Login

FnX · 08-06-2015, 01:59 AM

(08-05-2015, 12:53 PM)Narf Wrote: it can't have a parent.

Exactly, this is not an object Smile

I think I found the actual issue. It is the html_escape function definition in Common.php. I changed the new doubleEncode default parameter to false and everything looks fine now.

This is in Codeigniter2 :

PHP Code:
    function html_escape($var)
    {
        if (is_array($var))
        {
            return array_map('html_escape', $var);
        }
        else
        {
            return htmlspecialchars($var, ENT_QUOTES, config_item('charset'));
        }
    } 

This is in code igniter 3 :

PHP Code:
    /**
     * Returns HTML escaped variable.
     *
     * @param    mixed    $var        The input string or array of strings to be escaped.
     * @param    bool    $double_encode    $double_encode set to FALSE prevents escaping twice.
     * @return    mixed            The escaped string or array of strings as a result.
     */
    function html_escape($var, $double_encode = TRUE)
    {
        if (empty($var))
        {
            return $var;
        }
        
        if (is_array($var))
        {
            return array_map('html_escape', $var, array_fill(0, count($var), $double_encode));
        }

        return htmlspecialchars($var, ENT_QUOTES, config_item('charset'), $double_encode);
    } 

The new third parameter id set to true. I set it to false as a default value and this solves most of my problems (I found another problem in the form_dropdown function of form_helper.php which was not escaping the option $key/$val and now is (so there is my htmlspecialchars. now in conflict with the new one. avoiding double escape helps)

BTW this is strange because htmlspecialchars says its default is to escape everything ...