You are here

function check_plain in Drupal 6

Same name and namespace in other branches
  1. 4 includes/bootstrap.inc \check_plain()
  2. 5 includes/bootstrap.inc \check_plain()
  3. 7 includes/bootstrap.inc \check_plain()

Encode special characters in a plain-text string for display as HTML.

Also validates strings as UTF-8 to prevent cross site scripting attacks on Internet Explorer 6.

Parameters

$text: The text to be checked or processed.

Return value

An HTML safe version of $text, or an empty string if $text is not valid UTF-8.

See also

drupal_validate_utf8().

136 calls to check_plain()
aggregator_block in modules/aggregator/aggregator.module
Implementation of hook_block().
aggregator_categorize_items in modules/aggregator/aggregator.pages.inc
Form builder; build the page list form.
aggregator_form_feed in modules/aggregator/aggregator.admin.inc
Form builder; Generate a form to add/edit feed sources.
aggregator_page_source in modules/aggregator/aggregator.pages.inc
Menu callback; displays all the items captured from a particular feed.
aggregator_refresh in modules/aggregator/aggregator.module
Checks a news feed for new items.

... See full list

6 string references to 'check_plain'
blogapi_admin_settings in modules/blogapi/blogapi.module
node_form_alter in modules/node/node.module
Implementation of hook_form_alter().
node_menu in modules/node/node.module
Implementation of hook_menu().
taxonomy_form_vocabulary in modules/taxonomy/taxonomy.admin.inc
Display form for adding and editing vocabularies.
user_menu in modules/user/user.module
Implementation of hook_menu().

... See full list

File

includes/bootstrap.inc, line 852
Functions that need to be loaded on every Drupal request.

Code

function check_plain($text) {
  static $php525;
  if (!isset($php525)) {
    $php525 = version_compare(PHP_VERSION, '5.2.5', '>=');
  }

  // We duplicate the preg_match() to validate strings as UTF-8 from
  // drupal_validate_utf8() here. This avoids the overhead of an additional
  // function call, since check_plain() may be called hundreds of times during
  // a request. For PHP 5.2.5+, this check for valid UTF-8 should be handled
  // internally by PHP in htmlspecialchars().
  // @see http://www.php.net/releases/5_2_5.php
  // @todo remove this when support for either IE6 or PHP < 5.2.5 is dropped.
  if ($php525) {
    return htmlspecialchars($text, ENT_QUOTES, 'UTF-8');
  }
  return preg_match('/^./us', $text) == 1 ? htmlspecialchars($text, ENT_QUOTES, 'UTF-8') : '';
}