diff options
-rw-r--r-- | application/config/config.php | 2 | ||||
-rwxr-xr-x | system/core/Security.php | 3 | ||||
-rw-r--r-- | system/helpers/form_helper.php | 7 | ||||
-rw-r--r-- | system/helpers/typography_helper.php | 5 |
4 files changed, 10 insertions, 7 deletions
diff --git a/application/config/config.php b/application/config/config.php index 880393c29..a6d10d8dc 100644 --- a/application/config/config.php +++ b/application/config/config.php @@ -79,6 +79,8 @@ $config['language'] = 'english'; | This determines which character set is used by default in various methods | that require a character set to be provided. | +| See http://php.net/htmlspecialchars for a list of supported charsets. +| */ $config['charset'] = 'UTF-8'; diff --git a/system/core/Security.php b/system/core/Security.php index 342455f27..cc21ddc91 100755 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -525,9 +525,10 @@ class CI_Security { * @param string * @return string */ - public function entity_decode($str, $charset='UTF-8') + public function entity_decode($str, $charset = NULL) { if (stristr($str, '&') === FALSE) return $str; + if (empty($charset)) $charset = config_item('charset'); // The reason we are not using html_entity_decode() by itself is because // while it is not technically correct to leave out the semicolon diff --git a/system/helpers/form_helper.php b/system/helpers/form_helper.php index d9305c00b..130daee6a 100644 --- a/system/helpers/form_helper.php +++ b/system/helpers/form_helper.php @@ -642,11 +642,8 @@ if ( ! function_exists('form_prep')) { return $str; } - - $str = htmlspecialchars($str); - - // In case htmlspecialchars misses these. - $str = str_replace(array("'", '"'), array("'", """), $str); + + $str = html_escape($str); if ($field_name != '') { diff --git a/system/helpers/typography_helper.php b/system/helpers/typography_helper.php index 19b4eec03..0bb0938a4 100644 --- a/system/helpers/typography_helper.php +++ b/system/helpers/typography_helper.php @@ -82,9 +82,12 @@ if ( ! function_exists('auto_typography')) */ if ( ! function_exists('entity_decode')) { - function entity_decode($str, $charset='UTF-8') + function entity_decode($str, $charset = NULL) { global $SEC; + + if (empty($charset)) $charset = config_item('charset'); + return $SEC->entity_decode($str, $charset); } } |