george/PrivateBin
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add HTML entity encoding to PHP translation logic, remove exception to allow <br/> tags in DOMpurify by eliminating the single case that made use of it

Browse Source
This commit is contained in:
El RIDO
2020-02-01 08:46:59 +01:00
parent 428ea2f34e
commit cc0920fc09
21 changed files with 47 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
lib/I18n.php
View File

@@ -125,6 +125,15 @@ class I18n
} else {
$args[0] = self::$_translations[$messageId];
}
// encode any non-integer arguments and the message ID, if it doesn't contain a link
$argsCount = count($args);
if ($argsCount > 1) {
for ($i = 0; $i < $argsCount; ++$i) {
if (($i > 0 && !is_int($args[$i])) || strpos($args[0], '<a') === false) {
$args[$i] = htmlentities($args[$i], ENT_QUOTES | ENT_XHTML | ENT_DISALLOWED, 'UTF-8');
}
}
}
return call_user_func_array('sprintf', $args);
}