My website runs on a flat-file PHP-based CMS called Fuzzylime that is unfortunately somewhat neglected by the original author (mainly because he’s investing all his effort in his web design/setup company - I don’t blame him for this).
I’ve learned a little PHP just through necessity of tweaking the operation of my site here and there - but I’m not anywhere near fluent in this particular language.
Long story short. The biggest bug I currently have to work around is that the CMS does not properly deal with HTML entities - if I type an ampersand into a content page, it gets converted to & - which is fine, but then on subsequent saves, it gets mangled to & - and so on.
I get why this is happening (because the ampersand character is itself part of the coding) - I think I more or less know which bit of code is responsible and why, but an expert diagnosis would be of enormous value, if anyone has the time.
Anyway, the function in the spotlight is this one:
function entryprep($entry) { // Prepares a line for saving
$entry = str_replace("Â&", "&", $entry);
$entry = str_replace("<", "<", $entry);
$entry = str_replace(">", ">", $entry);
$entry = str_replace("\$", "\\\$", $entry);
$entry = str_replace("&", "&", $entry);
$entry = stripslashes($entry);
$entry = htmlentities($entry, ENT_NOQUOTES, "UTF-8");
$entry = str_replace("&", "&", $entry);
$entry = str_replace(""", """, $entry);
$entry = str_replace("<", "<", $entry);
$entry = str_replace(">", ">", $entry);
$entry = str_replace("\"", """, $entry);
$entry = str_replace("\\'", "'", $entry);
return $entry;
}
Am I right in thinking that:
a) This code does stuff, then promptly undoes it again?
b) It also painstakingly does some of the same stuff that the htmlentities function already does natively?
c) At least some of the code here could be eliminated by adding false as the double_encode parameter of the htmlentities function? (my web server supports PHP 4 and 5)
How, if at all, would you modify/rewrite this function?