Timwi wrote:
Oh, OK, I forgot about that ... but doesn't that only affect &, < and >, and at most possibly also " and '? I don't see why Greek letters would need to be entity-ised.
PHP has two separate functions for escaping things to html: * htmlspecialchars() just does &, <, >, and quotes * htmlentities() does everything it possibly can
htmlentities() might be useful if you're not sure what the charset encoding of the final output will be. However, since we *do* know we don't need that level of conversion. That's why I switched the instance of it in the PHPTal template code to use htmlspecialchars(), which doesn't touch the greek letters and so doesn't trigger the bug in htmlentities().
This isn't code we wrote ourselves, so don't ask us why they used that function. ;)
-- brion vibber (brion @ pobox.com)