From d6a08dea979af79d6a3766ec8dfcdb29fb4633c5 Mon Sep 17 00:00:00 2001
From: garvinhicking <garvinhicking>
Date: Thu, 5 Oct 2006 11:43:59 +0000
Subject: [PATCH] Escape JS specific characters

---
 include/functions_config.inc.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/include/functions_config.inc.php b/include/functions_config.inc.php
index 23687bc..6ccb595 100644
--- a/include/functions_config.inc.php
+++ b/include/functions_config.inc.php
@@ -398,8 +398,8 @@ function serendipity_restoreVar(&$source, &$target) {
  * @return  null
  */
 function serendipity_JSsetCookie($name, $value) {
-    $name  = str_replace('"', '\"', $name);
-    $value = str_replace('"', '\"', $value);
+    $name  = strtr($name, array('\\'=>'\\\\',"'"=>"\\'",'"'=>'\\"',"\r"=>'\\r',"\n"=>'\\n','</'=>'<\/'));
+    $value = strtr($value, array('\\'=>'\\\\',"'"=>"\\'",'"'=>'\\"',"\r"=>'\\r',"\n"=>'\\n','</'=>'<\/'));
 
     echo '<script type="text/javascript">SetCookie("' . $name . '", "' . $value . '")</script>' . "\n";
 }
-- 
2.39.5