THttpUtility::htmlEncode and htmlDecode now do not deal with &

3 files changed, 9 insertions, 12 deletions

diff --git a/HISTORY b/HISTORY
index 477534d4..efc55bb4 100644
--- a/HISTORY
+++ b/HISTORY
@@ -4,6 +4,7 @@ BUG: Ticket#118 - Variables that may not have been initialized (Qiang)
 CHG: Moved localize() into PradoBase (Qiang)

 CHG: List controls now use array keys as list item values even if

      the array is integer-indexed (Qiang)

+CHG: THttpUtility::htmlEncode and htmlDecode now do not deal with & (Qiang)

 ENH: Optimized the representation and evaluation of template expressions (Qiang)

 

 Version 3.0RC1 April 5, 2006

diff --git a/demos/quickstart/protected/pages/Configurations/Templates3.page b/demos/quickstart/protected/pages/Configurations/Templates3.page
index b8d6addf..d08f8736 100644
--- a/demos/quickstart/protected/pages/Configurations/Templates3.page
+++ b/demos/quickstart/protected/pages/Configurations/Templates3.page
@@ -75,7 +75,7 @@ BE VERY CAUTIOUS when you are using asset tags as it may expose to end-users fil
 <p>

 Localization tags represent localized texts. They are in the following format,

 <com:TTextHighlighter Language="prado" CssClass="source">

-&lt;%[string]&gt;

+&lt;%[string]%&gt;

 </com:TTextHighlighter>

 where <tt>string</tt> will be translated to different languages according to the end-user's language preference.

 

diff --git a/framework/Web/THttpUtility.php b/framework/Web/THttpUtility.php
index 398b3cf3..4cd869b4 100644
--- a/framework/Web/THttpUtility.php
+++ b/framework/Web/THttpUtility.php
@@ -20,17 +20,20 @@
  */

 class THttpUtility

 {

-	private static $_entityTable=null;

+	private static $_encodeTable=array('<'=>'&lt;','>'=>'&gt;','"'=>'&quote;');

+	private static $_decodeTable=array('&lt;'=>'<','&gt;'=>'>','&quote;'=>'"');

 

 	/**

 	 * HTML-encodes a string.

-	 * It is equivalent to {@link htmlspeicalchars} PHP function.

+	 * This method translates the following characters to their corresponding

+	 * HTML entities: <, >, "

+	 * Note, unlike {@link htmlspeicalchars}, & is not translated.

 	 * @param string string to be encoded

 	 * @return string encoded string

 	 */

 	public static function htmlEncode($s)

 	{

-		return htmlspecialchars($s);

+		return strtr($s,self::$_encodeTable);

 	}

 

 	/**

@@ -41,14 +44,7 @@ class THttpUtility
 	 */

 	public static function htmlDecode($s)

 	{

-		if(!self::$_entityTable)

-			self::buildEntityTable();

-		return strtr($s,self::$_entityTable);

-	}

-

-	private static function buildEntityTable()

-	{

-		self::$_entityTable=array_flip(get_html_translation_table(HTML_ENTITIES,ENT_QUOTES));

+		return strtr($s,self::$_decodeTable);

 	}

 }