diff options
| -rw-r--r-- | system/core/Common.php | 12 | ||||
| -rw-r--r-- | user_guide_src/source/changelog.rst | 1 |
2 files changed, 9 insertions, 4 deletions
diff --git a/system/core/Common.php b/system/core/Common.php index 752a2e7f1..fd248e9b9 100644 --- a/system/core/Common.php +++ b/system/core/Common.php @@ -690,16 +690,20 @@ if ( ! function_exists('remove_invisible_characters')) if ( ! function_exists('html_escape')) { /** - * Returns HTML escaped variable + * Returns HTML escaped variable. + * $double_encode set to FALSE prevents escaping twice. * * @param mixed + * @param bool * @return mixed */ - function html_escape($var) + function html_escape($var, $double_encode = TRUE) { + $double_encode = (bool) $double_encode; + return is_array($var) - ? array_map('html_escape', $var) - : htmlspecialchars($var, ENT_QUOTES, config_item('charset')); + ? ($double_encode === FALSE ? array_map('html_escape', $var, array_fill(0, count($var), FALSE)) : array_map('html_escape', $var)) + : htmlspecialchars($var, ENT_QUOTES, config_item('charset'), $double_encode); } } diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 6619ae971..4ff71a525 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -489,6 +489,7 @@ Release Date: Not Released - Removed the third (`$php_error`) argument from function :func:`log_message()`. - Changed internal function ``load_class()`` to accept a constructor parameter instead of (previously unused) class name prefix. - Removed default parameter value of :func:`is_php()`. + - Added a second optional argument ``$double_encode`` to :func:`html_escape()`. When ``$double_encode`` is set to FALSE, escaping twice is prevented. - :doc:`Output Library <libraries/output>` changes include: |