diff options
| author | Andrey Andreev <narf@devilix.net> | 2014-08-26 11:01:02 +0200 |
|---|---|---|
| committer | Andrey Andreev <narf@devilix.net> | 2014-08-26 11:01:02 +0200 |
| commit | c40cce63f88ca12538edc757282c1d311480776c (patch) | |
| tree | 5f8888e889b8aaf21defb5483b56fe2edcb351eb /system | |
| parent | 8adf5e82864e54b8538d03bbba98ae9bb47092bd (diff) | |
| parent | c851dc511b92d87002d1f338a31eaf76b7cb4350 (diff) | |
Merge pull request #3204 from ivantcholakov/feature/html-escape-upgrade
Upgrading the function html_escape()
Diffstat (limited to 'system')
| -rw-r--r-- | system/core/Common.php | 18 |
1 files changed, 11 insertions, 7 deletions
diff --git a/system/core/Common.php b/system/core/Common.php index 752a2e7f1..b5a696c68 100644 --- a/system/core/Common.php +++ b/system/core/Common.php @@ -690,16 +690,20 @@ if ( ! function_exists('remove_invisible_characters')) if ( ! function_exists('html_escape')) { /** - * Returns HTML escaped variable + * Returns HTML escaped variable. * - * @param mixed - * @return mixed + * @param mixed $var The input string or array of strings to be escaped. + * @param bool $double_encode $double_encode set to FALSE prevents escaping twice. + * @return mixed The escaped string or array of strings as a result. */ - function html_escape($var) + function html_escape($var, $double_encode = TRUE) { - return is_array($var) - ? array_map('html_escape', $var) - : htmlspecialchars($var, ENT_QUOTES, config_item('charset')); + if (is_array($var)) + { + return array_map('html_escape', $var, array_fill(0, count($var), $double_encode)); + } + + return htmlspecialchars($var, ENT_QUOTES, config_item('charset'), $double_encode); } } |