--- sites/all/modules/fusioncharts/fusioncharts.old	2009-06-23 14:54:19.000000000 +0100
+++ sites/all/modules/fusioncharts/fusioncharts.module	2009-06-23 14:58:43.000000000 +0100
@@ -68,10 +68,10 @@ function fusioncharts_data() {
 
   $str_xml = "<graph";
   foreach ((array)$callback_data->settings as $key => $value) {
-    if ($value === '') { //exclude unset keys
+	   if ($value === '') { //exclude unset keys
     }
     else {
-      $str_xml .= " ". $key ."='". fusioncharts_entities($value) ."'";
+      $str_xml .= " ". $key ."='". fusioncharts_entities($value, 'graph') ."'";
     }
   }
   $str_xml .= ">";
@@ -295,7 +295,7 @@ function _fusioncharts_data_single($data
       $color = "color='{$attributes['color'][$c]}'";
     }
     if (isset($attributes['hoverText'][$c])) {
-      $hovertext = "hoverText='". htmlentities(trim($attributes['hoverText'][$c]), ENT_QUOTES, 'UTF-8'). "'";
+      $hovertext = "hoverText='". fusioncharts_entities(trim($attributes['hoverText'][$c])) . "'";
     }
     if (isset($attributes['alpha'][$column[0]])) {
       $alpha = "alpha='{$attributes['alpha'][$column[0]]}'";
@@ -303,7 +303,7 @@ function _fusioncharts_data_single($data
     if (isset($attributes['showName'][$column[0]])) {
       $showname = "showName='{$attributes['showName'][$column[0]]}'";
     }
-    $str_xml .= "<set name='". htmlentities(trim($column[0]), ENT_QUOTES, 'UTF-8') ."' value='{$column[1]}' $color $link $hovertext $alpha $showname />";
+    $str_xml .= "<set name='". fusioncharts_entities(trim($column[0])) . "' value='{$column[1]}' $color $link $hovertext $alpha $showname />";
     $c++;
   }
   return $str_xml;
@@ -361,7 +361,7 @@ function _fusioncharts_data_multi($data,
     $category_count = count($category);
     $total_results = count($value);
     foreach ($category as $this_category) {
-      $str_xml .= "<category name='". htmlentities(trim($this_category), ENT_QUOTES, 'UTF-8') ."' />";
+      $str_xml .= "<category name='". fusioncharts_entities(trim($this_category)) . "' />";
     }
     $str_xml .= "</categories>";
     for ($i=0; $i<$total_results; $i+=$category_count) {
@@ -369,7 +369,7 @@ function _fusioncharts_data_multi($data,
         if (isset($attributes['color'][$c])) {
           $color = "color='{$attributes['color'][$c]}'";
         }
-        $str_xml .= "<dataset seriesName='". htmlentities(trim($series[$i]), ENT_QUOTES, 'UTF-8') ."' $color>";
+        $str_xml .= "<dataset seriesName='". fusioncharts_entities(trim($series[$i])) . "' $color>";
         for ($j=$i; $j<($i+$category_count); $j++) {
           unset($link);
           if ($value[$j] != '') {
@@ -464,7 +464,7 @@ function _fusioncharts_data_combination(
     $dataset_count = count(array_unique($category));
     $total_results = count($value);
     foreach ($categories as $this_category) {
-      $str_xml .= "<category name='". htmlentities(trim($this_category), ENT_QUOTES, 'UTF-8') ."' />";
+      $str_xml .= "<category name='". fusioncharts_entities(trim($this_category), ENT_QUOTES, 'UTF-8') ."' />";
     }
     $str_xml .= "</categories>";
     for ($i=0; $i<$total_results; $i+=$dataset_count) {
@@ -472,7 +472,7 @@ function _fusioncharts_data_combination(
         if (isset($attributes['color'][$c])) {
           $color = "color='{$attributes['color'][$c]}'";
         }
-        $str_xml .= "<dataset seriesName='". htmlentities(trim($series[$i]), ENT_QUOTES, 'UTF-8') ."' $color parentYAxis='$axis[$i]'>";
+        $str_xml .= "<dataset seriesName='". fusioncharts_entities(trim($series[$i])) ."' $color parentYAxis='$axis[$i]'>";
         for ($j=$i; $j<($i+$category_count); $j++) {
           if ($value[$j] != '') {
           unset($link);
@@ -878,10 +878,12 @@ if (!function_exists('ahah_render')) {
  * @param $string string to translate
  * @return $string
  */
-function fusioncharts_entities($string) {
+function fusioncharts_entities($string, $section = NULL) {
   $original = array("%", "&", "'", ":", "/", "@");
   $entities = array("%25", "%26", "%27", "%3A", "%2F", "%40");
-  $string = htmlentities($string, ENT_QUOTES, 'UTF-8');
+  if ($section == 'graph') {
+    $string = htmlentities($string, ENT_QUOTES, 'UTF-8');
+  }
   $string = str_replace($original, $entities, $string);
   return $string;
 }
