Commit 800b18db by Alexander Makarov

Merge pull request #3518 from DaSourcerer/invalid-chars-in-htmlspecialchars-handling

Handle invalid code sequences in Html::encode()
parents 2b26dd32 5ed7c3c7
...@@ -46,6 +46,7 @@ Yii Framework 2 Change Log ...@@ -46,6 +46,7 @@ Yii Framework 2 Change Log
- Enh #3252: Added support for case insensitive matching using ILIKE to PostgreSQL QueryBuilder (cebe) - Enh #3252: Added support for case insensitive matching using ILIKE to PostgreSQL QueryBuilder (cebe)
- Enh #3298: Supported configuring `View::theme` using a class name (netyum, qiangxue) - Enh #3298: Supported configuring `View::theme` using a class name (netyum, qiangxue)
- Enh #3328: `BaseMailer` generates better text body from html body (armab) - Enh #3328: `BaseMailer` generates better text body from html body (armab)
- Enh #3518: `yii\helpers\Html::encode()` now replaces invalid code sequences with "�" (DaSourcerer)
- Enh: Added support for using sub-queries when building a DB query with `IN` condition (qiangxue) - Enh: Added support for using sub-queries when building a DB query with `IN` condition (qiangxue)
- Enh: Supported adding a new response formatter without the need to reconfigure existing formatters (qiangxue) - Enh: Supported adding a new response formatter without the need to reconfigure existing formatters (qiangxue)
- Enh: Added `yii\web\UrlManager::addRules()` to simplify adding new URL rules (qiangxue) - Enh: Added `yii\web\UrlManager::addRules()` to simplify adding new URL rules (qiangxue)
......
...@@ -92,7 +92,7 @@ class BaseHtml ...@@ -92,7 +92,7 @@ class BaseHtml
*/ */
public static function encode($content, $doubleEncode = true) public static function encode($content, $doubleEncode = true)
{ {
return htmlspecialchars($content, ENT_QUOTES, Yii::$app->charset, $doubleEncode); return htmlspecialchars($content, ENT_QUOTES | ENT_SUBSTITUTE, Yii::$app->charset, $doubleEncode);
} }
/** /**
......
...@@ -38,7 +38,7 @@ class HtmlTest extends TestCase ...@@ -38,7 +38,7 @@ class HtmlTest extends TestCase
public function testEncode() public function testEncode()
{ {
$this->assertEquals("a&lt;&gt;&amp;&quot;&#039;", Html::encode("a<>&\"'")); $this->assertEquals("a&lt;&gt;&amp;&quot;&#039;�", Html::encode("a<>&\"'\x80"));
} }
public function testDecode() public function testDecode()
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment