From 01a9b107cab449d1ce24746612e9cf7074e6608d Mon Sep 17 00:00:00 2001
From: Derek Jones
Date: Fri, 17 Jul 2009 18:30:36 +0000
Subject: modified Form Helper so that form_prep() keeps track of strings it's
already processed, to prevent encoding and prep from occurring more than once
---
system/helpers/form_helper.php | 31 ++++++++++++++++++++++---------
user_guide/changelog.html | 2 ++
2 files changed, 24 insertions(+), 9 deletions(-)
diff --git a/system/helpers/form_helper.php b/system/helpers/form_helper.php
index 987ff18e2..4c229ae9f 100644
--- a/system/helpers/form_helper.php
+++ b/system/helpers/form_helper.php
@@ -123,7 +123,7 @@ if ( ! function_exists('form_hidden'))
if ( ! is_array($value))
{
- $form .= ' '."\n";
+ $form .= ' '."\n";
}
else
{
@@ -239,8 +239,9 @@ if ( ! function_exists('form_textarea'))
$val = $data['value'];
unset($data['value']); // textareas don't use the value attribute
}
-
- return "";
+
+ $name = (is_array($data)) ? $data['name'] : $data;
+ return "";
}
}
@@ -264,7 +265,7 @@ if (! function_exists('form_multiselect'))
{
$extra .= ' multiple="multiple"';
}
-
+
return form_dropdown($name, $options, $selected, $extra);
}
}
@@ -592,8 +593,10 @@ if ( ! function_exists('form_close'))
*/
if ( ! function_exists('form_prep'))
{
- function form_prep($str = '')
+ function form_prep($str = '', $field_name = '')
{
+ static $prepped_fields = array();
+
// if the field name is an array we do this recursively
if (is_array($str))
{
@@ -610,11 +613,21 @@ if ( ! function_exists('form_prep'))
return '';
}
+ if (isset($prepped_fields[$field_name]))
+ {
+ return $prepped_fields[$field_name];
+ }
+
$str = htmlspecialchars($str);
// In case htmlspecialchars misses these.
$str = str_replace(array("'", '"'), array("'", """), $str);
+ if ($field_name != '')
+ {
+ $prepped_fields[$field_name] = $str;
+ }
+
return $str;
}
}
@@ -643,10 +656,10 @@ if ( ! function_exists('set_value'))
return $default;
}
- return form_prep($_POST[$field]);
+ return form_prep($_POST[$field], $field);
}
- return form_prep($OBJ->set_value($field, $default));
+ return form_prep($OBJ->set_value($field, $default), $field);
}
}
@@ -902,12 +915,12 @@ if ( ! function_exists('_parse_form_attributes'))
}
$att = '';
-
+
foreach ($default as $key => $val)
{
if ($key == 'value')
{
- $val = form_prep($val);
+ $val = form_prep($val, $default['name']);
}
$att .= $key . '="' . $val . '" ';
diff --git a/user_guide/changelog.html b/user_guide/changelog.html
index 2bbe832d1..42529d1ff 100644
--- a/user_guide/changelog.html
+++ b/user_guide/changelog.html
@@ -82,6 +82,8 @@ SVN Revision:
Added form_multiselect() to the Form helper .
Modified form_hidden() in the Form helper to accept multi-dimensional arrays.
+ Modified form_prep() in the Form helper to keep track of prepped fields to avoid multiple prep/mutation from subsequent calls which can occur when using Form Validation
+ and form helper functions to output form fields.
Modified directory_map() in the Directory helper to allow the inclusion of hidden files, and to return FALSE on failure to read directory.
--
cgit v1.2.3-24-g4f1b