Skip to content

Y
yii2
Commit 800b18db by Alexander Makarov
Options

Merge pull request #3518 from DaSourcerer/invalid-chars-in-htmlspecialchars-handling

Handle invalid code sequences in Html::encode()
parents 2b26dd32 5ed7c3c7
Showing with 3 additions and 2 deletions
framework/CHANGELOG.md
......@@ -46,6 +46,7 @@ Yii Framework 2 Change Log
- Enh #3252: Added support for case insensitive matching using ILIKE to PostgreSQL QueryBuilder (cebe)
- Enh #3298: Supported configuring `View::theme` using a class name (netyum, qiangxue)
- Enh #3328: `BaseMailer` generates better text body from html body (armab)
- Enh #3518: `yii\helpers\Html::encode()` now replaces invalid code sequences with "�" (DaSourcerer)
- Enh: Added support for using sub-queries when building a DB query with `IN` condition (qiangxue)
- Enh: Supported adding a new response formatter without the need to reconfigure existing formatters (qiangxue)
- Enh: Added `yii\web\UrlManager::addRules()` to simplify adding new URL rules (qiangxue)
......
framework/helpers/BaseHtml.php
......@@ -92,7 +92,7 @@ class BaseHtml
*/
public static function encode($content, $doubleEncode = true)
{
return htmlspecialchars($content, ENT_QUOTES, Yii::$app->charset, $doubleEncode);
return htmlspecialchars($content, ENT_QUOTES | ENT_SUBSTITUTE, Yii::$app->charset, $doubleEncode);
}
/**
......
tests/unit/framework/helpers/HtmlTest.php
......@@ -38,7 +38,7 @@ class HtmlTest extends TestCase
public function testEncode()
{
$this->assertEquals("a&lt;&gt;&amp;&quot;&#039;", Html::encode("a<>&\"'"));
$this->assertEquals("a&lt;&gt;&amp;&quot;&#039;�", Html::encode("a<>&\"'\x80"));
}
public function testDecode()
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment