diff options
| author | admin <devnull@localhost> | 2006-10-23 23:37:22 +0200 |
|---|---|---|
| committer | admin <devnull@localhost> | 2006-10-23 23:37:22 +0200 |
| commit | 7acd581d9441fb8ada4c46c58f4ec30a01507506 (patch) | |
| tree | 6e62cffa5d1da5b60dfe06fa0338bf1ac78011f7 /system/helpers/form_helper.php | |
| parent | ca335fcd8342ec1422a63ac397a404e73766b0ef (diff) | |
Diffstat (limited to 'system/helpers/form_helper.php')
| -rw-r--r-- | system/helpers/form_helper.php | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/system/helpers/form_helper.php b/system/helpers/form_helper.php index 6d10a9862..7d594d72c 100644 --- a/system/helpers/form_helper.php +++ b/system/helpers/form_helper.php @@ -335,8 +335,24 @@ function form_prep($str = '') { return ''; } + + $temp = '__TEMP_AMPERSANDS__'; + + // Replace entities to temporary markers so that + // htmlspecialchars won't mess them up + $str = preg_replace("/&#(\d+);/", "$temp\\1;", $str); + $str = preg_replace("/&(\w+);/", "$temp\\1;", $str); + + $str = htmlspecialchars($str); + + // In case htmlspecialchars misses these. + $str = str_replace(array("'", '"'), array("'", """), $str); + + // Decode the temp markers back to entities + $str = preg_replace("/$temp(\d+);/","&#\\1;",$str); + $str = preg_replace("/$temp(\w+);/","&\\1;",$str); - return str_replace(array("'", '"'), array("'", """), htmlspecialchars($str)); + return $str; } // ------------------------------------------------------------------------ |