From 810efee4d36da6edbc721c82c3a97966005101de Mon Sep 17 00:00:00 2001
From: Thomas Bruederli <thomas@roundcube.net>
Date: Mon, 19 Nov 2012 11:43:22 +0100
Subject: Avoid double-encoding of HTML entities in signature edit field

---
 program/steps/settings/edit_identity.inc | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'program')

diff --git a/program/steps/settings/edit_identity.inc b/program/steps/settings/edit_identity.inc
index aa1aeea5d..f82169017 100644
--- a/program/steps/settings/edit_identity.inc
+++ b/program/steps/settings/edit_identity.inc
@@ -87,9 +87,10 @@ function rcube_identity_form($attrib)
   if ($IDENTITY_RECORD['html_signature']) {
     $form['signature']['content']['signature']['class']      = 'mce_editor';
     $form['signature']['content']['signature']['is_escaped'] = true;
-  }
 
-  $IDENTITY_RECORD['signature'] = htmlentities($IDENTITY_RECORD['signature'], ENT_NOQUOTES, RCMAIL_CHARSET);
+    // Correctly handle HTML entities in HTML editor (#1488483)
+    $IDENTITY_RECORD['signature'] = htmlspecialchars($IDENTITY_RECORD['signature'], ENT_NOQUOTES, RCMAIL_CHARSET);
+  }
 
   // disable some field according to access level
   if (IDENTITIES_LEVEL == 1 || IDENTITIES_LEVEL == 3) {
-- 
cgit v1.2.3