removed entity protection from form_prep() so as to preserve the user's input when called back into a form element

2 files changed, 1 insertions, 11 deletions

diff --git a/system/helpers/form_helper.php b/system/helpers/form_helper.php
index bdc87b86f..987ff18e2 100644
--- a/system/helpers/form_helper.php
+++ b/system/helpers/form_helper.php
@@ -610,22 +610,11 @@ if ( ! function_exists('form_prep'))
 			return '';
 		}
 
-		$temp = '__TEMP_AMPERSANDS__';
-
-		// Replace entities to temporary markers so that 
-		// htmlspecialchars won't mess them up
-		$str = preg_replace("/&#(\d+);/", "$temp\\1;", $str);
-		$str = preg_replace("/&(\w+);/",  "$temp\\1;", $str);
-
 		$str = htmlspecialchars($str);
 
 		// In case htmlspecialchars misses these.
 		$str = str_replace(array("'", '"'), array("'", """), $str);
 
-		// Decode the temp markers back to entities
-		$str = preg_replace("/$temp(\d+);/","&#\\1;",$str);
-		$str = preg_replace("/$temp(\w+);/","&\\1;",$str);
-
 		return $str;
 	}
 }
diff --git a/user_guide/changelog.html b/user_guide/changelog.html
index 2cd5c68ea..b3ac1671a 100644
--- a/user_guide/changelog.html
+++ b/user_guide/changelog.html
@@ -100,6 +100,7 @@ SVN Revision: </p>
 	<li>Fixed a bug that would cause PHP errors in XML-RPC data if the PHP data type did not match the specified XML-RPC type.</li>
 	<li>Fixed a bug in the XML-RPC class with parsing dateTime.iso8601 data types.</li>
 	<li>Fixed a case sensitive string replacement in xss_clean()</li>
+	<li>Fixed a bug in form_prep() causing it to not preserve entities in the user's original input when called back into a form element</li>
 </ul>
 
 <h2>Version 1.7.1</h2>