MOD: replacement isc_html_escape() function

Modules, Add-ons and custom code that's more than just a quick hack or Mod.
Post Reply
Martin
Site Admin
Site Admin
Posts: 1854
Joined: Wed Jun 17, 2009 6:30 pm
Location: South Yorkshire UK
Contact:

MOD: replacement isc_html_escape() function

Post by Martin »

This is a little nugget I collared when trying to understand the USPS bug... Resulted in a bit of mud on my face but that's about normal.

Either way, this could be quite useful if something you're using (a third party API or similar) is returning data that is pre-HTML encoded resulting in this sort of mess:

eg:

Code: Select all

Priority Mail&lt;sup>&reg;</sup&amp;gt;
...instead of:

Code: Select all

Priority Mail<sup>&reg;</sup>

Mod is as follows:

Open: /lib/general.php

Find:

Code: Select all

	function isc_html_escape($text)
	{
		return htmlspecialchars($text, ENT_QUOTES, GetConfig('CharacterSet'));
	}
Replace with:

Code: Select all

	function isc_html_escape_OLD($text)
	{
		return htmlspecialchars($text, ENT_QUOTES, GetConfig('CharacterSet'));
	}
	
	
	/**
	 * Replacement function for isc_html_escape()
	 * This can be called on pre-encoded data so it can result in something
	 * being returned with things like & being encoded multiple times.
	 * 
	 * This version strips out any pre-existing encoding back to raw data
	 * and then re-encodes
	 * 
	 * Credit: Nessthehero
	 * http://www.php.net/manual/en/function.htmlspecialchars.php#97991
	 */
	
	function isc_html_escape($text)
	{
		// Only match the patterns handled by htmlspecialchars() or it'll loop!
		$pattern = '/&(#)?(amp|quot|#039|lt|gt){0,};/';
       
        if (is_array($text)) {    // If variable is an array
            $out = array();      // Set output as an array
            foreach ($text as $key => $v) {
            	// Run isc_html_escape on every element of the array and return the result. Also maintains the keys.
                $out[$key] = isc_html_escape($v);
            }
        } else {
            $out = $text;
            while (preg_match($pattern,$out) > 0) {
                $out = htmlspecialchars_decode($out,ENT_QUOTES);      
            }
            // Trim the variable, strip all slashes, and encode it
            //$out = htmlspecialchars(stripslashes(trim($out)), ENT_QUOTES, GetConfig('CharacterSet'), true);

            // MOD Remove stripslashes as it affects escaped characters in admin - add order
            $out = htmlspecialchars(trim($out), ENT_QUOTES, GetConfig('CharacterSet'), true);
           
        }
       
        return $out; 
	}
Martin
Site Admin
Site Admin
Posts: 1854
Joined: Wed Jun 17, 2009 6:30 pm
Location: South Yorkshire UK
Contact:

Re: MOD: replacement isc_html_escape() function

Post by Martin »

I've updated this mod' as it was causing some problems with the add-order (through admin) system by stripping out slashes from newline and tab characters.
DBMAN
Posts: 56
Joined: Sat Dec 25, 2010 1:18 am

Re: MOD: replacement isc_html_escape() function

Post by DBMAN »

This works except for the superscript trademark for USPS.
<sup>&#8482;</sup>
Can't figure out how to strip that out, duh. Any help?

Adding sup and #8482 to the Mod doesn't work.
DBMAN
Posts: 56
Joined: Sat Dec 25, 2010 1:18 am

Re: MOD: replacement isc_html_escape() function

Post by DBMAN »

Bump :oops:

Shipping works of course but shows in all areas as:
(Priority Mail 1-Day<sup>&#8482;</sup>)
Post Reply