Proper unescape. Thanks to Stefan Esser

diff --git a/include/functions_config.inc.php b/include/functions_config.inc.php
index 22822d21c2d7391b62bbaa2ca4f69a05f0e8a048..71afca94cacfe4bc022c40812163adadaeabdad2 100644 (file)
--- a/include/functions_config.inc.php
+++ b/include/functions_config.inc.php
@@ -542,10 +542,10 @@ function serendipity_restoreVar(&$source, &$target) {
  * @return  null
  */
 function serendipity_JSsetCookie($name, $value) {
-    $name  = strtr($name, array('\\'=>'\\\\',"'"=>"\\'",'"'=>'\\"',"\r"=>'\\r',"\n"=>'\\n','</'=>'<\/'));
-    $value = strtr($value, array('\\'=>'\\\\',"'"=>"\\'",'"'=>'\\"',"\r"=>'\\r',"\n"=>'\\n','</'=>'<\/'));
+    $name  = htmlentities($name);
+    $value = urlencode($value);
 
-    echo '<script type="text/javascript">SetCookie("' . $name . '", "' . $value . '")</script>' . "\n";
+    echo '<script type="text/javascript">SetCookie("' . $name . '", unescape("' . $value . '"))</script>' . "\n";
 }
 
 /**