2 files changed, 8 insertions, 6 deletions

diff --git a/www-ssl/admin/sprache.php b/www-ssl/admin/sprache.php
index af5db2ba..404a3961 100755
--- a/www-ssl/admin/sprache.php
+++ b/www-ssl/admin/sprache.php
@@ -46,6 +46,7 @@ if( !isset( $_GET["TextID"] )  )
 		
 			foreach( $Sprachen as $Name => $Value )
 			{
+				$Value = html_entity_decode( $Value, ENT_QUOTES);
 				echo "\t\t<td><textarea name=\"$Name\" cols=\"22\" rows=\"8\">$Value</textarea></td>\n";
 				$Sprachen[ $Name ] = "";
 			}
@@ -87,6 +88,7 @@ else
 			{
 				$sql_save = "INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) ".
 					"VALUES ('". $_GET["TextID"]. "', '$k', '$v')";
+				  echo $sql_save."<br>";
 		        	$Erg = mysql_query($sql_save, $con);
 			        if ($Erg == 1)
 			                echo "\t $k Save: OK<br>\n";
diff --git a/www-ssl/inc/secure.php b/www-ssl/inc/secure.php
index 687289fc..d6b5c512 100755
--- a/www-ssl/inc/secure.php
+++ b/www-ssl/inc/secure.php
@@ -7,9 +7,9 @@ if( $DEBUG)
 
 foreach ($_GET as $k => $v) 
 {	
-  	$v = htmlspecialchars($v);
-	$v = mysql_escape_string($v);
-//	$v = htmlentities($v);
+//  	$v = htmlspecialchars($v, ENT_QUOTES);
+//	$v = mysql_escape_string($v);
+	$v = htmlentities($v, ENT_QUOTES);
 	if (preg_match('/([\'"`\'])/', $v, $match)) 
 	{
 		print "sorry get has illegal char '$match[1]'";
@@ -23,9 +23,9 @@ foreach ($_GET as $k => $v)
   
 foreach ($_POST as $k => $v) 
 {
-  	$v = htmlspecialchars($v);
-	$v = mysql_escape_string($v);
-//	$v = htmlentities($v);
+//  	$v = htmlspecialchars($v, ENT_QUOTES);
+//	$v = mysql_escape_string($v);
+	$v = htmlentities($v, ENT_QUOTES);
 	if (preg_match('/([\'"`\'])/', $v, $match)) {
 		print "sorry post has illegal char '$match[1]'";
 		exit;