2 files changed, 23 insertions, 4 deletions

diff --git a/system/helpers/form_helper.php b/system/helpers/form_helper.php
index 6d10a9862..7d594d72c 100644
--- a/system/helpers/form_helper.php
+++ b/system/helpers/form_helper.php
@@ -335,8 +335,24 @@ function form_prep($str = '')
 	{
 		return '';
 	}
+
+	$temp = '__TEMP_AMPERSANDS__';
+	
+	// Replace entities to temporary markers so that 
+	// htmlspecialchars won't mess them up
+	$str = preg_replace("/&#(\d+);/", "$temp\\1;", $str);
+	$str = preg_replace("/&(\w+);/",  "$temp\\1;", $str);
+
+	$str = htmlspecialchars($str);
+
+	// In case htmlspecialchars misses these.
+	$str = str_replace(array("'", '"'), array("'", """), $str);	
+	
+	// Decode the temp markers back to entities
+	$str = preg_replace("/$temp(\d+);/","&#\\1;",$str);
+	$str = preg_replace("/$temp(\w+);/","&\\1;",$str);	
 	
-	return str_replace(array("'", '"'), array("'", """), htmlspecialchars($str));	
+	return $str;	
 }
 	
 // ------------------------------------------------------------------------
diff --git a/system/helpers/xml_helper.php b/system/helpers/xml_helper.php
index 4cc91f4ef..856722b32 100644
--- a/system/helpers/xml_helper.php
+++ b/system/helpers/xml_helper.php
@@ -36,15 +36,18 @@
  */	
 function xml_convert($str)
 {
-	$temp = '__TEMP_AMPERSANDS';
-	
+	$temp = '__TEMP_AMPERSANDS__';
+
+	// Replace entities to temporary markers so that 
+	// ampersands won't get messed up
 	$str = preg_replace("/&#(\d+);/", "$temp\\1;", $str);
 	$str = preg_replace("/&(\w+);/",  "$temp\\1;", $str);
 	
 	$str = str_replace(array("&","<",">","\"", "'", "-"),
 					   array("&amp;", "&lt;", "&gt;", "&quot;", "&#39;", "&#45;"),
 					   $str);
-		
+
+	// Decode the temp markers back to entities		
 	$str = preg_replace("/$temp(\d+);/","&#\\1;",$str);
 	$str = preg_replace("/$temp(\w+);/","&\\1;", $str);