Ok, so I'm having a problem with a simple textarea. I'm using a kind of hidden page to easily encode some data using JSON. However, all of my text input is automatically being escaped somewhere and I don't know where. All of my $_POST variables are automatically run through the htmlentities() function when the script starts up, as seen below:
$ani->i->post = $this->clean($_POST, true);
function clean($values, $unset = false) {
if (is_array($values)) {
foreach ($values as $key => $value) {
$newkey = strtolower($key);
$return[$newkey] = $this->clean($value);
unset($values[$key]);
}
return $return;
}
return htmlentities($values);
}
I keep getting \' for all of my single quotes when I put the value back into the textarea.
I can't find anywhere where it would be adding slashes and I don't remember it being a feature that they were automatically added when you submit from a textarea, and if that was so, why would they not be returning back to a single quote when put back into the textarea? Do I really need to run variables through stripslashes() to get them back to their original form?
Edit: My 'test.php' file is as follows:
<h1>To Be Encoded:</h1>
<form action="/test" method="post">
<textarea name="encode" rows="20" cols="50"><?= html_entity_decode($ani->i->post['encode']) ?></textarea>
<input type="submit" name="submit" value="Encode It!" />
</form>
<h1>Encoded By JSON:</h1>
<textarea name="encoded" rows="20" cols="50"><?= json_encode(html_entity_decode($ani->i->post['encode'])) ?></textarea>
<?php
die();
?>
P.S. The die() is just there for compatibility with my framework.