diff options
| author | Dries Buytaert <dries@buytaert.net> | 2010-06-14 12:37:15 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2010-06-14 12:37:15 +0000 |
| commit | e6b4f0b055ab94e21c72d0198ccc350511c168c6 (patch) | |
| tree | a69b7938d86c6f34e69a73576c4124689ec14934 /includes/unicode.inc | |
| parent | 1cd8bc5a0048afd8c21c411adc5001db9bfa1dce (diff) | |
| download | brdo-e6b4f0b055ab94e21c72d0198ccc350511c168c6.tar.gz brdo-e6b4f0b055ab94e21c72d0198ccc350511c168c6.tar.bz2 | |
- Patch #826864 by mr.baileys: add a warning to decode_entities().
Diffstat (limited to 'includes/unicode.inc')
| -rw-r--r-- | includes/unicode.inc | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/includes/unicode.inc b/includes/unicode.inc index 2813a5739..d06b43000 100644 --- a/includes/unicode.inc +++ b/includes/unicode.inc @@ -411,14 +411,20 @@ function _mime_header_decode($matches) { } /** - * Decode all HTML entities (including numerical ones) to regular UTF-8 bytes. - * Double-escaped entities will only be decoded once ("&lt;" becomes "<", not "<"). + * Decodes all HTML entities (including numerical ones) to regular UTF-8 bytes. + * + * Double-escaped entities will only be decoded once ("&lt;" becomes "<", + * not "<"). Be careful when using this function, as decode_entities can revert + * previous sanitization efforts (<script> will become <script>). * * @param $text * The text to decode entities in. * @param $exclude * An array of characters which should not be decoded. For example, * array('<', '&', '"'). This affects both named and numerical entities. + * + * @return + * The input $text, with all HTML entities decoded once. */ function decode_entities($text, $exclude = array()) { static $html_entities; |