Fixed a typo in htmlentities function and added htmlentities to dashlet output.

interface/lib/classes/functions.inc.php

@@ -460,7 +460,7 @@ class functions {
 
 		if(is_array($value)) {
 			$out = array();
-			foreach($values as $key => $val) {
+			foreach($value as $key => $val) {
 				if(is_array($val)) {
 					$out[$key] = $this->htmlentities($val);
 				} else {

interface/web/dashboard/dashlets/databasequota.php

@@ -21,6 +21,7 @@ class dashlet_databasequota {
 
 		$has_databasequota = false;
 		if(is_array($databases) && !empty($databases)){
+			$databases = $app->functions->htmlentities($databases);
 			$tpl->setloop('databasequota', $databases);
 			$has_databasequota = isset($databases[0]['used']);
 		}

interface/web/dashboard/dashlets/limits.php

@@ -154,6 +154,7 @@ class dashlet_limits {
 					'percentage' => $percentage);
 			}
 		}
+		$rows = $app->functions->htmlentities($rows);
 		$tpl->setLoop('rows', $rows);
 
 

interface/web/dashboard/dashlets/mailquota.php

@@ -21,6 +21,8 @@ class dashlet_mailquota {
 
 		$has_mailquota = false;
 		if(is_array($emails) && !empty($emails)){
+			// email username is quoted in quota.lib already, so no htmlentities here to prevent double encoding
+			//$emails = $app->functions->htmlentities($emails);
 			$tpl->setloop('mailquota', $emails);
 			$has_mailquota = isset($emails[0]['used']);
 		}

interface/web/dashboard/dashlets/quota.php

@@ -21,6 +21,7 @@ class dashlet_quota {
 
 		$has_quota = false;
 		if(is_array($sites) && !empty($sites)){
+			$sites = $app->functions->htmlentities($sites);
 			$tpl->setloop('quota', $sites);
 			$has_quota = isset($sites[0]['used']);
 		}