# At the bottom of the function makeInfo

      # _XXX_ joh, htmlspecialchars removed in the following line
			$pathStr = $this->getPathFromPageId($pathId,$pathMP);
      # was:
      # $pathStr = htmlspecialchars($this->getPathFromPageId($pathId,$pathMP))

      # in the following line the variable $pathStr is another time 
      # processed by htmlspecialchars...
			$tmplArray['path'] = $this->linkPage($pathId,htmlspecialchars($pathStr),array(
				'data_page_type' => $row['data_page_type'],
				'data_page_mp' => $pathMP,
				'sys_language_uid' => $row['sys_language_uid'],
			));



# The function makeTitle preprocessed its result by htmlspecialchars

    # _XXX_ Here was one htmlspecialchars tooo much.
		return $this->utf8_to_currentCharset($outputString).$add;
    # was: 
    # return htmlspecialchars($this->utf8_to_currentCharset($outputString).$add);



# In the following excerpt, makeTitle is used and its result
# again processed by htmlspecialchars ...


	function prepareResultRowTemplateData($row, $headerOnly)	{

			// Initialize:
		$specRowConf = $this->getSpecialConfigForRow($row);
		$CSSsuffix = $specRowConf['CSSsuffix']?'-'.$specRowConf['CSSsuffix']:'';

			// If external media, link to the media-file instead.
		if ($row['item_type'])	{		// External media
			if ($row['show_resume'])	{	// Can link directly.
				$title = '<a href="'.htmlspecialchars($row['data_filename']).'">'.htmlspecialchars($this->makeTitle($row)).'</a>';
			} else {	// Suspicious, so linking to page instead...
				$copy_row = $row;
				unset($copy_row['cHashParams']);
				$title = $this->linkPage($row['page_id'],htmlspecialchars($this->makeTitle($row)),$copy_row);
			}
		} else {	// Else the page: