Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Optimizing Sanitize::html() by caching default charset. Closes #496. …

…Also charset passed in $options parameter now takes precedence over the default value obtained from app's config value 'App.encoding'
  • Loading branch information...
commit 209af202ecb614330b50ffd477a3c66b32cd59ce 1 parent 817ebf5
@ADmad ADmad authored
Showing with 14 additions and 10 deletions.
  1. +14 −10 cake/libs/sanitize.php
View
24 cake/libs/sanitize.php
@@ -80,7 +80,7 @@ function escape($string, $connection = 'default') {
/**
* Returns given string safe for display as HTML. Renders entities.
- *
+ *
* strip_tags() does not validating HTML syntax or structure, so it might strip whole passages
* with broken HTML.
*
@@ -97,9 +97,16 @@ function escape($string, $connection = 'default') {
* @static
*/
function html($string, $options = array()) {
+ static $defaultCharset = false;
+ if ($defaultCharset === false) {
+ $defaultCharset = Configure::read('App.encoding');
+ if ($defaultCharset === null) {
+ $defaultCharset = 'UTF-8';
+ }
+ }
$default = array(
'remove' => false,
- 'charset' => 'UTF-8',
+ 'charset' => $defaultCharset,
'quotes' => ENT_QUOTES
);
@@ -108,11 +115,8 @@ function html($string, $options = array()) {
if ($options['remove']) {
$string = strip_tags($string);
}
- $encoding = Configure::read('App.encoding');
- if (empty($encoding)) {
- $encoding = $options['charset'];
- }
- return htmlentities($string, $options['quotes'], $encoding);
+
+ return htmlentities($string, $options['quotes'], $options['charset']);
}
/**
@@ -197,15 +201,15 @@ function stripTags() {
/**
* Sanitizes given array or value for safe input. Use the options to specify
* the connection to use, and what filters should be applied (with a boolean
- * value). Valid filters:
+ * value). Valid filters:
*
* - odd_spaces - removes any non space whitespace characters
* - encode - Encode any html entities. Encode must be true for the `remove_html` to work.
* - dollar - Escape `$` with `\$`
* - carriage - Remove `\r`
- * - unicode -
+ * - unicode -
* - escape - Should the string be SQL escaped.
- * - backslash -
+ * - backslash -
* - remove_html - Strip HTML with strip_tags. `encode` must be true for this option to work.
*
* @param mixed $data Data to sanitize
Please sign in to comment.
Something went wrong with that request. Please try again.