From b24e7acf3ff102c19cd5c418295b22a6fa80be46 Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Tue, 26 Feb 2019 19:58:42 +0100
Subject: [PATCH] legacy_html_escape_form_data() add ENT_QUOTES to avoid
 certain escaping issues

---
 src/etc/inc/legacy_bindings.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/etc/inc/legacy_bindings.inc b/src/etc/inc/legacy_bindings.inc
index 125ebd5bc..f30aacaf7 100644
--- a/src/etc/inc/legacy_bindings.inc
+++ b/src/etc/inc/legacy_bindings.inc
@@ -76,7 +76,7 @@ function legacy_html_escape_form_data(&$settings)
             if (is_array($dataValue)) {
                 legacy_html_escape_form_data($dataValue);
             } else {
-                $settings[$dataKey] = htmlspecialchars($dataValue);
+                $settings[$dataKey] = htmlspecialchars($dataValue, ENT_QUOTES);
             }
         }
     }