From d2ea460f138fd1f9a527c9b0ece7cce369fd430b Mon Sep 17 00:00:00 2001
From: Andrey Andreev <narf@devilix.net>
Date: Fri, 30 Oct 2015 11:47:35 +0200
Subject: Fix #3201

---
 system/core/Common.php                 | 7 ++++++-
 tests/codeigniter/core/Common_test.php | 5 +++++
 user_guide_src/source/changelog.rst    | 1 +
 3 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/system/core/Common.php b/system/core/Common.php
index ad3ca9f93..3ab98cf6d 100644
--- a/system/core/Common.php
+++ b/system/core/Common.php
@@ -752,7 +752,12 @@ if ( ! function_exists('html_escape'))
 
 		if (is_array($var))
 		{
-			return array_map('html_escape', $var, array_fill(0, count($var), $double_encode));
+			foreach (array_keys($var) as $key)
+			{
+				$var[$key] = html_escape($var[$key], $double_encode);
+			}
+
+			return $var;
 		}
 
 		return htmlspecialchars($var, ENT_QUOTES, config_item('charset'), $double_encode);
diff --git a/tests/codeigniter/core/Common_test.php b/tests/codeigniter/core/Common_test.php
index 999b49cb3..81a185eaf 100644
--- a/tests/codeigniter/core/Common_test.php
+++ b/tests/codeigniter/core/Common_test.php
@@ -47,6 +47,11 @@ class Common_test extends CI_TestCase {
 			html_escape('Here is a string containing "quoted" text.'),
 			'Here is a string containing &quot;quoted&quot; text.'
 		);
+
+		$this->assertEquals(
+			html_escape(array('associative' => 'and', array('multi' => 'dimentional'))),
+			array('associative' => 'and', array('multi' => 'dimentional'))
+		);
 	}
 
 }
\ No newline at end of file
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index b1caf9b56..8aaf0bfc4 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -21,6 +21,7 @@ Bug fixes for 3.0.3
 -  Fixed a bug (#4171) - :doc:`Database Transactions <database/transactions>` didn't work with nesting in methods ``trans_begin()``, ``trans_commit()``, ``trans_rollback()``.
 -  Fixed a bug where :doc:`Database Transaction <database/transactions>` methods ``trans_begin()``, ``trans_commit()``, ``trans_rollback()`` ignored failures.
 -  Fixed a bug where all :doc:`Database Transaction <database/transactions>` methods returned TRUE while transactions are actually disabled.
+-  Fixed a bug (#3201) - :doc:`Common function <general/common_functions>` :php:func:`html_escape()` modified keys of its array inputs.
 
 Version 3.0.2
 =============
-- 
cgit v1.2.3-24-g4f1b