From 1f2fd2d5db0ff9e91388cec079a9ff58392ab654 Mon Sep 17 00:00:00 2001
From: Derek Jones <derek.jones@ellislab.com>
Date: Wed, 11 Jul 2007 21:59:12 +0000
Subject: adding type casting of $title argument in URL helper functions to a
 string.  A numeric 0 sent to these functions would evaluate if ($title == '')
 as TRUE, and type casting seems the more appropriate fix than simply using
 $title === '', since we're expecting and treating $title as a string.

---
 system/helpers/url_helper.php | 8 ++++++++
 user_guide/changelog.html     | 1 +
 2 files changed, 9 insertions(+)

diff --git a/system/helpers/url_helper.php b/system/helpers/url_helper.php
index c05bc2088..01cd3458d 100644
--- a/system/helpers/url_helper.php
+++ b/system/helpers/url_helper.php
@@ -90,6 +90,8 @@ function index_page()
  */	
 function anchor($uri = '', $title = '', $attributes = '')
 {
+	$title = (string) $title;
+	
 	if ( ! is_array($uri))
 	{
 		$site_url = ( ! preg_match('!^\w+://!i', $uri)) ? site_url($uri) : $uri;
@@ -132,6 +134,8 @@ function anchor($uri = '', $title = '', $attributes = '')
  */
 function anchor_popup($uri = '', $title = '', $attributes = FALSE)
 {	
+	$title = (string) $title;
+	
 	$site_url = ( ! preg_match('!^\w+://!i', $uri)) ? site_url($uri) : $uri;
 	
 	if ($title == '')
@@ -170,6 +174,8 @@ function anchor_popup($uri = '', $title = '', $attributes = FALSE)
  */
 function mailto($email, $title = '', $attributes = '')
 {
+	$title = (string) $title;
+	
 	if ($title == "")
 	{
 		$title = $email;
@@ -195,6 +201,8 @@ function mailto($email, $title = '', $attributes = '')
  */
 function safe_mailto($email, $title = '', $attributes = '')
 {
+	$title = (string) $title;
+	
 	if ($title == "")
 	{
 		$title = $email;
diff --git a/user_guide/changelog.html b/user_guide/changelog.html
index eb57d487e..67baae43e 100644
--- a/user_guide/changelog.html
+++ b/user_guide/changelog.html
@@ -89,6 +89,7 @@ Change Log
     <li>Modified the Router so that when Query Strings are Enabled, the controller trigger and function trigger values are sanitized for filename include security.</li>
     <li>Modified the is_image() method in the Upload library to take into account Windows IE 6/7 eccentricities when dealing with MIMEs</li>
     <li>Modified XSS Cleaning routine to be more performance friendly and compatible with PHP 5.2's new PCRE backtrack and recursion limits.</li>
+	<li>Modified the URL Helper to type cast the $title as a string in case a numeric value is supplied</li>
 	<li>Deprecated the use if <kbd>is_numeric()</kbd> in various places since it allows periods.  Due to compatibility problems with <kbd>ctype_digit()</kbd>, making it unreliable in some installations, the following regular expression was used instead:  <kbd>preg_match("/[^0-9]/", $n)</kbd></li>
     <li>Deprecated: APPVER has been deprecated and replaced with CI_VERSION for clarity. </li>
 </ul>
-- 
cgit v1.2.3-24-g4f1b