diff options
author | Matthieu Napoli <matthieu@mnapoli.fr> | 2014-10-15 08:20:18 +0400 |
---|---|---|
committer | Matthieu Napoli <matthieu@mnapoli.fr> | 2014-10-15 08:20:39 +0400 |
commit | 2d06c9a753b001a99c0b787e9735dc1e1de9ba87 (patch) | |
tree | f7cc8d5e9a1846450212fa241921a3d1759371a2 /core | |
parent | 726ffad59af90e5c826bb3ad6451a56dbb78c4b9 (diff) |
Fix for bd7dc4d60 which broke the build (null bytes where not sanitized)
Diffstat (limited to 'core')
-rw-r--r-- | core/Common.php | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/core/Common.php b/core/Common.php index a11b3f977b..76c9777605 100644 --- a/core/Common.php +++ b/core/Common.php @@ -314,6 +314,8 @@ class Common // note: before php 5.2.7, htmlspecialchars() double encodes &#x hex items $value = html_entity_decode($value, self::HTML_ENCODING_QUOTE_STYLE, 'UTF-8'); + $value = self::sanitizeNullBytes($value); + // escape $tmp = @htmlspecialchars($value, self::HTML_ENCODING_QUOTE_STYLE, 'UTF-8'); @@ -383,13 +385,21 @@ class Common } /** - * - * @param string + * @param string $value * @return string Line breaks and line carriage removed */ public static function sanitizeLineBreaks($value) { - return str_replace(array("\n", "\r", "\0"), '', $value); + return str_replace(array("\n", "\r"), '', $value); + } + + /** + * @param string $value + * @return string Null bytes removed + */ + public static function sanitizeNullBytes($value) + { + return str_replace(array("\0"), '', $value); } /** |