Happy New Year

[squirrelmail.git] / functions / strings.php

diff --git a/functions/strings.php b/functions/strings.php
index ab96a5830ebcf0aff5a55f9876e03f90117d0216..d03163b0f4ab56b9b61cca66d15e9030eabd9b7d 100644 (file)
--- a/functions/strings.php
+++ b/functions/strings.php
@@ -6,7 +6,7 @@
  * This code provides various string manipulation functions that are
  * used by the rest of the SquirrelMail code.
  *
- * @copyright 1999-2014 The SquirrelMail Project Team
+ * @copyright 1999-2016 The SquirrelMail Project Team
  * @license http://opensource.org/licenses/gpl-license.php GNU Public License
  * @version $Id$
  * @package squirrelmail
@@ -1685,7 +1685,7 @@ function sm_validate_security_token($token, $validity_period=0, $show_error=FALS
   * @param string $string The string to be converted
   * @param int $flags A bitmask that controls the behavior of htmlspecialchars()
   *                   (See http://php.net/manual/function.htmlspecialchars.php )
-  *                   (OPTIONAL; default ENT_COMPAT)
+  *                   (OPTIONAL; default ENT_COMPAT, ENT_COMPAT | ENT_SUBSTITUTE for PHP >=5.4)
   * @param string $encoding The character encoding to use in the conversion
   *                         (OPTIONAL; default automatic detection)
   * @param boolean $double_encode Whether or not to convert entities that are
@@ -1706,9 +1706,14 @@ function sm_encode_html_special_chars($string, $flags=ENT_COMPAT,
       $encoding = $default_charset;
    }
 
-// TODO: Is adding this check an unnecessary performance hit?
-   if (check_php_version(5, 2, 3))
+   if (check_php_version(5, 2, 3)) {
+      // Replace invalid characters with a symbol instead of returning
+      // empty string for the entire to be encoded string.
+      if (check_php_version(5, 4, 0) && $flags == ENT_COMPAT) {
+         $flags = $flags | ENT_SUBSTITUTE;
+      }
       return htmlspecialchars($string, $flags, $encoding, $double_encode);
+   }
 
    return htmlspecialchars($string, $flags, $encoding);
 }