Page 1 of 1

MOD: replacement isc_html_escape() function

Posted: Sat May 14, 2011 4:25 pm
by Martin
This is a little nugget I collared when trying to understand the USPS bug... Resulted in a bit of mud on my face but that's about normal.

Either way, this could be quite useful if something you're using (a third party API or similar) is returning data that is pre-HTML encoded resulting in this sort of mess:

eg:

Code: Select all

Priority Mail&lt;sup>&reg;</sup&amp;gt;
...instead of:

Code: Select all

Priority Mail<sup>&reg;</sup>

Mod is as follows:

Open: /lib/general.php

Find:

Code: Select all

	function isc_html_escape($text)
	{
		return htmlspecialchars($text, ENT_QUOTES, GetConfig('CharacterSet'));
	}
Replace with:

Code: Select all

	function isc_html_escape_OLD($text)
	{
		return htmlspecialchars($text, ENT_QUOTES, GetConfig('CharacterSet'));
	}
	
	
	/**
	 * Replacement function for isc_html_escape()
	 * This can be called on pre-encoded data so it can result in something
	 * being returned with things like & being encoded multiple times.
	 * 
	 * This version strips out any pre-existing encoding back to raw data
	 * and then re-encodes
	 * 
	 * Credit: Nessthehero
	 * http://www.php.net/manual/en/function.htmlspecialchars.php#97991
	 */
	
	function isc_html_escape($text)
	{
		// Only match the patterns handled by htmlspecialchars() or it'll loop!
		$pattern = '/&(#)?(amp|quot|#039|lt|gt){0,};/';
       
        if (is_array($text)) {    // If variable is an array
            $out = array();      // Set output as an array
            foreach ($text as $key => $v) {
            	// Run isc_html_escape on every element of the array and return the result. Also maintains the keys.
                $out[$key] = isc_html_escape($v);
            }
        } else {
            $out = $text;
            while (preg_match($pattern,$out) > 0) {
                $out = htmlspecialchars_decode($out,ENT_QUOTES);      
            }
            // Trim the variable, strip all slashes, and encode it
            //$out = htmlspecialchars(stripslashes(trim($out)), ENT_QUOTES, GetConfig('CharacterSet'), true);

            // MOD Remove stripslashes as it affects escaped characters in admin - add order
            $out = htmlspecialchars(trim($out), ENT_QUOTES, GetConfig('CharacterSet'), true);
           
        }
       
        return $out; 
	}

Re: MOD: replacement isc_html_escape() function

Posted: Tue Aug 14, 2012 6:29 pm
by Martin
I've updated this mod' as it was causing some problems with the add-order (through admin) system by stripping out slashes from newline and tab characters.

Re: MOD: replacement isc_html_escape() function

Posted: Sun Dec 22, 2013 10:50 pm
by DBMAN
This works except for the superscript trademark for USPS.
<sup>&#8482;</sup>
Can't figure out how to strip that out, duh. Any help?

Adding sup and #8482 to the Mod doesn't work.

Re: MOD: replacement isc_html_escape() function

Posted: Fri Jan 24, 2014 4:05 am
by DBMAN
Bump :oops:

Shipping works of course but shows in all areas as:
(Priority Mail 1-Day<sup>&#8482;</sup>)