From 7acd581d9441fb8ada4c46c58f4ec30a01507506 Mon Sep 17 00:00:00 2001 From: admin Date: Mon, 23 Oct 2006 21:37:22 +0000 Subject: --- system/helpers/form_helper.php | 18 +++++++++++++++++- system/helpers/xml_helper.php | 9 ++++++--- 2 files changed, 23 insertions(+), 4 deletions(-) (limited to 'system/helpers') diff --git a/system/helpers/form_helper.php b/system/helpers/form_helper.php index 6d10a9862..7d594d72c 100644 --- a/system/helpers/form_helper.php +++ b/system/helpers/form_helper.php @@ -335,8 +335,24 @@ function form_prep($str = '') { return ''; } + + $temp = '__TEMP_AMPERSANDS__'; + + // Replace entities to temporary markers so that + // htmlspecialchars won't mess them up + $str = preg_replace("/&#(\d+);/", "$temp\\1;", $str); + $str = preg_replace("/&(\w+);/", "$temp\\1;", $str); + + $str = htmlspecialchars($str); + + // In case htmlspecialchars misses these. + $str = str_replace(array("'", '"'), array("'", """), $str); + + // Decode the temp markers back to entities + $str = preg_replace("/$temp(\d+);/","&#\\1;",$str); + $str = preg_replace("/$temp(\w+);/","&\\1;",$str); - return str_replace(array("'", '"'), array("'", """), htmlspecialchars($str)); + return $str; } // ------------------------------------------------------------------------ diff --git a/system/helpers/xml_helper.php b/system/helpers/xml_helper.php index 4cc91f4ef..856722b32 100644 --- a/system/helpers/xml_helper.php +++ b/system/helpers/xml_helper.php @@ -36,15 +36,18 @@ */ function xml_convert($str) { - $temp = '__TEMP_AMPERSANDS'; - + $temp = '__TEMP_AMPERSANDS__'; + + // Replace entities to temporary markers so that + // ampersands won't get messed up $str = preg_replace("/&#(\d+);/", "$temp\\1;", $str); $str = preg_replace("/&(\w+);/", "$temp\\1;", $str); $str = str_replace(array("&","<",">","\"", "'", "-"), array("&", "<", ">", """, "'", "-"), $str); - + + // Decode the temp markers back to entities $str = preg_replace("/$temp(\d+);/","&#\\1;",$str); $str = preg_replace("/$temp(\w+);/","&\\1;", $str); -- cgit v1.2.3-24-g4f1b