summaryrefslogtreecommitdiffstats
path: root/system
diff options
context:
space:
mode:
authorIvan Tcholakov <ivantcholakov@gmail.com>2014-08-25 10:20:22 +0200
committerIvan Tcholakov <ivantcholakov@gmail.com>2014-08-25 10:20:22 +0200
commit4f45858c0ab3165c59bad9dbae6b8fb43a18d56e (patch)
tree15fb5a99edbad1d74a8f553b4152897ce96cd8f9 /system
parenta0c3ce3162aadcc017e3dad29ac7df6e5011c4f1 (diff)
Upgrading the function html_escape(), escaping twice can be prevented by setting the second argument to FALSE.
Diffstat (limited to 'system')
-rw-r--r--system/core/Common.php12
1 files changed, 8 insertions, 4 deletions
diff --git a/system/core/Common.php b/system/core/Common.php
index 752a2e7f1..fd248e9b9 100644
--- a/system/core/Common.php
+++ b/system/core/Common.php
@@ -690,16 +690,20 @@ if ( ! function_exists('remove_invisible_characters'))
if ( ! function_exists('html_escape'))
{
/**
- * Returns HTML escaped variable
+ * Returns HTML escaped variable.
+ * $double_encode set to FALSE prevents escaping twice.
*
* @param mixed
+ * @param bool
* @return mixed
*/
- function html_escape($var)
+ function html_escape($var, $double_encode = TRUE)
{
+ $double_encode = (bool) $double_encode;
+
return is_array($var)
- ? array_map('html_escape', $var)
- : htmlspecialchars($var, ENT_QUOTES, config_item('charset'));
+ ? ($double_encode === FALSE ? array_map('html_escape', $var, array_fill(0, count($var), FALSE)) : array_map('html_escape', $var))
+ : htmlspecialchars($var, ENT_QUOTES, config_item('charset'), $double_encode);
}
}