summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--application/config/config.php2
-rwxr-xr-xsystem/core/Security.php3
-rw-r--r--system/helpers/form_helper.php7
-rw-r--r--system/helpers/typography_helper.php5
4 files changed, 10 insertions, 7 deletions
diff --git a/application/config/config.php b/application/config/config.php
index 880393c29..a6d10d8dc 100644
--- a/application/config/config.php
+++ b/application/config/config.php
@@ -79,6 +79,8 @@ $config['language'] = 'english';
| This determines which character set is used by default in various methods
| that require a character set to be provided.
|
+| See http://php.net/htmlspecialchars for a list of supported charsets.
+|
*/
$config['charset'] = 'UTF-8';
diff --git a/system/core/Security.php b/system/core/Security.php
index 342455f27..cc21ddc91 100755
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -525,9 +525,10 @@ class CI_Security {
* @param string
* @return string
*/
- public function entity_decode($str, $charset='UTF-8')
+ public function entity_decode($str, $charset = NULL)
{
if (stristr($str, '&') === FALSE) return $str;
+ if (empty($charset)) $charset = config_item('charset');
// The reason we are not using html_entity_decode() by itself is because
// while it is not technically correct to leave out the semicolon
diff --git a/system/helpers/form_helper.php b/system/helpers/form_helper.php
index d9305c00b..130daee6a 100644
--- a/system/helpers/form_helper.php
+++ b/system/helpers/form_helper.php
@@ -642,11 +642,8 @@ if ( ! function_exists('form_prep'))
{
return $str;
}
-
- $str = htmlspecialchars($str);
-
- // In case htmlspecialchars misses these.
- $str = str_replace(array("'", '"'), array("'", """), $str);
+
+ $str = html_escape($str);
if ($field_name != '')
{
diff --git a/system/helpers/typography_helper.php b/system/helpers/typography_helper.php
index 19b4eec03..0bb0938a4 100644
--- a/system/helpers/typography_helper.php
+++ b/system/helpers/typography_helper.php
@@ -82,9 +82,12 @@ if ( ! function_exists('auto_typography'))
*/
if ( ! function_exists('entity_decode'))
{
- function entity_decode($str, $charset='UTF-8')
+ function entity_decode($str, $charset = NULL)
{
global $SEC;
+
+ if (empty($charset)) $charset = config_item('charset');
+
return $SEC->entity_decode($str, $charset);
}
}