From 59b5517b3f66984772039d2a90f74945ba3c01ce Mon Sep 17 00:00:00 2001
From: anonymoususer72041
 <247563575+anonymoususer72041@users.noreply.github.com>
Date: Fri, 23 Jan 2026 12:00:00 +0100
Subject: [PATCH 1/2] Add explicit charset to XML AJAX responses

---
 ajax.php              | 4 ++--
 lib/AJAXInterface.php | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/ajax.php b/ajax.php
index 11f8362ae..b4a02ce71 100644
--- a/ajax.php
+++ b/ajax.php
@@ -94,7 +94,7 @@
 
 if (!isset($_REQUEST['f']) || empty($_REQUEST['f']))
 {
-    header('Content-type: text/xml');
+    header('Content-type: text/xml; charset=' . AJAX_ENCODING);
     echo '<?xml version="1.0" encoding="', AJAX_ENCODING, '"?>', "\n";
     echo(
         "<data>\n" .
@@ -125,7 +125,7 @@
 
 if (!is_readable($filename))
 {
-    header('Content-type: text/xml');
+    header('Content-type: text/xml; charset=' . AJAX_ENCODING);
     echo '<?xml version="1.0" encoding="', AJAX_ENCODING, '"?>', "\n";
     echo(
         "<data>\n" .
diff --git a/lib/AJAXInterface.php b/lib/AJAXInterface.php
index 4dc50abc6..fc22b077c 100755
--- a/lib/AJAXInterface.php
+++ b/lib/AJAXInterface.php
@@ -46,7 +46,7 @@ class AJAXInterface
      */
     public function outputXMLPage($xmlString)
     {
-        header('Content-type: text/xml');
+        header('Content-type: text/xml; charset=' . AJAX_ENCODING);
 
         echo '<?xml version="1.0" encoding="', AJAX_ENCODING, '"?>', "\n";
         echo $xmlString;

From f1fc1e8173e1442173a189a9d0fe00ec6e3d8538 Mon Sep 17 00:00:00 2001
From: anonymoususer72041
 <247563575+anonymoususer72041@users.noreply.github.com>
Date: Fri, 23 Jan 2026 12:00:00 +0100
Subject: [PATCH 2/2] Pass explicit encoding to htmlspecialchars in job order
 AJAX XML output

---
 ajax/getDataItemJobOrders.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/ajax/getDataItemJobOrders.php b/ajax/getDataItemJobOrders.php
index f39ce37ac..837f7a3b8 100755
--- a/ajax/getDataItemJobOrders.php
+++ b/ajax/getDataItemJobOrders.php
@@ -92,9 +92,9 @@
     $output .=
         "    <joborder>\n" .
         "        <id>"         . $jobOrdersArray[$rowIndex]['jobOrderID'] . "</id>\n" .
-        "        <title>"      . htmlspecialchars($jobOrdersArray[$rowIndex]['title']) . "</title>\n" .
-        "        <companyname>" . htmlspecialchars($jobOrdersArray[$rowIndex]['companyName'])  . "</companyname>\n" .
-        "        <assigned>"   . htmlspecialchars($jobOrdersArray[$rowIndex]['isAssigned'])  . "</assigned>\n" .
+        "        <title>"      . htmlspecialchars($jobOrdersArray[$rowIndex]['title'], ENT_COMPAT, AJAX_ENCODING) . "</title>\n" .
+        "        <companyname>" . htmlspecialchars($jobOrdersArray[$rowIndex]['companyName'], ENT_COMPAT, AJAX_ENCODING)  . "</companyname>\n" .
+        "        <assigned>"   . htmlspecialchars($jobOrdersArray[$rowIndex]['isAssigned'], ENT_COMPAT, AJAX_ENCODING)  . "</assigned>\n" .
         "    </joborder>\n";
 }