Cohérence htmlspecialchars

Le texte dans la base de données est en htmlspecialchars(UTF-8) (c'est-à-dire avec `<>&'"` encodés) mais maintenant sans autre entité HTML depuis https://github.com/marienfressinaud/FreshRSS/commit/a4fc7becb8553198d132633d775989c89c8116cd Ce patch supprime les htmlspecialchars qui faisaient du double-encodage, et en modifie d'autres en entrée.
author: Alexandre Alapetite <alexandre@alapetite.fr> 2013-11-12 22:37:25 +0100
committer: Alexandre Alapetite <alexandre@alapetite.fr> 2013-11-12 22:37:25 +0100
commit: 4c5e9d0dd828ec9da44b0f178edd73b7213d6d20 (patch)
tree: a67d8c4ff620ae16ea874f8b4688643285d62ccd /lib/minz/Request.php
parent: fcc2e023ef2a783c48a02e359d4b3d8c0ff23734 (diff)
1 files changed, 5 insertions, 2 deletions
diff --git a/lib/minz/Request.php b/lib/minz/Request.php
index ffddbe6ad..3e508d8f1 100644
--- a/lib/minz/Request.php
+++ b/lib/minz/Request.php
@@ -29,15 +29,18 @@ class Request {
 	public static function params () {
 		return self::$params;
 	}
+	static function htmlspecialchars_utf8 ($p) {
+		return htmlspecialchars($p, ENT_QUOTES, 'UTF-8');
+	}
 	public static function param ($key, $default = false, $specialchars = false) {
 		if (isset (self::$params[$key])) {
 			$p = self::$params[$key];
 			if(is_object($p) || $specialchars) {
 				return $p;
 			} elseif(is_array($p)) {
-				return array_map('htmlspecialchars', $p);	//TODO: Should use explicit UTF-8
+				return array_map('self::htmlspecialchars_utf8', $p);
 			} else {
-				return htmlspecialchars($p, ENT_NOQUOTES, 'UTF-8');
+				return self::htmlspecialchars_utf8($p);
 			}
 		} else {
 			return $default;
author	Alexandre Alapetite <alexandre@alapetite.fr>	2013-11-12 22:37:25 +0100
committer	Alexandre Alapetite <alexandre@alapetite.fr>	2013-11-12 22:37:25 +0100
commit	4c5e9d0dd828ec9da44b0f178edd73b7213d6d20 (patch)
tree	a67d8c4ff620ae16ea874f8b4688643285d62ccd /lib/minz/Request.php
parent	fcc2e023ef2a783c48a02e359d4b3d8c0ff23734 (diff)