From 4a03c4c3cd6216405db69e3582df9ebf8809f057 Mon Sep 17 00:00:00 2001
From: Savetheinternet <savetheinternet@tinyboard.org>
Date: Thu, 17 Nov 2011 01:22:25 +1100
Subject: [PATCH] XSS/bug with last commit to utf8tohtml().

---
 inc/functions.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/inc/functions.php b/inc/functions.php
index caaa6894..4a0258c6 100644
--- a/inc/functions.php
+++ b/inc/functions.php
@@ -1339,7 +1339,7 @@
 	}
 
 	function utf8tohtml($utf8) {
-		return mb_encode_numericentity($utf8, Array(0xff, 0xffff, 0, 0xffff), 'UTF-8');
+		return mb_encode_numericentity(htmlspecialchars($utf8, ENT_NOQUOTES, 'UTF-8'), Array(0xff, 0xffff, 0, 0xffff), 'UTF-8');
 	}
 
 	function buildThread($id, $return=false, $mod=false) {