From b2e2298ff03413eab5845d65441ff02f8ff32857 Mon Sep 17 00:00:00 2001
From: Garvin Hicking <blog@garv.in>
Date: Sat, 27 Dec 2014 09:32:21 +0100
Subject: [PATCH] Do not use the addslashes output for actual HTML to prevent
 slashes at placed where they are seen by users thanks to hanno

---
 serendipity_event_flattr/serendipity_event_flattr.php | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/serendipity_event_flattr/serendipity_event_flattr.php b/serendipity_event_flattr/serendipity_event_flattr.php
index 38797103..72fe16ce 100644
--- a/serendipity_event_flattr/serendipity_event_flattr.php
+++ b/serendipity_event_flattr/serendipity_event_flattr.php
@@ -60,7 +60,7 @@ class serendipity_event_flattr extends serendipity_event {
             'add_to_feed',
         ));
         $propbag->add('author',  'Garvin Hicking, Joachim Breitner', 'Matthias Gutjahr');
-        $propbag->add('version', '1.12.1');
+        $propbag->add('version', '1.13');
         $propbag->add('requirements',  array(
             'serendipity' => '0.7',
             'smarty'      => '2.6.7',
@@ -387,16 +387,18 @@ class serendipity_event_flattr extends serendipity_event {
                              "language=".urlencode($flattr_lng).
                              "\">" . $flattr_btn . "</a>";
                 } else {
+                    $flattr_tle2 = stripslashes($flattr_tle2);
+                    $flattr_tle2 = (function_exists('serendipity_specialchars') ? serendipity_specialchars($flattr_tle2) : htmlspecialchars($flattr_tle2, ENT_COMPAT, LANG_CHARSET));
                     $flattr = "
 <a class='FlattrButton' style='display:none;'
-    title='" . $flattr_tle . "'
+    title=\"" . $flattr_tle2 . "\"
     data-flattr-uid='" . $flattr_uid . "'
     data-flattr-tags='" . $flattr_tag . "'
     data-flattr-category='" . $flattr_cat . "'
     data-flattr-language='" . $flattr_lng . "'
     href='" . $flattr_url . "'>
 
-    " . $flattr_dsc . "
+    " . stripslashes($flattr_dsc) . "
 </a>
     ";
                 }