Added 'double' option to Santize::html() to pass double_encode parame…

…ter to htmlentities()

cake/libs/sanitize.php

@@ -85,6 +85,7 @@ public static function escape($string, $connection = 'default') {
  * - remove (boolean) if true strips all HTML tags before encoding
  * - charset (string) the charset used to encode the string
  * - quotes (int) see http://php.net/manual/en/function.htmlentities.php
+ * - double (boolean) doube encode html entities
  *
  * @param string $string String from where to strip tags
  * @param array $options Array of options to use.
@@ -101,7 +102,8 @@ public static function html($string, $options = array()) {
 		$default = array(
 			'remove' => false,
 			'charset' => $defaultCharset,
-			'quotes' => ENT_QUOTES
+			'quotes' => ENT_QUOTES,
+			'double' => true
 		);
 
 		$options = array_merge($default, $options);
@@ -110,7 +112,7 @@ public static function html($string, $options = array()) {
 			$string = strip_tags($string);
 		}
 
-		return htmlentities($string, $options['quotes'], $options['charset']);
+		return htmlentities($string, $options['quotes'], $options['charset'], $options['double']);
 	}
 
 /**

cake/tests/cases/libs/sanitize.test.php

@@ -236,6 +236,16 @@ function testHtml() {
 		$expected = 'The "lazy" dog 'jumped' & flew over the moon. If (1+1) = 2 <em>is</em> true, (2-1) = 1 is also true';
 		$result = Sanitize::html($string);
 		$this->assertEqual($result, $expected);
+
+		$string = 'The "lazy" dog & his friend Apple® conquered the world';
+		$expected = 'The "lazy" dog & his friend Apple® conquered the world';
+		$result = Sanitize::html($string);
+		$this->assertEqual($result, $expected);
+
+		$string = 'The "lazy" dog & his friend Apple® conquered the world';
+		$expected = 'The "lazy" dog & his friend Apple® conquered the world';
+		$result = Sanitize::html($string, array('double' => false));
+		$this->assertEqual($result, $expected);
 	}
 
 /**