From dc959f3f889c1a55abb9332f94dcd1d72e5cdaa7 Mon Sep 17 00:00:00 2001
From: zero-24 <zero-24@users.noreply.github.com>
Date: Wed, 11 May 2016 17:01:30 +0200
Subject: [PATCH 01/13] Update icon.php

---
 .../templates/hathor/html/layouts/joomla/quickicons/icon.php    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/administrator/templates/hathor/html/layouts/joomla/quickicons/icon.php b/administrator/templates/hathor/html/layouts/joomla/quickicons/icon.php
index 8f4fe53ed102a..074289cd476ef 100644
--- a/administrator/templates/hathor/html/layouts/joomla/quickicons/icon.php
+++ b/administrator/templates/hathor/html/layouts/joomla/quickicons/icon.php
@@ -19,7 +19,7 @@
 <div class="quickicon-wrapper"<?php echo $id; ?>>
 	<div class="icon">
 		<a href="<?php echo $displayData['link']; ?>"<?php echo $target . $onclick . $title; ?>>
-			<?php echo JHtml::_('image', empty($displayData['icon']) ? '' : $displayData['icon'], empty($displayData['alt']) ? null : htmlspecialchars($displayData['alt']), null, true); ?>
+			<?php echo JHtml::_('image', empty($displayData['icon']) ? '' : $displayData['icon'], empty($displayData['alt']) ? null : htmlspecialchars($displayData['alt'], ENT_COMPAT, 'UTF-8'), null, true); ?>
 			<?php echo $text; ?>
 		</a>
 	</div>

From a0bcc99fe0446898eae05a9805f1500f8699df58 Mon Sep 17 00:00:00 2001
From: zero-24 <zero-24@users.noreply.github.com>
Date: Wed, 11 May 2016 17:03:22 +0200
Subject: [PATCH 02/13] Update default_core.php

---
 .../com_users/views/profile/tmpl/default_core.php    | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/components/com_users/views/profile/tmpl/default_core.php b/components/com_users/views/profile/tmpl/default_core.php
index b5a69337f553f..5d0d6a25822f8 100644
--- a/components/com_users/views/profile/tmpl/default_core.php
+++ b/components/com_users/views/profile/tmpl/default_core.php
@@ -20,13 +20,13 @@
 			<?php echo JText::_('COM_USERS_PROFILE_NAME_LABEL'); ?>
 		</dt>
 		<dd>
-			<?php echo $this->data->name; ?>
+			<?php echo htmlspecialchars($this->data->name, ENT_COMPAT, 'UTF-8'); ?>
 		</dd>
 		<dt>
 			<?php echo JText::_('COM_USERS_PROFILE_USERNAME_LABEL'); ?>
 		</dt>
 		<dd>
-			<?php echo htmlspecialchars($this->data->username); ?>
+			<?php echo htmlspecialchars($this->data->username, ENT_COMPAT, 'UTF-8'); ?>
 		</dd>
 		<dt>
 			<?php echo JText::_('COM_USERS_PROFILE_REGISTERED_DATE_LABEL'); ?>
@@ -38,17 +38,15 @@
 			<?php echo JText::_('COM_USERS_PROFILE_LAST_VISITED_DATE_LABEL'); ?>
 		</dt>
 
-		<?php if ($this->data->lastvisitDate != '0000-00-00 00:00:00'){?>
+		<?php if ($this->data->lastvisitDate != '0000-00-00 00:00:00') : ?>
 			<dd>
 				<?php echo JHtml::_('date', $this->data->lastvisitDate); ?>
 			</dd>
-		<?php }
-		else
-		{?>
+		<?php else : ?>
 			<dd>
 				<?php echo JText::_('COM_USERS_PROFILE_NEVER_VISITED'); ?>
 			</dd>
-		<?php } ?>
+		<?php endif; ?>
 
 	</dl>
 </fieldset>

From 666c7244876e0301eb4ed1050f62a0d77ffe1d50 Mon Sep 17 00:00:00 2001
From: zero-24 <zero-24@users.noreply.github.com>
Date: Wed, 11 May 2016 17:04:20 +0200
Subject: [PATCH 03/13] Update mod_articles_categories.php

---
 modules/mod_articles_categories/mod_articles_categories.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/modules/mod_articles_categories/mod_articles_categories.php b/modules/mod_articles_categories/mod_articles_categories.php
index 41f093c30346b..0e50c4bd9b502 100644
--- a/modules/mod_articles_categories/mod_articles_categories.php
+++ b/modules/mod_articles_categories/mod_articles_categories.php
@@ -27,7 +27,8 @@
 
 if (!empty($list))
 {
-	$moduleclass_sfx = htmlspecialchars($params->get('moduleclass_sfx'));
+	$moduleclass_sfx = htmlspecialchars($params->get('moduleclass_sfx'), ENT_COMPAT, 'UTF-8');
 	$startLevel      = reset($list)->getParent()->level;
+
 	require JModuleHelper::getLayoutPath('mod_articles_categories', $params->get('layout', 'default'));
 }

From 61ef45477405ab8de22a571a8d5fff33252ae430 Mon Sep 17 00:00:00 2001
From: zero-24 <zero-24@users.noreply.github.com>
Date: Wed, 11 May 2016 17:04:53 +0200
Subject: [PATCH 04/13] Update default.php

---
 modules/mod_tags_popular/tmpl/default.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/mod_tags_popular/tmpl/default.php b/modules/mod_tags_popular/tmpl/default.php
index 18fad0d6bcb8d..c8f0d6512b891 100644
--- a/modules/mod_tags_popular/tmpl/default.php
+++ b/modules/mod_tags_popular/tmpl/default.php
@@ -19,7 +19,7 @@
 	<?php foreach ($list as $item) : ?>
 	<li><?php $route = new TagsHelperRoute; ?>
 		<a href="<?php echo JRoute::_(TagsHelperRoute::getTagRoute($item->tag_id . '-' . $item->alias)); ?>">
-			<?php echo htmlspecialchars($item->title); ?></a>
+			<?php echo htmlspecialchars($item->title, ENT_COMPAT, 'UTF-8'); ?></a>
 		<?php if ($display_count) : ?>
 			<span class="tag-count badge badge-info"><?php echo $item->count; ?></span>
 		<?php endif; ?>

From 8a3b4055cf5e567a294e88a155d2ab1efc7e681c Mon Sep 17 00:00:00 2001
From: zero-24 <zero-24@users.noreply.github.com>
Date: Wed, 11 May 2016 17:05:51 +0200
Subject: [PATCH 05/13] Update compare.php

---
 .../com_contenthistory/views/compare/tmpl/compare.php     | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/administrator/components/com_contenthistory/views/compare/tmpl/compare.php b/administrator/components/com_contenthistory/views/compare/tmpl/compare.php
index 6364b4a754193..cd57201884058 100644
--- a/administrator/components/com_contenthistory/views/compare/tmpl/compare.php
+++ b/administrator/components/com_contenthistory/views/compare/tmpl/compare.php
@@ -62,7 +62,7 @@
 <?php foreach ($object1 as $name => $value) : ?>
 	<?php $rowClass = ($value->value == $object2->$name->value) ? 'items-equal' : 'items-not-equal'; ?>
 	<tr class="<?php echo $rowClass; ?>">
-	<?php if (is_object($value->value)): ?>
+	<?php if (is_object($value->value)) : ?>
 		<td><strong><?php echo $value->label; ?></strong></td>
 		<td /><td /><td />
 		<?php foreach ($value->value as $subName => $subValue): ?>
@@ -71,8 +71,8 @@
 				<?php $rowClass = ($subValue->value == $newSubValue) ? 'items-equal' : 'items-not-equal'; ?>
 				<tr class="<?php echo $rowClass; ?>">
 				<td><i>&nbsp;&nbsp;<?php echo $subValue->label; ?></i></td>
-				<td class="originalhtml" style="display:none" ><?php echo htmlspecialchars($subValue->value); ?></td>
-				<td class="changedhtml" style="display:none" ><?php echo htmlspecialchars($newSubValue); ?></td>
+				<td class="originalhtml" style="display:none" ><?php echo htmlspecialchars($subValue->value, ENT_COMPAT, 'UTF-8'); ?></td>
+				<td class="changedhtml" style="display:none" ><?php echo htmlspecialchars($newSubValue, ENT_COMPAT, 'UTF-8'); ?></td>
 				<td class="original"><?php echo $subValue->value; ?></td>
 				<td class="changed"><?php echo $newSubValue; ?></td>
 				<td class="diff" />
@@ -84,7 +84,7 @@
 		<td><strong><?php echo $value->label; ?></strong></td>
 		<td class="originalhtml" style="display:none" ><?php echo htmlspecialchars($value->value); ?></td>
 		<?php $object2->$name->value = is_object($object2->$name->value) ? json_encode($object2->$name->value) : $object2->$name->value; ?>
-		<td class="changedhtml" style="display:none" ><?php echo htmlspecialchars($object2->$name->value); ?></td>
+		<td class="changedhtml" style="display:none" ><?php echo htmlspecialchars($object2->$name->value, ENT_COMPAT, 'UTF-8'); ?></td>
 		<td class="original"><?php echo $value->value; ?></td>
 		<td class="changed"><?php echo $object2->$name->value; ?></td>
 		<td class="diff" />

From c598167d42689001bb15c5b65bb3a3748bb32b8a Mon Sep 17 00:00:00 2001
From: zero-24 <zero-24@users.noreply.github.com>
Date: Wed, 11 May 2016 17:06:29 +0200
Subject: [PATCH 06/13] Update default_url.php

---
 modules/mod_menu/tmpl/default_url.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/mod_menu/tmpl/default_url.php b/modules/mod_menu/tmpl/default_url.php
index cbdea465962b0..8106a50099871 100644
--- a/modules/mod_menu/tmpl/default_url.php
+++ b/modules/mod_menu/tmpl/default_url.php
@@ -49,4 +49,4 @@
 	$attributes['onclick'] = "window.open(this.href, 'targetWindow', '" . $options . "'); return false;";
 }
 
-echo JHtml::_('link', JFilterOutput::ampReplace(htmlspecialchars($item->flink)), $linktype, $attributes);
+echo JHtml::_('link', JFilterOutput::ampReplace(htmlspecialchars($item->flink), ENT_COMPAT, 'UTF-8'), $linktype, $attributes);

From 291bcc38f982c0186c1fd7fbb6f5f5761cecab3e Mon Sep 17 00:00:00 2001
From: zero-24 <zero-24@users.noreply.github.com>
Date: Wed, 11 May 2016 17:08:06 +0200
Subject: [PATCH 07/13] Update mod_tags_popular.php

---
 modules/mod_tags_popular/mod_tags_popular.php | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/modules/mod_tags_popular/mod_tags_popular.php b/modules/mod_tags_popular/mod_tags_popular.php
index 05e4c4dedc759..74bfb05da6fde 100644
--- a/modules/mod_tags_popular/mod_tags_popular.php
+++ b/modules/mod_tags_popular/mod_tags_popular.php
@@ -26,8 +26,7 @@
 	return;
 }
 
-$moduleclass_sfx = htmlspecialchars($params->get('moduleclass_sfx'));
+$moduleclass_sfx = htmlspecialchars($params->get('moduleclass_sfx'), ENT_COMPAT, 'UTF-8');
 $display_count   = $params->get('display_count', 0);
 
-
 require JModuleHelper::getLayoutPath('mod_tags_popular', $params->get('layout', 'default'));

From 6cb211db8615c105e1b63b87f599c6b38a054392 Mon Sep 17 00:00:00 2001
From: zero-24 <zero-24@users.noreply.github.com>
Date: Wed, 11 May 2016 17:08:47 +0200
Subject: [PATCH 08/13] Update modules.php

---
 administrator/templates/isis/html/modules.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/administrator/templates/isis/html/modules.php b/administrator/templates/isis/html/modules.php
index 3e39de2087f18..acc8b03a08c58 100644
--- a/administrator/templates/isis/html/modules.php
+++ b/administrator/templates/isis/html/modules.php
@@ -50,11 +50,11 @@ function modChrome_well($module, &$params, &$attribs)
 		$moduleTag     = $params->get('module_tag', 'div');
 		$bootstrapSize = (int) $params->get('bootstrap_size');
 		$moduleClass   = ($bootstrapSize) ? ' span' . $bootstrapSize : '';
-		$headerTag     = htmlspecialchars($params->get('header_tag', 'h2'));
+		$headerTag     = htmlspecialchars($params->get('header_tag', 'h2'), ENT_COMPAT, 'UTF-8');
 
 		// Temporarily store header class in variable
 		$headerClass   = $params->get('header_class');
-		$headerClass   = ($headerClass) ? ' ' . htmlspecialchars($headerClass) : '';
+		$headerClass   = ($headerClass) ? ' ' . htmlspecialchars($headerClass, ENT_COMPAT, 'UTF-8') : '';
 
 		echo '<' . $moduleTag . ' class="well well-small' . $moduleClass . '">';
 

From cf50bd77ca916090bcdba86d155a1d1dd2c40f27 Mon Sep 17 00:00:00 2001
From: zero-24 <zero-24@users.noreply.github.com>
Date: Wed, 11 May 2016 17:09:24 +0200
Subject: [PATCH 09/13] Update frontediting_modules.php

---
 layouts/joomla/edit/frontediting_modules.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/layouts/joomla/edit/frontediting_modules.php b/layouts/joomla/edit/frontediting_modules.php
index f998562f94012..2ad8b31c62ffb 100644
--- a/layouts/joomla/edit/frontediting_modules.php
+++ b/layouts/joomla/edit/frontediting_modules.php
@@ -43,7 +43,7 @@
 	'\\1 jmoddiv" data-jmodediturl="' . $editUrl . '" data-target="' . $target . '" data-jmodtip="'
 	.	JHtml::tooltipText(
 			JText::_('JLIB_HTML_EDIT_MODULE'),
-			htmlspecialchars($mod->title) . '<br />' . sprintf(JText::_('JLIB_HTML_EDIT_MODULE_IN_POSITION'), htmlspecialchars($position)),
+			htmlspecialchars($mod->title, ENT_COMPAT, 'UTF-8') . '<br />' . sprintf(JText::_('JLIB_HTML_EDIT_MODULE_IN_POSITION'), htmlspecialchars($position)),
 			0
 		)
 	. '"'

From deb5bf9b464a4eeda38bf7c867736e0769c3aa9f Mon Sep 17 00:00:00 2001
From: zero-24 <zero-24@users.noreply.github.com>
Date: Wed, 11 May 2016 17:10:41 +0200
Subject: [PATCH 10/13] Update index.php

---
 templates/beez3/index.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/templates/beez3/index.php b/templates/beez3/index.php
index 92d0d52217089..7378f208c4c5d 100644
--- a/templates/beez3/index.php
+++ b/templates/beez3/index.php
@@ -48,14 +48,14 @@
 $doc->addStyleSheet($this->baseurl . '/templates/' . $this->template . '/css/layout.css', $type = 'text/css', $media = 'screen,projection');
 $doc->addStyleSheet($this->baseurl . '/templates/' . $this->template . '/css/print.css', $type = 'text/css', $media = 'print');
 $doc->addStyleSheet($this->baseurl . '/templates/' . $this->template . '/css/general.css', $type = 'text/css', $media = 'screen,projection');
-$doc->addStyleSheet($this->baseurl . '/templates/' . $this->template . '/css/' . htmlspecialchars($color) . '.css', $type = 'text/css', $media = 'screen,projection');
+$doc->addStyleSheet($this->baseurl . '/templates/' . $this->template . '/css/' . htmlspecialchars($color, ENT_COMPAT, 'UTF-8') . '.css', $type = 'text/css', $media = 'screen,projection');
 
 if ($this->direction == 'rtl')
 {
 	$doc->addStyleSheet($this->baseurl . '/templates/' . $this->template . '/css/template_rtl.css');
-	if (file_exists(JPATH_SITE . '/templates/' . $this->template . '/css/' . $color . '_rtl.css'))
+	if (file_exists(JPATH_SITE . '/templates/' . $this->template . '/css/' . htmlspecialchars($color, ENT_COMPAT, 'UTF-8') . '_rtl.css'))
 	{
-		$doc->addStyleSheet($this->baseurl . '/templates/' . $this->template . '/css/' . htmlspecialchars($color) . '_rtl.css');
+		$doc->addStyleSheet($this->baseurl . '/templates/' . $this->template . '/css/' . htmlspecialchars($color, ENT_COMPAT, 'UTF-8') . '_rtl.css');
 	}
 }
 

From bd5fae37c8bd4a35fa2e54e465b8aa49ed3bead9 Mon Sep 17 00:00:00 2001
From: zero-24 <zero-24@users.noreply.github.com>
Date: Wed, 11 May 2016 17:11:27 +0200
Subject: [PATCH 11/13] Update component.php

---
 templates/beez3/component.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/templates/beez3/component.php b/templates/beez3/component.php
index abb09673fbac5..974df39b332e7 100644
--- a/templates/beez3/component.php
+++ b/templates/beez3/component.php
@@ -33,15 +33,15 @@
 	}
 }
 
-$doc->addStyleSheet('templates/' . $this->template . '/css/' . htmlspecialchars($color) . '.css');
+$doc->addStyleSheet('templates/' . $this->template . '/css/' . htmlspecialchars($color, ENT_COMPAT, 'UTF-8') . '.css');
 
 if ($this->direction == 'rtl')
 {
 	$doc->addStyleSheet($this->baseurl . '/templates/' . $this->template . '/css/template_rtl.css');
 
-	if (file_exists(JPATH_SITE . '/templates/' . $this->template . '/css/' . $color . '_rtl.css'))
+	if (file_exists(JPATH_SITE . '/templates/' . $this->template . '/css/' . htmlspecialchars($color, ENT_COMPAT, 'UTF-8') . '_rtl.css'))
 	{
-		$doc->addStyleSheet($this->baseurl . '/templates/' . $this->template . '/css/' . htmlspecialchars($color) . '_rtl.css');
+		$doc->addStyleSheet($this->baseurl . '/templates/' . $this->template . '/css/' . htmlspecialchars($color, ENT_COMPAT, 'UTF-8') . '_rtl.css');
 	}
 }
 ?>

From a161d4f449defdfc52b9c6b84ac7fbfa80a16409 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Wojciech=20Smoli=C5=84ski?= <wojsmol@wp.pl>
Date: Sat, 14 May 2016 12:44:05 +0200
Subject: [PATCH 12/13] fixes (#15)

---
 layouts/joomla/edit/frontediting_modules.php | 2 +-
 modules/mod_menu/tmpl/default_url.php        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/layouts/joomla/edit/frontediting_modules.php b/layouts/joomla/edit/frontediting_modules.php
index 2ad8b31c62ffb..77894ab97e887 100644
--- a/layouts/joomla/edit/frontediting_modules.php
+++ b/layouts/joomla/edit/frontediting_modules.php
@@ -43,7 +43,7 @@
 	'\\1 jmoddiv" data-jmodediturl="' . $editUrl . '" data-target="' . $target . '" data-jmodtip="'
 	.	JHtml::tooltipText(
 			JText::_('JLIB_HTML_EDIT_MODULE'),
-			htmlspecialchars($mod->title, ENT_COMPAT, 'UTF-8') . '<br />' . sprintf(JText::_('JLIB_HTML_EDIT_MODULE_IN_POSITION'), htmlspecialchars($position)),
+			htmlspecialchars($mod->title, ENT_COMPAT, 'UTF-8') . '<br />' . sprintf(JText::_('JLIB_HTML_EDIT_MODULE_IN_POSITION'), htmlspecialchars($position, ENT_COMPAT, 'UTF-8')),
 			0
 		)
 	. '"'
diff --git a/modules/mod_menu/tmpl/default_url.php b/modules/mod_menu/tmpl/default_url.php
index 8106a50099871..4b97fc6701931 100644
--- a/modules/mod_menu/tmpl/default_url.php
+++ b/modules/mod_menu/tmpl/default_url.php
@@ -49,4 +49,4 @@
 	$attributes['onclick'] = "window.open(this.href, 'targetWindow', '" . $options . "'); return false;";
 }
 
-echo JHtml::_('link', JFilterOutput::ampReplace(htmlspecialchars($item->flink), ENT_COMPAT, 'UTF-8'), $linktype, $attributes);
+echo JHtml::_('link', JFilterOutput::ampReplace(htmlspecialchars($item->flink, ENT_COMPAT, 'UTF-8')), $linktype, $attributes);

From 20d5132c1f38942b8d021a9ac689c225123bbf4c Mon Sep 17 00:00:00 2001
From: zero-24 <zero-24@users.noreply.github.com>
Date: Sat, 14 May 2016 19:18:28 +0200
Subject: [PATCH 13/13] revert name change

---
 components/com_users/views/profile/tmpl/default_core.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/components/com_users/views/profile/tmpl/default_core.php b/components/com_users/views/profile/tmpl/default_core.php
index 5d0d6a25822f8..a98637b65e57c 100644
--- a/components/com_users/views/profile/tmpl/default_core.php
+++ b/components/com_users/views/profile/tmpl/default_core.php
@@ -20,7 +20,7 @@
 			<?php echo JText::_('COM_USERS_PROFILE_NAME_LABEL'); ?>
 		</dt>
 		<dd>
-			<?php echo htmlspecialchars($this->data->name, ENT_COMPAT, 'UTF-8'); ?>
+			<?php echo $this->data->name; ?>
 		</dd>
 		<dt>
 			<?php echo JText::_('COM_USERS_PROFILE_USERNAME_LABEL'); ?>