[Templating] added better support for encoding problems when escaping a string (available as of PHP 5.4)
From the PHP CHANGELOG: The flag ENT_SUBSTITUTE makes invalid multibyte sequences be replaced by U+FFFD (UTF-8) or &#FFFD; by htmlspecialchars and htmlentities. It is an alternative to the default behavior, which just returns an empty string and to ENT_IGNORE, which is a security risk. The behavior follows the recommendations of Unicode Technical Report #36.
This commit is contained in:
parent
5bbc67bb53
commit
053b42158e
@ -17,6 +17,10 @@ use Symfony\Component\Templating\Storage\StringStorage;
|
||||
use Symfony\Component\Templating\Helper\HelperInterface;
|
||||
use Symfony\Component\Templating\Loader\LoaderInterface;
|
||||
|
||||
if (!defined('ENT_SUBSTITUTE')) {
|
||||
define('ENT_SUBSTITUTE', 8);
|
||||
}
|
||||
|
||||
/**
|
||||
* PhpEngine is an engine able to render PHP templates.
|
||||
*
|
||||
@ -440,7 +444,7 @@ class PhpEngine implements EngineInterface, \ArrayAccess
|
||||
{
|
||||
// Numbers and Boolean values get turned into strings which can cause problems
|
||||
// with type comparisons (e.g. === or is_int() etc).
|
||||
return is_string($value) ? htmlspecialchars($value, ENT_QUOTES, $that->getCharset(), false) : $value;
|
||||
return is_string($value) ? htmlspecialchars($value, ENT_QUOTES | ENT_SUBSTITUTE, $that->getCharset(), false) : $value;
|
||||
},
|
||||
|
||||
'js' =>
|
||||
|
Reference in New Issue
Block a user