[ticket/16690] Fix htmlspecialchars and htmlspecialchars_decode default flag

PHPBB3-16690

phpBB/search.php

@@ -678,16 +678,16 @@ if ($keywords || $author || $author_id || $search_id || $submit)
 	$hilit = phpbb_clean_search_string(str_replace(array('+', '-', '|', '(', ')', '"'), ' ', $keywords));
 	$hilit = str_replace(' ', '|', $hilit);
 
-	$u_hilit = urlencode(htmlspecialchars_decode(str_replace('|', ' ', $hilit)));
+	$u_hilit = urlencode(htmlspecialchars_decode(str_replace('|', ' ', $hilit), ENT_COMPAT));
 	$u_show_results = '&sr=' . $show_results;
 	$u_search_forum = implode('&fid%5B%5D=', $search_forum);
 
 	$u_search = append_sid("{$phpbb_root_path}search.$phpEx", $u_sort_param . $u_show_results);
 	$u_search .= ($search_id) ? '&search_id=' . $search_id : '';
-	$u_search .= ($u_hilit) ? '&keywords=' . urlencode(htmlspecialchars_decode($keywords)) : '';
+	$u_search .= ($u_hilit) ? '&keywords=' . urlencode(htmlspecialchars_decode($keywords, ENT_COMPAT)) : '';
 	$u_search .= ($search_terms != 'all') ? '&terms=' . $search_terms : '';
 	$u_search .= ($topic_id) ? '&t=' . $topic_id : '';
-	$u_search .= ($author) ? '&author=' . urlencode(htmlspecialchars_decode($author)) : '';
+	$u_search .= ($author) ? '&author=' . urlencode(htmlspecialchars_decode($author, ENT_COMPAT)) : '';
 	$u_search .= ($author_id) ? '&author_id=' . $author_id : '';
 	$u_search .= ($u_search_forum) ? '&fid%5B%5D=' . $u_search_forum : '';
 	$u_search .= (!$search_child) ? '&sc=0' : '';
@@ -1564,7 +1564,7 @@ if ($auth->acl_get('a_search'))
 			'KEYWORDS'	=> $keywords,
 			'TIME'		=> $user->format_date($row['search_time']),
 
-			'U_KEYWORDS'	=> append_sid("{$phpbb_root_path}search.$phpEx", 'keywords=' . urlencode(htmlspecialchars_decode($keywords)))
+			'U_KEYWORDS'	=> append_sid("{$phpbb_root_path}search.$phpEx", 'keywords=' . urlencode(htmlspecialchars_decode($keywords, ENT_COMPAT)))
 		));
 	}
 	$db->sql_freeresult($result);