summaryrefslogtreecommitdiffstats
path: root/system/helpers/form_helper.php
diff options
context:
space:
mode:
authorDerek Jones <derek.jones@ellislab.com>2009-07-17 20:30:36 +0200
committerDerek Jones <derek.jones@ellislab.com>2009-07-17 20:30:36 +0200
commit01a9b107cab449d1ce24746612e9cf7074e6608d (patch)
treed295cbbd17aad5aa9defe1cc464e329ef976250d /system/helpers/form_helper.php
parent94026d914090861da9c2826508a4597badb86af6 (diff)
modified Form Helper so that form_prep() keeps track of strings it's already processed, to prevent encoding and prep from occurring more than once
Diffstat (limited to 'system/helpers/form_helper.php')
-rw-r--r--system/helpers/form_helper.php31
1 files changed, 22 insertions, 9 deletions
diff --git a/system/helpers/form_helper.php b/system/helpers/form_helper.php
index 987ff18e2..4c229ae9f 100644
--- a/system/helpers/form_helper.php
+++ b/system/helpers/form_helper.php
@@ -123,7 +123,7 @@ if ( ! function_exists('form_hidden'))
if ( ! is_array($value))
{
- $form .= '<input type="hidden" name="'.$name.'" value="'.form_prep($value).'" />'."\n";
+ $form .= '<input type="hidden" name="'.$name.'" value="'.form_prep($value, $name).'" />'."\n";
}
else
{
@@ -239,8 +239,9 @@ if ( ! function_exists('form_textarea'))
$val = $data['value'];
unset($data['value']); // textareas don't use the value attribute
}
-
- return "<textarea "._parse_form_attributes($data, $defaults).$extra.">".form_prep($val)."</textarea>";
+
+ $name = (is_array($data)) ? $data['name'] : $data;
+ return "<textarea "._parse_form_attributes($data, $defaults).$extra.">".form_prep($val, $name)."</textarea>";
}
}
@@ -264,7 +265,7 @@ if (! function_exists('form_multiselect'))
{
$extra .= ' multiple="multiple"';
}
-
+
return form_dropdown($name, $options, $selected, $extra);
}
}
@@ -592,8 +593,10 @@ if ( ! function_exists('form_close'))
*/
if ( ! function_exists('form_prep'))
{
- function form_prep($str = '')
+ function form_prep($str = '', $field_name = '')
{
+ static $prepped_fields = array();
+
// if the field name is an array we do this recursively
if (is_array($str))
{
@@ -610,11 +613,21 @@ if ( ! function_exists('form_prep'))
return '';
}
+ if (isset($prepped_fields[$field_name]))
+ {
+ return $prepped_fields[$field_name];
+ }
+
$str = htmlspecialchars($str);
// In case htmlspecialchars misses these.
$str = str_replace(array("'", '"'), array("&#39;", "&quot;"), $str);
+ if ($field_name != '')
+ {
+ $prepped_fields[$field_name] = $str;
+ }
+
return $str;
}
}
@@ -643,10 +656,10 @@ if ( ! function_exists('set_value'))
return $default;
}
- return form_prep($_POST[$field]);
+ return form_prep($_POST[$field], $field);
}
- return form_prep($OBJ->set_value($field, $default));
+ return form_prep($OBJ->set_value($field, $default), $field);
}
}
@@ -902,12 +915,12 @@ if ( ! function_exists('_parse_form_attributes'))
}
$att = '';
-
+
foreach ($default as $key => $val)
{
if ($key == 'value')
{
- $val = form_prep($val);
+ $val = form_prep($val, $default['name']);
}
$att .= $key . '="' . $val . '" ';