From 4f45858c0ab3165c59bad9dbae6b8fb43a18d56e Mon Sep 17 00:00:00 2001 From: Ivan Tcholakov Date: Mon, 25 Aug 2014 11:20:22 +0300 Subject: Upgrading the function html_escape(), escaping twice can be prevented by setting the second argument to FALSE. --- system/core/Common.php | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) (limited to 'system/core/Common.php') diff --git a/system/core/Common.php b/system/core/Common.php index 752a2e7f1..fd248e9b9 100644 --- a/system/core/Common.php +++ b/system/core/Common.php @@ -690,16 +690,20 @@ if ( ! function_exists('remove_invisible_characters')) if ( ! function_exists('html_escape')) { /** - * Returns HTML escaped variable + * Returns HTML escaped variable. + * $double_encode set to FALSE prevents escaping twice. * * @param mixed + * @param bool * @return mixed */ - function html_escape($var) + function html_escape($var, $double_encode = TRUE) { + $double_encode = (bool) $double_encode; + return is_array($var) - ? array_map('html_escape', $var) - : htmlspecialchars($var, ENT_QUOTES, config_item('charset')); + ? ($double_encode === FALSE ? array_map('html_escape', $var, array_fill(0, count($var), FALSE)) : array_map('html_escape', $var)) + : htmlspecialchars($var, ENT_QUOTES, config_item('charset'), $double_encode); } } -- cgit v1.2.3-24-g4f1b From 993f98c09c80ebad3328b7aa4182a941174d1d4a Mon Sep 17 00:00:00 2001 From: Ivan Tcholakov Date: Mon, 25 Aug 2014 12:13:31 +0300 Subject: Upgrading the function html_escape() - documentation corrections. --- system/core/Common.php | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'system/core/Common.php') diff --git a/system/core/Common.php b/system/core/Common.php index fd248e9b9..74864ec56 100644 --- a/system/core/Common.php +++ b/system/core/Common.php @@ -691,11 +691,10 @@ if ( ! function_exists('html_escape')) { /** * Returns HTML escaped variable. - * $double_encode set to FALSE prevents escaping twice. * - * @param mixed - * @param bool - * @return mixed + * @param mixed $var The input string or array of strings to be escaped. + * @param bool $double_encode $double_encode set to FALSE prevents escaping twice. + * @return mixed The escaped string or array of strings as a result. */ function html_escape($var, $double_encode = TRUE) { -- cgit v1.2.3-24-g4f1b From e7f55bf4afccbfa65bca16be63d6987ef3224431 Mon Sep 17 00:00:00 2001 From: Ivan Tcholakov Date: Mon, 25 Aug 2014 12:19:11 +0300 Subject: Upgrading the function html_escape() - readability improvement. --- system/core/Common.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'system/core/Common.php') diff --git a/system/core/Common.php b/system/core/Common.php index 74864ec56..93f0f0a99 100644 --- a/system/core/Common.php +++ b/system/core/Common.php @@ -701,7 +701,9 @@ if ( ! function_exists('html_escape')) $double_encode = (bool) $double_encode; return is_array($var) - ? ($double_encode === FALSE ? array_map('html_escape', $var, array_fill(0, count($var), FALSE)) : array_map('html_escape', $var)) + ? ($double_encode === FALSE + ? array_map('html_escape', $var, array_fill(0, count($var), FALSE)) + : array_map('html_escape', $var)) : htmlspecialchars($var, ENT_QUOTES, config_item('charset'), $double_encode); } } -- cgit v1.2.3-24-g4f1b From 6222437cfec313a33bc1d6546c4de139c4688188 Mon Sep 17 00:00:00 2001 From: Ivan Tcholakov Date: Mon, 25 Aug 2014 15:48:33 +0300 Subject: Upgrading the function html_escape() - Readability Improvement 2. --- system/core/Common.php | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) (limited to 'system/core/Common.php') diff --git a/system/core/Common.php b/system/core/Common.php index 93f0f0a99..ec44ea815 100644 --- a/system/core/Common.php +++ b/system/core/Common.php @@ -700,11 +700,17 @@ if ( ! function_exists('html_escape')) { $double_encode = (bool) $double_encode; - return is_array($var) - ? ($double_encode === FALSE - ? array_map('html_escape', $var, array_fill(0, count($var), FALSE)) - : array_map('html_escape', $var)) - : htmlspecialchars($var, ENT_QUOTES, config_item('charset'), $double_encode); + if (is_array($var)) + { + if ($double_encode) + { + return array_map('html_escape', $var); + } + + return array_map('html_escape', $var, array_fill(0, count($var), FALSE)); + } + + return htmlspecialchars($var, ENT_QUOTES, config_item('charset'), $double_encode); } } -- cgit v1.2.3-24-g4f1b From c851dc511b92d87002d1f338a31eaf76b7cb4350 Mon Sep 17 00:00:00 2001 From: Ivan Tcholakov Date: Tue, 26 Aug 2014 01:49:11 +0300 Subject: Upgraded html_escape() - The simplest version. --- system/core/Common.php | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) (limited to 'system/core/Common.php') diff --git a/system/core/Common.php b/system/core/Common.php index ec44ea815..b5a696c68 100644 --- a/system/core/Common.php +++ b/system/core/Common.php @@ -698,16 +698,9 @@ if ( ! function_exists('html_escape')) */ function html_escape($var, $double_encode = TRUE) { - $double_encode = (bool) $double_encode; - if (is_array($var)) { - if ($double_encode) - { - return array_map('html_escape', $var); - } - - return array_map('html_escape', $var, array_fill(0, count($var), FALSE)); + return array_map('html_escape', $var, array_fill(0, count($var), $double_encode)); } return htmlspecialchars($var, ENT_QUOTES, config_item('charset'), $double_encode); -- cgit v1.2.3-24-g4f1b