diff --git a/mysql/save_user.cgi b/mysql/save_user.cgi
index 6c24b1aa5..2b926f2f8 100755
--- a/mysql/save_user.cgi
+++ b/mysql/save_user.cgi
@@ -27,7 +27,9 @@ else {
 	@desc = &table_structure($master_db, 'user');
 	%fieldmap = map { lc($_->{'field'}), $_->{'index'} } @desc;
 	$host = $in{'host_def'} ? '%' : $in{'host'};
-	$oldhost = $in{'oldhost'};
+	$oldhost = $host;
+	$oldhost = $in{'oldhost'}
+		if ($in{'oldhost'});
 	$user = $in{'mysqluser_def'} ? '' : $in{'mysqluser'};
 	$olduser = defined($in{'olduser'}) ? $in{'olduser'} : $user;
 	@pfields = map { $_->[0] } &priv_fields('user');
diff --git a/web-lib-funcs.pl b/web-lib-funcs.pl
index c414eba44..d61aae02d 100755
--- a/web-lib-funcs.pl
+++ b/web-lib-funcs.pl
@@ -261,7 +261,8 @@ $tmp =~ s/\"/"/g;
 $tmp =~ s/\'/'/g;
 $tmp =~ s/=/=/g;
 # Never double escape following common entities
-$tmp =~ s/ / /g;
+$tmp =~ s/&#(\d+);/&#$1;/g;
+$tmp =~ s/&#x(\d+);/&#x$1;/g;
 $tmp =~ s/ / /g;
 $tmp =~ s/</</g;
 $tmp =~ s/>/>/g;