Merge branch 'master' of github.com:yiisoft/yii2

docs/guide/input-validation.md

 Validating Input
 ================
 
-As a rule of thumb, you should never trust the data received from end users and should always validate them
-before putting them to good use.
+As a rule of thumb, you should never trust the data received from end users and should always validate it
+before putting it to good use.
 
 Given a [model](structure-models.md) populated with user inputs, you can validate the inputs by calling the
 [[yii\base\Model::validate()]] method. The method will return a boolean value indicating whether the validation

framework/CHANGELOG.md

@@ -17,6 +17,7 @@ Yii Framework 2 Change Log
 - Bug #5745: Gii and debug modules may cause 404 exception when the route contains dashes (qiangxue)
 - Bug #5780: `QueryBuilder::batchInsert()` may cause "undefined index" error (qiangxue)
 - Bug #5833: The `message` command fails with a FK constraint error when trying to update messages (qiangxue)
+- Bug #5925: `ArrayHelper::htmlEncode()` does not work properly when the value being encoded is a nested array (tebazil)
 - Bug: Gii console command help information does not contain global options (qiangxue)
 - Bug: `yii\web\UrlRule` was unable to create URLs for rules containing unicode characters (samdark)
 - Enh #5223: Query builder now supports selecting sub-queries as columns (qiangxue)

framework/helpers/BaseArrayHelper.php

@@ -462,7 +462,7 @@ class BaseArrayHelper
             if (is_string($value)) {
                 $d[$key] = htmlspecialchars($value, ENT_QUOTES, $charset);
             } elseif (is_array($value)) {
-                $d[$key] = static::htmlEncode($value, $charset);
+                $d[$key] = static::htmlEncode($value, $valuesOnly, $charset);
             }
         }