From 2c245616a7bc89e842b4f39693751c3d28c034f2 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 20 Jan 2015 15:40:27 +0200 Subject: Revert 7c4d10660a0a47446474bf97e3cb65f80693f1ee Deprecates form_prep() in favor of html_escape() (again). Related: issue #1953, which was the reason for the reverted commit, but was wrongly interpreted and that shouldn't have happened. Close #2477 --- system/helpers/form_helper.php | 44 ++++++++++++++---------------------------- 1 file changed, 14 insertions(+), 30 deletions(-) (limited to 'system/helpers') diff --git a/system/helpers/form_helper.php b/system/helpers/form_helper.php index 0e9207ee2..007db4cab 100644 --- a/system/helpers/form_helper.php +++ b/system/helpers/form_helper.php @@ -100,7 +100,7 @@ if ( ! function_exists('form_open')) { foreach ($hidden as $name => $value) { - $form .= ''."\n"; + $form .= ''."\n"; } } @@ -173,7 +173,7 @@ if ( ! function_exists('form_hidden')) if ( ! is_array($value)) { - $form .= '\n"; + $form .= '\n"; } else { @@ -287,7 +287,7 @@ if ( ! function_exists('form_textarea')) unset($data['value']); // textareas don't use the value attribute } - return '\n"; + return '\n"; } } @@ -392,7 +392,7 @@ if ( ! function_exists('form_dropdown')) foreach ($val as $optgroup_key => $optgroup_val) { $sel = in_array($optgroup_key, $selected) ? ' selected="selected"' : ''; - $form .= '\n"; } @@ -400,7 +400,7 @@ if ( ! function_exists('form_dropdown')) } else { - $form .= '\n"; } @@ -653,28 +653,13 @@ if ( ! function_exists('form_prep')) * * Formats text so that it can be safely placed in a form field in the event it has HTML tags. * + * @deprecated 3.0.0 An alias for html_escape() * @param string|string[] $str Value to escape - * @param bool $is_textarea Whether we're escaping for a textarea element * @return string|string[] Escaped values */ - function form_prep($str = '', $is_textarea = FALSE) + function form_prep($str) { - if (is_array($str)) - { - foreach (array_keys($str) as $key) - { - $str[$key] = form_prep($str[$key], $is_textarea); - } - - return $str; - } - - if ($is_textarea === TRUE) - { - return str_replace(array('<', '>'), array('<', '>'), stripslashes($str)); - } - - return str_replace(array("'", '"'), array(''', '"'), stripslashes($str)); + return html_escape($str, TRUE); } } @@ -691,10 +676,9 @@ if ( ! function_exists('set_value')) * * @param string $field Field name * @param string $default Default value - * @param bool $is_textarea Whether the field is a textarea element * @return string */ - function set_value($field = '', $default = '', $is_textarea = FALSE) + function set_value($field, $default = '') { $CI =& get_instance(); @@ -702,7 +686,7 @@ if ( ! function_exists('set_value')) ? $CI->form_validation->set_value($field, $default) : $CI->input->post($field, FALSE); - return form_prep($value === NULL ? $default : $value, $is_textarea); + return html_escape($value === NULL ? $default : $value); } } @@ -721,7 +705,7 @@ if ( ! function_exists('set_select')) * @param bool * @return string */ - function set_select($field = '', $value = '', $default = FALSE) + function set_select($field, $value = '', $default = FALSE) { $CI =& get_instance(); @@ -768,7 +752,7 @@ if ( ! function_exists('set_checkbox')) * @param bool * @return string */ - function set_checkbox($field = '', $value = '', $default = FALSE) + function set_checkbox($field, $value = '', $default = FALSE) { $CI =& get_instance(); @@ -815,7 +799,7 @@ if ( ! function_exists('set_radio')) * @param bool $default * @return string */ - function set_radio($field = '', $value = '', $default = FALSE) + function set_radio($field, $value = '', $default = FALSE) { $CI =& get_instance(); @@ -921,7 +905,7 @@ if ( ! function_exists('_parse_form_attributes')) { if ($key === 'value') { - $val = form_prep($val); + $val = html_escape($val); } elseif ($key === 'name' && ! strlen($default['name'])) { -- cgit v1.2.3-24-g4f1b