_num;
 				if ($this->cont['PLUGIN_SEARCH_MAX_BASE'] < $_num) break;
 				$label_id = '_p_search_base_id_' . $_num;
-				$s_base   = htmlspecialchars($base);
+				$s_base   = $this->func->htmlspecialchars($base);
 				$base_str = '<strong>' . $s_base . '</strong>';
 				$base_label = str_replace('$1', $base_str, $this->root->_search_pages);
 				$base_msg  .=<<<EOD
diff --git a/xoops_trust_path/modules/xpwiki/plugin/setlinebreak.inc.php b/xoops_trust_path/modules/xpwiki/plugin/setlinebreak.inc.php
index 8839dba9..a4fa10c5 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/setlinebreak.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/setlinebreak.inc.php
@@ -49,7 +49,7 @@ function plugin_setlinebreak_convert()
 	
 			default:
 				return '#setlinebreak: Invalid argument: ' .
-				htmlspecialchars($args[0]) . '<br />';
+				$this->func->htmlspecialchars($args[0]) . '<br />';
 			}
 		}
 		return '';
diff --git a/xoops_trust_path/modules/xpwiki/plugin/showrss.inc.php b/xoops_trust_path/modules/xpwiki/plugin/showrss.inc.php
index 0ad3117d..c4f2b817 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/showrss.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/showrss.inc.php
@@ -64,11 +64,11 @@ function plugin_showrss_convert()
 
 		$class = ($template == '' || $template == 'default') ? 'XpWikiShowRSS_html' : 'XpWikiShowRSS_html_' . $template;
 		if (! is_numeric($cachehour))
-			return '#showrss: Cache-lifetime seems not numeric: ' . htmlspecialchars($cachehour) . '<br />' . "\n";
+			return '#showrss: Cache-lifetime seems not numeric: ' . $this->func->htmlspecialchars($cachehour) . '<br />' . "\n";
 		if (! XC_CLASS_EXISTS($class))
-			return '#showrss: Template not found: ' . htmlspecialchars($template) . '<br />' . "\n";
+			return '#showrss: Template not found: ' . $this->func->htmlspecialchars($template) . '<br />' . "\n";
 		if (! $this->func->is_url($uri))
-			return '#showrss: Seems not URI: ' . htmlspecialchars($uri) . '<br />' . "\n";
+			return '#showrss: Seems not URI: ' . $this->func->htmlspecialchars($uri) . '<br />' . "\n";
 
 		$cachehour = max(0.016, $cachehour); // 最低1分はキャッシュ
 
@@ -229,7 +229,7 @@ function XpWikiShowRSS_html(& $xpwiki, $data, $show_description = '', $max = 10)
 
 							if (! $allow_html) {
 								$item['DESCRIPTION'] = strip_tags($item['DESCRIPTION']);
-								$item['DESCRIPTION'] = htmlspecialchars(mb_substr($item['DESCRIPTION'], 0, 255, 'UTF-8'));
+								$item['DESCRIPTION'] = $this->func->htmlspecialchars(mb_substr($item['DESCRIPTION'], 0, 255, 'UTF-8'), ENT_COMPAT, 'UTF-8');
 								$item['DESCRIPTION'] = preg_replace('/&amp;#(\d+);/', '&#$1;', $item['DESCRIPTION']);
 							}
 
@@ -368,10 +368,10 @@ function parse($buf)
 
 	function escape($str)
 	{
-		// Unescape already-escaped chars (&lt;, &gt;, &amp;, ...) in RSS body before htmlspecialchars()
+		// Unescape already-escaped chars (&lt;, &gt;, &amp;, ...) in RSS body before $this->func->htmlspecialchars()
 		$str = strtr($str, array_flip(get_html_translation_table(ENT_COMPAT)));
 		// Escape
-		$str = htmlspecialchars($str);
+		$str = $this->func->htmlspecialchars($str, ENT_COMPAT, $this->encoding);
 		//echo $str;
 		// Unescape
 		$str = str_replace('&amp;', '&', $str);
diff --git a/xoops_trust_path/modules/xpwiki/plugin/siteimage.inc.php b/xoops_trust_path/modules/xpwiki/plugin/siteimage.inc.php
index 006e9353..11da9f96 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/siteimage.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/siteimage.inc.php
@@ -110,7 +110,7 @@ function make_thumbnail($url, $prms) {
 			$url = 'http://' . $url;
 		}
 		
-		$target = htmlspecialchars($prms['target']);
+		$target = $this->func->htmlspecialchars($prms['target']);
 		$nolink = $prms['nolink'];
 		$thumburl = $this->fetch_url . $url;
 		
@@ -161,7 +161,7 @@ function make_thumbnail($url, $prms) {
 		}
 		
 		$cache_url = str_replace($this->cont['DATA_HOME'], $this->cont['HOME_URL'], $thumb_file);
-		$url = htmlspecialchars($url);
+		$url = $this->func->htmlspecialchars($url);
 		$title = preg_replace('#^https?://#i', '', $url);
 		$ret = "<img src=\"".$cache_url."\" width=\"{$thumb_size['width']}\" height=\"{$thumb_size['height']}\" alt=\"{$title}\">";
 		if (!$nolink)
diff --git a/xoops_trust_path/modules/xpwiki/plugin/sitemap.inc.php b/xoops_trust_path/modules/xpwiki/plugin/sitemap.inc.php
index f675ad17..19c2331b 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/sitemap.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/sitemap.inc.php
@@ -31,7 +31,7 @@ function getlist()
 		foreach($pages as $page) {
 			list($time, $name) = explode("\t", $page);
 			$items[] = "<url>";
-			$items[] = "<loc>" . htmlspecialchars($this->func->get_page_uri($name, TRUE), ENT_QUOTES) . '</loc>';
+			$items[] = "<loc>" . $this->func->htmlspecialchars($this->func->get_page_uri($name, TRUE), ENT_QUOTES, 'UTF-8') . '</loc>';
 			$items[] = "<lastmod>" . gmdate('Y-m-d\TH:i:s+00:00', ($time + $this->cont['LOCALZONE'])) . '</lastmod>';
 			//$items[] = "<changefreq></changefreq>";
 			$items[] = "</url>";
diff --git a/xoops_trust_path/modules/xpwiki/plugin/skin_changer.inc.php b/xoops_trust_path/modules/xpwiki/plugin/skin_changer.inc.php
index e929b968..8764f88a 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/skin_changer.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/skin_changer.inc.php
@@ -47,21 +47,25 @@ function plugin_skin_changer_convert() {
 		$now_query = preg_replace('/&?(word|'.preg_quote(session_name(), '/').')=[^&]+/', '', $now_query);
 		$now_query = preg_replace("/&+$/", "", $now_query);
 		
+		if ($now_query) {
+			$this->root->pagecache_min = 0;
+		}
+		
 		$link = (empty($now_query))? "setskin=" : "{$now_query}&setskin="; 
 		foreach ($skins as $name=>$skin) {
 			if ($skin == $this->root->cookie['skin'] && ($this->root->pagecache_min === 0 || $this->root->userinfo['uid'] !== 0)) {
-				$ret .= '<li style="font-weight:bold;">'.htmlspecialchars($name).'</li>'."\n";
+				$ret .= '<li style="font-weight:bold;">'.$this->func->htmlspecialchars($name).'</li>'."\n";
 			} else {
-				$ret .= '<li><a href="?'.htmlspecialchars($link.$skin).'" title="Change skin">'.htmlspecialchars($name).'</a></li>'."\n";
+				$ret .= '<li><a href="?'.$this->func->htmlspecialchars($link.$skin).'" title="Change skin">'.$this->func->htmlspecialchars($name).'</a></li>'."\n";
 			}
 		}
 		$ret .= '<li>t-Diary Skins'."\n";
 		$ret .= '<ul class="list2" style="padding-left:'.$this->root->_ul_margin.'px;margin-left:'.$this->root->_ul_margin.'px;">'."\n";
 		foreach ($t_skins as $name=>$skin) {
 			if ($skin == $this->root->cookie['skin'] && ($this->root->pagecache_min === 0 || $this->root->userinfo['uid'] !== 0)) {
-				$ret .= '<li style="font-weight:bold;">'.htmlspecialchars($name).'</li>'."\n";
+				$ret .= '<li style="font-weight:bold;">'.$this->func->htmlspecialchars($name).'</li>'."\n";
 			} else {
-				$ret .= '<li><a href="?'.htmlspecialchars($link.$skin).'" title="Change skin">'.htmlspecialchars($name).'</a></li>'."\n";
+				$ret .= '<li><a href="?'.$this->func->htmlspecialchars($link.$skin).'" title="Change skin">'.$this->func->htmlspecialchars($name).'</a></li>'."\n";
 			}
 		}
 		$ret .= '</ul></li>'."\n";
@@ -76,7 +80,7 @@ function plugin_skin_changer_inline() {
 		$name = @$argv[0];
 		
 		if (!$text) {
-			$text = htmlspecialchars($name);
+			$text = $this->func->htmlspecialchars($name);
 		}
 		
 		if (!$name && !$text) { return false; }
diff --git a/xoops_trust_path/modules/xpwiki/plugin/skype.inc.php b/xoops_trust_path/modules/xpwiki/plugin/skype.inc.php
index be0846ca..c02f10c6 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/skype.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/skype.inc.php
@@ -37,7 +37,7 @@ function plugin_skype_inline() {
 		if (!$options['id']) {
 			return FALSE;
 		} else {
-			$id = htmlspecialchars($options['id']);
+			$id = $this->func->htmlspecialchars($options['id']);
 		}
 		
 		if (! $alias) {
diff --git a/xoops_trust_path/modules/xpwiki/plugin/source.inc.php b/xoops_trust_path/modules/xpwiki/plugin/source.inc.php
index 7374c0ee..6f77b584 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/source.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/source.inc.php
@@ -26,7 +26,7 @@ function plugin_source_action()
 	
 		return array('msg' => $this->root->_source_messages['msg_title'],
 		'body' => '<pre id="source">' .
-		htmlspecialchars($this->func->get_source($page, TRUE, TRUE)) . '</pre>');
+		$this->func->htmlspecialchars($this->func->get_source($page, TRUE, TRUE)) . '</pre>');
 	}
 }
 ?>
\ No newline at end of file
diff --git a/xoops_trust_path/modules/xpwiki/plugin/stationary.inc.php b/xoops_trust_path/modules/xpwiki/plugin/stationary.inc.php
index d5326b06..54075c2f 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/stationary.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/stationary.inc.php
@@ -43,7 +43,7 @@ function plugin_stationary_convert()
 			$result = join(',', $args);
 		}
 	
-		return '#stationary(' . htmlspecialchars($result) . ')<br />';
+		return '#stationary(' . $this->func->htmlspecialchars($result) . ')<br />';
 	}
 	
 	// In-line type plugin: &stationary; or &stationary(foo); , or &stationary(foo){bar};
@@ -59,7 +59,7 @@ function plugin_stationary_inline()
 			$args[$key] = trim($args[$key]);
 		$result = join(',', $args);
 	
-		return '&amp;stationary(' . htmlspecialchars($result) . '){' . $body . '};';
+		return '&amp;stationary(' . $this->func->htmlspecialchars($result) . '){' . $body . '};';
 	}
 	
 	// Action-type plugin: ?plugin=stationary&foo=bar
diff --git a/xoops_trust_path/modules/xpwiki/plugin/sub.inc.php b/xoops_trust_path/modules/xpwiki/plugin/sub.inc.php
index 3ae61ff8..78a39868 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/sub.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/sub.inc.php
@@ -11,7 +11,7 @@ function plugin_sub_inline() {
 		$body = array_pop($args);
 		if ($body === ''){
 			if (isset($args[0])) {
-				$body = htmlspecialchars($args[0]);
+				$body = $this->func->htmlspecialchars($args[0]);
 			} else {
 				return FALSE;
 			}
diff --git a/xoops_trust_path/modules/xpwiki/plugin/subnote.inc.php b/xoops_trust_path/modules/xpwiki/plugin/subnote.inc.php
index f9894d1e..2755c66e 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/subnote.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/subnote.inc.php
@@ -37,8 +37,8 @@ function plugin_subnote_convert() {
 		$this->fetch_options($parames, $op);
 		$popup_pos = $this->func->get_popup_pos($parames);
 
-		$js = 'XpWiki.domInitFunctions.push(function(){XpWiki.pagePopup({dir:\'' . htmlspecialchars($this->root->mydirname, ENT_QUOTES) .
-			'\',page:\'' . htmlspecialchars(str_replace('\'', '\\\'', $page) . $anchor) . '\'' .
+		$js = 'XpWiki.domInitFunctions.push(function(){XpWiki.pagePopup({dir:\'' . $this->func->htmlspecialchars($this->root->mydirname, ENT_QUOTES) .
+			'\',page:\'' . $this->func->htmlspecialchars(str_replace('\'', '\\\'', $page) . $anchor) . '\'' .
 			$popup_pos . '});});';
 
 		$this->func->add_js_var_head($js);
@@ -60,7 +60,7 @@ function plugin_subnote_inline() {
 		$parames = $this->config['parames'];
 		$this->fetch_options($parames, $op);
 
-		$parames['format'] = htmlspecialchars($parames['format']);
+		$parames['format'] = $this->func->htmlspecialchars($parames['format']);
 
 		$prefix = $this->root->notepage . '/';
 		$page = $this->cont['PAGENAME'];
@@ -100,7 +100,7 @@ function plugin_subnote_inline() {
 			}
 		}
 
-		$alias = $alias? $alias : htmlspecialchars($page);
+		$alias = $alias? $alias : $this->func->htmlspecialchars($page);
 		return sprintf('<span class="nowrap">' . $parames['format'] . '</span>', $icon . $this->func->make_pagelink($page, $alias, $anchor, '', 'pagelink', $options).$new);
 	}
 }
diff --git a/xoops_trust_path/modules/xpwiki/plugin/sup.inc.php b/xoops_trust_path/modules/xpwiki/plugin/sup.inc.php
index 7316c3a6..4275300d 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/sup.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/sup.inc.php
@@ -11,7 +11,7 @@ function plugin_sup_inline() {
 		$body = array_pop($args);
 		if ($body === ''){
 			if (isset($args[0])) {
-				$body = htmlspecialchars($args[0]);
+				$body = $this->func->htmlspecialchars($args[0]);
 			} else {
 				return FALSE;
 			}
diff --git a/xoops_trust_path/modules/xpwiki/plugin/tag.inc.php b/xoops_trust_path/modules/xpwiki/plugin/tag.inc.php
index 90668e4e..10273249 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/tag.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/tag.inc.php
@@ -239,7 +239,7 @@ function convert()
 			sort($tags);
 			$tag = $tags[0];
 			$url = $this->func->get_script_uri() . '?' . 'cmd=lsx&amp;rtag=' . rawurlencode($tag);
-			$cloud_p->add(htmlspecialchars($tag), $url, $count);
+			$cloud_p->add($this->func->htmlspecialchars($tag), $url, $count);
 		}
 		return $cloud_p->html($limit);
 	}
@@ -406,7 +406,7 @@ function frontend($tags)
 		$ret = '<span class="tag">';
 		$ret .= 'Tag: ';
 		foreach ($tags as $tag) {
-			$ret .= '<a href="' . $this->func->get_script_uri() . '?cmd=lsx&amp;rtag=' . rawurlencode($tag) . '">' . htmlspecialchars($tag) . '</a> ';
+			$ret .= '<a href="' . $this->func->get_script_uri() . '?cmd=lsx&amp;rtag=' . rawurlencode($tag) . '">' . $this->func->htmlspecialchars($tag) . '</a> ';
 		}
 		$ret .= '</span>';
 		return $ret;
diff --git a/xoops_trust_path/modules/xpwiki/plugin/tb.inc.php b/xoops_trust_path/modules/xpwiki/plugin/tb.inc.php
index cba6f332..93056ca7 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/tb.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/tb.inc.php
@@ -148,7 +148,7 @@ function plugin_tb_output_rsslist($tb_id)
 			// _utime_, title, excerpt, _blog_name_
 			array_shift($arr); // Cut utime
 			list ($url, $title, $excerpt) = array_map(
-				create_function('$a', 'return htmlspecialchars($a);'), $arr);
+				create_function('$a', 'return $this->func->htmlspecialchars($a);'), $arr);
 			$items .= <<<EOD
 
    <item>
@@ -159,7 +159,7 @@ function plugin_tb_output_rsslist($tb_id)
 EOD;
 		}
 
-		$title = htmlspecialchars($page);
+		$title = $this->func->htmlspecialchars($page);
 		$link  = $this->root->script . '?' . rawurlencode($page);
 		$this->root->vars['page'] = $page;
 		$excerpt = $this->func->strip_htmltag($this->func->convert_html($this->func->get_source($page)));
diff --git a/xoops_trust_path/modules/xpwiki/plugin/template.inc.php b/xoops_trust_path/modules/xpwiki/plugin/template.inc.php
index 669c6e21..b41153dd 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/template.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/template.inc.php
@@ -49,7 +49,7 @@ function plugin_template_action()
 		}
 		$begin_select = $end_select = '';
 		for ($i = 0; $i < count($lines); $i++) {
-			$line = htmlspecialchars(mb_strimwidth($lines[$i], 0, $this->cont['MAX_LEN'], '...'));
+			$line = $this->func->htmlspecialchars(mb_strimwidth($lines[$i], 0, $this->cont['MAX_LEN'], '...'));
 	
 			$tag = ($i == $begin) ? ' selected="selected"' : '';
 			$begin_select .= "<option value=\"$i\"$tag>$line</option>\n";
@@ -58,7 +58,7 @@ function plugin_template_action()
 			$end_select .= "<option value=\"$i\"$tag>$line</option>\n";
 		}
 	
-		$_page = htmlspecialchars($page);
+		$_page = $this->func->htmlspecialchars($page);
 		$msg = $tag = '';
 		if ($is_page) {
 			$msg = $this->root->_err_template_already;
@@ -67,7 +67,7 @@ function plugin_template_action()
 			$msg = str_replace('$1', $_page, $this->root->_err_template_invalid);
 		}
 	
-		$s_refer = htmlspecialchars($this->root->vars['refer']);
+		$s_refer = $this->func->htmlspecialchars($this->root->vars['refer']);
 		$s_page  = ($page === '') ? str_replace('$1', $s_refer, $this->root->_msg_template_page) : $_page;
 		$script = $this->func->get_script_uri();
 		$ret     = <<<EOD
diff --git a/xoops_trust_path/modules/xpwiki/plugin/topicpath.inc.php b/xoops_trust_path/modules/xpwiki/plugin/topicpath.inc.php
index 406b91ba..8376fbba 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/topicpath.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/topicpath.inc.php
@@ -11,7 +11,7 @@ function plugin_topicpath_init () {
 		$this->cont['PLUGIN_TOPICPATH_TOP_DISPLAY'] =  1;
 		
 		// Label for $defaultpage
-		$this->cont['PLUGIN_TOPICPATH_TOP_LABEL'] = htmlspecialchars($this->root->module['title']);
+		$this->cont['PLUGIN_TOPICPATH_TOP_LABEL'] = $this->func->htmlspecialchars($this->root->module['title']);
 		
 		// Separetor / of / topic / path
 		$this->cont['PLUGIN_TOPICPATH_TOP_SEPARATOR'] =  ' / ';
@@ -34,7 +34,7 @@ function plugin_topicpath_convert()
 	function plugin_topicpath_inline($sep = '')
 	{
 		if ($sep) {
-			$sep = htmlspecialchars($sep);
+			$sep = $this->func->htmlspecialchars($sep);
 			$sep = preg_replace('/&amp;(#[0-9]+|#x[0-9a-f]+|' . $this->root->entity_pattern . ';)/','&$1',$sep);
 			$this->cont['PLUGIN_TOPICPATH_TOP_SEPARATOR'] = $sep;
 		}
@@ -57,7 +57,7 @@ function plugin_topicpath_inline($sep = '')
 			$topic_path = array();
 			while (! empty($parts)) {
 				$_landing = join('/', $parts);
-				$element = htmlspecialchars(array_pop($parts));
+				$element = $this->func->htmlspecialchars(array_pop($parts));
 				if (! $b_link)  {
 					// This page ($_landing == $page)
 					$b_link = TRUE;
diff --git a/xoops_trust_path/modules/xpwiki/plugin/tracker.inc.php b/xoops_trust_path/modules/xpwiki/plugin/tracker.inc.php
index dd76b118..f69e3eaa 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/tracker.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/tracker.inc.php
@@ -88,7 +88,7 @@ function plugin_tracker_convert()
 		$config = new XpWikiConfig($this->xpwiki, 'plugin/tracker/'.$config_name);
 
 		if (!$config->read()) {
-			return '#tracker: Config \'' . htmlspecialchars($config_name) . '\' not found<br />';
+			return '#tracker: Config \'' . $this->func->htmlspecialchars($config_name) . '\' not found<br />';
 		}
 		$config->config_name = $config_name;
 		//$fields = $this->plugin_tracker_get_fields($base,$refer,$config);
@@ -135,7 +135,7 @@ function plugin_tracker_action()
 		if (!$this->func->is_pagename($refer)) {
 			return array(
 				'msg'  => 'Cannot write',
-				'body' => 'Page name (' . htmlspecialchars($refer) . ') invalid'
+				'body' => 'Page name (' . $this->func->htmlspecialchars($refer) . ') invalid'
 			);
 		}
 
@@ -161,14 +161,14 @@ function plugin_tracker_action()
 		$config_name = isset($this->root->post['_config']) ? $this->root->post['_config'] : '';
 		$config = new XpWikiConfig($this->xpwiki, 'plugin/tracker/' . $config_name);
 		if (! $config->read()) {
-			return '<p>config file \'' . htmlspecialchars($config_name) . '\' not found.</p>';
+			return '<p>config file \'' . $this->func->htmlspecialchars($config_name) . '\' not found.</p>';
 		}
 		$config->config_name = $config_name;
 		$template_page = $config->page . '/page';
 		if (! $this->func->is_page($template_page)) {
 			return array(
 				'msg'  => 'Cannot write',
-				'body' => 'Page template (' . htmlspecialchars($template_page) . ') not exists'
+				'body' => 'Page template (' . $this->func->htmlspecialchars($template_page) . ') not exists'
 			);
 		}
 
@@ -352,7 +352,7 @@ function plugin_tracker_list_render($base, $refer, $config_name, $list, $order_c
 		$config = new XpWikiConfig($this->xpwiki, 'plugin/tracker/' . $config_name);
 
 		if (!$config->read()) {
-			return '#tracker_list: Config not found: ' . htmlspecialchars($config_name) . '<br />';
+			return '#tracker_list: Config not found: ' . $this->func->htmlspecialchars($config_name) . '<br />';
 		}
 		$config->config_name = $config_name;
 		if (!$this->func->is_page($config->page.'/'.$list)) {
@@ -361,11 +361,11 @@ function plugin_tracker_list_render($base, $refer, $config_name, $list, $order_c
 
 		$list = new XpWikiTracker_list($this->xpwiki, $base, $refer, $config, $list);
 		if ($list->sortRows($order_commands) === FALSE) {
-			return '#tracker_list: ' . htmlspecialchars($list->error) . '<br />';
+			return '#tracker_list: ' . $this->func->htmlspecialchars($list->error) . '<br />';
 		}
 		$result = $list->toString($limit);
 		if ($result === FALSE) {
-			return '#tracker_list: ' . htmlspecialchars($list->error) . '<br />';
+			return '#tracker_list: ' . $this->func->htmlspecialchars($list->error) . '<br />';
 		}
 		unset($list);
 		return $this->func->convert_html($result);
@@ -464,12 +464,12 @@ class XpWikiTracker_field_text extends XpWikiTracker_field
 
 	function get_tag()
 	{
-		$s_name = htmlspecialchars($this->name);
-		$s_size = htmlspecialchars($this->values[0]);
+		$s_name = $this->func->htmlspecialchars($this->name);
+		$s_size = $this->func->htmlspecialchars($this->values[0]);
 		if ($this->default_value == '$uname' || $this->default_value == '$X_uname' ) {
 			$this->default_value = $this->cont['USER_NAME_REPLACE'];
 		}
-		$s_value = htmlspecialchars($this->default_value);
+		$s_value = $this->func->htmlspecialchars($this->default_value);
 		$helper = ($this->name == "_name" || is_a($this, "XpWikiTracker_field_page"))? "" : " rel=\"wikihelper\"";
 		return "<input type=\"text\" name=\"$s_name\"{$helper} size=\"$s_size\" value=\"$s_value\" />";
 	}
@@ -516,10 +516,10 @@ class XpWikiTracker_field_textarea extends XpWikiTracker_field
 	var $sort_type = SORT_STRING;
 
 	function get_tag() {
-		$s_name = htmlspecialchars($this->name);
-		$s_cols = htmlspecialchars($this->values[0]);
-		$s_rows = htmlspecialchars($this->values[1]);
-		$s_value = htmlspecialchars($this->default_value);
+		$s_name = $this->func->htmlspecialchars($this->name);
+		$s_cols = $this->func->htmlspecialchars($this->values[0]);
+		$s_rows = $this->func->htmlspecialchars($this->values[1]);
+		$s_value = $this->func->htmlspecialchars($this->default_value);
 		$domid = $this->func->get_domid('tracker', $s_name, true);
 		$emoji = (in_array('emoji', $this->values))? $this->func->get_emoji_pad($domid, FALSE) : '';
 		return "<textarea id=\"$domid\" name=\"$s_name\" cols=\"$s_cols\" rows=\"$s_rows\">$s_value</textarea>$emoji";
@@ -559,8 +559,8 @@ function XpWikiTracker_field_format(& $xpwiki, $field, $base, $refer, &$config)
 
 	function get_tag()
 	{
-		$s_name = htmlspecialchars($this->name);
-		$s_size = htmlspecialchars($this->values[0]);
+		$s_name = $this->func->htmlspecialchars($this->name);
+		$s_size = $this->func->htmlspecialchars($this->values[0]);
 		return "<input type=\"text\" name=\"$s_name\" size=\"$s_size\" />";
 	}
 
@@ -610,8 +610,8 @@ function get_tag()
 	{
 		static $loaded = array();
 
-		$s_name = htmlspecialchars($this->name);
-		$s_size = htmlspecialchars($this->values[0]);
+		$s_name = $this->func->htmlspecialchars($this->name);
+		$s_size = $this->func->htmlspecialchars($this->values[0]);
 		$s_id = '_p_tracker_' . $s_name . '_' . $this->id;
 
 		$attach_plugin =& $this->func->get_plugin_instance('attach');
@@ -653,12 +653,12 @@ class XpWikiTracker_field_radio extends XpWikiTracker_field_format
 
 	function get_tag()
 	{
-		$s_name = htmlspecialchars($this->name);
+		$s_name = $this->func->htmlspecialchars($this->name);
 		$retval = '';
 		$id = 0;
 		foreach ($this->config->get($this->name) as $option)
 		{
-			$s_option = htmlspecialchars($option[0]);
+			$s_option = $this->func->htmlspecialchars($option[0]);
 			$checked = trim($option[0]) == trim($this->default_value) ? ' checked="checked"' : '';
 			++$id;
 			$s_id = '_p_tracker_' . $s_name . '_' . $this->id . '_' . $id;
@@ -698,16 +698,16 @@ class XpWikiTracker_field_select extends XpWikiTracker_field_radio
 
 	function get_tag($empty=FALSE)
 	{
-		$s_name = htmlspecialchars($this->name);
+		$s_name = $this->func->htmlspecialchars($this->name);
 		$s_size = (isset($this->values[0]) && is_numeric($this->values[0])) ?
-			' size="'.htmlspecialchars($this->values[0]).'"' : '';
+			' size="'.$this->func->htmlspecialchars($this->values[0]).'"' : '';
 		$s_multiple = (isset($this->values[1]) && strtolower($this->values[1]) == 'multiple') ?
 			' multiple="multiple"' : '';
 		$retval = "<select name=\"{$s_name}[]\"$s_size$s_multiple>\n";
 		if ($empty) $retval .= ' <option value=""></option>' . "\n";
 		$defaults = array_flip(preg_split('/\s*,\s*/',$this->default_value,-1,PREG_SPLIT_NO_EMPTY));
 		foreach ($this->config->get($this->name) as $option) {
-			$s_option = htmlspecialchars($option[0]);
+			$s_option = $this->func->htmlspecialchars($option[0]);
 			$selected = isset($defaults[trim($option[0])]) ? ' selected="selected"' : '';
 			$retval .= " <option value=\"$s_option\"$selected>$s_option</option>\n";
 		}
@@ -723,12 +723,12 @@ class XpWikiTracker_field_checkbox extends XpWikiTracker_field_radio
 
 	function get_tag()
 	{
-		$s_name = htmlspecialchars($this->name);
+		$s_name = $this->func->htmlspecialchars($this->name);
 		$defaults = array_flip(preg_split('/\s*,\s*/',$this->default_value,-1,PREG_SPLIT_NO_EMPTY));
 		$retval = '';
 		$id = 0;
 		foreach ($this->config->get($this->name) as $option) {
-			$s_option = htmlspecialchars($option[0]);
+			$s_option = $this->func->htmlspecialchars($option[0]);
 			$checked = isset($defaults[trim($option[0])]) ?
 				' checked="checked"' : '';
 			++$id;
@@ -748,8 +748,8 @@ class XpWikiTracker_field_hidden extends XpWikiTracker_field_radio
 
 	function get_tag()
 	{
-		$s_name = htmlspecialchars($this->name);
-		$s_default = htmlspecialchars($this->default_value);
+		$s_name = $this->func->htmlspecialchars($this->name);
+		$s_default = $this->func->htmlspecialchars($this->default_value);
 		$retval = "<input type=\"hidden\" name=\"$s_name\" value=\"$s_default\" />\n";
 
 		return $retval;
@@ -760,10 +760,10 @@ class XpWikiTracker_field_submit extends XpWikiTracker_field
 {
 	function get_tag()
 	{
-		$s_title  = htmlspecialchars($this->title);
-		$s_base   = htmlspecialchars($this->base);
-		$s_refer  = htmlspecialchars($this->refer);
-		$s_config = htmlspecialchars($this->config->config_name);
+		$s_title  = $this->func->htmlspecialchars($this->title);
+		$s_base   = $this->func->htmlspecialchars($this->base);
+		$s_refer  = $this->func->htmlspecialchars($this->refer);
+		$s_config = $this->func->htmlspecialchars($this->config->config_name);
 
 		return <<<EOD
 <input type="submit" value="$s_title" />
diff --git a/xoops_trust_path/modules/xpwiki/plugin/twitter.inc.php b/xoops_trust_path/modules/xpwiki/plugin/twitter.inc.php
index 3af96f5a..fe6f47fc 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/twitter.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/twitter.inc.php
@@ -14,7 +14,7 @@ function plugin_twitter_inline() {
 		$alias = array_pop($args);
 		if ($args) {
 			$name = array_pop($args);
-			if (! $alias) $alias = htmlspecialchars($name);
+			if (! $alias) $alias = $this->func->htmlspecialchars($name);
 			return '<a href="http://twitter.com/' . urlencode($name) . '">' . $alias . '</a>';
 		} else {
 			return $this->usage;
diff --git a/xoops_trust_path/modules/xpwiki/plugin/ucomedit.inc.php b/xoops_trust_path/modules/xpwiki/plugin/ucomedit.inc.php
index ef04b49f..15e9af3e 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/ucomedit.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/ucomedit.inc.php
@@ -99,7 +99,7 @@ function ucomedit_makeform( $page, $fname, $mode=flase)
 	
 	function plugin_ucomedit_action()
 	{
-		$s_target = htmlspecialchars($this->root->post['target']);
+		$s_target = $this->func->htmlspecialchars($this->root->post['target']);
 		$mode = $this->root->post['mode'];
 		$attachObj = new XpWikiAttachFile($this->xpwiki, $this->root->post['refer'], $this->root->post['target']);
 		if (! $attachObj->is_owner()) {
diff --git a/xoops_trust_path/modules/xpwiki/plugin/unfreeze.inc.php b/xoops_trust_path/modules/xpwiki/plugin/unfreeze.inc.php
index 672b19a5..6fd4abee 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/unfreeze.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/unfreeze.inc.php
@@ -50,7 +50,7 @@ function plugin_unfreeze_action()
 		} else {
 			// Show unfreeze form
 			$msg    = & $this->root->_title_unfreeze;
-			$s_page = htmlspecialchars($page);
+			$s_page = $this->func->htmlspecialchars($page);
 			$script = $this->func->get_script_uri();
 			$body   = ($pass === NULL) ? '' : "<p><strong>{$this->root->_msg_invalidpass}</strong></p>\n";
 			$body  .= <<<EOD
diff --git a/xoops_trust_path/modules/xpwiki/plugin/urlbookmark.inc.php b/xoops_trust_path/modules/xpwiki/plugin/urlbookmark.inc.php
index a1522280..ee2f33f7 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/urlbookmark.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/urlbookmark.inc.php
@@ -172,7 +172,7 @@ function plugin_urlbookmark_convert() {
 		$nodate = in_array('nodate',$options) ? '1' : '0';
 		$above = in_array('above',$options) ? '1' : (in_array('below',$options) ? '0' : $this->config['URLBOOKMARK_INS']);
 		
-		$s_page = htmlspecialchars($this->root->vars['page']);
+		$s_page = $this->func->htmlspecialchars($this->root->vars['page']);
 		$urlbookmark_cols = $this->config['URLBOOKMARK_COMMENT_COLS'];
 		$url_cols = $this->config['URLBOOKMARK_URL_COLS'];
 		$script = $this->func->get_script_uri();
diff --git a/xoops_trust_path/modules/xpwiki/plugin/user_pref.inc.php b/xoops_trust_path/modules/xpwiki/plugin/user_pref.inc.php
index b723b92c..fb6fc2ab 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/user_pref.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/user_pref.inc.php
@@ -191,7 +191,7 @@ function show_form() {
 					$user_tag = strtolower($this->make_user_tag());
 					$user_pref['moblog_user_mail'] = str_replace('*', $user_tag, $this->root->moblog_pop_mail);
 				}
-				$this->root->moblog_user_mail = htmlspecialchars($user_pref['moblog_user_mail']);
+				$this->root->moblog_user_mail = $this->func->htmlspecialchars($user_pref['moblog_user_mail']);
 				$this->root->moblog_user_mail_rawurlenc = rawurlencode($user_pref['moblog_user_mail']);
 			}
 			if (! $user_pref['twitter_access_token']) {
@@ -213,7 +213,7 @@ function show_form() {
 				foreach ($table as $row) {
 					if (isset($row[1]) && strtolower(trim($row[0])) === 'myblog') {
 						$page = $this->func->strip_bracket(trim($row[1]));
-						$pages[] = htmlspecialchars($page);
+						$pages[] = $this->func->htmlspecialchars($page);
 					}
 				}
 				$user_pref['xmlrpc_pages'] = join("\n", $pages);
@@ -248,8 +248,8 @@ function show_form() {
 				$description = ! empty($conf['description'])? $conf['description'] : (! empty($this->msg[$key]['description'])? $this->msg[$key]['description'] : '');
 				$description = preg_replace('/\{\$root->(.+?)\}/e', '$this->root->$1', $description);
 				$value = isset($user_pref[$key])? $user_pref[$key] : '';
-				$value4disp = htmlspecialchars($value);
-				$name4disp = htmlspecialchars($key);
+				$value4disp = $this->func->htmlspecialchars($value);
+				$name4disp = $this->func->htmlspecialchars($key);
 				$real = '';
 
 				$extention = ! empty($this->msg[$key]['extention'])? $this->msg[$key]['extention'] : '';
@@ -358,7 +358,7 @@ function post_save() {
 
 		$done = array('<dl>');
 		foreach($posts as $key=>$val) {
-			$done[] = '<dt>'.htmlspecialchars($key).'<dt><dd>'.nl2br(htmlspecialchars($val)).'<dd>';
+			$done[] = '<dt>'.$this->func->htmlspecialchars($key).'<dt><dd>'.nl2br($this->func->htmlspecialchars($val)).'<dd>';
 		}
 		$done[] = '</dl>';
 
diff --git a/xoops_trust_path/modules/xpwiki/plugin/versionlist.inc.php b/xoops_trust_path/modules/xpwiki/plugin/versionlist.inc.php
index 3837ccaf..865fbb7d 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/versionlist.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/versionlist.inc.php
@@ -84,8 +84,8 @@ function get_filelist ($sdir) {
 			$comment = array('file'=>htmlspecialchars(str_replace($this->root->mytrustdirpath,'TRUST',$sdir.'/'.$file)),'rev'=>'','date'=>'');
 			if (preg_match('/\$'.'Id: (.+),v (\d+\.\d+) (\d{4}\/\d{2}\/\d{2} \d{2}:\d{2}:\d{2})/',$data,$matches))
 			{
-				$comment['rev'] = htmlspecialchars($matches[2]);
-				$comment['date'] = htmlspecialchars($matches[3]);
+				$comment['rev'] = $this->func->htmlspecialchars($matches[2]);
+				$comment['date'] = $this->func->htmlspecialchars($matches[3]);
 			}
 			$comments[str_replace($this->root->mytrustdirpath,'',$sdir.'/'.$file)] = $comment;
 		}
diff --git a/xoops_trust_path/modules/xpwiki/plugin/vote.inc.php b/xoops_trust_path/modules/xpwiki/plugin/vote.inc.php
index 8331e756..d1e6ed57 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/vote.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/vote.inc.php
@@ -203,9 +203,9 @@ function plugin_vote_convert() {
 		. $count_label
 		. "<td align=\"left\" class=\"vote_label\" style=\"padding-left:1em;padding-right:1em\"><strong>{$this->msg['choice']}</strong>"
 		. "<input type=\"hidden\" name=\"plugin\" value=\"vote\" />\n"
-		. "<input type=\"hidden\" name=\"refer\" value=\"".htmlspecialchars($this->root->vars["page"])."\" />\n"
-		. "<input type=\"hidden\" name=\"vote_no\" value=\"".htmlspecialchars($vote_no[$this->xpwiki->pid])."\" />\n"
-		. "<input type=\"hidden\" name=\"digest\" value=\"".htmlspecialchars($this->root->digest)."\" />\n"
+		. "<input type=\"hidden\" name=\"refer\" value=\"".$this->func->htmlspecialchars($this->root->vars["page"])."\" />\n"
+		. "<input type=\"hidden\" name=\"vote_no\" value=\"".$this->func->htmlspecialchars($vote_no[$this->xpwiki->pid])."\" />\n"
+		. "<input type=\"hidden\" name=\"digest\" value=\"".$this->func->htmlspecialchars($this->root->digest)."\" />\n"
 		. "</td>\n"
 		. "<td align=\"center\" class=\"vote_label\"><strong>{$this->msg['votes']}</strong></td>\n"
 		. "</tr>\n";
@@ -228,7 +228,7 @@ function plugin_vote_convert() {
 			
 			$string .= "<tr>".$cnt_tag
 				.  "<td align=\"left\" class=\"$cls\" style=\"padding-left:1em;padding-right:1em;\">$link</td>"
-			.  "<td align=\"right\" class=\"$cls\" nowrap=\"nowrap\">$cnt&nbsp;&nbsp;<input type=\"submit\" name=\"vote_".htmlspecialchars($e_arg)."\" value=\"{$this->msg['votes']}\" class=\"submit\"{$readonly} /></td>"
+			.  "<td align=\"right\" class=\"$cls\" nowrap=\"nowrap\">$cnt&nbsp;&nbsp;<input type=\"submit\" name=\"vote_".$this->func->htmlspecialchars($e_arg)."\" value=\"{$this->msg['votes']}\" class=\"submit\"{$readonly} /></td>"
 			.  "</tr>\n";
 			$line ++;
 		}
diff --git a/xoops_trust_path/modules/xpwiki/plugin/xoopsblock.inc.php b/xoops_trust_path/modules/xpwiki/plugin/xoopsblock.inc.php
index f0b33be9..4dd9e591 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/xoopsblock.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/xoopsblock.inc.php
@@ -122,7 +122,7 @@ function plugin_xoopsblock_convert() {
 			if (is_object($xoopsUser)) {
 				$xoopsTpl->assign(array('xoops_isuser' => true, 'xoops_userid' => $xoopsUser->getVar('uid'), 'xoops_uname' => $xoopsUser->getVar('uname'), 'xoops_isadmin' => $xoopsUser->isAdmin()));
 			}
-			$xoopsTpl->assign('xoops_requesturi', htmlspecialchars($GLOBALS['xoopsRequestUri'], ENT_QUOTES));
+			$xoopsTpl->assign('xoops_requesturi', $this->func->htmlspecialchars($GLOBALS['xoopsRequestUri'], ENT_QUOTES));
 
 			foreach ($tgt_bids as $bid) {
 				$myblock = new XoopsBlock($bid);
diff --git a/xoops_trust_path/modules/xpwiki/plugin/yahoo.inc.php b/xoops_trust_path/modules/xpwiki/plugin/yahoo.inc.php
index 7678b06d..2383bc00 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/yahoo.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/yahoo.inc.php
@@ -83,7 +83,7 @@ function plugin_yahoo_convert()
 				$more_add = FALSE;
 				if (!empty($this->config['YouTubeNAVI']))
 				{
-					$youtube = ' [ <a href="http://youtube.navi-gate.org/tag/'.$this->plugin_yahoo_youtube_urlencode(mb_convert_encoding($query,"UTF-8",$this->cont['SOURCE_ENCODING'])).'/" target="'.$this->root->link_target.'">YouTube NAVI: '.htmlspecialchars($query).'</a> ]';
+					$youtube = ' [ <a href="http://youtube.navi-gate.org/tag/'.$this->plugin_yahoo_youtube_urlencode(mb_convert_encoding($query,"UTF-8",$this->cont['SOURCE_ENCODING'])).'/" target="'.$this->root->link_target.'">YouTube NAVI: '.$this->func->htmlspecialchars($query).'</a> ]';
 				}
 				break;
 			//case "related":
@@ -98,7 +98,7 @@ function plugin_yahoo_convert()
 		$prms = array("target"=>$this->root->link_target,"type"=>"and","max"=>$this->config['max_'.$mode],"col"=>$this->config['col_'.$mode]);
 		$this->fetch_options ($prms, $args);
 		$max = (int)$prms['max'];
-		$more = "<a href='".$more.(($more_add !== FALSE)? ($max + $more_add) : '')."' target='".htmlspecialchars($prms['target'])."'>".sprintf($this->msg['msg_more'],htmlspecialchars($query),$this->msg['msg_'.$mode])."</a>";
+		$more = "<a href='".$more.(($more_add !== FALSE)? ($max + $more_add) : '')."' target='".$this->func->htmlspecialchars($prms['target'])."'>".sprintf($this->msg['msg_more'],$this->func->htmlspecialchars($query),$this->msg['msg_'.$mode])."</a>";
 
 		list($ret,$refresh) = $this->plugin_yahoo_get($mode,$query,$prms['type'],$max,$prms['target'],$prms['col']);
 
@@ -147,7 +147,7 @@ function plugin_yahoo_gethtml($mode,$query,$type,$max,$target,$col)
 			$this->appid_upg = $this->root->yahoo_app_upgrade_id;
 		}
 
-		$qs = htmlspecialchars($query);
+		$qs = $this->func->htmlspecialchars($query);
 		// RESTリクエストの構築
 		$query = rawurlencode(mb_convert_encoding(trim($query),"UTF-8",$this->cont['SOURCE_ENCODING']));
 		$max = (int)$max;
@@ -301,9 +301,9 @@ function plugin_yahoo_build_img($xml,$target,$col)
 			foreach ($dats as $dat)
 			{
 				if ($this->plugin_yahoo_check_ngsite($dat['ClickUrl'])) {continue;}
-				$title = "[".htmlspecialchars($dat['Title'])."]".htmlspecialchars($dat['Summary']);
+				$title = "[".$this->func->htmlspecialchars($dat['Title'])."]".$this->func->htmlspecialchars($dat['Summary']);
 				$size = $dat['Width']." x ".$dat['Height']." ".$dat['FileSize'];
-				$site = "[ <a href=\"".htmlspecialchars($dat['RefererUrl'])."\" target='{$target}'>Site</a> ]";
+				$site = "[ <a href=\"".$this->func->htmlspecialchars($dat['RefererUrl'])."\" target='{$target}'>Site</a> ]";
 
 				if ($cnt++ % $col === 0 && $cnt !== 1) $html .= "</tr><tr>";
 				$html .= "<td style='text-align:center;vertical-align:middle;'>";
@@ -338,9 +338,9 @@ function plugin_yahoo_build_mov($xml,$target,$col)
 			foreach ($dats as $dat)
 			{
 				if ($this->plugin_yahoo_check_ngsite($dat['ClickUrl'])) {continue;}
-				$title = "[".htmlspecialchars($dat['Title'])."]".htmlspecialchars($dat['Summary']);
+				$title = "[".$this->func->htmlspecialchars($dat['Title'])."]".$this->func->htmlspecialchars($dat['Summary']);
 				$size = $dat['Width']." x ".$dat['Height'];
-				$site = "[ <a href=\"".htmlspecialchars($dat['RefererUrl'])."\" target='{$target}'>Site</a> ]";
+				$site = "[ <a href=\"".$this->func->htmlspecialchars($dat['RefererUrl'])."\" target='{$target}'>Site</a> ]";
 				$min = (int)($dat['Duration'] / 60);
 				$sec = sprintf("%02d",($dat['Duration'] % 60));
 				$length = $min.":".$sec;
diff --git a/xoops_trust_path/modules/xpwiki/plugin/yetlist.inc.php b/xoops_trust_path/modules/xpwiki/plugin/yetlist.inc.php
index d680a6be..e153fc9e 100644
--- a/xoops_trust_path/modules/xpwiki/plugin/yetlist.inc.php
+++ b/xoops_trust_path/modules/xpwiki/plugin/yetlist.inc.php
@@ -48,12 +48,12 @@ function plugin_yetlist_action()
 				foreach ($refer as $_refer) {
 					$r_refer = rawurlencode($_refer);
 					$link_refs[] = '<a href="' . $script . '?' . $r_refer . '">' .
-					htmlspecialchars($_refer) . '</a>';
+					$this->func->htmlspecialchars($_refer) . '</a>';
 				}
 				$link_ref = join(' ', $link_refs);
 				unset($link_refs);
 	
-				$s_page = htmlspecialchars($page);
+				$s_page = $this->func->htmlspecialchars($page);
 				if ($this->cont['PKWK_READONLY']) {
 					$href = $s_page;
 				} else {
diff --git a/xoops_trust_path/modules/xpwiki/skin/keitai.skin.php b/xoops_trust_path/modules/xpwiki/skin/keitai.skin.php
index 326d8fe5..b8929b78 100644
--- a/xoops_trust_path/modules/xpwiki/skin/keitai.skin.php
+++ b/xoops_trust_path/modules/xpwiki/skin/keitai.skin.php
@@ -80,7 +80,7 @@
 		$this->make_link('&pb1;'),
 		$this->cont['ROOT_URL'],
 		$this->root->accesskey,
-		htmlspecialchars($this->root->siteinfo['sitename']) );
+		$this->htmlspecialchars($this->root->siteinfo['sitename']) );
 
 	$header .= sprintf('<div style="%s">%s</div>',
 		$style['easyLogin'],
@@ -91,7 +91,7 @@
 		$this->make_link('&pb3;'),
 		$link['top'],
 		$this->root->accesskey,
-		htmlspecialchars($this->root->module['title']),
+		$this->htmlspecialchars($this->root->module['title']),
 		$link['rss'],
 		'((e:f699))' );
 }
diff --git a/xoops_trust_path/modules/xpwiki/skin/print.skin.php b/xoops_trust_path/modules/xpwiki/skin/print.skin.php
index 38ea0799..73c3ad7c 100644
--- a/xoops_trust_path/modules/xpwiki/skin/print.skin.php
+++ b/xoops_trust_path/modules/xpwiki/skin/print.skin.php
@@ -90,13 +90,13 @@
 		if ($_link[0] === '/') {
 			$_link = $this->root->siteinfo['host'] . $_link;
 		}
-		$_link = htmlspecialchars(str_replace('&amp;', '&', $_link));
+		$_link = $this->htmlspecialchars(str_replace('&amp;', '&', $_link));
 		$_link = preg_replace('#^'.preg_quote($this->root->siteinfo['host'], '#').'#', '<sup class="links">(This host)</sup>', $_link);
-		//$links[] = '<sup class="links">['.$i.']</sup> ' . htmlspecialchars(str_replace('&amp;', '&', $link));
+		//$links[] = '<sup class="links">['.$i.']</sup> ' . $this->htmlspecialchars(str_replace('&amp;', '&', $link));
 		$links[] = $_link;
 	}
 	if ($links) {
-		$thisHost = '(This host) = ' . htmlspecialchars($this->root->siteinfo['host']);
+		$thisHost = '(This host) = ' . $this->htmlspecialchars($this->root->siteinfo['host']);
 		//$links = '<hr /><dl><dt>Links list <sub>'.$thisHost.'</sub><dt><dd>' . join('<br />', $links) . '</dd></dl>';
 		$links = '<hr /><h2>Links list</h2><p><small>'.$thisHost.'</small></p><ol class="list1 links"><li>' . join('</li><li>', $links) . '</li></ol>';
 	} else {
@@ -197,7 +197,7 @@
  <meta name="robots" content="NOINDEX,NOFOLLOW" />
 <?php if ($this->cont['PKWK_ALLOW_JAVASCRIPT'] && isset($this->root->javascript)) {?> <meta http-equiv="Content-Script-Type" content="text/javascript" /><?php }?>
 
- <title><?php echo htmlspecialchars($this->root->pagetitle) ?> - <?php echo $this->root->siteinfo['sitename'] ?></title>
+ <title><?php echo $this->htmlspecialchars($this->root->pagetitle) ?> - <?php echo $this->root->siteinfo['sitename'] ?></title>
 
 <?php echo $head_pre_tag?>
 <?php echo <<<EOD
diff --git a/xoops_trust_path/modules/xpwiki/skin/pukiwiki.skin.php b/xoops_trust_path/modules/xpwiki/skin/pukiwiki.skin.php
index 56403fb6..cc7b5aa3 100644
--- a/xoops_trust_path/modules/xpwiki/skin/pukiwiki.skin.php
+++ b/xoops_trust_path/modules/xpwiki/skin/pukiwiki.skin.php
@@ -78,8 +78,8 @@
 $favicon = ($image['favicon'])? "<link rel=\"SHORTCUT ICON\" href=\"{$image['favicon']}\" />" : "";
 $dirname = $this->root->mydirname;
 $profile = $this->cont['UA_PROFILE'];
-$rsstitle = 'RSS of ' . htmlspecialchars($this->root->module['title']);
-$s_page = htmlspecialchars($_page);
+$rsstitle = 'RSS of ' . $this->htmlspecialchars($this->root->module['title']);
+$s_page = $this->htmlspecialchars($_page);
 
 $upload_js = ' onclick="return XpWiki.fileupFormPopup(\''.$dirname.'\',\''.str_replace('\'', '\\\'', $s_page).'\')"';
 
diff --git a/xoops_trust_path/modules/xpwiki/skin/tdiary.skin.php b/xoops_trust_path/modules/xpwiki/skin/tdiary.skin.php
index c8b6d5e5..83bac4d4 100644
--- a/xoops_trust_path/modules/xpwiki/skin/tdiary.skin.php
+++ b/xoops_trust_path/modules/xpwiki/skin/tdiary.skin.php
@@ -59,7 +59,7 @@
 	$theme_css = $this->cont['DATA_HOME'] . 'skin/tdiary_theme/' . $theme . '/' . $theme . '.css';
 	if (! is_file($theme_css)) {
 		echo 'tDiary theme wrapper: ';
-		echo 'Theme not found: ' . htmlspecialchars($theme_css) . '<br />';
+		echo 'Theme not found: ' . $this->htmlspecialchars($theme_css) . '<br />';
 		echo 'You can get tdiary-theme from: ';
 		echo 'http://sourceforge.net/projects/tdiary/';
 		exit;
@@ -586,7 +586,7 @@
 <?php if ($this->root->nofollow || ! $is_read)  { ?> <meta name="robots" content="NOINDEX,NOFOLLOW" /><?php } ?>
 <?php if ($this->cont['PKWK_ALLOW_JAVASCRIPT'] && isset($this->root->javascript)) { ?> <meta http-equiv="Content-Script-Type" content="text/javascript" /><?php } ?>
 
- <title><?php echo htmlspecialchars($this->root->pagetitle) ?> - <?php echo $this->root->siteinfo['sitename'] ?></title>
+ <title><?php echo $this->htmlspecialchars($this->root->pagetitle) ?> - <?php echo $this->root->siteinfo['sitename'] ?></title>
 
 <?php echo $head_pre_tag?>
  <?php echo $favicon ?>
@@ -597,7 +597,7 @@
  <link rel="alternate" type="application/rss+xml" title="RSS" href="<?php echo $link['rss'] ?>" /><?php // RSS auto-discovery ?>
 <?php echo $head_tag ?>
 </head>
-<body<?php echo $css_prefix_id ?>><!-- Theme:<?php echo htmlspecialchars($theme) . ' Sidebar:' . $sidebar ?> -->
+<body<?php echo $css_prefix_id ?>><!-- Theme:<?php echo $this->htmlspecialchars($theme) . ' Sidebar:' . $sidebar ?> -->
 <div class="xpwiki_<?php echo $dirname ?>" style="position:relative;">
 
 <?php if ($menu && $sidebar == 'strict') { ?>
@@ -707,7 +707,7 @@
 $title = '';
 if ($disable_backlink) {
 	if ($_page !== '') {
-		$title = htmlspecialchars($_page);
+		$title = $this->htmlspecialchars($_page);
 	} else {
 		$title = $page; // Search, or something message
 	}
@@ -715,7 +715,7 @@
 	if ($page !== '') {
 		$title = $page;
 	} else {
-		$title =  htmlspecialchars($_page);
+		$title =  $this->htmlspecialchars($_page);
 	}
 }
 $title_date = $title_text = '';
diff --git a/xoops_trust_path/modules/xpwiki/util/plugin_conv/index.php b/xoops_trust_path/modules/xpwiki/util/plugin_conv/index.php
index f01109ac..bb8122e1 100644
--- a/xoops_trust_path/modules/xpwiki/util/plugin_conv/index.php
+++ b/xoops_trust_path/modules/xpwiki/util/plugin_conv/index.php
@@ -7,6 +7,9 @@
 
 $keys_reg = '/^(and|or|xor|exception|php_user_filter|array|as|break|case|class|const|continue|declare|default|die|do|echo|else|elseif|empty|enddeclare|endfor|endforeach|endif|endswitch|endwhile|eval|exit|extends|for|foreach|function|global|if|include|include_once|isset|list|new|print|require|require_once|return|static|switch|unset|use|var|while|final|php_user_filter|interface|implements|extends|public|private|protected|abstract|clone|try|catch|throw|cfunction|old_function|this)$/i';
 
+$over_funcs = array('htmlspecialchars');
+$over_funcs = array_flip($over_funcs);
+
 $defines = $func_all = $global_all = array();
 $other_all = $output_all = "";
 
@@ -314,7 +317,7 @@
 					preg_match_all($funcname_reg,$_line,$match,PREG_PATTERN_ORDER);
 					$funcs = array_unique($match[0]);
 					foreach ($funcs as $func_name) {
-						if (!function_exists($func_name) && !preg_match($keys_reg,$func_name)) {
+						if (isset($over_funcs[strtolower($func_name)]) || (!function_exists($func_name) && !preg_match($keys_reg,$func_name))) {
 							$line_old = $line;
 							// 自己関数？
 							if (array_search($func_name,$my_funcs) !== FALSE) {
@@ -522,9 +525,9 @@ function plugin_{$plugin_name}_init () {
 			fclose($fp);
 		}
 		*/
-
+		$enc = mb_detect_encoding($out, 'auto');
 		echo "<pre>";
-		echo htmlspecialchars($out);
+		echo @htmlspecialchars($out, ENT_COMPAT, $enc);
 		echo "</pre>";
 
 	} else {
diff --git a/xoops_trust_path/modules/xpwiki/util/skin_conv/index.php b/xoops_trust_path/modules/xpwiki/util/skin_conv/index.php
index 06f35546..7ee812cb 100644
--- a/xoops_trust_path/modules/xpwiki/util/skin_conv/index.php
+++ b/xoops_trust_path/modules/xpwiki/util/skin_conv/index.php
@@ -183,8 +183,9 @@
 			fwrite($fp, rtrim($out));
 			fclose($fp);
 		}
+		$enc = mb_detect_encoding($out, 'auto');
 		echo "<pre>";
-		echo htmlspecialchars($out);
+		echo htmlspecialchars($out, ENT_COMPAT, $enc);
 		echo "</pre>";
 
 	} else {
diff --git a/xoops_trust_path/modules/xpwiki/ways/redirect_SJIS.php b/xoops_trust_path/modules/xpwiki/ways/redirect_SJIS.php
index 9a8dcf8c..87acd498 100644
--- a/xoops_trust_path/modules/xpwiki/ways/redirect_SJIS.php
+++ b/xoops_trust_path/modules/xpwiki/ways/redirect_SJIS.php
@@ -8,7 +8,7 @@
 if (isset($_GET['l'])) {
 	$url = $_GET['l'];
 	$google = 'http://www.google.co.jp/gwt/n?u=' . rawurlencode($url);
-	$url = str_replace('&amp;', '&',htmlspecialchars($_GET['l']));
+	$url = str_replace('&amp;', '&',htmlspecialchars($_GET['l'], ENT_COMPAT, 'ISO-8859-1'));
 
 	// clear output buffer
 	while( ob_get_level() ) {
diff --git a/xoops_trust_path/modules/xpwiki/ways/w2x_php5.php b/xoops_trust_path/modules/xpwiki/ways/w2x_php5.php
index 22a7c2ac..097d8daa 100644
--- a/xoops_trust_path/modules/xpwiki/ways/w2x_php5.php
+++ b/xoops_trust_path/modules/xpwiki/ways/w2x_php5.php
@@ -84,6 +84,14 @@
 
 Send_xml($source, strval($line_break));
 
+function _htmlspecialchars ($str, $flags = ENT_COMPAT, $encoding = null, $double_encode = true) {
+	if (is_null($encoding)) {
+		$encoding = 'UTF-8';
+	}
+	return htmlspecialchars($str, $flags, $encoding, $double_encode);
+}
+
+
 function debug($data){
 	$file = dirname(__FILE__) . '/debug.txt';
 	@ unlink($file);
@@ -157,10 +165,10 @@ function guiedit_convert_ref($args, $div = TRUE) {
 	$body = $argbody = '';
 	if (! $div) {
 		$body = array_pop($args);
-		if ($body) $argbody = '{' . htmlspecialchars($body) . '}';
+		if ($body) $argbody = '{' . _htmlspecialchars($body) . '}';
 	}
 
-	$options = htmlspecialchars(join(',', $args));
+	$options = _htmlspecialchars(join(',', $args));
 
 	$filename = array_shift($args);
 	$_title = array();
@@ -218,13 +226,13 @@ function guiedit_convert_ref($args, $div = TRUE) {
 		$align = 'right';
 	}
 
-	$other = !empty($_title) ? htmlspecialchars(join(',', $_title)) : '';
+	$other = !empty($_title) ? _htmlspecialchars(join(',', $_title)) : '';
 	$other = preg_replace("/^,/", '', $other);
 
 	$attribute = 'class="ref" contenteditable="false" style="cursor:default"';
 	$attribute .= ' _filename="' . $filename . '"';
 	$attribute .= ' _othor="' . $other . '"';
-	$attribute .= ' _alt="' . htmlspecialchars($body) . '"';
+	$attribute .= ' _alt="' . _htmlspecialchars($body) . '"';
 	$attribute .= ' _width="' . ($params['_w'] ? $params['_w'] : '') . '"';
 	$attribute .= ' _height="' . ($params['_h'] ? $params['_h'] : '') . '"';
 	$attribute .= ' _mw="' . ($params['_mw'] ? $params['_mw'] : '') . '"';
@@ -239,11 +247,11 @@ function guiedit_convert_ref($args, $div = TRUE) {
 	$attribute .= ' _zoom="' . $params['zoom'] . '"';
 
 	if ($div) {
-		$attribute .= ' _source="' . htmlspecialchars("#ref($options)") . '"';
+		$attribute .= ' _source="' . _htmlspecialchars("#ref($options)") . '"';
 		$tags = "<div $attribute>#ref($options)</div>";
 	} else {
 		$inner = "&ref($options)$argbody;";
-		$attribute .= ' _source="' . htmlspecialchars($inner) . '"';
+		$attribute .= ' _source="' . _htmlspecialchars($inner) . '"';
 		$html = get_ref_html($args_org, false);
 		if (preg_match('#^<img[^>]+?'.'>$#', $html)) {
 			$attribute = str_replace('contenteditable="false"', 'contenteditable="true"', $attribute);
@@ -349,7 +357,7 @@ function convert($line, $link = TRUE, $enc = TRUE) {
 		global $xpwiki;
 
 		if ($enc) {
-			$line = htmlspecialchars($line);
+			$line = _htmlspecialchars($line);
 		}
 
 		// easy ref ( {{filename|alias}} )
@@ -471,18 +479,18 @@ function convert_plugin($matches) {
 					{
 						if ($color_type)
 						{
-							$style .= "color:".htmlspecialchars($color[1]).";";
+							$style .= "color:"._htmlspecialchars($color[1]).";";
 							$color_type = false;
 						} else {
-							$style .= "background-color:".htmlspecialchars($color[1]).";";
+							$style .= "background-color:"._htmlspecialchars($color[1]).";";
 						}
 					}
 					elseif (preg_match('/^(\d+(%|px|pt|em))$/',$prm,$size))
-						$style .= "font-size:".htmlspecialchars($size[1]).";line-height:130%;";
+						$style .= "font-size:"._htmlspecialchars($size[1]).";line-height:130%;";
 					elseif (preg_match('/^(\d+)$/',$prm,$size))
-						$style .= "font-size:".htmlspecialchars($size[1])."px;line-height:130%;";
+						$style .= "font-size:"._htmlspecialchars($size[1])."px;line-height:130%;";
 					elseif (preg_match('/^class:(.+)$/',$prm,$arg))
-						$class = ' class="' . str_replace('"' , '', htmlspecialchars($arg[1])) . '"';
+						$class = ' class="' . str_replace('"' , '', _htmlspecialchars($arg[1])) . '"';
 				}
 				if (count($decoration))
 					$style .= "text-decoration:".join(" ",$decoration).";";
@@ -517,7 +525,7 @@ function convert_plugin($matches) {
 				return guiedit_convert_ref($aryargs, FALSE);
 			case 'sub':
 				if (! $body && isset($aryargs[0])) {
-					$body = htmlspecialchars($aryargs[0]);
+					$body = _htmlspecialchars($aryargs[0]);
 				}
 				if ($body) {
 					return '<sub>' . $this->convert($body, TRUE, FALSE) . '</sub>';
@@ -525,7 +533,7 @@ function convert_plugin($matches) {
 				break;
 			case 'sup':
 				if (! $body && isset($aryargs[0])) {
-					$body = htmlspecialchars($aryargs[0]);
+					$body = _htmlspecialchars($aryargs[0]);
 				}
 				if ($body) {
 					return '<sup>' . $this->convert($body, TRUE, FALSE) . '</sup>';
@@ -1103,10 +1111,10 @@ function TableCellEx($text, $is_template = FALSE)
 				if (preg_match("/^#[0-9a-f]{3}$/i", $color)) {
 					$color = preg_replace("/[0-9a-f]/i", "$0$0", $color);
 				}
-				$this->style[$name] = $name . ':' . htmlspecialchars($color) . ';';
+				$this->style[$name] = $name . ':' . _htmlspecialchars($color) . ';';
 				$text = $matches[5];
 			} else if ($matches[4]) {
-				$this->style['size'] = 'font-size:' . htmlspecialchars($matches[4]) . 'px;';
+				$this->style['size'] = 'font-size:' . _htmlspecialchars($matches[4]) . 'px;';
 				$text = $matches[5];
 			}
 		}
@@ -1241,7 +1249,7 @@ function get_cell_style($string) {
 		// セル規定背景画指定
 		if (preg_match("/(?:[SCB]C):\(([^),]*)(,(?:no|one(?:ce)?|1))?\) ?/i",$cells[0],$tmp)) {
 			if (strpos($tmp[1], $xpwiki->cont['ROOT_URL']) === 0) {
-				$tmp[1] = htmlspecialchars($tmp[1]);
+				$tmp[1] = _htmlspecialchars($tmp[1]);
 				$this->style['background-image'] = "background-image: url(".$tmp[1].");";
 				if (!empty($tmp[2])) $this->style['bgcolor'] .= "background-repeat: no-repeat;";
 			}
@@ -1555,7 +1563,7 @@ function get_table_style($string) {
 		if (preg_match("/TC:\(([^),]*)(,(?:no|one(?:ce)?|1))?\) ?/i",$string,$reg)) {
 			//$reg[1] = str_replace("http","HTTP",$reg[1]);
 			if (strpos($reg[1], $xpwiki->cont['ROOT_URL']) === 0) {
-				$reg[1] = htmlspecialchars($reg[1]);
+				$reg[1] = _htmlspecialchars($reg[1]);
 				$this->table_sheet .= "background-image: url(".$reg[1].");";
 				if (!empty($reg[2])) $this->table_sheet .= "background-repeat: no-repeat;";
 			}
@@ -1667,7 +1675,7 @@ function PreEx(& $root, $text)
 	{
 		global $preformat_ltrim;
 		parent::ElementEx();
-		$this->elements[] = htmlspecialchars(
+		$this->elements[] = _htmlspecialchars(
 			(! $preformat_ltrim || $text == '' || $text{0} != ' ') ? $text : substr($text, 1));
 		$this->class = $root->comment? ' class="comment"' : '';
 	}
@@ -1723,11 +1731,11 @@ function toString()
 		}
 
 		if ($this->text) {
-			$this->text = str_replace(' ', '&nbsp;',htmlspecialchars($this->text));
+			$this->text = str_replace(' ', '&nbsp;',_htmlspecialchars($this->text));
 			$this->text = preg_replace("/\r/", "<br />", $this->text);
 		}
 
-		$this->param = htmlspecialchars($this->param);
+		$this->param = _htmlspecialchars($this->param);
 		$inner = "#$this->name" . ($this->param ? "($this->param)" : '') . $this->text;
 		if (MSIE) $styles[] = 'cursor:default;';