Changeset 6099

Timestamp:

11/18/07 17:27:43 (1 year ago)

Author:

fabien

Message:

added ESC_HTMLSPECIALCHARS escaping strategy

Files:

• trunk/lib/plugins/sfCompat10Plugin/lib/helper/EscapingHelper.php (modified) (1 diff)

trunk/lib/plugins/sfCompat10Plugin/lib/helper/EscapingHelper.php

@@ -48 +48 @@
-
-/**
+ * Runs the PHP function htmlspecialchars on the value passed.
+ *
+ * @param string $value the value to escape
+ * @return string the escaped value
+ */
+function esc_htmlspecialchars($value)
+{
+  // Numbers and boolean values get turned into strings which can cause problems
+  // with type comparisons (e.g. === or is_int() etc).
+  return is_string($value) ? htmlspecialchars($value, ENT_QUOTES, sfConfig::get('sf_charset')) : $value;
+}
+
+define('ESC_HTMLSPECIALCHARS', 'esc_htmlspecialchars');
+
+/**
- * An identity function that merely returns that which it is given, the purpose
- * being to be able to specify that the value is not to be escaped in any way.