In the first post the bug is fixed by Teye in the file class.MaskLoader.php. This fix doesn't work for me, the class doesn't even seem to get loaded.
In the second post it solved but the fix isn't present in the current release. Also it should be done in every field-class that uses sprintf to display values. This are the changes I propose:
// in class.TextField.php replace line 130:
(isset($this->_mValue) ? str_replace('\\','\\\\', htmlspecialchars($this->_mValue)):''),
// in class.HiddenField.php replace line 28:
(isset( $this->_mValue ) ? str_replace('\\','\\\\', htmlspecialchars( $this->_mValue )) : ''),
// in class.TextSelectField.php replace line 76:
(isset($this->_mValue) ? str_replace('\\','\\\\', htmlspecialchars($this->_mValue)):''),
// in class.TextSelectField.php replace line 188:
(isset($this->_mValue) ? str_replace('\\','\\\\', htmlspecialchars($this->_mValue)) : ''),
// in class.BrowserField.php replace line 82:
(isset($this->_mValue) ? str_replace('\\','\\\\', htmlspecialchars($this->_mValue)):''),
Note that I don't use the db version of formhandler so I don't know if the changes are needed in the db version of the field-classes. Also I have no clue in what case class.MaskLoader.php is called (is it still used?). The double fix of the bug would result in twice as much backslashes.
