5601 added addslashes() in addition to ENT_QUOTES for htmlspecialchars()

mods/_standard/forums/forum/new_thread.php

@@ -41,9 +41,9 @@
 	exit;
 } else if (isset($_POST['submit'])) {
 	$missing_fields = array();
-    $_POST['subject'] = htmlspecialchars(strip_tags($_POST['subject']));
-    $_POST['body'] = htmlspecialchars(strip_tags($_POST['body'])); 
-    $_POST['replytext'] = htmlspecialchars(strip_tags($_POST['replytext'])); 
+    $_POST['subject'] = htmlentities(addslashes($_POST['subject']), ENT_QUOTES, 'UTF-8');
+    $_POST['body'] = htmlspecialchars(strip_tags($_POST['body']), ENT_QUOTES, 'UTF-8'); 
+    $_POST['replytext'] = htmlspecialchars(strip_tags($_POST['replytext']), ENT_QUOTES, 'UTF-8'); 
 
 	if ($_POST['subject'] == '')  {
 		$missing_fields[] = _AT('subject');

mods/_standard/forums/html/new_thread.inc.php

@@ -23,10 +23,10 @@
 
 if (isset($_POST['submit'])) {
 $parent_id	= intval($_POST['parent_id']);
-$parent_name	= htmlspecialchars($_POST['parent_name']);
-$subject =  htmlspecialchars($_POST['subject']);
-$body = htmlspecialchars($_POST['body']);
-$_POST['replytext'] =  htmlspecialchars($_POST['replytext']);
+$parent_name	= htmlspecialchars($_POST['parent_name'], ENT_QUOTES, 'UTF-8');
+$subject =  htmlspecialchars(addslashes($_POST['subject']), ENT_QUOTES, 'UTF-8');
+$body = htmlspecialchars($_POST['body'], ENT_QUOTES, 'UTF-8');
+$_POST['replytext'] =  htmlspecialchars($_POST['replytext'], ENT_QUOTES, 'UTF-8');
 
     //post reply is set when there is an error occuring.
     if ($_POST['reply']!=''){