From ce93888308c874ed00ae160beeec8a04a6892c23 Mon Sep 17 00:00:00 2001 From: mdtrooper Date: Tue, 17 Feb 2015 14:57:06 +0100 Subject: [PATCH] Fixed the io_safe_output function when the string has html entities defined by user --- pandora_console/include/functions_io.php | 29 ++++++++++++------------ 1 file changed, 15 insertions(+), 14 deletions(-) diff --git a/pandora_console/include/functions_io.php b/pandora_console/include/functions_io.php index a51f9d8b25..41076b2692 100755 --- a/pandora_console/include/functions_io.php +++ b/pandora_console/include/functions_io.php @@ -222,31 +222,32 @@ function io_safe_output($value, $utf8 = true) if (! mb_check_encoding ($value, 'UTF-8')) $value = utf8_encode ($value); - if ($utf8) { - $valueHtmlEncode = html_entity_decode ($value, ENT_QUOTES, "UTF-8"); - } - else { - $valueHtmlEncode = html_entity_decode ($value, ENT_QUOTES); - } - //Replace the html entitie of ( for the char - $valueHtmlEncode = str_replace("(", '(', $valueHtmlEncode); + $value = str_replace("(", '(', $value); //Replace the html entitie of ) for the char - $valueHtmlEncode = str_replace(")", ')', $valueHtmlEncode); + $value = str_replace(")", ')', $value); //Replace the html entitie of < for the char - $valueHtmlEncode = str_replace("<", '<', $valueHtmlEncode); + $value = str_replace("<", '<', $value); //Replace the html entitie of > for the char - $valueHtmlEncode = str_replace(">", '>', $valueHtmlEncode); + $value = str_replace(">", '>', $value); //Revert html entities to chars - for ($i=0;$i<33;$i++) { - $valueHtmlEncode = str_ireplace("&#x".dechex($i).";",io_html_to_ascii(dechex($i)), $valueHtmlEncode); + for ($i = 0; $i < 33; $i++) { + $value = str_ireplace("&#x" . dechex($i) . ";", + io_html_to_ascii(dechex($i)), $value); } - return $valueHtmlEncode; + if ($utf8) { + $value = html_entity_decode ($value, ENT_QUOTES, "UTF-8"); + } + else { + $value = html_entity_decode ($value, ENT_QUOTES); + } + + return $value; } /**