Timwi wrote:
Oh, OK, I forgot about that ... but doesn't that
only affect &, < and >,
and at most possibly also " and '? I don't see why Greek letters would
need to be entity-ised.
PHP has two separate functions for escaping things to html:
* htmlspecialchars() just does &, <, >, and quotes
* htmlentities() does everything it possibly can
htmlentities() might be useful if you're not sure what the charset
encoding of the final output will be. However, since we *do* know we
don't need that level of conversion. That's why I switched the instance
of it in the PHPTal template code to use htmlspecialchars(), which
doesn't touch the greek letters and so doesn't trigger the bug in
htmlentities().
This isn't code we wrote ourselves, so don't ask us why they used that
function. ;)
-- brion vibber (brion @
pobox.com)