--- admin/file_manager.php.orig	2004-10-24 17:46:46.000000000 -0400
+++ admin/file_manager.php	2004-10-24 18:01:59.000000000 -0400
@@ -49,7 +49,11 @@
         break;
       case 'save':
         if ($fp = fopen($current_path . '/' . $HTTP_POST_VARS['filename'], 'w+')) {
-          fputs($fp, stripslashes($HTTP_POST_VARS['file_contents']));
+          // Have to strip backslashes from input, but turn double backslashes into
+          // regular backslashes to allow users to use backslashes in text defines etc
+          // to escape embedded quotes.
+          $content = str_replace('\\\\', '\\', stripslashes($HTTP_POST_VARS['file_contents']));
+          fputs($fp, $content);
           fclose($fp);
           tep_redirect(tep_href_link(FILENAME_FILE_MANAGER, 'info=' . urlencode($HTTP_POST_VARS['filename'])));
         }
@@ -145,7 +149,11 @@
       $filename_input_field = tep_draw_input_field('filename');
     } elseif ($action == 'edit') {
       if ($file_array = file($current_path . '/' . $HTTP_GET_VARS['info'])) {
-        $file_contents = htmlspecialchars(implode('', $file_array));
+        // Turn all secquences of \ into \\\\ .. htmlspecialchars then turns it
+        // into \\, which allows a user to use \\ as an escape character from
+        // the file manager and have escapes properly preserved for edited files.
+        $file_contents = htmlspecialchars(str_replace('\\', '\\\\\\\\', 
+                                          implode('', $file_array)));
       }
       $filename_input_field = $HTTP_GET_VARS['info'] . tep_draw_hidden_field('filename', $HTTP_GET_VARS['info']);
     }