Merge branch '2.0' of github.com:cakephp/cakephp into 2.0

cake/basics.php

@@ -143,13 +143,18 @@ if (!function_exists('sortByKey')) {
  * Convenience method for htmlspecialchars.
  *
  * @param string $text Text to wrap through htmlspecialchars
+ * @param boolean $double Encode existing html entities
  * @param string $charset Character set to use when escaping.  Defaults to config value in 'App.encoding' or 'UTF-8'
  * @return string Wrapped text
  * @link http://book.cakephp.org/view/1132/h
  */
-	function h($text, $charset = null) {
+	function h($text, $double = true, $charset = null) {
 		if (is_array($text)) {
-			return array_map('h', $text);
+			$texts = array();
+			foreach ($text as $t) {
+				$texts[] = h($t, $double, $charset);
+			}
+			return $texts;
 		}
 
 		static $defaultCharset = false;
@@ -159,10 +164,13 @@ if (!function_exists('sortByKey')) {
 				$defaultCharset = 'UTF-8';
 			}
 		}
+		if (is_string($double)) {
+			$charset = $double;
+		}
 		if ($charset) {
-			return htmlspecialchars($text, ENT_QUOTES, $charset);
+			return htmlspecialchars($text, ENT_QUOTES, $charset, $double);
 		} else {
-			return htmlspecialchars($text, ENT_QUOTES, $defaultCharset);
+			return htmlspecialchars($text, ENT_QUOTES, $defaultCharset, $double);
 		}
 	}
 

cake/libs/sanitize.php

@@ -85,6 +85,7 @@ class Sanitize {
  * - remove (boolean) if true strips all HTML tags before encoding
  * - charset (string) the charset used to encode the string
  * - quotes (int) see http://php.net/manual/en/function.htmlentities.php
+ * - double (boolean) doube encode html entities
  *
  * @param string $string String from where to strip tags
  * @param array $options Array of options to use.
@@ -101,7 +102,8 @@ class Sanitize {
 		$default = array(
 			'remove' => false,
 			'charset' => $defaultCharset,
-			'quotes' => ENT_QUOTES
+			'quotes' => ENT_QUOTES,
+			'double' => true
 		);
 
 		$options = array_merge($default, $options);
@@ -110,7 +112,7 @@ class Sanitize {
 			$string = strip_tags($string);
 		}
 
-		return htmlentities($string, $options['quotes'], $options['charset']);
+		return htmlentities($string, $options['quotes'], $options['charset'], $options['double']);
 	}
 
 /**

cake/tests/cases/basics.test.php

@@ -200,6 +200,34 @@ class BasicsTest extends CakeTestCase {
 		$result = h($in);
 		$expected = array('this & that', '<p>Which one</p>');
 		$this->assertEqual($expected, $result);
+
+		$string = '<foo> & &nbsp;';
+		$result = h($string);
+		$this->assertEqual('&lt;foo&gt; &amp; &amp;nbsp;', $result);
+
+		$string = '<foo> & &nbsp;';
+		$result = h($string, false);
+		$this->assertEqual('&lt;foo&gt; &amp; &nbsp;', $result);
+		
+		$string = '<foo> & &nbsp;';
+		$result = h($string, 'UTF-8');
+		$this->assertEqual('&lt;foo&gt; &amp; &amp;nbsp;', $result);
+
+		$arr = array('<foo>', '&nbsp;');
+		$result = h($arr);
+		$expected = array(
+			'&lt;foo&gt;',
+			'&amp;nbsp;'
+		);
+		$this->assertEqual($expected, $result);
+
+		$arr = array('<foo>', '&nbsp;');
+		$result = h($arr, false);
+		$expected = array(
+			'&lt;foo&gt;',
+			'&nbsp;'
+		);
+		$this->assertEqual($expected, $result);
 	}
 
 /**

cake/tests/cases/libs/sanitize.test.php

@@ -236,6 +236,16 @@ class SanitizeTest extends CakeTestCase {
 		$expected = 'The "lazy" dog 'jumped' & flew over the moon. If (1+1) = 2 <em>is</em> true, (2-1) = 1 is also true';
 		$result = Sanitize::html($string);
 		$this->assertEqual($result, $expected);
+
+		$string = 'The "lazy" dog & his friend Apple® conquered the world';
+		$expected = 'The "lazy" dog & his friend Apple® conquered the world';
+		$result = Sanitize::html($string);
+		$this->assertEqual($result, $expected);
+
+		$string = 'The "lazy" dog & his friend Apple® conquered the world';
+		$expected = 'The "lazy" dog & his friend Apple® conquered the world';
+		$result = Sanitize::html($string, array('double' => false));
+		$this->assertEqual($result, $expected);
 	}
 
 /**