diff --git a/cake/basics.php b/cake/basics.php index 787aaf0c6..ca262cb0a 100644 --- a/cake/basics.php +++ b/cake/basics.php @@ -143,13 +143,18 @@ if (!function_exists('sortByKey')) { * Convenience method for htmlspecialchars. * * @param string $text Text to wrap through htmlspecialchars + * @param boolean $double Encode existing html entities * @param string $charset Character set to use when escaping. Defaults to config value in 'App.encoding' or 'UTF-8' * @return string Wrapped text * @link http://book.cakephp.org/view/1132/h */ - function h($text, $charset = null) { + function h($text, $double = true, $charset = null) { if (is_array($text)) { - return array_map('h', $text); + $texts = array(); + foreach ($text as $t) { + $texts[] = h($t, $double, $charset); + } + return $texts; } static $defaultCharset = false; @@ -159,10 +164,13 @@ if (!function_exists('sortByKey')) { $defaultCharset = 'UTF-8'; } } + if (is_string($double)) { + $charset = $double; + } if ($charset) { - return htmlspecialchars($text, ENT_QUOTES, $charset); + return htmlspecialchars($text, ENT_QUOTES, $charset, $double); } else { - return htmlspecialchars($text, ENT_QUOTES, $defaultCharset); + return htmlspecialchars($text, ENT_QUOTES, $defaultCharset, $double); } } diff --git a/cake/libs/sanitize.php b/cake/libs/sanitize.php index c4de9bd28..34ed32e79 100644 --- a/cake/libs/sanitize.php +++ b/cake/libs/sanitize.php @@ -85,6 +85,7 @@ class Sanitize { * - remove (boolean) if true strips all HTML tags before encoding * - charset (string) the charset used to encode the string * - quotes (int) see http://php.net/manual/en/function.htmlentities.php + * - double (boolean) doube encode html entities * * @param string $string String from where to strip tags * @param array $options Array of options to use. @@ -101,7 +102,8 @@ class Sanitize { $default = array( 'remove' => false, 'charset' => $defaultCharset, - 'quotes' => ENT_QUOTES + 'quotes' => ENT_QUOTES, + 'double' => true ); $options = array_merge($default, $options); @@ -110,7 +112,7 @@ class Sanitize { $string = strip_tags($string); } - return htmlentities($string, $options['quotes'], $options['charset']); + return htmlentities($string, $options['quotes'], $options['charset'], $options['double']); } /** diff --git a/cake/tests/cases/basics.test.php b/cake/tests/cases/basics.test.php index f66f98986..8df308ba9 100644 --- a/cake/tests/cases/basics.test.php +++ b/cake/tests/cases/basics.test.php @@ -200,6 +200,34 @@ class BasicsTest extends CakeTestCase { $result = h($in); $expected = array('this & that', '<p>Which one</p>'); $this->assertEqual($expected, $result); + + $string = ' &  '; + $result = h($string); + $this->assertEqual('<foo> & &nbsp;', $result); + + $string = ' &  '; + $result = h($string, false); + $this->assertEqual('<foo> &  ', $result); + + $string = ' &  '; + $result = h($string, 'UTF-8'); + $this->assertEqual('<foo> & &nbsp;', $result); + + $arr = array('', ' '); + $result = h($arr); + $expected = array( + '<foo>', + '&nbsp;' + ); + $this->assertEqual($expected, $result); + + $arr = array('', ' '); + $result = h($arr, false); + $expected = array( + '<foo>', + ' ' + ); + $this->assertEqual($expected, $result); } /** diff --git a/cake/tests/cases/libs/sanitize.test.php b/cake/tests/cases/libs/sanitize.test.php index 30a46564b..311964fba 100644 --- a/cake/tests/cases/libs/sanitize.test.php +++ b/cake/tests/cases/libs/sanitize.test.php @@ -236,6 +236,16 @@ class SanitizeTest extends CakeTestCase { $expected = 'The "lazy" dog 'jumped' & flew over the moon. If (1+1) = 2 <em>is</em> true, (2-1) = 1 is also true'; $result = Sanitize::html($string); $this->assertEqual($result, $expected); + + $string = 'The "lazy" dog & his friend Apple® conquered the world'; + $expected = 'The "lazy" dog & his friend Apple&reg; conquered the world'; + $result = Sanitize::html($string); + $this->assertEqual($result, $expected); + + $string = 'The "lazy" dog & his friend Apple® conquered the world'; + $expected = 'The "lazy" dog & his friend Apple® conquered the world'; + $result = Sanitize::html($string, array('double' => false)); + $this->assertEqual($result, $expected); } /**