<tr>
<td align="left"><label for="copyright"><?php echo _AT('course_copyright'); ?></label></td>
- <td align="left"><textarea name="copyright" rows="2" cols="65" id="copyright"><?php if (isset($_POST['copyright'])) echo stripslashes(htmlspecialchars($_POST['copyright'])); else echo $this->course_row['copyright']; ?></textarea></td>
+ <td align="left"><textarea name="copyright" rows="2" cols="65" id="copyright"><?php if (isset($_POST['copyright'])) echo stripslashes(htmlspecialchars($_POST['copyright'])); else echo stripslashes(htmlspecialchars($this->course_row['copyright'])); ?></textarea></td>
</tr>
<tr>
</div>
<br style="clear:both;" />
<div style="margin-left:auto; margin-right:auto; width:20em;">
- <small><?php if (isset($this->course_copyright)) echo $this->course_copyright.'<br />'; echo _AT("copyright"); ?></small><br />
+ <small><?php if (isset($this->course_copyright)) echo htmlentities($this->course_copyright, ENT_QUOTES, 'UTF-8').'<br />'; echo _AT("copyright"); ?></small><br />
<!-- guide -->
<div>
<div class="search_top">
<form target="_top" action="<?php echo TR_BASE_HREF; ?>home/search.php" method="get">
- <input type="text" name="search_text" id="search_text_at_header" value="<?php if (isset($_GET['search_text'])) echo $_GET['search_text']; ?>" size="25" />
+ <input type="text" name="search_text" id="search_text_at_header" value="<?php if (isset($_GET['search_text'])) echo htmlentities($_GET['search_text'], ENT_QUOTES, 'UTF-8'); ?>" size="25" />
<?php if (is_array($this->categories)) { // print category dropdown list box?>
<select name="catid">