diff options
author | Phil Sturgeon <email@philsturgeon.co.uk> | 2011-08-30 00:32:16 +0200 |
---|---|---|
committer | Phil Sturgeon <email@philsturgeon.co.uk> | 2011-08-30 00:32:16 +0200 |
commit | d7a28663344fbb760134b5623b8cb441f4875f80 (patch) | |
tree | 388d65d299613c9cd93f5de11fb413be71143cb6 /system | |
parent | 70e61b5dc0b240c4a3341ca65ad9f2f5254df1b5 (diff) | |
parent | 5c9b0d1b5618ade5c6aa70475b08b3066f14ff3e (diff) |
Merge pull request #325 from freewil/develop
always use charset config item
Diffstat (limited to 'system')
-rwxr-xr-x | system/core/Security.php | 12 | ||||
-rw-r--r-- | system/helpers/form_helper.php | 7 | ||||
-rw-r--r-- | system/helpers/typography_helper.php | 10 |
3 files changed, 19 insertions, 10 deletions
diff --git a/system/core/Security.php b/system/core/Security.php index 342455f27..e99418bdd 100755 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -525,9 +525,17 @@ class CI_Security { * @param string * @return string */ - public function entity_decode($str, $charset='UTF-8') + public function entity_decode($str, $charset = NULL) { - if (stristr($str, '&') === FALSE) return $str; + if (stristr($str, '&') === FALSE) + { + return $str; + } + + if (empty($charset)) + { + $charset = config_item('charset'); + } // The reason we are not using html_entity_decode() by itself is because // while it is not technically correct to leave out the semicolon diff --git a/system/helpers/form_helper.php b/system/helpers/form_helper.php index d9305c00b..130daee6a 100644 --- a/system/helpers/form_helper.php +++ b/system/helpers/form_helper.php @@ -642,11 +642,8 @@ if ( ! function_exists('form_prep')) { return $str; } - - $str = htmlspecialchars($str); - - // In case htmlspecialchars misses these. - $str = str_replace(array("'", '"'), array("'", """), $str); + + $str = html_escape($str); if ($field_name != '') { diff --git a/system/helpers/typography_helper.php b/system/helpers/typography_helper.php index 19b4eec03..82e686e53 100644 --- a/system/helpers/typography_helper.php +++ b/system/helpers/typography_helper.php @@ -39,9 +39,7 @@ if ( ! function_exists('nl2br_except_pre')) function nl2br_except_pre($str) { $CI =& get_instance(); - $CI->load->library('typography'); - return $CI->typography->nl2br_except_pre($str); } } @@ -82,9 +80,15 @@ if ( ! function_exists('auto_typography')) */ if ( ! function_exists('entity_decode')) { - function entity_decode($str, $charset='UTF-8') + function entity_decode($str, $charset = NULL) { global $SEC; + + if (empty($charset)) + { + $charset = config_item('charset'); + } + return $SEC->entity_decode($str, $charset); } } |