From 77ecfdd1a42811a1239b29c18b21768d2a5a3ae0 Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@statuscode.ch>
Date: Fri, 11 Apr 2014 19:42:15 +0200
Subject: [PATCH] Only encode dangerous dangerous characters

There is no need to encode all characters into HTML entities, only potential dangerous characters as &, ", ', < and > should get encoded.

This may fix issues like https://github.com/owncloud/calendar/pull/394
---
 lib/private/util.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/private/util.php b/lib/private/util.php
index 731b7c9750..a744644b39 100755
--- a/lib/private/util.php
+++ b/lib/private/util.php
@@ -805,7 +805,7 @@ class OC_Util {
 			array_walk_recursive($value, 'OC_Util::sanitizeHTML');
 		} else {
 			//Specify encoding for PHP<5.4
-			$value = htmlentities((string)$value, ENT_QUOTES, 'UTF-8');
+			$value = htmlspecialchars((string)$value, ENT_QUOTES, 'UTF-8');
 		}
 		return $value;
 	}