diff options
Diffstat (limited to 'system/helpers')
-rw-r--r-- | system/helpers/form_helper.php | 18 | ||||
-rw-r--r-- | system/helpers/xml_helper.php | 9 |
2 files changed, 23 insertions, 4 deletions
diff --git a/system/helpers/form_helper.php b/system/helpers/form_helper.php index 6d10a9862..7d594d72c 100644 --- a/system/helpers/form_helper.php +++ b/system/helpers/form_helper.php @@ -335,8 +335,24 @@ function form_prep($str = '') { return ''; } + + $temp = '__TEMP_AMPERSANDS__'; + + // Replace entities to temporary markers so that + // htmlspecialchars won't mess them up + $str = preg_replace("/&#(\d+);/", "$temp\\1;", $str); + $str = preg_replace("/&(\w+);/", "$temp\\1;", $str); + + $str = htmlspecialchars($str); + + // In case htmlspecialchars misses these. + $str = str_replace(array("'", '"'), array("'", """), $str); + + // Decode the temp markers back to entities + $str = preg_replace("/$temp(\d+);/","&#\\1;",$str); + $str = preg_replace("/$temp(\w+);/","&\\1;",$str); - return str_replace(array("'", '"'), array("'", """), htmlspecialchars($str)); + return $str; } // ------------------------------------------------------------------------ diff --git a/system/helpers/xml_helper.php b/system/helpers/xml_helper.php index 4cc91f4ef..856722b32 100644 --- a/system/helpers/xml_helper.php +++ b/system/helpers/xml_helper.php @@ -36,15 +36,18 @@ */ function xml_convert($str) { - $temp = '__TEMP_AMPERSANDS'; - + $temp = '__TEMP_AMPERSANDS__'; + + // Replace entities to temporary markers so that + // ampersands won't get messed up $str = preg_replace("/&#(\d+);/", "$temp\\1;", $str); $str = preg_replace("/&(\w+);/", "$temp\\1;", $str); $str = str_replace(array("&","<",">","\"", "'", "-"), array("&", "<", ">", """, "'", "-"), $str); - + + // Decode the temp markers back to entities $str = preg_replace("/$temp(\d+);/","&#\\1;",$str); $str = preg_replace("/$temp(\w+);/","&\\1;", $str); |