diff options
| author | Lukas Reschke <lukas@statuscode.ch> | 2014-04-13 18:18:05 +0400 |
|---|---|---|
| committer | Lukas Reschke <lukas@statuscode.ch> | 2014-04-13 18:18:05 +0400 |
| commit | eecc40069822cc0be03c5521c67d22b08887c847 (patch) | |
| tree | 216d5b8ec4f3e0997f5f425f0f05886c86ad2cd3 /lib/private/template | |
| parent | 9de3c1b59d808b9725e728a2956f66b1d02274fe (diff) | |
p() and print_unescaped() also take arrays as parameter
This fixes some scrutinizer issues.
Diffstat (limited to 'lib/private/template')
| -rw-r--r-- | lib/private/template/functions.php | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/lib/private/template/functions.php b/lib/private/template/functions.php index a72d41f72da..3c42d441efa 100644 --- a/lib/private/template/functions.php +++ b/lib/private/template/functions.php @@ -7,16 +7,17 @@ */ /** - * Prints an XSS escaped string - * @param string $string the string which will be escaped and printed + * Prints a sanitized string + * @param string|array $string the string which will be escaped and printed */ function p($string) { print(OC_Util::sanitizeHTML($string)); } /** - * Prints an unescaped string - * @param string $string the string which will be printed as it is + * Prints an unsanitized string - usage of this function may result into XSS. + * Consider using p() instead. + * @param string|array $string the string which will be printed as it is */ function print_unescaped($string) { print($string); |