From b58899cf0450895f7a2c109bbf7bafbd167a162f Mon Sep 17 00:00:00 2001
From: Jeremy Harris <jeremy@42pixels.com>
Date: Mon, 11 Oct 2010 18:25:11 -0700
Subject: [PATCH] Added 'double' option to Santize::html() to pass
 double_encode parameter to htmlentities()

---
 cake/libs/sanitize.php                  |  6 ++++--
 cake/tests/cases/libs/sanitize.test.php | 10 ++++++++++
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/cake/libs/sanitize.php b/cake/libs/sanitize.php
index c4de9bd28ff..34ed32e798f 100644
--- a/cake/libs/sanitize.php
+++ b/cake/libs/sanitize.php
@@ -85,6 +85,7 @@ public static function escape($string, $connection = 'default') {
  * - remove (boolean) if true strips all HTML tags before encoding
  * - charset (string) the charset used to encode the string
  * - quotes (int) see http://php.net/manual/en/function.htmlentities.php
+ * - double (boolean) doube encode html entities
  *
  * @param string $string String from where to strip tags
  * @param array $options Array of options to use.
@@ -101,7 +102,8 @@ public static function html($string, $options = array()) {
 		$default = array(
 			'remove' => false,
 			'charset' => $defaultCharset,
-			'quotes' => ENT_QUOTES
+			'quotes' => ENT_QUOTES,
+			'double' => true
 		);
 
 		$options = array_merge($default, $options);
@@ -110,7 +112,7 @@ public static function html($string, $options = array()) {
 			$string = strip_tags($string);
 		}
 
-		return htmlentities($string, $options['quotes'], $options['charset']);
+		return htmlentities($string, $options['quotes'], $options['charset'], $options['double']);
 	}
 
 /**
diff --git a/cake/tests/cases/libs/sanitize.test.php b/cake/tests/cases/libs/sanitize.test.php
index 30a46564bd0..311964fba48 100644
--- a/cake/tests/cases/libs/sanitize.test.php
+++ b/cake/tests/cases/libs/sanitize.test.php
@@ -236,6 +236,16 @@ function testHtml() {
 		$expected = 'The &quot;lazy&quot; dog &#039;jumped&#039; &amp; flew over the moon. If (1+1) = 2 &lt;em&gt;is&lt;/em&gt; true, (2-1) = 1 is also true';
 		$result = Sanitize::html($string);
 		$this->assertEqual($result, $expected);
+
+		$string = 'The "lazy" dog & his friend Apple&reg; conquered the world';
+		$expected = 'The &quot;lazy&quot; dog &amp; his friend Apple&amp;reg; conquered the world';
+		$result = Sanitize::html($string);
+		$this->assertEqual($result, $expected);
+
+		$string = 'The "lazy" dog & his friend Apple&reg; conquered the world';
+		$expected = 'The &quot;lazy&quot; dog &amp; his friend Apple&reg; conquered the world';
+		$result = Sanitize::html($string, array('double' => false));
+		$this->assertEqual($result, $expected);
 	}
 
 /**