Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.From includes/common.inc (Drupal 4.6/CVS):
/**
* Encode special characters in a string for display as HTML.
*
* Note that we'd like to use htmlspecialchars($input, $quotes, 'utf-8')
* as outlined in the PHP manual, but we can't because there's a bug in
* PHP < 4.3 that makes it mess up multibyte charsets if we specify the
* charset. This will be changed later once we make PHP 4.3 a requirement.
*/
function drupal_specialchars($input, $quotes = ENT_NOQUOTES) {
return htmlspecialchars($input, $quotes);
}
As we now require at least PHP >= 4.3.3 (see INSTALL.txt) this can now be tackled, I guess.
Comments
Comment #1
Steven CreditAttribution: Steven commentedThis was adressed as part of the check_plain patch which is sitting in the queue.
I simply got rid of that comment. UTF-8 is 7-bit ASCII compatible (unlike some other multibyte encodings), so htmlspecialchars() doesn't need to know about it. All it changes are plain ASCII characters (angle brackets, amp, quotes, ...).
I don't know who added this comment originally, but I'm pretty sure that this parameter is there for more complicated encodings like SJIS, which may use plain ASCII bytes as part of non-ASCII characters, and thus need more than simple string replacements.