diff options
| author | Andrey Andreev <narf@devilix.net> | 2015-02-05 14:49:47 +0100 |
|---|---|---|
| committer | Andrey Andreev <narf@devilix.net> | 2015-02-05 14:49:47 +0100 |
| commit | fa76607c7b5e5414b50680be512dd23920f52e9b (patch) | |
| tree | 9460d2cbaaadff6d4608d14e8860e05f17a192af | |
| parent | 79533cac482a9d8f9211c8ff607968de3b27d1e4 (diff) | |
| parent | fa61fb236654fbd3eea82d437da28c9aab33e559 (diff) | |
Merge pull request #3562 from avenirer/patch-1
Allow not escaping the value in set_value()
| -rw-r--r-- | system/helpers/form_helper.php | 8 | ||||
| -rw-r--r-- | user_guide_src/source/changelog.rst | 1 | ||||
| -rw-r--r-- | user_guide_src/source/helpers/form_helper.rst | 12 |
3 files changed, 11 insertions, 10 deletions
diff --git a/system/helpers/form_helper.php b/system/helpers/form_helper.php index fb235291e..70c40a9c3 100644 --- a/system/helpers/form_helper.php +++ b/system/helpers/form_helper.php @@ -676,17 +676,19 @@ if ( ! function_exists('set_value')) * * @param string $field Field name * @param string $default Default value + * @param bool $html_escape Whether to escape HTML special characters or not * @return string */ - function set_value($field, $default = '') + function set_value($field, $default = '', $html_escape = TRUE) { $CI =& get_instance(); $value = (isset($CI->form_validation) && is_object($CI->form_validation) && $CI->form_validation->has_rule($field)) ? $CI->form_validation->set_value($field, $default) : $CI->input->post($field, FALSE); - - return html_escape($value === NULL ? $default : $value); + + isset($value) OR $value = $default; + return ($html_escape) ? html_escape($value) : $value; } } diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index a0c0de83f..5c5cd5e54 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -105,6 +105,7 @@ Release Date: Not Released - :php:func:`form_dropdown()` will now also take an array for unity with other form helpers. - :php:func:`form_prep()` is now DEPRECATED and only acts as an alias for :doc:`common function <general/common_functions>` :php:func:`html_escape()`. + - :php:func:`set_value()` will now also accept a third argument, allowing to turn off HTML escaping of the value. - :doc:`Security Helper <helpers/security_helper>` changes include: diff --git a/user_guide_src/source/helpers/form_helper.rst b/user_guide_src/source/helpers/form_helper.rst index 15f5d7825..362c9c35d 100644 --- a/user_guide_src/source/helpers/form_helper.rst +++ b/user_guide_src/source/helpers/form_helper.rst @@ -581,7 +581,9 @@ The following functions are available: Permits you to set the value of an input form or textarea. You must supply the field name via the first parameter of the function. The second (optional) parameter allows you to set a default value for the - form. + form. The third (optional) parameter allows you to turn off HTML escaping + of the value, in case you need to use this function in combination with + i.e. :php:func:`form_input()` and avoid double-escaping. Example:: @@ -589,11 +591,7 @@ The following functions are available: The above form will show "0" when loaded for the first time. - .. note:: Only use this function with raw HTML fields, as it - internally calls :php:func:`html_escape()` and combining its - usage with other form helper functions will result in - double HTML encoding! - + .. php:function:: set_select($field[, $value = ''[, $default = FALSE]]) :param string $field: Field name @@ -718,4 +716,4 @@ The following functions are available: .. note:: This function is DEPRECATED and is just an alias for :doc:`common function <../general/common_functions>` - :func:`html_escape()` - please use that instead.
\ No newline at end of file + :func:`html_escape()` - please use that instead. |