From f3d8dfd1e32fd0c58b601d8a7131fa959bff7b53 Mon Sep 17 00:00:00 2001
From: Nathaniel Guse <nathaniel.guse@gmail.com>
Date: Sun, 9 Mar 2014 17:17:33 -0500
Subject: [PATCH] [ticket/12202] Can't call htmlspecialchars before checking
 for quotes

PHPBB3-12202
---
 phpBB/includes/functions.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index 81a7dc5cbd..f0657b9016 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -3368,7 +3368,7 @@ function parse_cfg_file($filename, $lines = false)
 
 		// Determine first occurrence, since in values the equal sign is allowed
 		$key = htmlspecialchars(strtolower(trim(substr($line, 0, $delim_pos))));
-		$value = htmlspecialchars(trim(substr($line, $delim_pos + 1)));
+		$value = trim(substr($line, $delim_pos + 1));
 
 		if (in_array($value, array('off', 'false', '0')))
 		{
@@ -3386,6 +3386,10 @@ function parse_cfg_file($filename, $lines = false)
 		{
 			$value = htmlspecialchars(substr($value, 1, sizeof($value)-2));
 		}
+		else
+		{
+			$value = htmlspecialchars($value);
+		}
 
 		$parsed_items[$key] = $value;
 	}