From 3d98ef5097d655a57003bcb70fbed0437213e839 Mon Sep 17 00:00:00 2001
From: Adrien Loison <adrien.loison@blablacar.com>
Date: Wed, 9 May 2018 22:17:21 +0200
Subject: [PATCH] Force UTF-8 encoding in htmlspecialchars

---
 src/Spout/Common/Escaper/ODS.php  | 4 ++--
 src/Spout/Common/Escaper/XLSX.php | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/Spout/Common/Escaper/ODS.php b/src/Spout/Common/Escaper/ODS.php
index 4ffd766..9de665b 100644
--- a/src/Spout/Common/Escaper/ODS.php
+++ b/src/Spout/Common/Escaper/ODS.php
@@ -26,13 +26,13 @@ class ODS implements EscaperInterface
             // 'ENT_DISALLOWED' ensures that invalid characters in the given document type are replaced.
             // Otherwise control characters like a vertical tab "\v" will make the XML document unreadable by the XML processor
             // @link https://github.com/box/spout/issues/329
-            $replacedString = htmlspecialchars($string, ENT_NOQUOTES | ENT_DISALLOWED);
+            $replacedString = htmlspecialchars($string, ENT_NOQUOTES | ENT_DISALLOWED, 'UTF-8');
         } else {
             // We are on hhvm or any other engine that does not support ENT_DISALLOWED.
             //
             // @NOTE: Using ENT_NOQUOTES as only XML entities ('<', '>', '&') need to be encoded.
             //        Single and double quotes can be left as is.
-            $escapedString =  htmlspecialchars($string, ENT_NOQUOTES);
+            $escapedString =  htmlspecialchars($string, ENT_NOQUOTES, 'UTF-8');
 
             // control characters values are from 0 to 1F (hex values) in the ASCII table
             // some characters should not be escaped though: "\t", "\r" and "\n".
diff --git a/src/Spout/Common/Escaper/XLSX.php b/src/Spout/Common/Escaper/XLSX.php
index 7c6c61b..12b44d7 100644
--- a/src/Spout/Common/Escaper/XLSX.php
+++ b/src/Spout/Common/Escaper/XLSX.php
@@ -44,7 +44,7 @@ class XLSX implements EscaperInterface
         $escapedString = $this->escapeControlCharacters($string);
         // @NOTE: Using ENT_NOQUOTES as only XML entities ('<', '>', '&') need to be encoded.
         //        Single and double quotes can be left as is.
-        $escapedString = htmlspecialchars($escapedString, ENT_NOQUOTES);
+        $escapedString = htmlspecialchars($escapedString, ENT_NOQUOTES, 'UTF-8');
 
         return $escapedString;
     }