From d4a42ff4943e8f2fb218a592dc91f204be5624c5 Mon Sep 17 00:00:00 2001 From: stronk7 Date: Wed, 12 Apr 2006 17:39:23 +0000 Subject: [PATCH] New optional parameter to s() and p() allowing to specify if we want to strip slashes (data coming from forms) or no (data coming from DB, the default). Bug 2338. (http://moodle.org/bugs/bug.php?op=show&bugid=2338) --- lib/weblib.php | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/lib/weblib.php b/lib/weblib.php index ad24aed558..9b3482d990 100644 --- a/lib/weblib.php +++ b/lib/weblib.php @@ -98,13 +98,21 @@ $ALLOWED_PROTOCOLS = array('http', 'https', 'ftp', 'news', 'mailto', 'rtsp', 'te * This function is very similar to {@link p()} * * @param string $var the string potentially containing HTML characters + * @param boolean $strip to decide if we want to strip slashes or no. Default to false. + * true should be used to print data from forms and false for data from DB. * @return string */ -function s($var) { +function s($var, $strip=false) { + if ($var == '0') { // for integer 0, boolean false, string '0' return '0'; } - return preg_replace("/&(#\d+);/i", "&$1;", htmlspecialchars(stripslashes_safe($var))); + + if ($strip) { + return preg_replace("/&(#\d+);/i", "&$1;", htmlspecialchars(stripslashes_safe($var))); + } else { + return preg_replace("/&(#\d+);/i", "&$1;", htmlspecialchars($var)); + } } /** @@ -114,10 +122,12 @@ function s($var) { * This function is very similar to {@link s()} * * @param string $var the string potentially containing HTML characters + * @param boolean $strip to decide if we want to strip slashes or no. Default to false. + * true should be used to print data from forms and false for data from DB. * @return string */ -function p($var) { - echo s($var); +function p($var, $strip=false) { + echo s($var, $strip); } -- 2.39.5