Commit e6b4f0b0 authored by Dries's avatar Dries

- Patch #826864 by mr.baileys: add a warning to decode_entities().

parent 1cd8bc5a
......@@ -411,14 +411,20 @@ function _mime_header_decode($matches) {
}
/**
* Decode all HTML entities (including numerical ones) to regular UTF-8 bytes.
* Double-escaped entities will only be decoded once ("&amp;lt;" becomes "&lt;", not "<").
* Decodes all HTML entities (including numerical ones) to regular UTF-8 bytes.
*
* Double-escaped entities will only be decoded once ("&amp;lt;" becomes "&lt;",
* not "<"). Be careful when using this function, as decode_entities can revert
* previous sanitization efforts (&lt;script&gt; will become <script>).
*
* @param $text
* The text to decode entities in.
* @param $exclude
* An array of characters which should not be decoded. For example,
* array('<', '&', '"'). This affects both named and numerical entities.
*
* @return
* The input $text, with all HTML entities decoded once.
*/
function decode_entities($text, $exclude = array()) {
static $html_entities;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment