ok, i am an idiot...

git-svn-id: file:///svn/phpbb/trunk@6548 89ea8834-ac86-4346-8a33-228a782c2dd0
2025-04-19 23:32:02 +02:00 · 2006-11-03 21:05:25 +00:00 · 2006-11-03 21:05:25 +00:00 · 7ab232a455
commit 7ab232a455
parent b0989c3f4d
28 changed files with 75 additions and 115 deletions
--- a/phpBB/includes/acp/acp_ban.php
+++ b/phpBB/includes/acp/acp_ban.php
@ -189,7 +189,7 @@ class acp_ban
 				$template->assign_block_vars('ban_reason', array(
 					'BAN_ID'	=> $ban_id,
 					'REASON'	=> $reason,
-					'A_REASON'	=> addslashes(utf8_html_entity_decode($reason)))
+					'A_REASON'	=> addslashes(htmlspecialchars_decode($reason)))
 				);
 			}
 		}
@ -201,7 +201,7 @@ class acp_ban
 				$template->assign_block_vars('ban_give_reason', array(
 					'BAN_ID'	=> $ban_id,
 					'REASON'	=> $reason,
-					'A_REASON'	=> addslashes(utf8_html_entity_decode($reason)))
+					'A_REASON'	=> addslashes(htmlspecialchars_decode($reason)))
 				);
 			}
 		}
--- a/phpBB/includes/acp/acp_bbcodes.php
+++ b/phpBB/includes/acp/acp_bbcodes.php
@ -75,7 +75,7 @@ class acp_bbcodes
 				$display_on_posting = request_var('display_on_posting', 0);

 				$bbcode_match = request_var('bbcode_match', '');
-				$bbcode_tpl = html_entity_decode(request_var('bbcode_tpl', ''));
+				$bbcode_tpl = htmlspecialchars_decode(request_var('bbcode_tpl', ''));
 				$bbcode_helpline = request_var('bbcode_helpline', '');
 			break;
 		}
--- a/phpBB/includes/acp/acp_email.php
+++ b/phpBB/includes/acp/acp_email.php
@ -150,13 +150,13 @@ class acp_email
 					$messenger->headers('X-AntiAbuse: Username - ' . $user->data['username']);
 					$messenger->headers('X-AntiAbuse: User IP - ' . $user->ip);
 			
-					$messenger->subject(utf8_html_entity_decode($subject));
+					$messenger->subject(htmlspecialchars_decode($subject));
 					$messenger->replyto($config['board_email']);
 					$messenger->set_mail_priority($priority);

 					$messenger->assign_vars(array(
 						'CONTACT_EMAIL' => $config['board_contact'],
-						'MESSAGE'		=> utf8_html_entity_decode($message))
+						'MESSAGE'		=> htmlspecialchars_decode($message))
 					);
 	
 					if (!($messenger->send($used_method)))
--- a/phpBB/includes/acp/acp_inactive.php
+++ b/phpBB/includes/acp/acp_inactive.php
@ -107,7 +107,7 @@ class acp_inactive
 							$messenger->im($row['user_jabber'], $row['username']);

 							$messenger->assign_vars(array(
-								'USERNAME'		=> utf8_html_entity_decode($row['username']),
+								'USERNAME'		=> htmlspecialchars_decode($row['username']),
 								'REGISTER_DATE'	=> $user->format_date($row['user_regdate']), 
 								'U_ACTIVATE'	=> "$board_url&mode=activate&u=" . $row['user_id'] . '&k=' . $row['user_actkey'])
 							);
--- a/phpBB/includes/acp/acp_language.php
+++ b/phpBB/includes/acp/acp_language.php
@ -829,9 +829,9 @@ class acp_language
 				$this->add_to_archive($compress, $mod_files, $row['lang_iso'], 'mods');

 				// Write ISO File
-				$iso_src = html_entity_decode($row['lang_english_name']) . "\n";
-				$iso_src .= utf8_html_entity_decode($row['lang_local_name']) . "\n";
-				$iso_src .= utf8_html_entity_decode($row['lang_author']);
+				$iso_src = htmlspecialchars_decode($row['lang_english_name']) . "\n";
+				$iso_src .= htmlspecialchars_decode($row['lang_local_name']) . "\n";
+				$iso_src .= htmlspecialchars_decode($row['lang_author']);
 				$compress->add_data($iso_src, 'language/' . $row['lang_iso'] . '/iso.txt');

 				// index.html files
--- a/phpBB/includes/acp/acp_ranks.php
+++ b/phpBB/includes/acp/acp_ranks.php
@ -55,7 +55,7 @@ class acp_ranks
 					'rank_title'		=> $rank_title,
 					'rank_special'		=> $special_rank,
 					'rank_min'			=> $min_posts,
-					'rank_image'		=> html_entity_decode($rank_image)
+					'rank_image'		=> htmlspecialchars_decode($rank_image)
 				);
 				
 				if ($rank_id)
--- a/phpBB/includes/acp/acp_styles.php
+++ b/phpBB/includes/acp/acp_styles.php
@ -783,7 +783,7 @@ pagination_sep = \'{PAGINATION_SEP}\'

 			'SELECTED_TEMPLATE'	=> $template_info['template_name'],
 			'TEMPLATE_FILE'		=> $template_file,
-			'TEMPLATE_DATA'		=> htmlentities($template_data),
+			'TEMPLATE_DATA'		=> htmlspecialchars($template_data),
 			'TEXT_ROWS'			=> $text_rows)
 		);
 	}
--- a/phpBB/includes/acp/acp_users.php
+++ b/phpBB/includes/acp/acp_users.php
@ -305,8 +305,8 @@ class acp_users
 								$messenger->headers('X-AntiAbuse: User IP - ' . $user->ip);

 								$messenger->assign_vars(array(
-									'WELCOME_MSG'	=> utf8_html_entity_decode(sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename'])),
-									'USERNAME'		=> utf8_html_entity_decode($user_row['username']),
+									'WELCOME_MSG'	=> htmlspecialchars_decode(sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename'])),
+									'USERNAME'		=> htmlspecialchars_decode($user_row['username']),
 									'U_ACTIVATE'	=> "$server_url/ucp.$phpEx?mode=activate&u={$user_row['user_id']}&k=$user_actkey")
 								);

--- a/phpBB/includes/auth/auth_ldap.php
+++ b/phpBB/includes/auth/auth_ldap.php
@ -38,7 +38,7 @@ function init_ldap()
 	$search = @ldap_search(
 		$ldap,
 		$config['ldap_base_dn'],
-		'(' . $config['ldap_uid'] . '=' . ldap_escape(utf8_html_entity_decode($user->data['username'])) . ')',
+		'(' . $config['ldap_uid'] . '=' . ldap_escape(htmlspecialchars_decode($user->data['username'])) . ')',
 		(empty($config['ldap_email'])) ? array($config['ldap_uid']) : array($config['ldap_uid'], $config['ldap_email']),
 		0,
 		1
@ -98,7 +98,7 @@ function login_ldap(&$username, &$password)
 	$search = @ldap_search(
 		$ldap,
 		$config['ldap_base_dn'],
-		'(' . $config['ldap_uid'] . '=' . ldap_escape(utf8_html_entity_decode($username)) . ')',
+		'(' . $config['ldap_uid'] . '=' . ldap_escape(htmlspecialchars_decode($username)) . ')',
 		(empty($config['ldap_email'])) ? array($config['ldap_uid']) : array($config['ldap_uid'], $config['ldap_email']),
 		0,
 		1
@ -108,7 +108,7 @@ function login_ldap(&$username, &$password)

 	if (is_array($ldap_result) && sizeof($ldap_result) > 1)
 	{
-		if (@ldap_bind($ldap, $ldap_result[0]['dn'], html_entity_decode($password)))
+		if (@ldap_bind($ldap, $ldap_result[0]['dn'], htmlspecialchars_decode($password)))
 		{
 			@ldap_close($ldap);

--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@ -1900,7 +1900,7 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
 					'S_CONFIRM_CODE'			=> true,
 					'CONFIRM_ID'				=> $confirm_id,
 					'CONFIRM_IMAGE'				=> '<img src="' . append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=confirm&amp;id=' . $confirm_id . '&amp;type=' . CONFIRM_LOGIN) . '" alt="" title="" />',
-					'L_LOGIN_CONFIRM_EXPLAIN'	=> sprintf($user->lang['LOGIN_CONFIRM_EXPLAIN'], '<a href="mailto:' . htmlentities($config['board_contact']) . '">', '</a>'),
+					'L_LOGIN_CONFIRM_EXPLAIN'	=> sprintf($user->lang['LOGIN_CONFIRM_EXPLAIN'], '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">', '</a>'),
 				));

 				$err = $user->lang[$result['error_msg']];
@ -1914,7 +1914,7 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
 				// Assign admin contact to some error messages
 				if ($result['error_msg'] == 'LOGIN_ERROR_USERNAME' || $result['error_msg'] == 'LOGIN_ERROR_PASSWORD')
 				{
-					$err = (!$config['board_contact']) ? sprintf($user->lang[$result['error_msg']], '', '') : sprintf($user->lang[$result['error_msg']], '<a href="mailto:' . htmlentities($config['board_contact']) . '">', '</a>');
+					$err = (!$config['board_contact']) ? sprintf($user->lang[$result['error_msg']], '', '') : sprintf($user->lang[$result['error_msg']], '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">', '</a>');
 				}
 			break;
 		}
@ -2728,7 +2728,7 @@ function truncate_string($string, $max_length = 60, $allow_reply = true)
 		$string = substr($string, 4);
 	}

-	$_chars = utf8_str_split(utf8_html_entity_decode($string));
+	$_chars = utf8_str_split(htmlspecialchars_decode($string));
 	$chars = array_map('htmlspecialchars', $_chars);

 	// Now check the length ;)
--- a/phpBB/includes/functions_messenger.php
+++ b/phpBB/includes/functions_messenger.php
@ -191,8 +191,8 @@ class messenger

 		// We add some standard variables we always use, no need to specify them always
 		$this->vars['U_BOARD'] = (!isset($this->vars['U_BOARD'])) ? generate_board_url() : $this->vars['U_BOARD'];
-		$this->vars['EMAIL_SIG'] = (!isset($this->vars['EMAIL_SIG'])) ? str_replace('<br />', "\n", "-- \n" . utf8_html_entity_decode($config['board_email_sig'])) : $this->vars['EMAIL_SIG'];
-		$this->vars['SITENAME'] = (!isset($this->vars['SITENAME'])) ? utf8_html_entity_decode($config['sitename']) : $this->vars['SITENAME'];
+		$this->vars['EMAIL_SIG'] = (!isset($this->vars['EMAIL_SIG'])) ? str_replace('<br />', "\n", "-- \n" . htmlspecialchars_decode($config['board_email_sig'])) : $this->vars['EMAIL_SIG'];
+		$this->vars['SITENAME'] = (!isset($this->vars['SITENAME'])) ? htmlspecialchars_decode($config['sitename']) : $this->vars['SITENAME'];

 		// Escape all quotes, else the eval will fail.
 		$this->msg = str_replace ("'", "\'", $this->msg);
--- a/phpBB/includes/functions_posting.php
+++ b/phpBB/includes/functions_posting.php
@ -1114,9 +1114,9 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id
 				$messenger->im($addr['jabber'], $addr['name']);

 				$messenger->assign_vars(array(
-					'USERNAME'		=> utf8_html_entity_decode($addr['name']),
-					'TOPIC_TITLE'	=> utf8_html_entity_decode($topic_title),
-					'FORUM_NAME'	=> utf8_html_entity_decode($forum_name),
+					'USERNAME'		=> htmlspecialchars_decode($addr['name']),
+					'TOPIC_TITLE'	=> htmlspecialchars_decode($topic_title),
+					'FORUM_NAME'	=> htmlspecialchars_decode($forum_name),

 					'U_FORUM'				=> generate_board_url() . "/viewforum.$phpEx?f=$forum_id&e=0",
 					'U_TOPIC'				=> generate_board_url() . "/viewtopic.$phpEx?f=$forum_id&t=$topic_id&e=0",
--- a/phpBB/includes/functions_privmsgs.php
+++ b/phpBB/includes/functions_privmsgs.php
@ -1596,9 +1596,9 @@ function pm_notification($mode, $author, $recipients, $subject, $message)
 		$messenger->im($addr['jabber'], $addr['name']);

 		$messenger->assign_vars(array(
-			'SUBJECT'		=> utf8_html_entity_decode($subject),
-			'AUTHOR_NAME'	=> utf8_html_entity_decode($author),
-			'USERNAME'		=> utf8_html_entity_decode($addr['name']),
+			'SUBJECT'		=> htmlspecialchars_decode($subject),
+			'AUTHOR_NAME'	=> htmlspecialchars_decode($author),
+			'USERNAME'		=> htmlspecialchars_decode($addr['name']),

 			'U_INBOX'		=> generate_board_url() . "/ucp.$phpEx?i=pm&folder=inbox")
 		);
--- a/phpBB/includes/functions_user.php
+++ b/phpBB/includes/functions_user.php
@ -1054,11 +1054,11 @@ function validate_string($string, $optional = false, $min = 0, $max = 0)
 		return false;
 	}

-	if ($min && utf8_strlen(utf8_html_entity_decode($string)) < $min)
+	if ($min && utf8_strlen(htmlspecialchars_decode($string)) < $min)
 	{
 		return 'TOO_SHORT';
 	}
-	else if ($max && utf8_strlen(utf8_html_entity_decode($string)) > $max)
+	else if ($max && utf8_strlen(htmlspecialchars_decode($string)) > $max)
 	{
 		return 'TOO_LONG';
 	}
@ -2009,8 +2009,8 @@ function group_user_attributes($action, $group_id, $user_id_ary = false, $userna
 				$messenger->im($row['user_jabber'], $row['username']);

 				$messenger->assign_vars(array(
-					'USERNAME'		=> utf8_html_entity_decode($row['username']),
-					'GROUP_NAME'	=> utf8_html_entity_decode($group_name),
+					'USERNAME'		=> htmlspecialchars_decode($row['username']),
+					'GROUP_NAME'	=> htmlspecialchars_decode($group_name),
 					'U_GROUP'		=> generate_board_url() . "/ucp.$phpEx?i=groups&mode=membership")
 				);

--- a/phpBB/includes/mcp/mcp_queue.php
+++ b/phpBB/includes/mcp/mcp_queue.php
@ -535,9 +535,9 @@ function approve_post($post_id_list, $mode)
 				$messenger->im($post_data['user_jabber'], $post_data['username']);

 				$messenger->assign_vars(array(
-					'USERNAME'		=> utf8_html_entity_decode($post_data['username']),
-					'POST_SUBJECT'	=> utf8_html_entity_decode(censor_text($post_data['post_subject'])),
-					'TOPIC_TITLE'	=> utf8_html_entity_decode(censor_text($post_data['topic_title'])),
+					'USERNAME'		=> htmlspecialchars_decode($post_data['username']),
+					'POST_SUBJECT'	=> htmlspecialchars_decode(censor_text($post_data['post_subject'])),
+					'TOPIC_TITLE'	=> htmlspecialchars_decode(censor_text($post_data['topic_title'])),

 					'U_VIEW_TOPIC'	=> generate_board_url() . "/viewtopic.$phpEx?f=$forum_id&t={$post_data['topic_id']}&e=0",
 					'U_VIEW_POST'	=> generate_board_url() . "/viewtopic.$phpEx?f=$forum_id&t={$post_data['topic_id']}&p=$post_id&e=$post_id")
@ -746,10 +746,10 @@ function disapprove_post($post_id_list, $mode)
 				$messenger->im($post_data['user_jabber'], $post_data['username']);

 				$messenger->assign_vars(array(
-					'USERNAME'		=> utf8_html_entity_decode($post_data['username']),
-					'REASON'		=> utf8_html_entity_decode($disapprove_reason),
-					'POST_SUBJECT'	=> utf8_html_entity_decode(censor_text($post_data['post_subject'])),
-					'TOPIC_TITLE'	=> utf8_html_entity_decode(censor_text($post_data['topic_title'])))
+					'USERNAME'		=> htmlspecialchars_decode($post_data['username']),
+					'REASON'		=> htmlspecialchars_decode($disapprove_reason),
+					'POST_SUBJECT'	=> htmlspecialchars_decode(censor_text($post_data['post_subject'])),
+					'TOPIC_TITLE'	=> htmlspecialchars_decode(censor_text($post_data['topic_title'])))
 				);

 				$messenger->send($post_data['user_notify_type']);
--- a/phpBB/includes/mcp/mcp_reports.php
+++ b/phpBB/includes/mcp/mcp_reports.php
@ -489,10 +489,10 @@ function close_report($post_id_list, $mode, $action)
 				$messenger->im($reporter['user_jabber'], $reporter['username']);

 				$messenger->assign_vars(array(
-					'USERNAME'		=> utf8_html_entity_decode($reporter['username']),
-					'CLOSER_NAME'	=> utf8_html_entity_decode($user->data['username']),
-					'POST_SUBJECT'	=> utf8_html_entity_decode(censor_text($post_info[$post_id]['post_subject'])),
-					'TOPIC_TITLE'	=> utf8_html_entity_decode(censor_text($post_info[$post_id]['topic_title'])))
+					'USERNAME'		=> htmlspecialchars_decode($reporter['username']),
+					'CLOSER_NAME'	=> htmlspecialchars_decode($user->data['username']),
+					'POST_SUBJECT'	=> htmlspecialchars_decode(censor_text($post_info[$post_id]['post_subject'])),
+					'TOPIC_TITLE'	=> htmlspecialchars_decode(censor_text($post_info[$post_id]['topic_title'])))
 				);

 				$messenger->send($reporter['user_notify_type']);
--- a/phpBB/includes/message_parser.php
+++ b/phpBB/includes/message_parser.php
@ -419,7 +419,7 @@ class bbcode_firstpass extends bbcode
 					}

 					// Because highlight_string is specialcharing the text (but we already did this before), we have to reverse this in order to get correct results
-					$code = utf8_html_entity_decode($code);
+					$code = htmlspecialchars_decode($code);
 					$code = highlight_string($code, true);

 					$str_from = array('<span style="color: ', '<font color="syntax', '</font>', '<code>', '</code>','[', ']', '.', ':');
--- a/phpBB/includes/search/fulltext_native.php
+++ b/phpBB/includes/search/fulltext_native.php
@ -1323,7 +1323,7 @@ class fulltext_native extends search_backend
 		/**
 		* Replace HTML entities and NCRs
 		*/
-		$text = html_entity_decode(utf8_decode_ncr($text), ENT_QUOTES);
+		$text = htmlspecialchars_decode(utf8_decode_ncr($text), ENT_QUOTES);

 		/**
 		* Load the UTF-8 normalizer
--- a/phpBB/includes/ucp/ucp_activate.php
+++ b/phpBB/includes/ucp/ucp_activate.php
@ -93,7 +93,7 @@ class ucp_activate
 			$messenger->headers('X-AntiAbuse: User IP - ' . $user->ip);

 			$messenger->assign_vars(array(
-				'USERNAME'	=> utf8_html_entity_decode($user_row['username']))
+				'USERNAME'	=> htmlspecialchars_decode($user_row['username']))
 			);

 			$messenger->send($user_row['user_notify_type']);
--- a/phpBB/includes/ucp/ucp_groups.php
+++ b/phpBB/includes/ucp/ucp_groups.php
@ -188,8 +188,8 @@ class ucp_groups
 									$messenger->im($row['user_jabber'], $row['username']);

 									$messenger->assign_vars(array(
-										'USERNAME'		=> utf8_html_entity_decode($row['username']),
-										'GROUP_NAME'	=> utf8_html_entity_decode($group_row[$group_id]['group_name']),
+										'USERNAME'		=> htmlspecialchars_decode($row['username']),
+										'GROUP_NAME'	=> htmlspecialchars_decode($group_row[$group_id]['group_name']),

 										'U_PENDING'		=> generate_board_url() . "/ucp.$phpEx?i=groups&mode=manage&action=list&g=$group_id",
 										'U_GROUP'		=> generate_board_url() . "/memberlist.$phpEx?mode=group&g=$group_id")
--- a/phpBB/includes/ucp/ucp_profile.php
+++ b/phpBB/includes/ucp/ucp_profile.php
@ -144,7 +144,7 @@ class ucp_profile
 							$messenger->headers('X-AntiAbuse: User IP - ' . $user->ip);

 							$messenger->assign_vars(array(
-								'USERNAME'		=> utf8_html_entity_decode($username),
+								'USERNAME'		=> htmlspecialchars_decode($username),
 								'U_ACTIVATE'	=> "$server_url/ucp.$phpEx?mode=activate&u={$user->data['user_id']}&k=$user_actkey")
 							);

@ -177,7 +177,7 @@ class ucp_profile
 									$messenger->im($row['user_jabber'], $row['username']);

 									$messenger->assign_vars(array(
-										'USERNAME'		=> utf8_html_entity_decode($username),
+										'USERNAME'		=> htmlspecialchars_decode($username),
 										'U_ACTIVATE'	=> "$server_url/ucp.$phpEx?mode=activate&u={$user->data['user_id']}&k=$user_actkey")
 									);

--- a/phpBB/includes/ucp/ucp_register.php
+++ b/phpBB/includes/ucp/ucp_register.php
@ -336,9 +336,9 @@ class ucp_register
 					$messenger->headers('X-AntiAbuse: User IP - ' . $user->ip);

 					$messenger->assign_vars(array(
-						'WELCOME_MSG'	=> utf8_html_entity_decode(sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename'])),
-						'USERNAME'		=> utf8_html_entity_decode($data['username']),
-						'PASSWORD'		=> html_entity_decode($data['new_password']),
+						'WELCOME_MSG'	=> htmlspecialchars_decode(sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename'])),
+						'USERNAME'		=> htmlspecialchars_decode($data['username']),
+						'PASSWORD'		=> htmlspecialchars_decode($data['new_password']),
 						'U_ACTIVATE'	=> "$server_url/ucp.$phpEx?mode=activate&u=$user_id&k=$user_actkey")
 					);

@ -380,7 +380,7 @@ class ucp_register
 							$messenger->im($row['user_jabber'], $row['username']);

 							$messenger->assign_vars(array(
-								'USERNAME'		=> utf8_html_entity_decode($data['username']),
+								'USERNAME'		=> htmlspecialchars_decode($data['username']),
 								'U_ACTIVATE'	=> "$server_url/ucp.$phpEx?mode=activate&u=$user_id&k=$user_actkey")
 							);

@ -494,7 +494,7 @@ class ucp_register
 			'EMAIL_CONFIRM'		=> (isset($data['email_confirm'])) ? $data['email_confirm'] : '',
 			'CONFIRM_IMG'		=> $confirm_image,

-			'L_CONFIRM_EXPLAIN'			=> sprintf($user->lang['CONFIRM_EXPLAIN'], '<a href="mailto:' . htmlentities($config['board_contact']) . '">', '</a>'),
+			'L_CONFIRM_EXPLAIN'			=> sprintf($user->lang['CONFIRM_EXPLAIN'], '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">', '</a>'),
 			'L_REG_COND'				=> $l_reg_cond,
 			'L_USERNAME_EXPLAIN'		=> sprintf($user->lang[$user_char_ary[str_replace('\\\\', '\\', $config['allow_name_chars'])] . '_EXPLAIN'], $config['min_name_chars'], $config['max_name_chars']),
 			'L_NEW_PASSWORD_EXPLAIN'	=> sprintf($user->lang[$pass_char_ary[str_replace('\\\\', '\\', $config['pass_complex'])] . '_EXPLAIN'], $config['min_pass_chars'], $config['max_pass_chars']),
--- a/phpBB/includes/ucp/ucp_remind.php
+++ b/phpBB/includes/ucp/ucp_remind.php
@ -69,8 +69,8 @@ class ucp_remind
 			$messenger->im($user_row['user_jabber'], $user_row['username']);

 			$messenger->assign_vars(array(
-				'USERNAME'		=> utf8_html_entity_decode($user_row['username']),
-				'PASSWORD'		=> html_entity_decode($user_password),
+				'USERNAME'		=> htmlspecialchars_decode($user_row['username']),
+				'PASSWORD'		=> htmlspecialchars_decode($user_password),
 				'U_ACTIVATE'	=> "$server_url/ucp.$phpEx?mode=activate&u={$user_row['user_id']}&k=$user_actkey")
 			);

--- a/phpBB/includes/ucp/ucp_resend.php
+++ b/phpBB/includes/ucp/ucp_resend.php
@ -77,8 +77,8 @@ class ucp_resend
 				$messenger->headers('X-AntiAbuse: User IP - ' . $user->ip);

 				$messenger->assign_vars(array(
-					'WELCOME_MSG'	=> utf8_html_entity_decode(sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename'])),
-					'USERNAME'		=> utf8_html_entity_decode($user_row['username']),
+					'WELCOME_MSG'	=> htmlspecialchars_decode(sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename'])),
+					'USERNAME'		=> htmlspecialchars_decode($user_row['username']),
 					'U_ACTIVATE'	=> generate_board_url() . "/ucp.$phpEx?mode=activate&u={$user_row['user_id']}&k={$user_row['user_actkey']}")
 				);

@ -112,7 +112,7 @@ class ucp_resend
 					$messenger->im($row['user_jabber'], $row['username']);

 					$messenger->assign_vars(array(
-						'USERNAME'		=> utf8_html_entity_decode($user_row['username']),
+						'USERNAME'		=> htmlspecialchars_decode($user_row['username']),
 						'U_ACTIVATE'	=> generate_board_url() . "/ucp.$phpEx?mode=activate&u={$user_row['user_id']}&k={$user_row['user_actkey']}")
 					);

--- a/phpBB/includes/utf/utf_tools.php
+++ b/phpBB/includes/utf/utf_tools.php
@ -967,44 +967,4 @@ function utf8_clean_string($text)
 	return $text;
 }

-if (version_compare(phpversion(), '5', '>='))
-{
-	/**
-	* @ignore
-	*/
-	function utf8_html_entity_decode($string, $quote_style = ENT_COMPAT)
-	{
-		return html_entity_decode($string, $quote_style, 'UTF-8');
-	}
-}
-else
-{
-	/**
-	* @todo needs documenting
-	*/
-	function utf8_html_entity_decode($string, $quote_style = ENT_COMPAT)
-	{
-		static $static_table;
-
-		if ($static_table === null)
-		{
-			$static_table = array_map('utf8_encode', array_flip(get_html_translation_table(HTML_ENTITIES)));
-		}
-
-		$modified_table = $static_table;
-
-		if ($quote_style === ENT_QUOTES)
-		{
-			$modified_table['&#039;'] = "'";
-		}
-
-		if ($quote_style === ENT_NOQUOTES)
-		{
-			unset($modified_table['&quot;']);
-		}
-
-		return strtr($string, $modified_table);
-	}
-}
-
 ?>
--- a/phpBB/install/install_install.php
+++ b/phpBB/install/install_install.php
@ -421,7 +421,7 @@ class install_install extends module
 				}
 			}
 			
-			$dbpasswd = html_entity_decode($dbpasswd);
+			$dbpasswd = htmlspecialchars_decode($dbpasswd);

 			$connect_test = $this->connect_check_db(true, $error, $dbms, $table_prefix, $dbhost, $dbuser, $dbpasswd, $dbname, $dbport);

@ -757,7 +757,7 @@ class install_install extends module
 		}
 		@fclose($fp);

-		$dbpasswd = html_entity_decode($dbpasswd);
+		$dbpasswd = htmlspecialchars_decode($dbpasswd);
 		$load_extensions = implode(',', $load_extensions);

 		// Time to convert the data provided into a config file
@ -981,7 +981,7 @@ class install_install extends module
 			@dl($this->available_dbms[$dbms]['MODULE'] . ".$prefix");
 		}

-		$dbpasswd = html_entity_decode($dbpasswd);
+		$dbpasswd = htmlspecialchars_decode($dbpasswd);

 		// Load the appropriate database class if not already loaded
 		include($phpbb_root_path . 'includes/db/' . $this->available_dbms[$dbms]['DRIVER'] . '.' . $phpEx);
@ -1234,7 +1234,7 @@ class install_install extends module
 			$$var = ($var == 'admin_name') ? request_var($var, '', true) : request_var($var, '');
 		}

-		$dbpasswd = html_entity_decode($dbpasswd);
+		$dbpasswd = htmlspecialchars_decode($dbpasswd);

 		// Load the appropriate database class if not already loaded
 		include($phpbb_root_path . 'includes/db/' . $this->available_dbms[$dbms]['DRIVER'] . '.' . $phpEx);
@ -1624,8 +1624,8 @@ class install_install extends module
 			$messenger->headers('X-AntiAbuse: User IP - ' . $user->ip);

 			$messenger->assign_vars(array(
-				'USERNAME'		=> utf8_html_entity_decode($admin_name),
-				'PASSWORD'		=> html_entity_decode($admin_pass1))
+				'USERNAME'		=> htmlspecialchars_decode($admin_name),
+				'PASSWORD'		=> htmlspecialchars_decode($admin_pass1))
 			);

 			$messenger->send(NOTIFY_EMAIL);
--- a/phpBB/memberlist.php
+++ b/phpBB/memberlist.php
@ -298,16 +298,16 @@ switch ($mode)
 					$messenger = new messenger(false);

 					$messenger->template('profile_send_im', $row['user_lang']);
-					$messenger->subject(utf8_html_entity_decode($subject));
+					$messenger->subject(htmlspecialchars_decode($subject));

 					$messenger->replyto($user->data['user_email']);
 					$messenger->im($row['user_jabber'], $row['username']);

 					$messenger->assign_vars(array(
 						'BOARD_EMAIL'	=> $config['board_contact'],
-						'FROM_USERNAME'	=> utf8_html_entity_decode($user->data['username']),
-						'TO_USERNAME'	=> utf8_html_entity_decode($row['username']),
-						'MESSAGE'		=> utf8_html_entity_decode($message))
+						'FROM_USERNAME'	=> htmlspecialchars_decode($user->data['username']),
+						'TO_USERNAME'	=> htmlspecialchars_decode($row['username']),
+						'MESSAGE'		=> htmlspecialchars_decode($message))
 					);

 					$messenger->send(NOTIFY_IM);
@ -727,7 +727,7 @@ switch ($mode)

 					if ($user_id)
 					{
-						$messenger->subject(utf8_html_entity_decode($subject));
+						$messenger->subject(htmlspecialchars_decode($subject));
 						$messenger->im($row['user_jabber'], $row['username']);
 						$notify_type = $row['user_notify_type'];
 					}
@ -743,15 +743,15 @@ switch ($mode)

 					$messenger->assign_vars(array(
 						'BOARD_EMAIL'	=> $config['board_contact'],
-						'TO_USERNAME'	=> utf8_html_entity_decode($row['to_name']),
-						'FROM_USERNAME'	=> utf8_html_entity_decode($user->data['username']),
-						'MESSAGE'		=> utf8_html_entity_decode($message))
+						'TO_USERNAME'	=> htmlspecialchars_decode($row['to_name']),
+						'FROM_USERNAME'	=> htmlspecialchars_decode($user->data['username']),
+						'MESSAGE'		=> htmlspecialchars_decode($message))
 					);

 					if ($topic_id)
 					{
 						$messenger->assign_vars(array(
-							'TOPIC_NAME'	=> utf8_html_entity_decode($row['topic_title']),
+							'TOPIC_NAME'	=> htmlspecialchars_decode($row['topic_title']),
 							'U_TOPIC'		=> generate_board_url() . "/viewtopic.$phpEx?f=" . $row['forum_id'] . "&t=$topic_id")
 						);
 					}
--- a/phpBB/posting.php
+++ b/phpBB/posting.php
@ -1143,7 +1143,7 @@ if ($config['enable_post_confirm'] && !$user->data['is_registered'] && ($mode ==
 			'S_CONFIRM_CODE'			=> true,
 			'CONFIRM_ID'				=> $confirm_id,
 			'CONFIRM_IMAGE'				=> '<img src="' . append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=confirm&amp;id=' . $confirm_id . '&amp;type=' . CONFIRM_POST) . '" alt="" title="" />',
-			'L_POST_CONFIRM_EXPLAIN'	=> sprintf($user->lang['POST_CONFIRM_EXPLAIN'], '<a href="mailto:' . htmlentities($config['board_contact']) . '">', '</a>'),
+			'L_POST_CONFIRM_EXPLAIN'	=> sprintf($user->lang['POST_CONFIRM_EXPLAIN'], '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">', '</a>'),
 		));
 	}
 }