Skip to content

Commit 053b421

Browse files
fabpotfabpot
committed
[Templating] added better support for encoding problems when escaping a string (available as of PHP 5.4)
From the PHP CHANGELOG: The flag ENT_SUBSTITUTE makes invalid multibyte sequences be replaced by U+FFFD (UTF-8) or &#FFFD; by htmlspecialchars and htmlentities. It is an alternative to the default behavior, which just returns an empty string and to ENT_IGNORE, which is a security risk. The behavior follows the recommendations of Unicode Technical Report #36.
1 parent 5bbc67b commit 053b421

File tree

1 file changed

+5
-1
lines changed

1 file changed

+5
-1
lines changed

src/Symfony/Component/Templating/PhpEngine.php

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,10 @@
1717
use Symfony\Component\Templating\Helper\HelperInterface;
1818
use Symfony\Component\Templating\Loader\LoaderInterface;
1919

20+
if (!defined('ENT_SUBSTITUTE')) {
21+
define('ENT_SUBSTITUTE', 8);
22+
}
23+
2024
/**
2125
* PhpEngine is an engine able to render PHP templates.
2226
*
@@ -440,7 +444,7 @@ function ($value) use ($that)
440444
{
441445
// Numbers and Boolean values get turned into strings which can cause problems
442446
// with type comparisons (e.g. === or is_int() etc).
443-
return is_string($value) ? htmlspecialchars($value, ENT_QUOTES, $that->getCharset(), false) : $value;
447+
return is_string($value) ? htmlspecialchars($value, ENT_QUOTES | ENT_SUBSTITUTE, $that->getCharset(), false) : $value;
444448
},
445449

446450
'js' =>

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy