Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming form_prep appears to be broken in 1.7.2 html entities are no longer protected. Or was it broken before?
form_prep appears to be broken in 1.7.2 html entities are no longer protected. Or was it broken before?
  • El Forum
    Unregistered
  •  
#5
02-13-2010, 12:11 AM

[eluser]kenjis[/eluser]
CI should use 1.7.1's no double encoding code again.

Code:
$temp = '__TEMP_AMPERSANDS__';

        // Replace entities to temporary markers so that
        // htmlspecialchars won't mess them up
        $str = preg_replace("/&#(\d+);/", "$temp\\1;", $str);
        $str = preg_replace("/&(\w+);/",  "$temp\\1;", $str);

        $str = htmlspecialchars($str);

        // In case htmlspecialchars misses these.
        $str = str_replace(array("'", '"'), array("'", """), $str);

        // Decode the temp markers back to entities
        $str = preg_replace("/$temp(\d+);/","&#\\1;",$str);
        $str = preg_replace("/$temp(\w+);/","&\\1;",$str);

Or

Code:
$temp = '__TEMP_AMPERSANDS__';

        // Replace entities to temporary markers so that
        // htmlspecialchars won't mess them up
        $str = preg_replace("/&#(\d+);/", "$temp\\1;", $str);
        $str = preg_replace("/&(\w+);/",  "$temp\\1;", $str);

        $str = htmlspecialchars($str, ENT_QUOTES, config_item('charset'));

        // Decode the temp markers back to entities
        $str = preg_replace("/$temp(\d+);/","&#\\1;",$str);
        $str = preg_replace("/$temp(\w+);/","&\\1;",$str);


Messages In This Thread
form_prep appears to be broken in 1.7.2 html entities are no longer protected. Or was it broken before? - by El Forum - 02-13-2010, 12:11 AM



Theme © iAndrew 2016 - Forum software by © MyBB