From 10188339e5773ae2e5d5f8bab7d416758dca1166 Mon Sep 17 00:00:00 2001
From: Mafoo <mafoo@users.noreply.github.com>
Date: Wed, 31 May 2017 21:09:07 +0100
Subject: [PATCH] BugFix [master] - messages class (#2618)

htmlspecialchars isn't required for the javascript, only the \r?\n escape
---
 resources/classes/messages.php | 9 +++++----
 themes/default/template.php    | 3 +--
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/resources/classes/messages.php b/resources/classes/messages.php
index e19f7066bd..80c4313f47 100644
--- a/resources/classes/messages.php
+++ b/resources/classes/messages.php
@@ -32,14 +32,15 @@ if (!class_exists('messages')) {
 			$_SESSION["messages"][] = array(message => $message, mood => $mood, delay => $delay);
 		}
 		
-		static function html($clear_messages = true) {
-			$html = "";
+		static function html($clear_messages = true, $spacer = "") {
+			$html = "${spacer}//render the messages\n";
+			$spacer .="\t";
 			if (strlen($_SESSION['message']) > 0) {
 				$message_text = addslashes($_SESSION['message']);
 				$message_mood = $_SESSION['message_mood'] ?: 'default';
 				$message_delay = $_SESSION['message_delay'];
 
-				$html .= "display_message('".str_replace(array("\r\n", "\n", "\r"),'\\n', htmlspecialchars($message_text))."', '".$message_mood."'";
+				$html .= "${spacer}display_message('".str_replace(array("\r\n", "\n", "\r"),'\\n', $message_text)."', '".$message_mood."'";
 				if ($message_delay != '') {
 					$html .= ", '".$message_delay."'";
 				}
@@ -51,7 +52,7 @@ if (!class_exists('messages')) {
 					$message_mood = $message['mood'] ?: 'default';
 					$message_delay = $message['delay'];
 
-					$html .= "display_message('".str_replace(array("\r\n", "\n", "\r"),'\\n', htmlspecialchars($message_text))."', '".$message_mood."'";
+					$html .= "${spacer}display_message('".str_replace(array("\r\n", "\n", "\r"),'\\n', $message_text)."', '".$message_mood."'";
 					if ($message_delay != '') {
 						$html .= ", '".$message_delay."'";
 					}
diff --git a/themes/default/template.php b/themes/default/template.php
index 0d6925494c..2ca262dfa7 100644
--- a/themes/default/template.php
+++ b/themes/default/template.php
@@ -85,8 +85,7 @@
 
 	$(document).ready(function() {
 
-		//render the messages
-			<?php echo messages::html(); ?>
+<?php	echo messages::html(true, "		");?>
 
 		//hide message bar on hover
 			$("#message_text").mouseover(function() { $(this).hide(); $("#message_container").hide(); });