[eluser]Unknown[/eluser]
There's a bug in the form helper's set_value function when form_validation is loaded that forces form_prep validation on not only the post data, but the default data too.
Code:
if ( ! function_exists('set_value'))
{
function set_value($field = '', $default = '')
{
if (FALSE === ($OBJ =& _get_validation_object()))
{
if ( ! isset($_POST[$field]))
{
return $default;
}
return form_prep($_POST[$field], $field);
}
return form_prep($OBJ->set_value($field, $default), $field);
}
}
return form_prep($OBJ->set_value($field, $default), $field);
This means if you use prep_for_form as a validation rule, it's performed twice, inserting &amp; whenever it encounters an html special character. Submitting a form again and again adds more amps each time. A simple <p> becomes
Code:
&amp;amp;lt;p&amp;amp;gt;
And even worse, a call like
set_value('myfield', '&lt;p&gt;');
would return the default value of
&amp;lt;p&amp;gt;
which is obviously unexpected behaviour!