Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming form_prep appears to be broken in 1.7.2 html entities are no longer protected. Or was it broken before?
form_prep appears to be broken in 1.7.2 html entities are no longer protected. Or was it broken before?
  • El Forum
    Guest
  •  
#11
03-20-2010, 05:34 PM

[eluser]rip_pit[/eluser]
[quote author="darrenm" date="1265932448"]
As a workaround, I've introduced a new function:

Code:
function fix_form_prep($str) {

    $find = array('&','"',''',''','&gt','&lt');
    $replace = array('&','"',''',''','>', '<');

    return str_replace($find,$replace,$str);

}

I then call this after the offending htmlspecialchars in form_prep
Code:
$str = htmlspecialchars($str);
$str = fix_form_prep($str);

This is working, but it lack elegance for me - there must be a better way?

NOTE: the encoding on this forum has scrambled the above function a bit, but you should get the idea.[/quote]

i found a little bug in that function,
line : ,''','&gt','&lt'
should be : ,''','>','<'

I also had to add a new key, ''', without the leading zero, to be converted.

here's the function including these fixes :
Code:
function fix_form_prep($str) {

    $find = array('&','"',''',''','>','<',''');
    $replace = array('&','"',''',''','>', '<',''');

    return str_replace($find,$replace,$str);

}


Messages In This Thread
form_prep appears to be broken in 1.7.2 html entities are no longer protected. Or was it broken before? - by El Forum - 03-20-2010, 05:34 PM



Theme © iAndrew 2016 - Forum software by © MyBB