Same name and namespace in other branches
  1. 4.6.x includes/bootstrap.inc \check_plain()
  2. 4.7.x includes/bootstrap.inc \check_plain()
  3. 5.x includes/bootstrap.inc \check_plain()
  4. 7.x includes/bootstrap.inc \check_plain()

Encode special characters in a plain-text string for display as HTML.

Also validates strings as UTF-8 to prevent cross site scripting attacks on Internet Explorer 6.

Parameters

$text: The text to be checked or processed.

Return value

An HTML safe version of $text, or an empty string if $text is not valid UTF-8.

See also

drupal_validate_utf8().

115 calls to check_plain()
aggregator_categorize_items in modules/aggregator/aggregator.pages.inc
Form builder; build the page list form.
aggregator_form_feed in modules/aggregator/aggregator.admin.inc
Form builder; Generate a form to add/edit feed sources.
aggregator_page_source in modules/aggregator/aggregator.pages.inc
Menu callback; displays all the items captured from a particular feed.
block_admin_display_form in modules/block/block.admin.inc
Generate main blocks administration form.
block_list in modules/block/block.module
Return all blocks in the specified region for the current user.

... See full list

5 string references to 'check_plain'
blogapi_admin_settings in modules/blogapi/blogapi.module
node_form_alter in modules/node/node.module
Implementation of hook_form_alter().
node_menu in modules/node/node.module
Implementation of hook_menu().
taxonomy_form_vocabulary in modules/taxonomy/taxonomy.admin.inc
Display form for adding and editing vocabularies.
user_menu in modules/user/user.module
Implementation of hook_menu().

File

includes/bootstrap.inc, line 852
Functions that need to be loaded on every Drupal request.

Code

function check_plain($text) {
  static $php525;
  if (!isset($php525)) {
    $php525 = version_compare(PHP_VERSION, '5.2.5', '>=');
  }

  // We duplicate the preg_match() to validate strings as UTF-8 from
  // drupal_validate_utf8() here. This avoids the overhead of an additional
  // function call, since check_plain() may be called hundreds of times during
  // a request. For PHP 5.2.5+, this check for valid UTF-8 should be handled
  // internally by PHP in htmlspecialchars().
  // @see http://www.php.net/releases/5_2_5.php
  // @todo remove this when support for either IE6 or PHP < 5.2.5 is dropped.
  if ($php525) {
    return htmlspecialchars($text, ENT_QUOTES, 'UTF-8');
  }
  return preg_match('/^./us', $text) == 1 ? htmlspecialchars($text, ENT_QUOTES, 'UTF-8') : '';
}