Skip to content

Commit e66220a

Browse files
carlbennettcarlbennett
committed
Use filter_var instead of htmlspecialchars here
1 parent 5720e8a commit e66220a

File tree

1 file changed

+15
-15
lines changed

1 file changed

+15
-15
lines changed

src/templates/User/View.phtml

Lines changed: 15 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -24,10 +24,10 @@ if ($object) {
2424

2525
$this->opengraph->attach(new Pair("image", $object->getAvatarURI(null)));
2626

27-
$safe_name = htmlspecialchars($object->getName(), ENT_HTML5, "UTF-8");
27+
$safe_name = filter_var($object->getName(), FILTER_SANITIZE_FULL_SPECIAL_CHARS);
2828

2929
if ($this->getContext()->biography) $description = $this->getContext()->biography;
30-
$safe_biography = htmlspecialchars($this->getContext()->biography, ENT_HTML5, "UTF-8");
30+
$safe_biography = filter_var($this->getContext()->biography, FILTER_SANITIZE_FULL_SPECIAL_CHARS);
3131

3232
}
3333

@@ -53,28 +53,28 @@ require("./header.inc.phtml");
5353
<?php if ($this->getContext()->profiledata) { ?>
5454
<section class="profiledata">
5555
<?php if ($this->getContext()->github) { ?>
56-
<span><strong>GitHub:</strong> <a href="<?php echo $this->getContext()->github_uri; ?>"><?php echo htmlspecialchars($this->getContext()->github, ENT_HTML5, "UTF-8"); ?></a></span>
56+
<span><strong>GitHub:</strong> <a href="<?php echo $this->getContext()->github_uri; ?>"><?php echo filter_var($this->getContext()->github, FILTER_SANITIZE_FULL_SPECIAL_CHARS); ?></a></span>
5757
<?php } ?>
5858
<?php if ($this->getContext()->reddit) { ?>
59-
<span><strong>Reddit:</strong> <a href="<?php echo $this->getContext()->reddit_uri; ?>"><?php echo htmlspecialchars($this->getContext()->reddit, ENT_HTML5, "UTF-8"); ?></a></span>
59+
<span><strong>Reddit:</strong> <a href="<?php echo $this->getContext()->reddit_uri; ?>"><?php echo filter_var($this->getContext()->reddit, FILTER_SANITIZE_FULL_SPECIAL_CHARS); ?></a></span>
6060
<?php } ?>
6161
<?php if ($this->getContext()->steam_id) { ?>
62-
<span><strong>Steam:</strong> <a href="<?php echo $this->getContext()->steam_uri; ?>"><?php echo htmlspecialchars($this->getContext()->steam_id, ENT_HTML5, "UTF-8"); ?></a></span>
62+
<span><strong>Steam:</strong> <a href="<?php echo $this->getContext()->steam_uri; ?>"><?php echo filter_var($this->getContext()->steam_id, FILTER_SANITIZE_FULL_SPECIAL_CHARS); ?></a></span>
6363
<?php } ?>
6464
<?php if ($this->getContext()->facebook) { ?>
65-
<span><strong>Facebook:</strong> <a href="<?php echo $this->getContext()->facebook_uri; ?>"><?php echo htmlspecialchars($this->getContext()->facebook, ENT_HTML5, "UTF-8"); ?></a></span>
65+
<span><strong>Facebook:</strong> <a href="<?php echo $this->getContext()->facebook_uri; ?>"><?php echo filter_var($this->getContext()->facebook, FILTER_SANITIZE_FULL_SPECIAL_CHARS); ?></a></span>
6666
<?php } ?>
6767
<?php if ($this->getContext()->twitter) { ?>
68-
<span><strong>Twitter:</strong> <a href="<?php echo $this->getContext()->twitter_uri; ?>"><?php echo htmlspecialchars($this->getContext()->twitter, ENT_HTML5, "UTF-8"); ?></a></span>
68+
<span><strong>Twitter:</strong> <a href="<?php echo $this->getContext()->twitter_uri; ?>"><?php echo filter_var($this->getContext()->twitter, FILTER_SANITIZE_FULL_SPECIAL_CHARS); ?></a></span>
6969
<?php } ?>
7070
<?php if ($this->getContext()->instagram) { ?>
71-
<span><strong>Instagram:</strong> <a href="<?php echo $this->getContext()->instagram_uri; ?>"><?php echo htmlspecialchars($this->getContext()->instagram, ENT_HTML5, "UTF-8"); ?></a></span>
71+
<span><strong>Instagram:</strong> <a href="<?php echo $this->getContext()->instagram_uri; ?>"><?php echo filter_var($this->getContext()->instagram, FILTER_SANITIZE_FULL_SPECIAL_CHARS); ?></a></span>
7272
<?php } ?>
7373
<?php if ($this->getContext()->skype) { ?>
74-
<span><strong>Skype:</strong> <a href="<?php echo $this->getContext()->skype_uri; ?>"><?php echo htmlspecialchars($this->getContext()->skype, ENT_HTML5, "UTF-8"); ?></a></span>
74+
<span><strong>Skype:</strong> <a href="<?php echo $this->getContext()->skype_uri; ?>"><?php echo filter_var($this->getContext()->skype, FILTER_SANITIZE_FULL_SPECIAL_CHARS); ?></a></span>
7575
<?php } ?>
7676
<?php if ($this->getContext()->website) { ?>
77-
<span><strong>Website:</strong> <a href="<?php echo $this->getContext()->website_uri; ?>"><?php echo htmlspecialchars($this->getContext()->website, ENT_HTML5, "UTF-8"); ?></a></span>
77+
<span><strong>Website:</strong> <a href="<?php echo $this->getContext()->website_uri; ?>"><?php echo filter_var($this->getContext()->website, FILTER_SANITIZE_FULL_SPECIAL_CHARS); ?></a></span>
7878
<?php } ?>
7979
</section>
8080
<?php } ?>
@@ -91,8 +91,8 @@ require("./header.inc.phtml");
9191
</tr></tbody></table>
9292
</section>
9393
<?php } else { ?>
94-
<header class="red"><?php echo htmlspecialchars($title, ENT_HTML5, "UTF-8"); ?></header>
95-
<section class="red"><?php echo htmlspecialchars($description, ENT_HTML5, "UTF-8"); ?></section>
94+
<header class="red"><?php echo filter_var($title, FILTER_SANITIZE_FULL_SPECIAL_CHARS); ?></header>
95+
<section class="red"><?php echo filter_var($description, FILTER_SANITIZE_FULL_SPECIAL_CHARS); ?></section>
9696
<?php } ?>
9797
</article>
9898
<?php if (isset($this->getContext()->documents)) { ?>
@@ -101,7 +101,7 @@ require("./header.inc.phtml");
101101
<section>
102102
<table><tbody>
103103
<?php foreach ($this->getContext()->documents as $document) { ?>
104-
<tr><td><a href="<?php echo $document->getURI(); ?>"><?php echo htmlspecialchars($document->getTitle()); ?></a></td></tr>
104+
<tr><td><a href="<?php echo $document->getURI(); ?>"><?php echo filter_var($document->getTitle(), FILTER_SANITIZE_FULL_SPECIAL_CHARS); ?></a></td></tr>
105105
<?php } ?>
106106
</tbody></table>
107107
</section>
@@ -113,7 +113,7 @@ require("./header.inc.phtml");
113113
<section>
114114
<table><tbody>
115115
<?php foreach ($this->getContext()->news_posts as $news_post) { ?>
116-
<tr><td><a href="<?php echo $news_post->getURI(); ?>"><?php echo htmlspecialchars($news_post->getTitle()); ?></a></td></tr>
116+
<tr><td><a href="<?php echo $news_post->getURI(); ?>"><?php echo filter_var($news_post->getTitle(), FILTER_SANITIZE_FULL_SPECIAL_CHARS); ?></a></td></tr>
117117
<?php } ?>
118118
</tbody></table>
119119
</section>
@@ -125,7 +125,7 @@ require("./header.inc.phtml");
125125
<section>
126126
<table><tbody>
127127
<?php foreach ($this->getContext()->packets as $packet) { ?>
128-
<tr><td><a href="<?php echo $packet->getURI(); ?>"><?php echo htmlspecialchars($packet->getPacketDirectionTag(), ENT_HTML5, "UTF-8"); ?> <?php echo htmlspecialchars($packet->getPacketId(true), ENT_HTML5, "UTF-8"); ?> <?php echo htmlspecialchars($packet->getPacketName()); ?></a></td></tr>
128+
<tr><td><a href="<?php echo $packet->getURI(); ?>"><?php echo filter_var($packet->getPacketDirectionTag(), FILTER_SANITIZE_FULL_SPECIAL_CHARS); ?> <?php echo filter_var($packet->getPacketId(true), FILTER_SANITIZE_FULL_SPECIAL_CHARS); ?> <?php echo filter_var($packet->getPacketName(), FILTER_SANITIZE_FULL_SPECIAL_CHARS); ?></a></td></tr>
129129
<?php } ?>
130130
</tbody></table>
131131
</section>

0 commit comments

Comments
 (0)