check_plain
Definition
check_plain($text)
drupal/includes/bootstrap.inc, line 1482
Description
Encode special characters in a plain-text string for display as HTML.
Also validates strings as UTF-8 to prevent cross site scripting attacks on Internet Explorer 6.
@see drupal_validate_utf8()
Parameters
$text The text to be checked or processed.
Return value
An HTML safe version of $text, or an empty string if $text is not valid UTF-8.
Related topics
Name | Description |
|---|---|
| Sanitization functions | Functions to sanitize values. |
Code
function check_plain($text) {
// We do not want to use drupal_static() since PHP version will never change
// during a request.
static $php525;
if (!isset($php525)) {
$php525 = version_compare(PHP_VERSION, '5.2.5', '>=');
}
// We duplicate the preg_match() to validate strings as UTF-8 from
// drupal_validate_utf8() here. This avoids the overhead of an additional
// function call, since check_plain() may be called hundreds of times during
// a request. For PHP 5.2.5+, this check for valid UTF-8 should be handled
// internally by PHP in htmlspecialchars().
// See http://www.php.net/releases/5_2_5.php.
// @todo remove this when support for either IE6 or PHP < 5.2.5 is dropped.
if ($php525) {
return htmlspecialchars($text, ENT_QUOTES, 'UTF-8');
}
return (preg_match('/^./us', $text) == 1) ? htmlspecialchars($text, ENT_QUOTES, 'UTF-8') : '';
}