diff options
author | Ivan Tcholakov <ivantcholakov@gmail.com> | 2014-08-25 10:20:22 +0200 |
---|---|---|
committer | Ivan Tcholakov <ivantcholakov@gmail.com> | 2014-08-25 10:20:22 +0200 |
commit | 4f45858c0ab3165c59bad9dbae6b8fb43a18d56e (patch) | |
tree | 15fb5a99edbad1d74a8f553b4152897ce96cd8f9 /system/core/Common.php | |
parent | a0c3ce3162aadcc017e3dad29ac7df6e5011c4f1 (diff) |
Upgrading the function html_escape(), escaping twice can be prevented by setting the second argument to FALSE.
Diffstat (limited to 'system/core/Common.php')
-rw-r--r-- | system/core/Common.php | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/system/core/Common.php b/system/core/Common.php index 752a2e7f1..fd248e9b9 100644 --- a/system/core/Common.php +++ b/system/core/Common.php @@ -690,16 +690,20 @@ if ( ! function_exists('remove_invisible_characters')) if ( ! function_exists('html_escape')) { /** - * Returns HTML escaped variable + * Returns HTML escaped variable. + * $double_encode set to FALSE prevents escaping twice. * * @param mixed + * @param bool * @return mixed */ - function html_escape($var) + function html_escape($var, $double_encode = TRUE) { + $double_encode = (bool) $double_encode; + return is_array($var) - ? array_map('html_escape', $var) - : htmlspecialchars($var, ENT_QUOTES, config_item('charset')); + ? ($double_encode === FALSE ? array_map('html_escape', $var, array_fill(0, count($var), FALSE)) : array_map('html_escape', $var)) + : htmlspecialchars($var, ENT_QUOTES, config_item('charset'), $double_encode); } } |