- just replace ' by \' in javascript code, do not use htmlspecialchars()

inc/inc.ClassUI.php

@@ -688,7 +688,7 @@ class UI {
 			if ($folderID != $currentFolderID){
 			
 				if ($navigation) print "<a href=\"../out/out.ViewFolder.php?folderid=" . $folderID . "&showtree=1\">";
-				else print "<a class=\"foldertree_selectable\" href=\"javascript:folderSelected(" . $folderID . ", '" . htmlspecialchars($folder->getName(), ENT_QUOTES) . "')\">";
+				else print "<a class=\"foldertree_selectable\" href=\"javascript:folderSelected(" . $folderID . ", '" . str_replace("'", "\\'", $folder->getName()) . "')\">";
 
 			}else print "<span class=\"selectedfoldertree\">";
 			

out/out.DocumentChooser.php

@@ -87,7 +87,7 @@ function printTree($path, $level = 0)
 	for ($i = 0; $i < count($documents); $i++) {
 		print "<li>\n";
 		print "<img class='treeicon' src=\"images/blank.png\">";
-		print "<a  class=\"foldertree_selectable\" href=\"javascript:documentSelected(".$documents[$i]->getID().",'".htmlspecialchars($documents[$i]->getName(), ENT_QUOTES)."');\"><img src=\"images/file.gif\" border=0>".htmlspecialchars($documents[$i]->getName())."</a>";
+		print "<a  class=\"foldertree_selectable\" href=\"javascript:documentSelected(".$documents[$i]->getID().",'".str_replace("'", "\\'", $documents[$i]->getName())."');\"><img src=\"images/file.gif\" border=0>".htmlspecialchars($documents[$i]->getName())."</a>";
 		print "</li>";
 	}