removed entity protection from form_prep() so as to preserve the user's input when called back into a form element
diff --git a/system/helpers/form_helper.php b/system/helpers/form_helper.php
index bdc87b8..987ff18 100644
--- a/system/helpers/form_helper.php
+++ b/system/helpers/form_helper.php
@@ -610,22 +610,11 @@
return '';
}
- $temp = '__TEMP_AMPERSANDS__';
-
- // Replace entities to temporary markers so that
- // htmlspecialchars won't mess them up
- $str = preg_replace("/&#(\d+);/", "$temp\\1;", $str);
- $str = preg_replace("/&(\w+);/", "$temp\\1;", $str);
-
$str = htmlspecialchars($str);
// In case htmlspecialchars misses these.
$str = str_replace(array("'", '"'), array("'", """), $str);
- // Decode the temp markers back to entities
- $str = preg_replace("/$temp(\d+);/","&#\\1;",$str);
- $str = preg_replace("/$temp(\w+);/","&\\1;",$str);
-
return $str;
}
}
diff --git a/user_guide/changelog.html b/user_guide/changelog.html
index 2cd5c68..b3ac167 100644
--- a/user_guide/changelog.html
+++ b/user_guide/changelog.html
@@ -100,6 +100,7 @@
<li>Fixed a bug that would cause PHP errors in XML-RPC data if the PHP data type did not match the specified XML-RPC type.</li>
<li>Fixed a bug in the XML-RPC class with parsing dateTime.iso8601 data types.</li>
<li>Fixed a case sensitive string replacement in xss_clean()</li>
+ <li>Fixed a bug in form_prep() causing it to not preserve entities in the user's original input when called back into a form element</li>
</ul>
<h2>Version 1.7.1</h2>