On Sat, 2012-03-24 at 07:59 +0100, Michael Wallner wrote:
> Looks like the commit/mail script still does some superfluous html
> entitiy encoding:

No it's not the mail script ;-)

master.php.net has filter.default=full_special_chars so when storing my
name it is automatically escaped and the escaped form is stored in the
DB. The mail script simply takes it from there.

I see three ways to fix it:

      * Use special_chars, not full_special_chars a filter, should be
        safe enough
      * Use html_entity_decode() in the mail script, this feels like a
      * Store unescaped data in the DB and escape (everywhere) where it
        is used (I don't think we can successfully do that)

In my opinion the first option is the best. Could anybody with the
needed powers look into that?


PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to