Fix for bd7dc4d60 which broke the build (null bytes where not sanitized)

author: Matthieu Napoli <matthieu@mnapoli.fr> 2014-10-15 08:20:18 +0400
committer: Matthieu Napoli <matthieu@mnapoli.fr> 2014-10-15 08:20:39 +0400
commit: 2d06c9a753b001a99c0b787e9735dc1e1de9ba87 (patch)
tree: f7cc8d5e9a1846450212fa241921a3d1759371a2 /core/Common.php
parent: 726ffad59af90e5c826bb3ad6451a56dbb78c4b9 (diff)
1 files changed, 13 insertions, 3 deletions
diff --git a/core/Common.php b/core/Common.php
index a11b3f977b..76c9777605 100644
--- a/core/Common.php
+++ b/core/Common.php
@@ -314,6 +314,8 @@ class Common
         // note: before php 5.2.7, htmlspecialchars() double encodes &#x hex items
         $value = html_entity_decode($value, self::HTML_ENCODING_QUOTE_STYLE, 'UTF-8');
 
+        $value = self::sanitizeNullBytes($value);
+
         // escape
         $tmp = @htmlspecialchars($value, self::HTML_ENCODING_QUOTE_STYLE, 'UTF-8');
 
@@ -383,13 +385,21 @@ class Common
     }
 
     /**
-     *
-     * @param string
+     * @param string $value
      * @return string Line breaks and line carriage removed
      */
     public static function sanitizeLineBreaks($value)
     {
-        return str_replace(array("\n", "\r", "\0"), '', $value);
+        return str_replace(array("\n", "\r"), '', $value);
+    }
+
+    /**
+     * @param string $value
+     * @return string Null bytes removed
+     */
+    public static function sanitizeNullBytes($value)
+    {
+        return str_replace(array("\0"), '', $value);
     }
 
     /**
author	Matthieu Napoli <matthieu@mnapoli.fr>	2014-10-15 08:20:18 +0400
committer	Matthieu Napoli <matthieu@mnapoli.fr>	2014-10-15 08:20:39 +0400
commit	2d06c9a753b001a99c0b787e9735dc1e1de9ba87 (patch)
tree	f7cc8d5e9a1846450212fa241921a3d1759371a2 /core/Common.php
parent	726ffad59af90e5c826bb3ad6451a56dbb78c4b9 (diff)