fix html_options to not escape already escaped entities

NEWS

@@ -1,3 +1,4 @@
+    - fix html_options to not escape already escaped entities (Monte)
     - send Last-Modified header on cache creation (Monte)
     - check strict syntax of function attributes (Monte) 
     - dropped support for modifers on object parameters,

libs/plugins/function.html_options.php

@@ -38,11 +38,11 @@ function smarty_function_html_options($params, &$smarty)
 
 function smarty_function_html_options_optoutput($key, $value, $selected) {
 	if(!is_array($value)) {
-    	$html_result = '<option label="' . htmlspecialchars($value) . '" value="' . 
-				htmlspecialchars($key) . '"';
+    	$html_result = '<option label="' . smarty_function_html_options_htmlspecialchars($value) . '" value="' . 
+				smarty_function_html_options_htmlspecialchars($key) . '"';
     	if (in_array($key, $selected))
         	$html_result .= " selected=\"selected\"";
-    	$html_result .= '>' . htmlspecialchars($value) . '</option>' . "\n";
+    	$html_result .= '>' . smarty_function_html_options_htmlspecialchars($value) . '</option>' . "\n";
 	} else {
 		$html_result = smarty_function_html_options_optgroup($key, $value, $selected);
 	}
@@ -50,7 +50,7 @@ function smarty_function_html_options_optoutput($key, $value, $selected) {
 }
 
 function smarty_function_html_options_optgroup($key, $values, $selected) {
-	$optgroup_html = '<optgroup label="' . htmlspecialchars($value) . '">' . "\n";
+	$optgroup_html = '<optgroup label="' . smarty_function_html_options_htmlspecialchars($value) . '">' . "\n";
 	foreach ($values as $key => $value) {
 		$optgroup_html .= smarty_function_html_options_optoutput($key, $value, $selected);
 	}
@@ -58,6 +58,14 @@ function smarty_function_html_options_optgroup($key, $values, $selected) {
 	return $optgroup_html;
 }
 
+function smarty_function_html_options_htmlspecialchars($text) {
+	// do not escape already escaped entities (&amp; &#123;)
+	$text = preg_replace('!&(#?\w+);!', '%%%SMARTY_START%%%\\1%%%SMARTY_END%%%', $text);
+	$text = htmlspecialchars($text);
+	$text = str_replace(array('%%%SMARTY_START%%%','%%%SMARTY_END%%%'), array('&',';'), $text);
+	return $text;
+}
+
 /* vim: set expandtab: */
 
 ?>

plugins/function.html_options.php

@@ -38,11 +38,11 @@ function smarty_function_html_options($params, &$smarty)
 
 function smarty_function_html_options_optoutput($key, $value, $selected) {
 	if(!is_array($value)) {
-    	$html_result = '<option label="' . htmlspecialchars($value) . '" value="' . 
-				htmlspecialchars($key) . '"';
+    	$html_result = '<option label="' . smarty_function_html_options_htmlspecialchars($value) . '" value="' . 
+				smarty_function_html_options_htmlspecialchars($key) . '"';
     	if (in_array($key, $selected))
         	$html_result .= " selected=\"selected\"";
-    	$html_result .= '>' . htmlspecialchars($value) . '</option>' . "\n";
+    	$html_result .= '>' . smarty_function_html_options_htmlspecialchars($value) . '</option>' . "\n";
 	} else {
 		$html_result = smarty_function_html_options_optgroup($key, $value, $selected);
 	}
@@ -50,7 +50,7 @@ function smarty_function_html_options_optoutput($key, $value, $selected) {
 }
 
 function smarty_function_html_options_optgroup($key, $values, $selected) {
-	$optgroup_html = '<optgroup label="' . htmlspecialchars($value) . '">' . "\n";
+	$optgroup_html = '<optgroup label="' . smarty_function_html_options_htmlspecialchars($value) . '">' . "\n";
 	foreach ($values as $key => $value) {
 		$optgroup_html .= smarty_function_html_options_optoutput($key, $value, $selected);
 	}
@@ -58,6 +58,14 @@ function smarty_function_html_options_optgroup($key, $values, $selected) {
 	return $optgroup_html;
 }
 
+function smarty_function_html_options_htmlspecialchars($text) {
+	// do not escape already escaped entities (&amp; &#123;)
+	$text = preg_replace('!&(#?\w+);!', '%%%SMARTY_START%%%\\1%%%SMARTY_END%%%', $text);
+	$text = htmlspecialchars($text);
+	$text = str_replace(array('%%%SMARTY_START%%%','%%%SMARTY_END%%%'), array('&',';'), $text);
+	return $text;
+}
+
 /* vim: set expandtab: */
 
 ?>