diff options
author | Derek Jones <derek.jones@ellislab.com> | 2009-07-17 20:30:36 +0200 |
---|---|---|
committer | Derek Jones <derek.jones@ellislab.com> | 2009-07-17 20:30:36 +0200 |
commit | 01a9b107cab449d1ce24746612e9cf7074e6608d (patch) | |
tree | d295cbbd17aad5aa9defe1cc464e329ef976250d | |
parent | 94026d914090861da9c2826508a4597badb86af6 (diff) |
modified Form Helper so that form_prep() keeps track of strings it's already processed, to prevent encoding and prep from occurring more than once
-rw-r--r-- | system/helpers/form_helper.php | 31 | ||||
-rw-r--r-- | user_guide/changelog.html | 2 |
2 files changed, 24 insertions, 9 deletions
diff --git a/system/helpers/form_helper.php b/system/helpers/form_helper.php index 987ff18e2..4c229ae9f 100644 --- a/system/helpers/form_helper.php +++ b/system/helpers/form_helper.php @@ -123,7 +123,7 @@ if ( ! function_exists('form_hidden')) if ( ! is_array($value)) { - $form .= '<input type="hidden" name="'.$name.'" value="'.form_prep($value).'" />'."\n"; + $form .= '<input type="hidden" name="'.$name.'" value="'.form_prep($value, $name).'" />'."\n"; } else { @@ -239,8 +239,9 @@ if ( ! function_exists('form_textarea')) $val = $data['value']; unset($data['value']); // textareas don't use the value attribute } - - return "<textarea "._parse_form_attributes($data, $defaults).$extra.">".form_prep($val)."</textarea>"; + + $name = (is_array($data)) ? $data['name'] : $data; + return "<textarea "._parse_form_attributes($data, $defaults).$extra.">".form_prep($val, $name)."</textarea>"; } } @@ -264,7 +265,7 @@ if (! function_exists('form_multiselect')) { $extra .= ' multiple="multiple"'; } - + return form_dropdown($name, $options, $selected, $extra); } } @@ -592,8 +593,10 @@ if ( ! function_exists('form_close')) */ if ( ! function_exists('form_prep')) { - function form_prep($str = '') + function form_prep($str = '', $field_name = '') { + static $prepped_fields = array(); + // if the field name is an array we do this recursively if (is_array($str)) { @@ -610,11 +613,21 @@ if ( ! function_exists('form_prep')) return ''; } + if (isset($prepped_fields[$field_name])) + { + return $prepped_fields[$field_name]; + } + $str = htmlspecialchars($str); // In case htmlspecialchars misses these. $str = str_replace(array("'", '"'), array("'", """), $str); + if ($field_name != '') + { + $prepped_fields[$field_name] = $str; + } + return $str; } } @@ -643,10 +656,10 @@ if ( ! function_exists('set_value')) return $default; } - return form_prep($_POST[$field]); + return form_prep($_POST[$field], $field); } - return form_prep($OBJ->set_value($field, $default)); + return form_prep($OBJ->set_value($field, $default), $field); } } @@ -902,12 +915,12 @@ if ( ! function_exists('_parse_form_attributes')) } $att = ''; - + foreach ($default as $key => $val) { if ($key == 'value') { - $val = form_prep($val); + $val = form_prep($val, $default['name']); } $att .= $key . '="' . $val . '" '; diff --git a/user_guide/changelog.html b/user_guide/changelog.html index 2bbe832d1..42529d1ff 100644 --- a/user_guide/changelog.html +++ b/user_guide/changelog.html @@ -82,6 +82,8 @@ SVN Revision: </p> <ul> <li>Added <kbd>form_multiselect()</kbd> to the <a href="helpers/form_helper.html">Form helper</a>.</li> <li>Modified <kbd>form_hidden()</kbd> in the <a href="helpers/form_helper.html">Form helper</a> to accept multi-dimensional arrays.</li> + <li>Modified <kbd>form_prep()</kbd> in the <a href="helpers/form_helper.html">Form helper</a> to keep track of prepped fields to avoid multiple prep/mutation from subsequent calls which can occur when using Form Validation + and form helper functions to output form fields.</li> <li>Modified <kbd>directory_map()</kbd> in the <a href="helpers/directory_helper.html">Directory helper</a> to allow the inclusion of hidden files, and to return FALSE on failure to read directory.</li> </ul> </li> |