diff --git a/main/metadata/importdocs.php b/main/metadata/importdocs.php
index b3e485c567..86d1ac7f1f 100644
--- a/main/metadata/importdocs.php
+++ b/main/metadata/importdocs.php
@@ -97,7 +97,7 @@ if (count($idt) && file_exists($phpDigIncCn))
 }
 else
 {
-	echo 'No documents with metadata or no PhpDig in this course...<br>';
+	echo 'No documents with metadata or no PhpDig in this course...<br />';
 }
 
 if (false && file_exists($phpDigIncCn))  // future: buttons for operations
diff --git a/main/metadata/importlinks.php b/main/metadata/importlinks.php
index f0d5b3f560..8739a02410 100644
--- a/main/metadata/importlinks.php
+++ b/main/metadata/importlinks.php
@@ -122,12 +122,12 @@ if (isset($lcn))  // category_title
             if (in_array($eid, $uceids)) $mceids[] = $eid;
         }
         
-        $hdrInfo = ' ' . get_lang('WorkOn') . ' ' . htmlspecialchars($lcn) . 
-            ', LC-id=&nbsp;' . htmlspecialchars($lci);
+        $hdrInfo = ' ' . get_lang('WorkOn') . ' ' . htmlspecialchars($lcn, ENT_QUOTES, $charset) . 
+            ', LC-id=&nbsp;' . htmlspecialchars($lci, ENT_QUOTES, $charset);
     }
     elseif ($lcn)
     {
-        $hdrInfo = ' (' . htmlspecialchars($lcn) . 
+        $hdrInfo = ' (' . htmlspecialchars($lcn, ENT_QUOTES, $charset) . 
             ': ' . get_lang('NotInDB') . ')';
     }
     else
@@ -142,7 +142,7 @@ if (isset($lcn))  // category_title
 
     $interbreadcrumb[]= array(
         'url' => api_get_self() . '?lcn=' . urlencode($lcn), 
-        'name'=> get_lang('Continue') . ' ' . htmlspecialchars($lcn));
+        'name'=> get_lang('Continue') . ' ' . htmlspecialchars($lcn, ENT_QUOTES, $charset));
 }
 
 $htmlHeadXtra[] = '
@@ -154,7 +154,7 @@ Display::display_header($nameTools);
 // OPERATIONS ----------------------------------------------------------------->
 
 if ($ufos) echo '<h3>', $ufos, ' ', get_lang('RemainingFor'), ' ', 
-        htmlspecialchars($lcn), '</h3>', "\n";
+        htmlspecialchars($lcn, ENT_QUOTES, $charset), '</h3>', "\n";
 
 if (isset($slo)) echo '<h3>', $slo, '</h3>', "\n";  // selected links op
 
@@ -169,8 +169,8 @@ if ($slo == get_lang('Create') && count($lceids))
         $xht->xht_xmldoc = new xmddoc(explode("\n", $mdt));
         $mdStore->mds_put($eid, $xht->xht_fill_template('INDEXABLETEXT'), 
             'indexabletext');
-        echo '<span class="lbs" onClick="', "makeWindow('index.php?eid=", 
-            urlencode($eid), "', '', '')\">", htmlspecialchars($eid), '</span> ';
+        echo '<span class="lbs" onClick="', "javascript: makeWindow('index.php?eid=", 
+            urlencode($eid), "', '', '')\">", htmlspecialchars($eid, ENT_QUOTES, $charset), '</span> ';
     }
     echo '<br>';
 }
@@ -180,13 +180,13 @@ elseif ($slo == get_lang('Remove') && count($lceids))
     
     echo $aff, ' MDEs/ ', count($lceids), ' ', get_lang('MdCallingTool'), 
         '<br><br><b>', get_lang('AllRemovedFor'), 
-        ' ', htmlspecialchars($lcn), '</b><br>';
+        ' ', htmlspecialchars($lcn, ENT_QUOTES, $charset), '</b><br />';
 }
 elseif ($slo == get_lang('Remove') && count($mceids))  // obsolete category
 {
     $mdStore->mds_delete_many($mceids);
     
-    echo get_lang('AllRemovedFor'), ' ', htmlspecialchars($lcn), '<br>';
+    echo get_lang('AllRemovedFor'), ' ', htmlspecialchars($lcn, ENT_QUOTES, $charset), '<br />';
 }
 elseif ($slo == get_lang('Index') && file_exists($phpDigIncCn) && count($mceids))
 {
@@ -234,9 +234,9 @@ elseif ($slo == get_lang('Index') && file_exists($phpDigIncCn) && count($mceids)
             else
             {
                 echo '<table>', "\n";
-                echo '<tr><td>', htmlspecialchars($url), 
-                    '</td><td>', htmlspecialchars($path), 
-                    '</td><td>', htmlspecialchars($file), '</td></tr>';
+                echo '<tr><td>', htmlspecialchars($url, ENT_QUOTES, $charset), 
+                    '</td><td>', htmlspecialchars($path, ENT_QUOTES, $charset), 
+                    '</td><td>', htmlspecialchars($file, ENT_QUOTES, $charset), '</td></tr>';
                 echo '</table>', "\n";
             }
         }
@@ -253,9 +253,9 @@ elseif ($slo == get_lang('Index') && file_exists($phpDigIncCn) && count($mceids)
             else
             {
                 echo '<table>', "\n";
-                echo '<tr><td>', htmlspecialchars($url), 
-                    '</td><td>', htmlspecialchars($path), 
-                    '</td><td>', htmlspecialchars($file), '</td></tr>';
+                echo '<tr><td>', htmlspecialchars($url, ENT_QUOTES, $charset), 
+                    '</td><td>', htmlspecialchars($path, ENT_QUOTES, $charset), 
+                    '</td><td>', htmlspecialchars($file, ENT_QUOTES, $charset), '</td></tr>';
                 echo '</table>', "\n";
             }
         }
@@ -290,7 +290,7 @@ if (count($perCat))
     echo '<table>', "\n";
     foreach ($perCat as $cat => $number)
     {
-        echo '<tr><td>', $cat == $lcn ? '' : '(', htmlspecialchars($cat), 
+        echo '<tr><td>', $cat == $lcn ? '' : '(', htmlspecialchars($cat, ENT_QUOTES, $charset), 
             $cat == $lcn ? '' : ')', ':</td><td align="right">', 
             $number, '</td></tr>', "\n";
     }
@@ -299,8 +299,8 @@ if (count($perCat))
 
 if (isset($lci))
 {
-    echo '<br><br>', htmlspecialchars($lcn), ' ', get_lang('MdCallingTool'), 
-        ': ', count($lceids), '<br>', "\n";
+    echo '<br><br>', htmlspecialchars($lcn, ENT_QUOTES, $charset), ' ', get_lang('MdCallingTool'), 
+        ': ', count($lceids), '<br />', "\n";
 }
 
 
@@ -322,14 +322,14 @@ if ($perCat[$lcn] && file_exists($phpDigIncCn)) echo
 echo '</form>', "\n";
 
 if (count($perCat)) foreach ($perCat as $cat => $number) 
-    $perCat[$cat] = '(' . htmlspecialchars($cat) . ')';
+    $perCat[$cat] = '(' . htmlspecialchars($cat, ENT_QUOTES, $charset) . ')';
 
 $linkcat_table = Database::get_course_table(TABLE_LINK_CATEGORY);
 $result = api_sql_query("SELECT category_title FROM $linkcat_table", __FILE__, __LINE__);
 
 while ($row = mysql_fetch_array($result))
 {
-    $cat = $row['category_title']; $hcat = htmlspecialchars($cat);
+    $cat = $row['category_title']; $hcat = htmlspecialchars($cat, ENT_QUOTES, $charset);
     if ($perCat[$cat] == $hcat) $dups[] = $cat;
     else $perCat[$cat] = $hcat;
 }
@@ -348,10 +348,10 @@ echo '<h3>', get_lang('OrElse'), $warning, '</h3>', "\n",  // select new target
     '<option value=""></option>', "\n";
     
     foreach ($perCat as $cat => $text) echo '<option value="' . 
-        htmlspecialchars($cat) . '"' . 
+        htmlspecialchars($cat, ENT_QUOTES, $charset) . '"' . 
         ($cat == $lcn ? ' selected' : '') . '>' . $text . '</option>', "\n";
 
-echo '</select><input type="submit" value="', get_lang('Ok'), '">', "\n", 
+echo '</select><input type="submit" value="', '  '.get_lang('Ok').'  ', '">', "\n", 
     '</form>', "\n", '</td></tr></table>', "\n";
 
 Display::display_footer();
diff --git a/main/metadata/importmanifest.php b/main/metadata/importmanifest.php
index d2c8174bd0..2310004172 100644
--- a/main/metadata/importmanifest.php
+++ b/main/metadata/importmanifest.php
@@ -60,7 +60,7 @@ require('md_phpdig.php');
 if (isset($workWith))  // explicit in URL, or selected at bottom of screen
 {
     $scormdocument = Database::get_course_table('lp');
-    $sql = "SELECT id FROM $scormdocument WHERE path='". mysql_real_escape_string(substr($workWith,1)) . "' OR path='". mysql_real_escape_string(substr($workWith,1)) . "/.'";
+    $sql = "SELECT id FROM $scormdocument WHERE path='". Database::escape_string(api_substr($workWith,1)) . "' OR path='". Database::escape_string(substr($workWith,1)) . "/.'";
     $result = api_sql_query($sql, __FILE__, __LINE__);
 
     if (mysql_num_rows($result) == 1)
@@ -76,14 +76,14 @@ if (isset($sdi) && is_numeric($sdi) && $sdi > 0 && $sdi == (int) $sdi)
 {
     $mdObj = new mdobject($_course, $sdi); $workWith = $mdObj->mdo_path;
     $hdrInfo = ' ' . get_lang('WorkOn') . ' ' .
-        ($workWith ? htmlspecialchars($workWith) . ', ' : '') .
-        'SD-id= ' . htmlspecialchars($sdi) .
-        ($sdisub ? ' (' . htmlspecialchars($sdisub) . ')' : '');
+        ($workWith ? htmlspecialchars($workWith, ENT_QUOTES, $charset) . ', ' : '') .
+        'SD-id= ' . htmlspecialchars($sdi, ENT_QUOTES, $charset) .
+        ($sdisub ? ' (' . htmlspecialchars($sdisub, ENT_QUOTES, $charset) . ')' : '');
 }
 else
 {
     unset($sdi); $mdObj = new mdobject($_course, 0);
-    if ($workWith) $hdrInfo = ' (' . htmlspecialchars($workWith) .
+    if ($workWith) $hdrInfo = ' (' . htmlspecialchars($workWith, ENT_QUOTES, $charset) .
         ': ' . get_lang('NotInDB') . ')'; unset($workWith);
 }
 
@@ -117,7 +117,7 @@ function slurpmanifest()
             if (!$xht_doc->error) return '';  // keeping $mfContents and $xht_doc
 
             unset($mfContents);
-            return get_lang('ManifestSyntax') . ' ' . htmlspecialchars($xht_doc->error);
+            return get_lang('ManifestSyntax') . ' ' . htmlspecialchars($xht_doc->error, ENT_QUOTES, $charset);
         }
         else
         {
@@ -311,7 +311,7 @@ elseif ($smo == get_lang('Import'))
             $mdStore->mds_put(EID_TYPE . '.' . $mfdocId, $ixt, 'indexabletext');
         }
 
-        echo $level <= 1 ? '<br>'.$level.'/ ' : ' ', htmlspecialchars($itemId);
+        echo $level <= 1 ? '<br />'.$level.'/ ' : ' ', htmlspecialchars($itemId, ENT_QUOTES, $charset);
         flush(); $loopctr = 0;
 
         foreach ($xht_doc->xmd_select_elements(SUBITEM, $treeElem) as $subElem)
@@ -381,24 +381,24 @@ elseif ($smo == get_lang('Import'))
         @fwrite($fileHandler, content_for_index_php($sdi));
         @fclose($fileHandler);
 
-    	echo '<br>', htmlspecialchars($workWith);
+    	echo '<br>', htmlspecialchars($workWith, ENT_QUOTES, $charset);
     	if (file_exists($playIt)) echo '/index.php ',
-    	    htmlspecialchars(date('Y/m/d H:i:s', filemtime($playIt)));
+    	    htmlspecialchars(date('Y/m/d H:i:s', filemtime($playIt)), ENT_QUOTES, $charset);
 	}
 }
 elseif ($smo == get_lang('Remove') && $sdisub)
 {
     $screm = EID_TYPE . '.' . $sdi . '.' . $sdisub;
     $mdStore->mds_delete_offspring($screm, '\_');  // SQL LIKE underscore
-    echo htmlspecialchars($screm . '_*: ' . mysql_affected_rows()), '<br>';
+    echo htmlspecialchars($screm . '_*: ' . mysql_affected_rows(), ENT_QUOTES, $charset), '<br />';
 }
 elseif ($smo == get_lang('Remove'))  // remove all, regardless of $sdiall
 {
     $mdStore->mds_delete($screm = EID_TYPE . '.' . $sdi);
-    echo htmlspecialchars($screm . ': ' . mysql_affected_rows()), '<br>';
+    echo htmlspecialchars($screm . ': ' . mysql_affected_rows(), ENT_QUOTES, $charset), '<br />';
     $mdStore->mds_delete_offspring($screm);
-    echo htmlspecialchars($screm . '.*: ' . mysql_affected_rows()), '<br><br>',
-	'<b>' . get_lang('AllRemovedFor') . ' ' . $screm . '</b><br>';
+    echo htmlspecialchars($screm . '.*: ' . mysql_affected_rows(), ENT_QUOTES, $charset), '<br /><br />',
+	'<b>' . get_lang('AllRemovedFor') . ' ' . $screm . '</b><br />';
 }
 elseif ($smo == get_lang('Index') && file_exists($phpDigIncCn) &&
         ereg('^http://([^/]+)/(.+)/index\.php$', $mdObj->mdo_url, $regs))
@@ -448,7 +448,7 @@ elseif ($smo == get_lang('Index') && file_exists($phpDigIncCn) &&
 elseif ($smo == get_lang('Index'))
 {
     echo 'Problem! PhpDig connect.php has gone or else URL "' .
-        htmlspecialchars($mdObj->mdo_url) .
+        htmlspecialchars($mdObj->mdo_url, ENT_QUOTES, $charset) .
         '" is not like "http://xxxx/yyy.../zzz/index.php"';
 }
 
@@ -476,7 +476,7 @@ while ($row = mysql_fetch_array($result))
 if (isset($sdi))
 {
     $mdo = new mdobject($_course, $sdi);
-    echo '<br>', htmlspecialchars($mdo->mdo_path), ', SD-id ', $sdi, ': ',
+    echo '<br />', htmlspecialchars($mdo->mdo_path, ENT_QUOTES, $charset), ', SD-id ', $sdi, ': ',
         ($perId[$sdi] ? $perId[$sdi] : '0'), ' ',
         ($mdtmain[$sdi] ? '- <span class="lbs" onClick="' .
             "makeWindow('index.php?eid=" . EID_TYPE . '.' .$sdi . "', '', '')\">" .
@@ -493,8 +493,8 @@ if (count($perId))
             $pth = $mdtmain[$id];  // fetch something simple without parsing
             if ($ttopen = strpos($pth, '<title>'))
                 if ($ttclose = strpos($pth, '</title>', $ttopen))
-                     $pth = ' ' . html_entity_decode
-                        (substr($pth, $ttopen+7, $ttclose-$ttopen-7));
+                     $pth = ' ' . api_html_entity_decode
+                        (substr($pth, $ttopen+7, $ttclose-$ttopen-7), ENT_QUOTES, $charset);
                 else $pth = ' ' . substr($pth, $ttopen+7, 30);
             else     $pth = ' ' . substr($pth, 0, 30);
         }
@@ -509,8 +509,8 @@ if (count($perId))
     {
         $tmfdt = file_exists($tfmff = $baseWorkDir . $pth . '/' . MFFNAME . $sdisub . MFFDEXT) ?
             date('Y/m/d H:i:s', filemtime($tfmff)) : '-';
-        echo '<tr><td>', htmlspecialchars($tmfdt), '</td>',
-            '<td>', htmlspecialchars($pth),
+        echo '<tr><td>', htmlspecialchars($tmfdt, ENT_QUOTES, $charset), '</td>',
+            '<td>', htmlspecialchars($pth, ENT_QUOTES, $charset),
             '</td><td align="right">(SD-id ', $id,
             '):</td><td align="right">', $perId[$id], '</td></tr>', "\n";
     }
@@ -520,7 +520,7 @@ if (count($perId))
 if ($mfContents)
 {
     echo $workWith, '/', MFFNAME . $sdisub . MFFDEXT, ': ',
-        htmlspecialchars(date('Y/m/d H:i:s', filemtime($fmff))) , ", \n",
+        htmlspecialchars(date('Y/m/d H:i:s', filemtime($fmff)), ENT_QUOTES, $charset) , ", \n",
         substr_count($mfContents, "\n") + 1,
         ' ' . get_lang('Lines') . '.', "\n";
 
@@ -555,7 +555,7 @@ if (file_exists($baseWorkDir . $workWith . '/index.php'))
 
 if (file_exists($fhtf = $baseWorkDir . $workWith . '/' . HTF))
     echo '<br>', $workWith, '/', HTF, ': ',
-        htmlspecialchars(date('Y/m/d H:i:s', filemtime($fhtf))) , "\n";
+        htmlspecialchars(date('Y/m/d H:i:s', filemtime($fhtf)), ENT_QUOTES, $charset) , "\n";
 
 
 
@@ -613,7 +613,7 @@ function showSelectForm($label, $specifics)
     echo    '<tr><td align="right" class="alternativeBgDark">', "\n",
         	'<form action="', api_get_self(), '" method="post">', "\n",
             	get_lang($label), ' :', "\n", $specifics, "\n",
-                '<input type="submit" value="', get_lang('Ok'), '" />', "\n",
+                '<input type="submit" value="', '  '.get_lang('Ok').'  ', '" />', "\n",
             '</form></td></tr>', "\n";
 }
 
@@ -657,7 +657,7 @@ showSelectForm('SDI',
     '<input type="text" size="5" name="sdi" value="' .
         htmlspecialchars($sdi) . '" />' .
     '(<input type="text" size="4" name="sdisub" value="' .
-        ($sdiall ? UZYX : htmlspecialchars($sdisub)) . '" />)' . "\n");
+        ($sdiall ? UZYX : htmlspecialchars($sdisub, ENT_QUOTES, $charset)) . '" />)' . "\n");
 
 echo '</table>', "\n";
 
diff --git a/main/metadata/index.php b/main/metadata/index.php
index 9afad9f491..d4f2d8bfde 100644
--- a/main/metadata/index.php
+++ b/main/metadata/index.php
@@ -22,6 +22,8 @@
 
 // PRELIMS -------------------------------------------------------------------->
 
+require_once '../inc/global.inc.php';
+
 require("md_funcs.php");
 
 getpar('EID', 'Entry IDentifier');           // e.g. 'Document.12' or 'Scorm.xx'
@@ -184,11 +186,11 @@ Display::display_header($nameTools); echo "\n";
 
 $xhtDoc->xht_dbgn = DBG;  // for template debug info, set to e.g. 10000
 if (($ti = $xhtDoc->xht_param['traceinfo'])) $xhtDoc->xht_param['traceinfo'] = 
-    '<h5>Trace information</h5>' . htmlspecialchars($ti);
+    '<h5>Trace information</h5>' . htmlspecialchars($ti, ENT_QUOTES, $charset);
 
 echo $xhtDoc->xht_fill_template('METADATA'), "\n";
 
 if ($xhtDoc->xht_dbgn) echo $xhtDoc->xht_dbgo;
 
 Display::display_footer();
-?>
\ No newline at end of file
+?>
diff --git a/main/metadata/md_document.htt b/main/metadata/md_document.htt
index 8a5bbb54d3..86e69d46b1 100644
--- a/main/metadata/md_document.htt
+++ b/main/metadata/md_document.htt
@@ -6,7 +6,7 @@
 
 <!-- {-METADATA-} -->
 
-{-D TRUE TRUE-}{-D XML application/xml;iso-8859-1-}
+{-D TRUE TRUE-}{-D XML application/xml;utf-8-}
 
 <div id="indexabletext" class="dvc">
 {-H {-E md_indexabletext C METADATA_INDEXABLETEXT-}-}
@@ -22,7 +22,7 @@
 {-L NoScript-}
 </noscript>
 
-<div  onMouseUp="if ((kw = pU_clicked(event))) pU_select(kw); else pU_hide();">
+<div  onMouseUp="javascript: if ((kw = pU_clicked(event))) pU_select(kw); else pU_hide();">
 {-T dbrecord == empty <div class="lgr">-}
 {-E md_part1 C METADATA_PART1-}
 {-T dbrecord == empty </div>-}
@@ -33,17 +33,17 @@
 
 <form method="post" action="{-P self-}">
     <textarea rows="4" class="mda" name="mda" id="mda" title="{-L ConfirmDelete-}"></textarea>
-    <!--<input type="submit" value="{-L Store-}" onClick="return checkBeforeSubmit(event);"></input>-->
-    <button class="save" type="submit" value="{-L Store-}" onClick="return checkBeforeSubmit(event);">{-L Store-}</button>
+    <!--<input type="submit" value="{-L Store-}" onClick="javascript: return checkBeforeSubmit(event);"></input>-->
+    <button class="save" type="submit" value="{-L Store-}" onClick="javascript: return checkBeforeSubmit(event);">{-L Store-}</button>
     
     
     {-T dbrecord != empty 
-    <!--<input type="submit" value="{-L DeleteAll-}" onClick="return setPendingOperation('~~', event);"></input>-->
-    <button class="minus" type="submit" value="{-L DeleteAll-}" onClick="return setPendingOperation('~~', event);">{-L DeleteAll-}</button>
+    <!--<input type="submit" value="{-L DeleteAll-}" onClick="javascript: return setPendingOperation('~~', event);"></input>-->
+    <button class="minus" type="submit" value="{-L DeleteAll-}" onClick="javascript:return setPendingOperation('~~', event);">{-L DeleteAll-}</button>
     -}
-    <span onClick="document.getElementById('indexabletext').className ='dvo'">&#xa0;</span>
+    <span onClick="javascript: document.getElementById('indexabletext').className ='dvo'">&#xa0;</span>
 {-D techfmt {-V metadata/lom/technical/format-}-}{-T techfmt == XML 
-    <input type="submit" value="{-L CourseKwds-}" onClick="return setPendingOperation('!!', event);"></input>
+    <input type="submit" value="{-L CourseKwds-}" onClick="javascript: return setPendingOperation('!!', event);"></input>
  -}
 </form>
 
@@ -54,9 +54,9 @@
 {-T keywordscache != empty 
 
 <div noWrap="1" id="maindiv">
-    <input type="button" class="btn" value="+" onClick="if (this.value == '+') deselectAll(event, this); openOrClose(this);"/>
-    <input type="button" class="btm" id="btnOpenOrCloseAll" value="++" onClick="openOrCloseAll(this);"/>
-    <input type="button" class="btn" value="?" onClick="openOrCloseHelp(this)"/>
+    <input type="button" class="btn" value="+" onClick="javascript: if (this.value == '+') deselectAll(event, this); openOrClose(this);"/>
+    <input type="button" class="btm" id="btnOpenOrCloseAll" value="++" onClick="javascript: openOrCloseAll(this);"/>
+    <input type="button" class="btn" value="?" onClick="javascript: openOrCloseHelp(this)"/>
     &#xa0;{-L ClickKw-}
     {-P keywordscache-}
 </div>
@@ -68,11 +68,11 @@
  -}
 
 {-T keywordscache == empty 
-
+<!--
 <div noWrap="1" id="maindiv">
 {-L KwNote-}
 </div>
-
+-->
  -}
 
 <div id="popup" noWrap="1" class="pup">
@@ -97,7 +97,7 @@
         <td>{-D xpath metadata/lom/general/language-}{-C LANGSELECT-}</td>
         <td>{-D xpath metadata/lom/general/identifier/catalog-}{-D iclass disabled class="wd2" -}{-C INPUT-}</td>
         <td>{-D label Identifier-}{-C LABEL-}</td>
-        <td>{-D xpath metadata/lom/general/identifier/entry-}{-D iclass class="wd2" onKeyPress="return isValidChar(event, '[a-z0-9\x08\x25\x27\*\.\'\(\)_!-]', 'i');" -}{-C INPUT-}</td>
+        <td>{-D xpath metadata/lom/general/identifier/entry-}{-D iclass class="wd2" onKeyPress="javascript: return isValidChar(event, '[a-z0-9\x08\x25\x27\*\.\'\(\)_!-]', 'i');" -}{-C INPUT-}</td>
     </tr>
     <tr>
         <td>{-D label Title-}{-C LABEL-}</td>
@@ -134,8 +134,8 @@
     <tr>
         <td colspan="2">{-D label CreatedSize-}{-C LABEL-}</td>
         <td nowrap>
-            {-D xpath metadata/lom/lifeCycle/contribute[1]/date/dateTime-}{-D iclass class="wd1" onKeyUp="checkValid(this,'^[0-9]{4}-[0-9]{2}-[0-9]{2}$','i');" -}{-C INPUT-}
-            {-D xpath metadata/lom/technical/size-}{-D iclass class="wd1"  onKeyPress="return isValidChar(event, '[0-9\x08\x25\x27]', 'i');" -}{-C INPUT-}
+            {-D xpath metadata/lom/lifeCycle/contribute[1]/date/dateTime-}{-D iclass class="wd1" onKeyUp="javascript: checkValid(this,'^[0-9]{4}-[0-9]{2}-[0-9]{2}$','i');" -}{-C INPUT-}
+            {-D xpath metadata/lom/technical/size-}{-D iclass class="wd1"  onKeyPress="javascript: return isValidChar(event, '[0-9\x08\x25\x27]', 'i');" -}{-C INPUT-}
         </td>
         <td>{-D label Author-}{-C LABEL-}</td>
         <td>{-D xpath metadata/lom/lifeCycle/contribute[1]/entity-}{-C INPUTW-}</td>
@@ -176,7 +176,7 @@
 
 <!-- {-MDLANGSELECT-} -->
 
-<select onchange="spcSel('metadata/lom/general/description,metadata/lom/general/coverage,metadata/lom/general/keyword,metadata/lom/rights/description;string@language', this);">{-D selvalue {-V metadata/lom/general/description/string/@language-}-}{-R Langs C OPTION-}</select>
+<select onchange="javascript: spcSel('metadata/lom/general/description,metadata/lom/general/coverage,metadata/lom/general/keyword,metadata/lom/rights/description;string@language', this);">{-D selvalue {-V metadata/lom/general/description/string/@language-}-}{-R Langs C OPTION-}</select>
 
 
 <!-- {-LANGSELECT-} -->
@@ -186,7 +186,7 @@
 
 <!-- {-SELECT-} -->
 
-<select onchange="spcSel('{-H {-P xpath-}-}', this);">{-D selvalue {-V P xpath-}-}{-R {-P optionarray-} C OPTION-}</select>
+<select onchange="javascript: spcSel('{-H {-P xpath-}-}', this);">{-D selvalue {-V P xpath-}-}{-R {-P optionarray-} C OPTION-}</select>
 
 
 <!-- {-OPTION-} -->
@@ -201,23 +201,23 @@
 
 <!-- {-INPUT-} -->
 
-<input type="text" title="{-H {-P xpath-}-}" {-P iclass-}value="{-H {-V P xpath-}-}" onchange="spc(this.title, this.value);"/>
+<input type="text" title="{-H {-P xpath-}-}" {-P iclass-}value="{-H {-V P xpath-}-}" onchange="javascript: spc(this.title, this.value);"/>
 
 
 <!-- {-INPUT_ALLKWDS-} -->
 
 <input type="text" title="{-X metadata/lom/general/description/string/@language-}" 
  id="kwds_string" class="wide" value="{-X metadata/lom/general/keyword/string , -}" 
- onKeyUp="takeTypeIn(this, 150, -100, '150px'); return true;" 
- onKeyPress="return isValidChar(event, '[0-9a-z\xC0-\xFF\.\x08\x25\x27, -]', 'i');" />
+ onKeyUp="javascript: takeTypeIn(this, 150, -100, '150px'); return true;" 
+ onKeyPress="javascript: return isValidChar(event, '[0-9a-z\xC0-\xFF\.\x08\x25\x27, -]', 'i');" />
 
 
 <!-- {-HEAD-} -->
 
 <link rel="stylesheet" type="text/css" href="md_styles.css">
 
-<script language="JavaScript" src="md_script.js"></script>
-<script language="JavaScript">var kwdswere = "{-X metadata/lom/general/keyword/string , -}";</script>
+<script type="text/javascript" language="JavaScript" src="md_script.js"></script>
+<script type="text/javascript" language="JavaScript">var kwdswere = "{-X metadata/lom/general/keyword/string , -}";</script>
 
 
 <!-- {-HTTP-} -->
@@ -229,7 +229,7 @@ Expires: Mon, 26 Jul 1997 05:00:00 GMT
 
 <tr>
     <td>{-D label Keyword-}{-D tip {-L KeywordTip-}-}{-C LABEL-}</td>
-    <td nowrap><select onchange="spc('metadata/lom/general/keyword[{-P number-}]/string/@language', this.options[this.selectedIndex].value);">{-D selvalue {-V string/@language-}-}{-R Langs C OPTION-}</select>
+    <td nowrap><select onchange="javascript: spc('metadata/lom/general/keyword[{-P number-}]/string/@language', this.options[this.selectedIndex].value);">{-D selvalue {-V string/@language-}-}{-R Langs C OPTION-}</select>
     <input type="checkbox" title="{-L DeleteKw-}" id="keyword{-P number-}"/></td>
     <td colspan="3">{-D value {-X string-}-}{-D title metadata/lom/general/keyword[{-P number-}]/string-}{-C INPUTKWD-}</td>
 </tr>
@@ -246,7 +246,7 @@ Expires: Mon, 26 Jul 1997 05:00:00 GMT
 
 <!-- {-INPUTKWD-} -->
 
-<input type="text" title="{-P title-}" class="wide" value="{-H {-P value-}-}" onchange="spckwd(this.title, this.value, '{-P selvalue-}');"/>
+<input type="text" title="{-P title-}" class="wide" value="{-H {-P value-}-}" onchange="javascript: spckwd(this.title, this.value, '{-P selvalue-}');"/>
 
 
 <!-- {-Remarks-} -->
diff --git a/main/metadata/md_document.php b/main/metadata/md_document.php
index d05548e5f7..d856fea4d4 100644
--- a/main/metadata/md_document.php
+++ b/main/metadata/md_document.php
@@ -82,10 +82,10 @@ function mdo_generate_default_xml_metadata()
     
     $xhtDoc->xht_param['title'] = 
         $this->mdo_title ? $this->mdo_title : 
-            ($this->mdo_path ? $this->mdo_path : get_lang('MdTitle'));
+            ($this->mdo_path ? $this->mdo_path : get_lang('MdTitle', ''));
     $xhtDoc->xht_param['description'] = 
-        $this->mdo_comment ? $this->mdo_comment : get_lang('MdDescription');
-    $xhtDoc->xht_param['coverage'] = get_lang('MdCoverage');
+        $this->mdo_comment ? $this->mdo_comment : get_lang('MdDescription', '');
+    $xhtDoc->xht_param['coverage'] = get_lang('MdCoverage', '');
 
     if (isset($_user))
     {
@@ -192,4 +192,4 @@ function mdobject($_course, $id)
 }
 
 }
-?>
\ No newline at end of file
+?>
diff --git a/main/metadata/md_funcs.php b/main/metadata/md_funcs.php
index b530c93441..8155749879 100644
--- a/main/metadata/md_funcs.php
+++ b/main/metadata/md_funcs.php
@@ -49,20 +49,21 @@ function fgc($filename)
 
 function give_up($msg)
 {
-    echo '<p align="center">MetaData:<br><b>? ', 
-        htmlspecialchars($msg), '</b></p>'; exit;
+	global $charset;
+    echo '<p align="center">MetaData:<br /><b>? ', 
+        htmlspecialchars($msg, ENT_QUOTES, $charset), '</b></p>'; exit;
 } 
 
 
 function getpar($name, $description, $default = '')
 {
-    $value = isset($_GET[$value = strtolower($name)]) ? $_GET[$value] : '';
+    $value = isset($_GET[$value = api_strtolower($name)]) ? $_GET[$value] : '';
     $value = get_magic_quotes_gpc() ? stripslashes($value) : $value;
     if (!$value) $value = $default;
-    if ($value == '') give_up('URL parameter ' . strtoupper($name) . ' - ' . 
+    if ($value == '') give_up('URL parameter ' . api_strtoupper($name) . ' - ' . 
                 $description . ' - is required');
     
-    define(strtoupper($name), $value);
+    define(api_strtoupper($name), $value);
 }
 
 
@@ -81,6 +82,8 @@ function get_course_web()
 
 function define_htt($htt_file, $urlp, $course_path)
 {
+	global $charset;
+
     ($htt_file_contents = @fgc($htt_file))
         or give_up('Templates file "' . $htt_file . '" is missing...');
     
@@ -96,7 +99,7 @@ function define_htt($htt_file, $urlp, $course_path)
     define('KEYWORDS_CACHE', get_course_path() . $ckw);
     
     if (file_exists(KEYWORDS_CACHE)) $kcdt = 
-        htmlspecialchars(date('Y/m/d H:i:s', filemtime(KEYWORDS_CACHE)));
+        htmlspecialchars(date('Y/m/d H:i:s', filemtime(KEYWORDS_CACHE)), ENT_QUOTES, $charset);
     
     $xhtDoc->xht_param['keywordscache'] = $kcdt ?
         '<script type="text/javascript" src="' . get_course_web() . $ckw . '"></script>' . 
@@ -289,7 +292,7 @@ function mds_get_many($columns, $where_clause)
     foreach (explode(',', $columns) as $col) $cols .= "," . trim($col);
     if (!$cols) return;
     
-    return $this->_query("SELECT " . substr($cols, 1) . 
+    return $this->_query("SELECT " . api_substr($cols, 1) . 
         " FROM " . MDS_TABLE . " WHERE ". $where_clause);
 }
 
@@ -360,13 +363,13 @@ function mds_update_xml_and_mdt($mdo, &$xmlDoc, $mda, $eid, &$traceinfo,
         
         if (($nameLth = strpos($update, '=')))  // e.g. 'gen/tit/str=new'
         {
-            if (($text = substr($update, $nameLth + 1)) === FALSE) $text = '';
+            if (($text = api_substr($update, $nameLth + 1)) === FALSE) $text = '';
             
-            if (!($path = trim(substr($update, 0, $nameLth)))) continue;
+            if (!($path = trim(api_substr($update, 0, $nameLth)))) continue;
             
-            if (($sc = strpos($path, ';')))  // e.g. 'gen/tit,gen/des;str@lang'
-                $xmlDoc->xmd_update_many(substr($path, 0, $sc), 
-                    substr($path, $sc + 1), $text);
+            if (($sc = api_strpos($path, ';')))  // e.g. 'gen/tit,gen/des;str@lang'
+                $xmlDoc->xmd_update_many(api_substr($path, 0, $sc), 
+                    api_substr($path, $sc + 1), $text);
             else
                 $xmlDoc->xmd_update($path, $text);
         }
@@ -465,4 +468,4 @@ function _query($sql, $eid = '', $sep = '')
   -->
 */
 
-?>
\ No newline at end of file
+?>
diff --git a/main/metadata/md_phpdig.php b/main/metadata/md_phpdig.php
index 6c1f6a2bca..79ef955ad0 100644
--- a/main/metadata/md_phpdig.php
+++ b/main/metadata/md_phpdig.php
@@ -47,7 +47,8 @@ if (file_exists($phpDigIncCw))
             $common_words[trim($word)] = 1;
 
 define('SUMMARY_DISPLAY_LENGTH', 700);
-define('PHPDIG_ENCODING', 'iso-8859-1');
+//define('PHPDIG_ENCODING', 'iso-8859-1');
+define('PHPDIG_ENCODING', strtolower($charset));
 define('SMALL_WORDS_SIZE', 2);
 define('MAX_WORDS_SIZE',50);
 define('WORDS_CHARS_LATIN1', '[:alnum:]��ߵ');
@@ -94,6 +95,8 @@ function find_site($url)
 
 function remove_engine_entries($url, $path, $file = '')
 {
+	global $charset;
+
     $and_path = " AND path = '" . addslashes($path) . "'";
     if ($file) $and_path .= " AND file LIKE '" . addslashes(
         str_replace(array('_', '%'), array('\_', '\%'), $file)) . "%'";
@@ -114,9 +117,9 @@ function remove_engine_entries($url, $path, $file = '')
         "spider WHERE site_id=" . $site_id . $and_path, 
         __FILE__, __LINE__);  // delete page
     
-    echo htmlspecialchars($url . $path . $file), ' (site_id ', 
+    echo htmlspecialchars($url . $path . $file, ENT_QUOTES, $charset), ' (site_id ', 
         $site_id, '): ', mysql_affected_rows(), $aff, 
-        ' pages + word references removed from index.<br>';
+        ' pages + word references removed from index.<br />';
     
     return $site_id;
 }
@@ -162,7 +165,7 @@ function index_words($site_id, $path, $file, $first_words, $keywords)
             __FILE__, __LINE__);
     }
         
-    echo '<tr><td>', htmlspecialchars($file), '</td><td>(spider_id ', 
+    echo '<tr><td>', htmlspecialchars($file, ENT_QUOTES, $charset), '</td><td>(spider_id ', 
         $spider_id, '):</td><td align="right">', count($keywords), ' kwds, ', 
         $new , ' new</td></tr>', "\n";
 }
@@ -218,4 +221,4 @@ function phpdigStripAccents($chaine)
     $chaine = str_replace('�','ae',str_replace('�','ae',$chaine));
     return strtr($chaine, LETTERS_WITH_ACCENTS, SAME_WITHOUT_ACCENTS);
 }
-?>
\ No newline at end of file
+?>
diff --git a/main/metadata/phpdig/config.php b/main/metadata/phpdig/config.php
index d12c6b8d4e..97747f50e2 100644
--- a/main/metadata/phpdig/config.php
+++ b/main/metadata/phpdig/config.php
@@ -136,7 +136,8 @@ define("END_OF_LINE_MARKER","\r\n");             // End of line marker - keep do
 define('SEARCH_BOX_SIZE',15);                    // Search box size
 define('SEARCH_BOX_MAXLENGTH',50);               // Search box maxlength
 
-define('PHPDIG_ENCODING','iso-8859-1');  // encoding for interface, search and indexing.
+//define('PHPDIG_ENCODING','iso-8859-1');  // encoding for interface, search and indexing.
+define('PHPDIG_ENCODING', strtolower($charset));
                                          // iso-8859-1, iso-8859-2, iso-8859-7, tis-620,
                                          // and windows-1251 supported in this version.
 
@@ -439,4 +440,4 @@ if ((!isset($no_connect)) || ($no_connect != 1)) {
                                     'site_page',
                                     'includes'));
 }
-?>
\ No newline at end of file
+?>
diff --git a/main/metadata/playscormmdset.inc.php b/main/metadata/playscormmdset.inc.php
index 594393ebac..531da5ea88 100644
--- a/main/metadata/playscormmdset.inc.php
+++ b/main/metadata/playscormmdset.inc.php
@@ -176,6 +176,7 @@ else
     <head>
     <title>Scorm package
     </title>
+	<meta http-equiv="Content-Type" content="text/html; charset=<?php echo $charset; ?>">
     <link rel="stylesheet" href="<?php echo api_get_path(WEB_CODE_PATH); ?>css/default.css" type="text/css" media="screen,projection" />
     <style type="text/css" media="screen, projection">
     /*<![CDATA[*/
@@ -202,7 +203,7 @@ echo "\n";
 
 $xhtDoc->xht_dbgn = DBG;  // for template debug info, set to e.g. 10000
 if (($ti = $xhtDoc->xht_param['traceinfo'])) $xhtDoc->xht_param['traceinfo'] = 
-    '<h5>Trace information</h5>' . htmlspecialchars($ti);
+    '<h5>Trace information</h5>' . htmlspecialchars($ti, ENT_QUOTES, $charset);
 
 echo $xhtDoc->xht_fill_template('METADATA'), "\n";
 
@@ -218,4 +219,4 @@ if (WHF != '0')
     <div class="clear">&nbsp;</div> <!-- 'clearing' div to make sure that footer stays below the main and right column sections -->
     </div> <!-- end of #outerframe opened in header.inc.php -->
     </body>
-    </html>
\ No newline at end of file
+    </html>
diff --git a/main/metadata/search.php b/main/metadata/search.php
index 9fb520bbab..1fe9ab71c4 100644
--- a/main/metadata/search.php
+++ b/main/metadata/search.php
@@ -150,11 +150,11 @@ Display::display_header($nameTools);
 
 $xhtDoc->xht_dbgn = DBG;  // for template debug info, set to e.g. 10000
 if (($ti = $xhtDoc->xht_param['traceinfo'])) $xhtDoc->xht_param['traceinfo'] = 
-    '<b>' . get_lang('Search') . '</b>: ' . htmlspecialchars($ti);
+    '<b>' . get_lang('Search') . '</b>: ' . htmlspecialchars($ti, ENT_QUOTES, $charset);
 
 echo $xhtDoc->xht_fill_template('MDSEARCH'), "\n";
 
 if ($xhtDoc->xht_dbgn) echo $xhtDoc->xht_dbgo;
 
 Display::display_footer();
-?>
\ No newline at end of file
+?>
diff --git a/main/metadata/statistics.php b/main/metadata/statistics.php
index 98813d44a8..80dbc8d6d8 100644
--- a/main/metadata/statistics.php
+++ b/main/metadata/statistics.php
@@ -125,8 +125,8 @@ echo '<h4>', get_lang('NonCourseKwds'), '</h4>', "\n";
 
 foreach ($kwds as $kw)
     if ($kw{0} == '!')
-        echo '<b>', htmlspecialchars(substr($kw, 1)), '</b>: ', $kwcnt[$kw], 
-            ': <i>', htmlspecialchars($kwrefs[$kw]), ";</i> \n";
+        echo '<b>', htmlspecialchars(api_substr($kw, 1), ENT_QUOTES, $charset), '</b>: ', $kwcnt[$kw], 
+            ': <i>', htmlspecialchars($kwrefs[$kw], ENT_QUOTES, $charset), ";</i> \n";
     else break;
 
 echo '<h4>', get_lang('KwdsUse'), '</h4>', "\n";
@@ -134,8 +134,8 @@ echo '<h4>', get_lang('KwdsUse'), '</h4>', "\n";
 foreach ($kwds as $kw)
     if ($kw{0} != '!')
         if (!$kwcnt[$kw])
-            echo '<b>', htmlspecialchars($kw), "</b>; \n";
-        else echo htmlspecialchars($kw), ': ', $kwcnt[$kw], "; \n";
+            echo '<b>', htmlspecialchars($kw, ENT_QUOTES, $charset), "</b>; \n";
+        else echo htmlspecialchars($kw, ENT_QUOTES, $charset), ': ', $kwcnt[$kw], "; \n";
 
 Display::display_footer();
-?>
\ No newline at end of file
+?>
diff --git a/main/metadata/update_indexabletext.php b/main/metadata/update_indexabletext.php
index 06a66118f6..125d359214 100644
--- a/main/metadata/update_indexabletext.php
+++ b/main/metadata/update_indexabletext.php
@@ -51,7 +51,7 @@ Display::display_header($nameTools);
 
 // OPERATIONS ----------------------------------------------------------------->
 
-echo '<h3>', htmlspecialchars(EID_TYPE), '</h3>', "\n";
+echo '<h3>', htmlspecialchars(EID_TYPE, ENT_QUOTES, $charset), '</h3>', "\n";
 
 $result = $mdStore->mds_get_many('eid,mdxmltext', "eid LIKE '" . EID_TYPE . ".%'");
 echo get_lang('TotalMDEs'), $total = mysql_num_rows($result), "<br><br>\n";
@@ -66,10 +66,10 @@ while ($row = mysql_fetch_array($result))
     $mdStore->mds_put($eid, 
         $xhtDoc->xht_fill_template('INDEXABLETEXT'), 'indexabletext');
     
-    echo htmlspecialchars($eid), ' ';
+    echo htmlspecialchars($eid, ENT_QUOTES, $charset), ' ';
 }
 
-echo '<h5>', htmlspecialchars(EID_TYPE), '</h5>', "\n";
+echo '<h5>', htmlspecialchars(EID_TYPE, ENT_QUOTES, $charset), '</h5>', "\n";
 
 Display::display_footer();
-?>
\ No newline at end of file
+?>

', htmlspecialchars($url), - '	', htmlspecialchars($path), - '	', htmlspecialchars($file), '
', htmlspecialchars($url, ENT_QUOTES, $charset), + '	', htmlspecialchars($path, ENT_QUOTES, $charset), + '	', htmlspecialchars($file, ENT_QUOTES, $charset), '
', $cat == $lcn ? '' : '(', htmlspecialchars($cat), + echo '
', $cat == $lcn ? '' : '(', htmlspecialchars($cat, ENT_QUOTES, $charset), $cat == $lcn ? '' : ')', ':	', $number, '