franz-isx/custom_popup_escape.patch

## custom_popup_escape.patch
Index: includes/showmonth.function.php
===================================================================
--- includes/showmonth.function.php	(Revision 112)
+++ includes/showmonth.function.php	(Arbeitskopie)
@@ -669,13 +669,13 @@
                   if (!strlen($U->customPopup))
                      $monthBody .= "<td class=\"name-button\">\n\r";
                   else
-                     $monthBody .= "<td class=\"name-button-note\" onmouseover=\"return overlib('".addslashes($U->customPopup)."', ".$CONF['ovl_tt_settings'].");\" onmouseout=\"return nd();\">\n\r";
+                     $monthBody .= "<td class=\"name-button-note\" onmouseover=\"return overlib('".htmlentities($U->customPopup, ENT_QUOTES)."', ".$CONF['ovl_tt_settings'].");\" onmouseout=\"return nd();\">\n\r";
                   if (!$thisregion = $UO->find($U->username,"defregion")) $thisregion = $CONF['options']['region'];
                   $monthBody .= "<a href=\"javascript:openPopup('editcalendar.php?lang=".$CONF['options']['lang']."&amp;Year=".$year."&amp;Month=".$month."&amp;region=".$thisregion."&amp;Member=".addslashes($U->username)."','shop','toolbar=0,location=0,directories=0,status=0,menubar=0,scrollbars=1,resizable=no,dependent=1,width=980,height=750');\"><img class=\"noprint\" src=\"themes/".$theme."/img/btn_edit.gif\" width=\"16\" height=\"16\" border=\"0\" title=\"".$LANG['cal_img_alt_edit_cal']."\" alt=\"".$LANG['cal_img_alt_edit_cal']."\"></a>\n\r";
                }
                else if ( checkAuth("viewProfile") ) {
                   if (!strlen($U->customPopup)) $monthBody .= "<td class=\"name-button\">\n\r";
-                  else $monthBody .= "<td class=\"name-button-note\" onmouseover=\"return overlib('".addslashes($U->customPopup)."', ".$CONF['ovl_tt_settings'].");\" onmouseout=\"return nd();\">\n\r";
+                  else $monthBody .= "<td class=\"name-button-note\" onmouseover=\"return overlib('".htmlentities($U->customPopup, ENT_QUOTES)."', ".$CONF['ovl_tt_settings'].");\" onmouseout=\"return nd();\">\n\r";
                }
                else{
                   $monthBody .= "<td class=\"name-button\">\n\r";
	Index: includes/showmonth.function.php
	===================================================================
	--- includes/showmonth.function.php (Revision 112)
	+++ includes/showmonth.function.php (Arbeitskopie)
	@@ -669,13 +669,13 @@
	if (!strlen($U->customPopup))
	$monthBody .= "<td class=\"name-button\">\n\r";
	else
	- $monthBody .= "<td class=\"name-button-note\" onmouseover=\"return overlib('".addslashes($U->customPopup)."', ".$CONF['ovl_tt_settings'].");\" onmouseout=\"return nd();\">\n\r";
	+ $monthBody .= "<td class=\"name-button-note\" onmouseover=\"return overlib('".htmlentities($U->customPopup, ENT_QUOTES)."', ".$CONF['ovl_tt_settings'].");\" onmouseout=\"return nd();\">\n\r";
	if (!$thisregion = $UO->find($U->username,"defregion")) $thisregion = $CONF['options']['region'];
	$monthBody .= "<a href=\"javascript:openPopup('editcalendar.php?lang=".$CONF['options']['lang']."&Year=".$year."&Month=".$month."&region=".$thisregion."&Member=".addslashes($U->username)."','shop','toolbar=0,location=0,directories=0,status=0,menubar=0,scrollbars=1,resizable=no,dependent=1,width=980,height=750');\"><img class=\"noprint\" src=\"themes/".$theme."/img/btn_edit.gif\" width=\"16\" height=\"16\" border=\"0\" title=\"".$LANG['cal_img_alt_edit_cal']."\" alt=\"".$LANG['cal_img_alt_edit_cal']."\"></a>\n\r";
	}
	else if ( checkAuth("viewProfile") ) {
	if (!strlen($U->customPopup)) $monthBody .= "<td class=\"name-button\">\n\r";
	- else $monthBody .= "<td class=\"name-button-note\" onmouseover=\"return overlib('".addslashes($U->customPopup)."', ".$CONF['ovl_tt_settings'].");\" onmouseout=\"return nd();\">\n\r";
	+ else $monthBody .= "<td class=\"name-button-note\" onmouseover=\"return overlib('".htmlentities($U->customPopup, ENT_QUOTES)."', ".$CONF['ovl_tt_settings'].");\" onmouseout=\"return nd();\">\n\r";
	}
	else{
	$monthBody .= "<td class=\"name-button\">\n\r";