Fix HTML encodings in e.g. cURL options (#6821)

* Fix HTML encodings in e.g. cURL options * Trim headers whitespace
author: Alexandre Alapetite <alexandre@alapetite.fr> 2024-09-22 11:05:06 +0200
committer: GitHub <noreply@github.com> 2024-09-22 11:05:06 +0200
commit: 1c09408c6459eb8d719d94ba593edfa44883cb85 (patch)
tree: 67e8e8e464c2f491aae2a5c16bb8ee46bcb2b41b /lib/core-extensions/UserCSS/extension.php
parent: c599ff4e4b09274f23369706e92b5040aa182038 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/core-extensions/UserCSS/extension.php b/lib/core-extensions/UserCSS/extension.php
index 5343fd39a..c0622b145 100644
--- a/lib/core-extensions/UserCSS/extension.php
+++ b/lib/core-extensions/UserCSS/extension.php
@@ -22,13 +22,13 @@ final class UserCSSExtension extends Minz_Extension {
 		$this->registerTranslates();
 
 		if (Minz_Request::isPost()) {
-			$css_rules = html_entity_decode(Minz_Request::paramString('css-rules'));
+			$css_rules = Minz_Request::paramString('css-rules', plaintext: true);
 			$this->saveFile(self::FILENAME, $css_rules);
 		}
 
 		$this->css_rules = '';
 		if ($this->hasFile(self::FILENAME)) {
-			$this->css_rules = htmlentities($this->getFile(self::FILENAME) ?? '');
+			$this->css_rules = htmlspecialchars($this->getFile(self::FILENAME) ?? '', ENT_NOQUOTES, 'UTF-8');
 		}
 	}
 }
author	Alexandre Alapetite <alexandre@alapetite.fr>	2024-09-22 11:05:06 +0200
committer	GitHub <noreply@github.com>	2024-09-22 11:05:06 +0200
commit	1c09408c6459eb8d719d94ba593edfa44883cb85 (patch)
tree	67e8e8e464c2f491aae2a5c16bb8ee46bcb2b41b /lib/core-extensions/UserCSS/extension.php
parent	c599ff4e4b09274f23369706e92b5040aa182038 (diff)