From de35d2fe15f8cccd1e94957ece1358d0facb6c77 Mon Sep 17 00:00:00 2001
From: Matt Pass <matt@mattpass.com>
Date: Sat, 28 Jul 2012 13:47:41 +0100
Subject: [PATCH] Wrapped htmlentities around $loadedFile

Stops conversion of entities such as &amp; to &. Obviously we want it to
be exactly the same as the loaded file and this should ensure that is
the case.
---
 lib/file-control.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/file-control.php b/lib/file-control.php
index c7d3bbb..dc1886a 100644
--- a/lib/file-control.php
+++ b/lib/file-control.php
@@ -32,7 +32,7 @@ if ($_GET['action']=="load") {
 			echo "top.ICEcoder.shortURL = '".str_replace($docRoot,"",str_replace("|","/",$file))."';";
 			echo '</script>';
 			$loadedFile = file_get_contents($file);
-			echo '<textarea name="loadedFile" id="loadedFile">'.str_replace("</textarea>","<ICEcoder:/:textarea>",$loadedFile).'</textarea>';
+			echo '<textarea name="loadedFile" id="loadedFile">'.str_replace("</textarea>","<ICEcoder:/:textarea>",htmlentities($loadedFile)).'</textarea>';
 		} else {
 			echo '<script>fileType="nothing";</script>';
 			echo '<script>top.ICEcoder.message(\'Sorry, you need a higher admin level to view this file\');</script>';