[heriquet]

En fait si on regarde l'API,

Code :

[== PHP ==]
/**
* @access private
*/
function cms_module_CreateInputTextWithLabel(&$modinstance, $id, $name, $value='', $size='10', $maxlength='255', $addttext='', $label='', $labeladdtext='')
{
  $id = cms_htmlentities($id);
  $name = cms_htmlentities($name);
  $value = cms_htmlentities($value);
  $size = cms_htmlentities($size);
  $maxlength = cms_htmlentities($maxlength);

        if ($label == '') {
      $label = $name;
    }
    $text = '<label class="cms_label" for="'.$id.$name.'" '.$labeladdtext.'>'.$label.'</label>'."\n";
    $text .= $modinstance->CreateInputText($id, $name, $value, $size, $maxlength, $addttext);
    $text .= "\n";
    return $text;
}


function cms_htmlentities($string, $param=ENT_QUOTES, $charset="UTF-8", $convert_single_quotes = false)
{
    $result = "";
    #$result = htmlentities($string, $param, $charset);
    $result = my_htmlentities($string, $convert_single_quotes);
    return $result;
}

/**
* A replacement for the built in htmlentities method.
*
* @ignore
* @param string  input string
* @param boolean A flag wether or not to handle single quotes.
* @return unknown
*/
function my_htmlentities($val, $convert_single_quotes = false)
{
    if ($val == "")
    {
        return "";
    }
    $val = str_replace( " ", " ", $val );

    //Remove sneaky spaces
    // $val = str_replace( chr(0xCA), "", $val );

    $val = str_replace( "&"            , "&amp;"         , $val );
    $val = str_replace( "<!--"         , "<!--"  , $val );
    $val = str_replace( "-->"          , "-->"       , $val );
    $val = preg_replace( "/<script/i"  , "<script"   , $val );
    $val = str_replace( ">"            , "&gt;"          , $val );
    $val = str_replace( "<"            , "&lt;"          , $val );


    $val = str_replace( "\""           , "&quot;"        , $val );

    // Uncomment it if you need to convert literal newlines
    //$val = preg_replace( "/\n/"        , "<br>"          , $val );

    $val = preg_replace( "/\\$/"      , "$"        , $val );

    // Uncomment it if you need to remove literal carriage returns
    //$val = preg_replace( "/\r/"        , ""              , $val );

    $val = str_replace( "!"            , "!"         , $val );
    $val = str_replace( "'"            , "'"         , $val );

    // Uncomment if you need to convert unicode chars
    //$val = preg_replace("/&#([0-9]+);/s", "&#\1;", $val );

    // Strip slashes if not already done so.

    //if ( get_magic_quotes_gpc() )
    //{
    //    $val = stripslashes($val);
    //}

    if ($convert_single_quotes)
    {
        $val = str_replace("\\'", "&apos;", $val);
        $val = str_replace("'", "&apos;", $val);
    }

    // Swop user inputted backslashes

    //$val = preg_replace( "/\(?!&#|?#)/", "\", $val );

    return $val;
}

On constate ceci :

Code :

[== PHP ==]
$val = str_replace( "&", "&", $val );

Le problème se situerait dès lors dans l'API ? Je ne vois pas bien ce que je peux faire pour contourner le problème, si ce n'est de ne pas utiliser la méthode de l'API ?

Ca s'apparente à un bug ca non ?