Gitiles
Code Review Sign In
www.giggi.me / code-igniter-v3-giggi / 01a9b107cab449d1ce24746612e9cf7074e6608d^! / . / system / helpers / form_helper.php
commit01a9b107cab449d1ce24746612e9cf7074e6608d[log] [tgz]
authorDerek Jones <derek.jones@ellislab.com>Fri Jul 17 18:30:36 2009 +0000
committerDerek Jones <derek.jones@ellislab.com>Fri Jul 17 18:30:36 2009 +0000
treed295cbbd17aad5aa9defe1cc464e329ef976250d
parent94026d914090861da9c2826508a4597badb86af6 [diff] [blame]
modified Form Helper so that form_prep() keeps track of strings it's already processed, to prevent encoding and prep from occurring more than once

diff --git a/system/helpers/form_helper.php b/system/helpers/form_helper.php
index 987ff18..4c229ae 100644
--- a/system/helpers/form_helper.php
+++ b/system/helpers/form_helper.php

@@ -123,7 +123,7 @@
 
 		if ( ! is_array($value))
 		{
-			$form .= '<input type="hidden" name="'.$name.'" value="'.form_prep($value).'" />'."\n";
+			$form .= '<input type="hidden" name="'.$name.'" value="'.form_prep($value, $name).'" />'."\n";
 		}
 		else
 		{
@@ -239,8 +239,9 @@
 			$val = $data['value']; 
 			unset($data['value']); // textareas don't use the value attribute
 		}
-
-		return "<textarea "._parse_form_attributes($data, $defaults).$extra.">".form_prep($val)."</textarea>";
+		
+		$name = (is_array($data)) ? $data['name'] : $data;
+		return "<textarea "._parse_form_attributes($data, $defaults).$extra.">".form_prep($val, $name)."</textarea>";
 	}
 }
 
@@ -264,7 +265,7 @@
 		{
 			$extra .= ' multiple="multiple"';
 		}
-	
+		
 		return form_dropdown($name, $options, $selected, $extra);
 	}
 }
@@ -592,8 +593,10 @@
  */
 if ( ! function_exists('form_prep'))
 {
-	function form_prep($str = '')
+	function form_prep($str = '', $field_name = '')
 	{
+		static $prepped_fields = array();
+		
 		// if the field name is an array we do this recursively
 		if (is_array($str))
 		{
@@ -610,11 +613,21 @@
 			return '';
 		}
 
+		if (isset($prepped_fields[$field_name]))
+		{
+			return $prepped_fields[$field_name];
+		}
+		
 		$str = htmlspecialchars($str);
 
 		// In case htmlspecialchars misses these.
 		$str = str_replace(array("'", '"'), array("&#39;", "&quot;"), $str);
 
+		if ($field_name != '')
+		{
+			$prepped_fields[$field_name] = $str;
+		}
+		
 		return $str;
 	}
 }
@@ -643,10 +656,10 @@
 				return $default;
 			}
 
-			return form_prep($_POST[$field]);
+			return form_prep($_POST[$field], $field);
 		}
 
-		return form_prep($OBJ->set_value($field, $default));
+		return form_prep($OBJ->set_value($field, $default), $field);
 	}
 }
 
@@ -902,12 +915,12 @@
 		}
 
 		$att = '';
-
+		
 		foreach ($default as $key => $val)
 		{
 			if ($key == 'value')
 			{
-				$val = form_prep($val);
+				$val = form_prep($val, $default['name']);
 			}
 
 			$att .= $key . '="' . $val . '" ';