From 1c09408c6459eb8d719d94ba593edfa44883cb85 Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Sun, 22 Sep 2024 11:05:06 +0200 Subject: Fix HTML encodings in e.g. cURL options (#6821) * Fix HTML encodings in e.g. cURL options * Trim headers whitespace --- lib/core-extensions/UserCSS/extension.php | 4 ++-- lib/core-extensions/UserJS/extension.php | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) (limited to 'lib/core-extensions') diff --git a/lib/core-extensions/UserCSS/extension.php b/lib/core-extensions/UserCSS/extension.php index 5343fd39a..c0622b145 100644 --- a/lib/core-extensions/UserCSS/extension.php +++ b/lib/core-extensions/UserCSS/extension.php @@ -22,13 +22,13 @@ final class UserCSSExtension extends Minz_Extension { $this->registerTranslates(); if (Minz_Request::isPost()) { - $css_rules = html_entity_decode(Minz_Request::paramString('css-rules')); + $css_rules = Minz_Request::paramString('css-rules', plaintext: true); $this->saveFile(self::FILENAME, $css_rules); } $this->css_rules = ''; if ($this->hasFile(self::FILENAME)) { - $this->css_rules = htmlentities($this->getFile(self::FILENAME) ?? ''); + $this->css_rules = htmlspecialchars($this->getFile(self::FILENAME) ?? '', ENT_NOQUOTES, 'UTF-8'); } } } diff --git a/lib/core-extensions/UserJS/extension.php b/lib/core-extensions/UserJS/extension.php index a33114ec5..3b860029a 100644 --- a/lib/core-extensions/UserJS/extension.php +++ b/lib/core-extensions/UserJS/extension.php @@ -22,13 +22,13 @@ final class UserJSExtension extends Minz_Extension { $this->registerTranslates(); if (Minz_Request::isPost()) { - $js_rules = html_entity_decode(Minz_Request::paramString('js-rules')); + $js_rules = Minz_Request::paramString('js-rules', plaintext: true); $this->saveFile(self::FILENAME, $js_rules); } $this->js_rules = ''; if ($this->hasFile(self::FILENAME)) { - $this->js_rules = htmlentities($this->getFile(self::FILENAME) ?? ''); + $this->js_rules = htmlspecialchars($this->getFile(self::FILENAME) ?? '', ENT_NOQUOTES, 'UTF-8'); } } } -- cgit v1.2.3