From 4f45858c0ab3165c59bad9dbae6b8fb43a18d56e Mon Sep 17 00:00:00 2001
From: Ivan Tcholakov <ivantcholakov@gmail.com>
Date: Mon, 25 Aug 2014 11:20:22 +0300
Subject: Upgrading the function html_escape(), escaping twice can be prevented
 by setting the second argument to FALSE.

---
 system/core/Common.php | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

(limited to 'system')

diff --git a/system/core/Common.php b/system/core/Common.php
index 752a2e7f1..fd248e9b9 100644
--- a/system/core/Common.php
+++ b/system/core/Common.php
@@ -690,16 +690,20 @@ if ( ! function_exists('remove_invisible_characters'))
 if ( ! function_exists('html_escape'))
 {
 	/**
-	 * Returns HTML escaped variable
+	 * Returns HTML escaped variable.
+	 * $double_encode set to FALSE prevents escaping twice.
 	 *
 	 * @param	mixed
+	 * @param	bool
 	 * @return	mixed
 	 */
-	function html_escape($var)
+	function html_escape($var, $double_encode = TRUE)
 	{
+		$double_encode = (bool) $double_encode;
+
 		return is_array($var)
-			? array_map('html_escape', $var)
-			: htmlspecialchars($var, ENT_QUOTES, config_item('charset'));
+			? ($double_encode === FALSE ? array_map('html_escape', $var, array_fill(0, count($var), FALSE)) : array_map('html_escape', $var))
+			: htmlspecialchars($var, ENT_QUOTES, config_item('charset'), $double_encode);
 	}
 }
 
-- 
cgit v1.2.3-24-g4f1b


From 993f98c09c80ebad3328b7aa4182a941174d1d4a Mon Sep 17 00:00:00 2001
From: Ivan Tcholakov <ivantcholakov@gmail.com>
Date: Mon, 25 Aug 2014 12:13:31 +0300
Subject: Upgrading the function html_escape() - documentation corrections.

---
 system/core/Common.php | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

(limited to 'system')

diff --git a/system/core/Common.php b/system/core/Common.php
index fd248e9b9..74864ec56 100644
--- a/system/core/Common.php
+++ b/system/core/Common.php
@@ -691,11 +691,10 @@ if ( ! function_exists('html_escape'))
 {
 	/**
 	 * Returns HTML escaped variable.
-	 * $double_encode set to FALSE prevents escaping twice.
 	 *
-	 * @param	mixed
-	 * @param	bool
-	 * @return	mixed
+	 * @param	mixed	$var		The input string or array of strings to be escaped.
+	 * @param	bool	$double_encode	$double_encode set to FALSE prevents escaping twice.
+	 * @return	mixed			The escaped string or array of strings as a result.
 	 */
 	function html_escape($var, $double_encode = TRUE)
 	{
-- 
cgit v1.2.3-24-g4f1b


From e7f55bf4afccbfa65bca16be63d6987ef3224431 Mon Sep 17 00:00:00 2001
From: Ivan Tcholakov <ivantcholakov@gmail.com>
Date: Mon, 25 Aug 2014 12:19:11 +0300
Subject: Upgrading the function html_escape() - readability improvement.

---
 system/core/Common.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'system')

diff --git a/system/core/Common.php b/system/core/Common.php
index 74864ec56..93f0f0a99 100644
--- a/system/core/Common.php
+++ b/system/core/Common.php
@@ -701,7 +701,9 @@ if ( ! function_exists('html_escape'))
 		$double_encode = (bool) $double_encode;
 
 		return is_array($var)
-			? ($double_encode === FALSE ? array_map('html_escape', $var, array_fill(0, count($var), FALSE)) : array_map('html_escape', $var))
+			? ($double_encode === FALSE
+				? array_map('html_escape', $var, array_fill(0, count($var), FALSE))
+				: array_map('html_escape', $var))
 			: htmlspecialchars($var, ENT_QUOTES, config_item('charset'), $double_encode);
 	}
 }
-- 
cgit v1.2.3-24-g4f1b


From 6222437cfec313a33bc1d6546c4de139c4688188 Mon Sep 17 00:00:00 2001
From: Ivan Tcholakov <ivantcholakov@gmail.com>
Date: Mon, 25 Aug 2014 15:48:33 +0300
Subject: Upgrading the function html_escape() - Readability Improvement 2.

---
 system/core/Common.php | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

(limited to 'system')

diff --git a/system/core/Common.php b/system/core/Common.php
index 93f0f0a99..ec44ea815 100644
--- a/system/core/Common.php
+++ b/system/core/Common.php
@@ -700,11 +700,17 @@ if ( ! function_exists('html_escape'))
 	{
 		$double_encode = (bool) $double_encode;
 
-		return is_array($var)
-			? ($double_encode === FALSE
-				? array_map('html_escape', $var, array_fill(0, count($var), FALSE))
-				: array_map('html_escape', $var))
-			: htmlspecialchars($var, ENT_QUOTES, config_item('charset'), $double_encode);
+		if (is_array($var))
+		{
+			if ($double_encode)
+			{
+				return array_map('html_escape', $var);
+			}
+
+			return array_map('html_escape', $var, array_fill(0, count($var), FALSE));
+		}
+
+		return htmlspecialchars($var, ENT_QUOTES, config_item('charset'), $double_encode);
 	}
 }
 
-- 
cgit v1.2.3-24-g4f1b


From c851dc511b92d87002d1f338a31eaf76b7cb4350 Mon Sep 17 00:00:00 2001
From: Ivan Tcholakov <ivantcholakov@gmail.com>
Date: Tue, 26 Aug 2014 01:49:11 +0300
Subject: Upgraded html_escape()  - The simplest version.

---
 system/core/Common.php | 9 +--------
 1 file changed, 1 insertion(+), 8 deletions(-)

(limited to 'system')

diff --git a/system/core/Common.php b/system/core/Common.php
index ec44ea815..b5a696c68 100644
--- a/system/core/Common.php
+++ b/system/core/Common.php
@@ -698,16 +698,9 @@ if ( ! function_exists('html_escape'))
 	 */
 	function html_escape($var, $double_encode = TRUE)
 	{
-		$double_encode = (bool) $double_encode;
-
 		if (is_array($var))
 		{
-			if ($double_encode)
-			{
-				return array_map('html_escape', $var);
-			}
-
-			return array_map('html_escape', $var, array_fill(0, count($var), FALSE));
+			return array_map('html_escape', $var, array_fill(0, count($var), $double_encode));
 		}
 
 		return htmlspecialchars($var, ENT_QUOTES, config_item('charset'), $double_encode);
-- 
cgit v1.2.3-24-g4f1b