diff options
Diffstat (limited to 'system/helpers/form_helper.php')
| -rw-r--r-- | system/helpers/form_helper.php | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/system/helpers/form_helper.php b/system/helpers/form_helper.php index 6d10a9862..7d594d72c 100644 --- a/system/helpers/form_helper.php +++ b/system/helpers/form_helper.php @@ -335,8 +335,24 @@ function form_prep($str = '') { return ''; } + + $temp = '__TEMP_AMPERSANDS__'; + + // Replace entities to temporary markers so that + // htmlspecialchars won't mess them up + $str = preg_replace("/&#(\d+);/", "$temp\\1;", $str); + $str = preg_replace("/&(\w+);/", "$temp\\1;", $str); + + $str = htmlspecialchars($str); + + // In case htmlspecialchars misses these. + $str = str_replace(array("'", '"'), array("'", """), $str); + + // Decode the temp markers back to entities + $str = preg_replace("/$temp(\d+);/","&#\\1;",$str); + $str = preg_replace("/$temp(\w+);/","&\\1;",$str); - return str_replace(array("'", '"'), array("'", """), htmlspecialchars($str)); + return $str; } // ------------------------------------------------------------------------ |