Either way, this could be quite useful if something you're using (a third party API or similar) is returning data that is pre-HTML encoded resulting in this sort of mess:
eg:
Code: Select all
Priority Mail<sup>®</sup&gt;
Code: Select all
Priority Mail<sup>®</sup>
Mod is as follows:
Open: /lib/general.php
Find:
Code: Select all
function isc_html_escape($text)
{
return htmlspecialchars($text, ENT_QUOTES, GetConfig('CharacterSet'));
}
Code: Select all
function isc_html_escape_OLD($text)
{
return htmlspecialchars($text, ENT_QUOTES, GetConfig('CharacterSet'));
}
/**
* Replacement function for isc_html_escape()
* This can be called on pre-encoded data so it can result in something
* being returned with things like & being encoded multiple times.
*
* This version strips out any pre-existing encoding back to raw data
* and then re-encodes
*
* Credit: Nessthehero
* http://www.php.net/manual/en/function.htmlspecialchars.php#97991
*/
function isc_html_escape($text)
{
// Only match the patterns handled by htmlspecialchars() or it'll loop!
$pattern = '/&(#)?(amp|quot|#039|lt|gt){0,};/';
if (is_array($text)) { // If variable is an array
$out = array(); // Set output as an array
foreach ($text as $key => $v) {
// Run isc_html_escape on every element of the array and return the result. Also maintains the keys.
$out[$key] = isc_html_escape($v);
}
} else {
$out = $text;
while (preg_match($pattern,$out) > 0) {
$out = htmlspecialchars_decode($out,ENT_QUOTES);
}
// Trim the variable, strip all slashes, and encode it
//$out = htmlspecialchars(stripslashes(trim($out)), ENT_QUOTES, GetConfig('CharacterSet'), true);
// MOD Remove stripslashes as it affects escaped characters in admin - add order
$out = htmlspecialchars(trim($out), ENT_QUOTES, GetConfig('CharacterSet'), true);
}
return $out;
}