diff --git a/interface/lib/classes/functions.inc.php b/interface/lib/classes/functions.inc.php
index 136448eefd30029c00a9a6df95066816fc724eab..a646e1be0a293e2e39882fd8cc72c67068ad97ed 100644
--- a/interface/lib/classes/functions.inc.php
+++ b/interface/lib/classes/functions.inc.php
@@ -460,7 +460,7 @@ class functions {
 
 		if(is_array($value)) {
 			$out = array();
-			foreach($values as $key => $val) {
+			foreach($value as $key => $val) {
 				if(is_array($val)) {
 					$out[$key] = $this->htmlentities($val);
 				} else {
diff --git a/interface/web/dashboard/dashlets/databasequota.php b/interface/web/dashboard/dashlets/databasequota.php
index 6880d780a030be3206ba43678b6b9859dfaf9318..6439cdee1269e2c2d2e4db64eb8d3003a1669f81 100644
--- a/interface/web/dashboard/dashlets/databasequota.php
+++ b/interface/web/dashboard/dashlets/databasequota.php
@@ -21,6 +21,7 @@ class dashlet_databasequota {
 
 		$has_databasequota = false;
 		if(is_array($databases) && !empty($databases)){
+			$databases = $app->functions->htmlentities($databases);
 			$tpl->setloop('databasequota', $databases);
 			$has_databasequota = isset($databases[0]['used']);
 		}
diff --git a/interface/web/dashboard/dashlets/limits.php b/interface/web/dashboard/dashlets/limits.php
index 2455da87bdeabd7c4d088f3dbbd5b0bf90ba0c1e..d58c3eb8e0dcd8c7c5e5cd362e3a28e35e816fd0 100644
--- a/interface/web/dashboard/dashlets/limits.php
+++ b/interface/web/dashboard/dashlets/limits.php
@@ -154,6 +154,7 @@ class dashlet_limits {
 					'percentage' => $percentage);
 			}
 		}
+		$rows = $app->functions->htmlentities($rows);
 		$tpl->setLoop('rows', $rows);
 
 
diff --git a/interface/web/dashboard/dashlets/mailquota.php b/interface/web/dashboard/dashlets/mailquota.php
index 27b8333775d9989af87f255fed8b7c727e77fb1e..4629d6a4630c23bea7fe6d71a3846ca76667da6d 100644
--- a/interface/web/dashboard/dashlets/mailquota.php
+++ b/interface/web/dashboard/dashlets/mailquota.php
@@ -21,6 +21,8 @@ class dashlet_mailquota {
 
 		$has_mailquota = false;
 		if(is_array($emails) && !empty($emails)){
+			// email username is quoted in quota.lib already, so no htmlentities here to prevent double encoding
+			//$emails = $app->functions->htmlentities($emails);
 			$tpl->setloop('mailquota', $emails);
 			$has_mailquota = isset($emails[0]['used']);
 		}
diff --git a/interface/web/dashboard/dashlets/quota.php b/interface/web/dashboard/dashlets/quota.php
index a72e1fd23772c692923083a45943695094f07955..6ff975b6235f368a14597ac72d5d461ff19d83f2 100644
--- a/interface/web/dashboard/dashlets/quota.php
+++ b/interface/web/dashboard/dashlets/quota.php
@@ -21,6 +21,7 @@ class dashlet_quota {
 
 		$has_quota = false;
 		if(is_array($sites) && !empty($sites)){
+			$sites = $app->functions->htmlentities($sites);
 			$tpl->setloop('quota', $sites);
 			$has_quota = isset($sites[0]['used']);
 		}