summaryrefslogtreecommitdiffstats
path: root/system/core/Common.php
diff options
context:
space:
mode:
authorAndrey Andreev <narf@devilix.net>2014-08-26 11:01:02 +0200
committerAndrey Andreev <narf@devilix.net>2014-08-26 11:01:02 +0200
commitc40cce63f88ca12538edc757282c1d311480776c (patch)
tree5f8888e889b8aaf21defb5483b56fe2edcb351eb /system/core/Common.php
parent8adf5e82864e54b8538d03bbba98ae9bb47092bd (diff)
parentc851dc511b92d87002d1f338a31eaf76b7cb4350 (diff)
Merge pull request #3204 from ivantcholakov/feature/html-escape-upgrade
Upgrading the function html_escape()
Diffstat (limited to 'system/core/Common.php')
-rw-r--r--system/core/Common.php18
1 files changed, 11 insertions, 7 deletions
diff --git a/system/core/Common.php b/system/core/Common.php
index 752a2e7f1..b5a696c68 100644
--- a/system/core/Common.php
+++ b/system/core/Common.php
@@ -690,16 +690,20 @@ if ( ! function_exists('remove_invisible_characters'))
if ( ! function_exists('html_escape'))
{
/**
- * Returns HTML escaped variable
+ * Returns HTML escaped variable.
*
- * @param mixed
- * @return mixed
+ * @param mixed $var The input string or array of strings to be escaped.
+ * @param bool $double_encode $double_encode set to FALSE prevents escaping twice.
+ * @return mixed The escaped string or array of strings as a result.
*/
- function html_escape($var)
+ function html_escape($var, $double_encode = TRUE)
{
- return is_array($var)
- ? array_map('html_escape', $var)
- : htmlspecialchars($var, ENT_QUOTES, config_item('charset'));
+ if (is_array($var))
+ {
+ return array_map('html_escape', $var, array_fill(0, count($var), $double_encode));
+ }
+
+ return htmlspecialchars($var, ENT_QUOTES, config_item('charset'), $double_encode);
}
}