function check_plain

7.x bootstrap.inc check_plain($text)
6.x bootstrap.inc check_plain($text)

Encode special characters in a plain-text string for display as HTML.

Also validates strings as UTF-8 to prevent cross site scripting attacks on Internet Explorer 6.

Parameters

$text: The text to be checked or processed.

Return value

An HTML safe version of $text, or an empty string if $text is not valid UTF-8.

See also

drupal_validate_utf8().

139 calls to check_plain()
aggregator_block in drupal-6.x/modules/aggregator/aggregator.module
Implementation of hook_block().
aggregator_categorize_items in drupal-6.x/modules/aggregator/aggregator.pages.inc
Form builder; build the page list form.
aggregator_form_feed in drupal-6.x/modules/aggregator/aggregator.admin.inc
Form builder; Generate a form to add/edit feed sources.
aggregator_page_source in drupal-6.x/modules/aggregator/aggregator.pages.inc
Menu callback; displays all the items captured from a particular feed.
aggregator_refresh in drupal-6.x/modules/aggregator/aggregator.module
Checks a news feed for new items.

... See full list

6 string references to 'check_plain'
blogapi_admin_settings in drupal-6.x/modules/blogapi/blogapi.module
node_form_alter in drupal-6.x/modules/node/node.module
Implementation of hook_form_alter().
node_menu in drupal-6.x/modules/node/node.module
Implementation of hook_menu().
taxonomy_form_vocabulary in drupal-6.x/modules/taxonomy/taxonomy.admin.inc
Display form for adding and editing vocabularies.
user_menu in drupal-6.x/modules/user/user.module
Implementation of hook_menu().

... See full list

File

drupal-6.x/includes/bootstrap.inc, line 845
Functions that need to be loaded on every Drupal request.

Code

function check_plain($text) {
  static $php525;

  if (!isset($php525)) {
    $php525 = version_compare(PHP_VERSION, '5.2.5', '>=');
  }
  // We duplicate the preg_match() to validate strings as UTF-8 from
  // drupal_validate_utf8() here. This avoids the overhead of an additional
  // function call, since check_plain() may be called hundreds of times during
  // a request. For PHP 5.2.5+, this check for valid UTF-8 should be handled
  // internally by PHP in htmlspecialchars().
  // @see http://www.php.net/releases/5_2_5.php
  // @todo remove this when support for either IE6 or PHP < 5.2.5 is dropped.

  if ($php525) {
    return htmlspecialchars($text, ENT_QUOTES, 'UTF-8');
  }
  return (preg_match('/^./us', $text) == 1) ? htmlspecialchars($text, ENT_QUOTES, 'UTF-8') : '';
}