diff options
| author |  Alexandre Alapetite <alexandre@alapetite.fr>
| 2024-09-12 11:04:49 +0200 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2024-09-12 11:04:49 +0200 |
| commit | fd1b5e9343b6fe92b4e5dfbbc2f01ddfcd010af9 (patch) | |
| tree | 5cc4e7399212d2fdce401465e3590f2275b16c26 /lib | |
| parent | d1f1e42c2b180f34276d7ddd1a2bfeaf4e59ed05 (diff) | |
Fix inversed encoding logic in paramArray (#6800)
* Fix inversed encoding logic in paramArray
https://github.com/FreshRSS/FreshRSS/pull/6797#discussion_r1754661634
Also fix the possibility to use `<'&">` in shortcuts, and some minor encoding bugs in user queries
* Forgot paramArrayString
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/Minz/Request.php | 22 |
1 files changed, 17 insertions, 5 deletions
diff --git a/lib/Minz/Request.php b/lib/Minz/Request.php index fcece464b..542741d4a 100644 --- a/lib/Minz/Request.php +++ b/lib/Minz/Request.php @@ -40,7 +40,7 @@ class Minz_Request { * Read the URL parameter * @param string $key Key name * @param mixed $default default value, if no parameter is given - * @param bool $specialchars special characters + * @param bool $specialchars `true` to return special characters, `false` (default) to XML-encode them * @return mixed value of the parameter * @deprecated use typed versions instead */ @@ -61,21 +61,27 @@ class Minz_Request { return isset(self::$params[$key]); } - /** @return array<string|int,string|array<string,string|int|bool>> */ + /** + * @param bool $specialchars `true` to return special characters, `false` (default) to XML-encode them + * @return array<string|int,string|array<string,string|int|bool>> + */ public static function paramArray(string $key, bool $specialchars = false): array { if (empty(self::$params[$key]) || !is_array(self::$params[$key])) { return []; } - return $specialchars ? Minz_Helper::htmlspecialchars_utf8(self::$params[$key]) : self::$params[$key]; + return $specialchars ? self::$params[$key] : Minz_Helper::htmlspecialchars_utf8(self::$params[$key]); } - /** @return array<string> */ + /** + * @param bool $specialchars `true` to return special characters, `false` (default) to XML-encode them + * @return array<string> + */ public static function paramArrayString(string $key, bool $specialchars = false): array { if (empty(self::$params[$key]) || !is_array(self::$params[$key])) { return []; } $result = array_filter(self::$params[$key], 'is_string'); - return $specialchars ? Minz_Helper::htmlspecialchars_utf8($result) : $result; + return $specialchars ? $result : Minz_Helper::htmlspecialchars_utf8($result); } public static function paramTernary(string $key): ?bool { @@ -106,6 +112,9 @@ class Minz_Request { return 0; } + /** + * @param bool $specialchars `true` to return special characters, `false` (default) to XML-encode them + */ public static function paramStringNull(string $key, bool $specialchars = false): ?string { if (isset(self::$params[$key])) { $s = self::$params[$key]; @@ -120,6 +129,9 @@ class Minz_Request { return null; } + /** + * @param bool $specialchars `true` to return special characters, `false` (default) to XML-encode them + */ public static function paramString(string $key, bool $specialchars = false): string { return self::paramStringNull($key, $specialchars) ?? ''; } |