diff options
Diffstat (limited to 'system/helpers/form_helper.php')
-rw-r--r-- | system/helpers/form_helper.php | 88 |
1 files changed, 40 insertions, 48 deletions
diff --git a/system/helpers/form_helper.php b/system/helpers/form_helper.php index a23ffcae2..fb235291e 100644 --- a/system/helpers/form_helper.php +++ b/system/helpers/form_helper.php @@ -2,26 +2,37 @@ /** * CodeIgniter * - * An open source application development framework for PHP 5.2.4 or newer + * An open source application development framework for PHP * - * NOTICE OF LICENSE + * This content is released under the MIT License (MIT) * - * Licensed under the Open Software License version 3.0 + * Copyright (c) 2014 - 2015, British Columbia Institute of Technology * - * This source file is subject to the Open Software License (OSL 3.0) that is - * bundled with this package in the files license.txt / license.rst. It is - * also available through the world wide web at this URL: - * http://opensource.org/licenses/OSL-3.0 - * If you did not receive a copy of the license and are unable to obtain it - * through the world wide web, please send an email to - * licensing@ellislab.com so we can send you a copy immediately. + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: * - * @package CodeIgniter - * @author EllisLab Dev Team + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + * + * @package CodeIgniter + * @author EllisLab Dev Team * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (http://ellislab.com/) - * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) - * @link http://codeigniter.com - * @since Version 1.0 + * @copyright Copyright (c) 2014 - 2015, British Columbia Institute of Technology (http://bcit.ca/) + * @license http://opensource.org/licenses/MIT MIT License + * @link http://codeigniter.com + * @since Version 1.0.0 * @filesource */ defined('BASEPATH') OR exit('No direct script access allowed'); @@ -89,7 +100,7 @@ if ( ! function_exists('form_open')) { foreach ($hidden as $name => $value) { - $form .= '<input type="hidden" name="'.$name.'" value="'.form_prep($value).'" style="display:none;" />'."\n"; + $form .= '<input type="hidden" name="'.$name.'" value="'.html_escape($value).'" style="display:none;" />'."\n"; } } @@ -162,7 +173,7 @@ if ( ! function_exists('form_hidden')) if ( ! is_array($value)) { - $form .= '<input type="hidden" name="'.$name.'" value="'.form_prep($value)."\" />\n"; + $form .= '<input type="hidden" name="'.$name.'" value="'.html_escape($value)."\" />\n"; } else { @@ -276,7 +287,7 @@ if ( ! function_exists('form_textarea')) unset($data['value']); // textareas don't use the value attribute } - return '<textarea '._parse_form_attributes($data, $defaults).$extra.'>'.form_prep($val, TRUE)."</textarea>\n"; + return '<textarea '._parse_form_attributes($data, $defaults).$extra.'>'.html_escape($val)."</textarea>\n"; } } @@ -381,7 +392,7 @@ if ( ! function_exists('form_dropdown')) foreach ($val as $optgroup_key => $optgroup_val) { $sel = in_array($optgroup_key, $selected) ? ' selected="selected"' : ''; - $form .= '<option value="'.form_prep($optgroup_key).'"'.$sel.'>' + $form .= '<option value="'.html_escape($optgroup_key).'"'.$sel.'>' .(string) $optgroup_val."</option>\n"; } @@ -389,7 +400,7 @@ if ( ! function_exists('form_dropdown')) } else { - $form .= '<option value="'.form_prep($key).'"' + $form .= '<option value="'.html_escape($key).'"' .(in_array($key, $selected) ? ' selected="selected"' : '').'>' .(string) $val."</option>\n"; } @@ -642,28 +653,13 @@ if ( ! function_exists('form_prep')) * * Formats text so that it can be safely placed in a form field in the event it has HTML tags. * + * @deprecated 3.0.0 An alias for html_escape() * @param string|string[] $str Value to escape - * @param bool $is_textarea Whether we're escaping for a textarea element * @return string|string[] Escaped values */ - function form_prep($str = '', $is_textarea = FALSE) + function form_prep($str) { - if (is_array($str)) - { - foreach (array_keys($str) as $key) - { - $str[$key] = form_prep($str[$key], $is_textarea); - } - - return $str; - } - - if ($is_textarea === TRUE) - { - return str_replace(array('<', '>'), array('<', '>'), stripslashes($str)); - } - - return str_replace(array("'", '"'), array(''', '"'), stripslashes($str)); + return html_escape($str, TRUE); } } @@ -680,10 +676,9 @@ if ( ! function_exists('set_value')) * * @param string $field Field name * @param string $default Default value - * @param bool $is_textarea Whether the field is a textarea element * @return string */ - function set_value($field = '', $default = '', $is_textarea = FALSE) + function set_value($field, $default = '') { $CI =& get_instance(); @@ -691,7 +686,7 @@ if ( ! function_exists('set_value')) ? $CI->form_validation->set_value($field, $default) : $CI->input->post($field, FALSE); - return form_prep($value === NULL ? $default : $value, $is_textarea); + return html_escape($value === NULL ? $default : $value); } } @@ -710,7 +705,7 @@ if ( ! function_exists('set_select')) * @param bool * @return string */ - function set_select($field = '', $value = '', $default = FALSE) + function set_select($field, $value = '', $default = FALSE) { $CI =& get_instance(); @@ -757,7 +752,7 @@ if ( ! function_exists('set_checkbox')) * @param bool * @return string */ - function set_checkbox($field = '', $value = '', $default = FALSE) + function set_checkbox($field, $value = '', $default = FALSE) { $CI =& get_instance(); @@ -804,7 +799,7 @@ if ( ! function_exists('set_radio')) * @param bool $default * @return string */ - function set_radio($field = '', $value = '', $default = FALSE) + function set_radio($field, $value = '', $default = FALSE) { $CI =& get_instance(); @@ -910,7 +905,7 @@ if ( ! function_exists('_parse_form_attributes')) { if ($key === 'value') { - $val = form_prep($val); + $val = html_escape($val); } elseif ($key === 'name' && ! strlen($default['name'])) { @@ -1001,6 +996,3 @@ if ( ! function_exists('_get_validation_object')) return $return; } } - -/* End of file form_helper.php */ -/* Location: ./system/helpers/form_helper.php */
\ No newline at end of file |