From 01a9b107cab449d1ce24746612e9cf7074e6608d Mon Sep 17 00:00:00 2001
From: Derek Jones <derek.jones@ellislab.com>
Date: Fri, 17 Jul 2009 18:30:36 +0000
Subject: modified Form Helper so that form_prep() keeps track of strings it's
 already processed, to prevent encoding and prep from occurring more than once

---
 system/helpers/form_helper.php | 31 ++++++++++++++++++++++---------
 1 file changed, 22 insertions(+), 9 deletions(-)

(limited to 'system/helpers/form_helper.php')

diff --git a/system/helpers/form_helper.php b/system/helpers/form_helper.php
index 987ff18e2..4c229ae9f 100644
--- a/system/helpers/form_helper.php
+++ b/system/helpers/form_helper.php
@@ -123,7 +123,7 @@ if ( ! function_exists('form_hidden'))
 
 		if ( ! is_array($value))
 		{
-			$form .= '<input type="hidden" name="'.$name.'" value="'.form_prep($value).'" />'."\n";
+			$form .= '<input type="hidden" name="'.$name.'" value="'.form_prep($value, $name).'" />'."\n";
 		}
 		else
 		{
@@ -239,8 +239,9 @@ if ( ! function_exists('form_textarea'))
 			$val = $data['value']; 
 			unset($data['value']); // textareas don't use the value attribute
 		}
-
-		return "<textarea "._parse_form_attributes($data, $defaults).$extra.">".form_prep($val)."</textarea>";
+		
+		$name = (is_array($data)) ? $data['name'] : $data;
+		return "<textarea "._parse_form_attributes($data, $defaults).$extra.">".form_prep($val, $name)."</textarea>";
 	}
 }
 
@@ -264,7 +265,7 @@ if (! function_exists('form_multiselect'))
 		{
 			$extra .= ' multiple="multiple"';
 		}
-	
+		
 		return form_dropdown($name, $options, $selected, $extra);
 	}
 }
@@ -592,8 +593,10 @@ if ( ! function_exists('form_close'))
  */
 if ( ! function_exists('form_prep'))
 {
-	function form_prep($str = '')
+	function form_prep($str = '', $field_name = '')
 	{
+		static $prepped_fields = array();
+		
 		// if the field name is an array we do this recursively
 		if (is_array($str))
 		{
@@ -610,11 +613,21 @@ if ( ! function_exists('form_prep'))
 			return '';
 		}
 
+		if (isset($prepped_fields[$field_name]))
+		{
+			return $prepped_fields[$field_name];
+		}
+		
 		$str = htmlspecialchars($str);
 
 		// In case htmlspecialchars misses these.
 		$str = str_replace(array("'", '"'), array("&#39;", "&quot;"), $str);
 
+		if ($field_name != '')
+		{
+			$prepped_fields[$field_name] = $str;
+		}
+		
 		return $str;
 	}
 }
@@ -643,10 +656,10 @@ if ( ! function_exists('set_value'))
 				return $default;
 			}
 
-			return form_prep($_POST[$field]);
+			return form_prep($_POST[$field], $field);
 		}
 
-		return form_prep($OBJ->set_value($field, $default));
+		return form_prep($OBJ->set_value($field, $default), $field);
 	}
 }
 
@@ -902,12 +915,12 @@ if ( ! function_exists('_parse_form_attributes'))
 		}
 
 		$att = '';
-
+		
 		foreach ($default as $key => $val)
 		{
 			if ($key == 'value')
 			{
-				$val = form_prep($val);
+				$val = form_prep($val, $default['name']);
 			}
 
 			$att .= $key . '="' . $val . '" ';
-- 
cgit v1.2.3-24-g4f1b