Upgrading the function html_escape(), escaping twice can be prevented by setting the second argument to FALSE.

commit: 4f45858c0ab3165c59bad9dbae6b8fb43a18d56e [log] [tgz]
author: Ivan Tcholakov <ivantcholakov@gmail.com> Mon Aug 25 11:20:22 2014 +0300
committer: Ivan Tcholakov <ivantcholakov@gmail.com> Mon Aug 25 11:20:22 2014 +0300
tree: 15fb5a99edbad1d74a8f553b4152897ce96cd8f9
parent: a0c3ce3162aadcc017e3dad29ac7df6e5011c4f1 [diff] [blame]
diff --git a/system/core/Common.php b/system/core/Common.php
index 752a2e7..fd248e9 100644
--- a/system/core/Common.php
+++ b/system/core/Common.php

@@ -690,16 +690,20 @@
 if ( ! function_exists('html_escape'))
 {
 	/**
-	 * Returns HTML escaped variable
+	 * Returns HTML escaped variable.
+	 * $double_encode set to FALSE prevents escaping twice.
 	 *
 	 * @param	mixed
+	 * @param	bool
 	 * @return	mixed
 	 */
-	function html_escape($var)
+	function html_escape($var, $double_encode = TRUE)
 	{
+		$double_encode = (bool) $double_encode;
+
 		return is_array($var)
-			? array_map('html_escape', $var)
-			: htmlspecialchars($var, ENT_QUOTES, config_item('charset'));
+			? ($double_encode === FALSE ? array_map('html_escape', $var, array_fill(0, count($var), FALSE)) : array_map('html_escape', $var))
+			: htmlspecialchars($var, ENT_QUOTES, config_item('charset'), $double_encode);
 	}
 }
commit	4f45858c0ab3165c59bad9dbae6b8fb43a18d56e	[log] [tgz]
author	Ivan Tcholakov <ivantcholakov@gmail.com>	Mon Aug 25 11:20:22 2014 +0300
committer	Ivan Tcholakov <ivantcholakov@gmail.com>	Mon Aug 25 11:20:22 2014 +0300
tree	15fb5a99edbad1d74a8f553b4152897ce96cd8f9
parent	a0c3ce3162aadcc017e3dad29ac7df6e5011c4f1 [diff] [blame]