tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixed the io_safe_output function when the string has html entities defined by user

This commit is contained in:
mdtrooper 2015-02-17 14:57:06 +01:00
parent eb873ef593
commit ce93888308
1 changed files with 15 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
pandora_console/include/functions_io.php
View File

@ -222,31 +222,32 @@ function io_safe_output($value, $utf8 = true)
if (! mb_check_encoding ($value, 'UTF-8')) if (! mb_check_encoding ($value, 'UTF-8'))
$value = utf8_encode ($value); $value = utf8_encode ($value);
if ($utf8) {
$valueHtmlEncode = html_entity_decode ($value, ENT_QUOTES, "UTF-8");
}
else {
$valueHtmlEncode = html_entity_decode ($value, ENT_QUOTES);
}
//Replace the html entitie of ( for the char //Replace the html entitie of ( for the char
$valueHtmlEncode = str_replace("(", '(', $valueHtmlEncode); $value = str_replace("(", '(', $value);
//Replace the html entitie of ) for the char //Replace the html entitie of ) for the char
$valueHtmlEncode = str_replace(")", ')', $valueHtmlEncode); $value = str_replace(")", ')', $value);
//Replace the html entitie of < for the char //Replace the html entitie of < for the char
$valueHtmlEncode = str_replace("&lt;", '<', $valueHtmlEncode); $value = str_replace("&lt;", '<', $value);
//Replace the html entitie of > for the char //Replace the html entitie of > for the char
$valueHtmlEncode = str_replace("&gt;", '>', $valueHtmlEncode); $value = str_replace("&gt;", '>', $value);
//Revert html entities to chars //Revert html entities to chars
for ($i=0;$i<33;$i++) { for ($i = 0; $i < 33; $i++) {
$valueHtmlEncode = str_ireplace("&#x".dechex($i).";",io_html_to_ascii(dechex($i)), $valueHtmlEncode); $value = str_ireplace("&#x" . dechex($i) . ";",
io_html_to_ascii(dechex($i)), $value);
} }
return $valueHtmlEncode; if ($utf8) {
$value = html_entity_decode ($value, ENT_QUOTES, "UTF-8");
}
else {
$value = html_entity_decode ($value, ENT_QUOTES);
}
return $value;
} }
/** /**