diff options
author | Derek Jones <derek.jones@ellislab.com> | 2009-07-17 20:30:36 +0200 |
---|---|---|
committer | Derek Jones <derek.jones@ellislab.com> | 2009-07-17 20:30:36 +0200 |
commit | 01a9b107cab449d1ce24746612e9cf7074e6608d (patch) | |
tree | d295cbbd17aad5aa9defe1cc464e329ef976250d /system/helpers/form_helper.php | |
parent | 94026d914090861da9c2826508a4597badb86af6 (diff) |
modified Form Helper so that form_prep() keeps track of strings it's already processed, to prevent encoding and prep from occurring more than once
Diffstat (limited to 'system/helpers/form_helper.php')
-rw-r--r-- | system/helpers/form_helper.php | 31 |
1 files changed, 22 insertions, 9 deletions
diff --git a/system/helpers/form_helper.php b/system/helpers/form_helper.php index 987ff18e2..4c229ae9f 100644 --- a/system/helpers/form_helper.php +++ b/system/helpers/form_helper.php @@ -123,7 +123,7 @@ if ( ! function_exists('form_hidden')) if ( ! is_array($value)) { - $form .= '<input type="hidden" name="'.$name.'" value="'.form_prep($value).'" />'."\n"; + $form .= '<input type="hidden" name="'.$name.'" value="'.form_prep($value, $name).'" />'."\n"; } else { @@ -239,8 +239,9 @@ if ( ! function_exists('form_textarea')) $val = $data['value']; unset($data['value']); // textareas don't use the value attribute } - - return "<textarea "._parse_form_attributes($data, $defaults).$extra.">".form_prep($val)."</textarea>"; + + $name = (is_array($data)) ? $data['name'] : $data; + return "<textarea "._parse_form_attributes($data, $defaults).$extra.">".form_prep($val, $name)."</textarea>"; } } @@ -264,7 +265,7 @@ if (! function_exists('form_multiselect')) { $extra .= ' multiple="multiple"'; } - + return form_dropdown($name, $options, $selected, $extra); } } @@ -592,8 +593,10 @@ if ( ! function_exists('form_close')) */ if ( ! function_exists('form_prep')) { - function form_prep($str = '') + function form_prep($str = '', $field_name = '') { + static $prepped_fields = array(); + // if the field name is an array we do this recursively if (is_array($str)) { @@ -610,11 +613,21 @@ if ( ! function_exists('form_prep')) return ''; } + if (isset($prepped_fields[$field_name])) + { + return $prepped_fields[$field_name]; + } + $str = htmlspecialchars($str); // In case htmlspecialchars misses these. $str = str_replace(array("'", '"'), array("'", """), $str); + if ($field_name != '') + { + $prepped_fields[$field_name] = $str; + } + return $str; } } @@ -643,10 +656,10 @@ if ( ! function_exists('set_value')) return $default; } - return form_prep($_POST[$field]); + return form_prep($_POST[$field], $field); } - return form_prep($OBJ->set_value($field, $default)); + return form_prep($OBJ->set_value($field, $default), $field); } } @@ -902,12 +915,12 @@ if ( ! function_exists('_parse_form_attributes')) } $att = ''; - + foreach ($default as $key => $val) { if ($key == 'value') { - $val = form_prep($val); + $val = form_prep($val, $default['name']); } $att .= $key . '="' . $val . '" '; |