MOD: replacement isc_html_escape() function
Posted: Sat May 14, 2011 4:25 pm
This is a little nugget I collared when trying to understand the USPS bug... Resulted in a bit of mud on my face but that's about normal.
Either way, this could be quite useful if something you're using (a third party API or similar) is returning data that is pre-HTML encoded resulting in this sort of mess:
eg:
...instead of:
Mod is as follows:
Open: /lib/general.php
Find:
Replace with:
Either way, this could be quite useful if something you're using (a third party API or similar) is returning data that is pre-HTML encoded resulting in this sort of mess:
eg:
Code: Select all
Priority Mail<sup>®</sup&gt;
Code: Select all
Priority Mail<sup>®</sup>
Mod is as follows:
Open: /lib/general.php
Find:
Code: Select all
function isc_html_escape($text)
{
return htmlspecialchars($text, ENT_QUOTES, GetConfig('CharacterSet'));
}
Code: Select all
function isc_html_escape_OLD($text)
{
return htmlspecialchars($text, ENT_QUOTES, GetConfig('CharacterSet'));
}
/**
* Replacement function for isc_html_escape()
* This can be called on pre-encoded data so it can result in something
* being returned with things like & being encoded multiple times.
*
* This version strips out any pre-existing encoding back to raw data
* and then re-encodes
*
* Credit: Nessthehero
* http://www.php.net/manual/en/function.htmlspecialchars.php#97991
*/
function isc_html_escape($text)
{
// Only match the patterns handled by htmlspecialchars() or it'll loop!
$pattern = '/&(#)?(amp|quot|#039|lt|gt){0,};/';
if (is_array($text)) { // If variable is an array
$out = array(); // Set output as an array
foreach ($text as $key => $v) {
// Run isc_html_escape on every element of the array and return the result. Also maintains the keys.
$out[$key] = isc_html_escape($v);
}
} else {
$out = $text;
while (preg_match($pattern,$out) > 0) {
$out = htmlspecialchars_decode($out,ENT_QUOTES);
}
// Trim the variable, strip all slashes, and encode it
//$out = htmlspecialchars(stripslashes(trim($out)), ENT_QUOTES, GetConfig('CharacterSet'), true);
// MOD Remove stripslashes as it affects escaped characters in admin - add order
$out = htmlspecialchars(trim($out), ENT_QUOTES, GetConfig('CharacterSet'), true);
}
return $out;
}