diff options
author | freewil <sean@eternalrise.com> | 2011-08-28 03:53:00 +0200 |
---|---|---|
committer | freewil <sean@eternalrise.com> | 2011-08-28 03:53:00 +0200 |
commit | 8cc0cfe1ab1e10aad71d14e0b43e05444c00693d (patch) | |
tree | 85c2916096b74432ea78076e6c65a01790c1ba7b /system | |
parent | c3757b80ebe76ab3807933901cda0e9b7a405690 (diff) |
always use charset config item
Diffstat (limited to 'system')
-rwxr-xr-x | system/core/Security.php | 3 | ||||
-rw-r--r-- | system/helpers/form_helper.php | 7 | ||||
-rw-r--r-- | system/helpers/typography_helper.php | 5 |
3 files changed, 8 insertions, 7 deletions
diff --git a/system/core/Security.php b/system/core/Security.php index 342455f27..cc21ddc91 100755 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -525,9 +525,10 @@ class CI_Security { * @param string * @return string */ - public function entity_decode($str, $charset='UTF-8') + public function entity_decode($str, $charset = NULL) { if (stristr($str, '&') === FALSE) return $str; + if (empty($charset)) $charset = config_item('charset'); // The reason we are not using html_entity_decode() by itself is because // while it is not technically correct to leave out the semicolon diff --git a/system/helpers/form_helper.php b/system/helpers/form_helper.php index d9305c00b..130daee6a 100644 --- a/system/helpers/form_helper.php +++ b/system/helpers/form_helper.php @@ -642,11 +642,8 @@ if ( ! function_exists('form_prep')) { return $str; } - - $str = htmlspecialchars($str); - - // In case htmlspecialchars misses these. - $str = str_replace(array("'", '"'), array("'", """), $str); + + $str = html_escape($str); if ($field_name != '') { diff --git a/system/helpers/typography_helper.php b/system/helpers/typography_helper.php index 19b4eec03..0bb0938a4 100644 --- a/system/helpers/typography_helper.php +++ b/system/helpers/typography_helper.php @@ -82,9 +82,12 @@ if ( ! function_exists('auto_typography')) */ if ( ! function_exists('entity_decode')) { - function entity_decode($str, $charset='UTF-8') + function entity_decode($str, $charset = NULL) { global $SEC; + + if (empty($charset)) $charset = config_item('charset'); + return $SEC->entity_decode($str, $charset); } } |