From 55027807e4826dfe722598172ab7ffbd9dc0b48c Mon Sep 17 00:00:00 2001 From: kenjis Date: Thu, 25 Aug 2011 10:51:44 +0900 Subject: add html_escape() function to escape HTML. --- system/core/Common.php | 24 ++++++++++++++++++++++++ user_guide/changelog.html | 1 + user_guide/general/common_functions.html | 2 ++ 3 files changed, 27 insertions(+) diff --git a/system/core/Common.php b/system/core/Common.php index db9fbeb9f..3d6931bc0 100644 --- a/system/core/Common.php +++ b/system/core/Common.php @@ -536,5 +536,29 @@ if ( ! function_exists('remove_invisible_characters')) } } +// ------------------------------------------------------------------------ + +/** +* Returns HTML escaped variable +* +* @access public +* @param mixed +* @return mixed +*/ +if ( ! function_exists('html_escape')) +{ + function html_escape($var) + { + if (is_array($var)) + { + return array_map('html_escape', $var); + } + else + { + return htmlspecialchars($var, ENT_QUOTES, config_item('charset')); + } + } +} + /* End of file Common.php */ /* Location: ./system/core/Common.php */ \ No newline at end of file diff --git a/user_guide/changelog.html b/user_guide/changelog.html index 19e659f45..11a15370e 100644 --- a/user_guide/changelog.html +++ b/user_guide/changelog.html @@ -64,6 +64,7 @@ Change Log
  • General Changes
  • Helpers diff --git a/user_guide/general/common_functions.html b/user_guide/general/common_functions.html index 2751133bb..f290521a9 100644 --- a/user_guide/general/common_functions.html +++ b/user_guide/general/common_functions.html @@ -104,6 +104,8 @@ else

    This function prevents inserting null characters between ascii characters, like Java\0script.

    +

    html_escape($mixed)

    +

    This function provides short cut for htmlspecialchars() function. It accepts string and array. To prevent Cross Site Scripting (XSS), it is very useful.

    -- cgit v1.2.3-24-g4f1b