Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[10.x] Gracefully handle invalid code points in e() #46914

Merged
merged 1 commit into from
May 1, 2023

Conversation

crishoj
Copy link
Contributor

@crishoj crishoj commented Apr 28, 2023

When provided a string containing invalid code points (e.g. wrong encoding or unaligned truncation), the e() helper will silently swallow the whole argument and return an empty string.

I propose adding ENT_SUBSTITUTE to the flags for htmlspecialchars(), aligning e() with the default behavior of htmlspecialchars() since PHP 8.1:

ENT_SUBSTITUTE Replace invalid code unit sequences with a Unicode Replacement Character U+FFFD (UTF-8) or � (otherwise) instead of returning an empty string.

Developers and end-users alike will likely be less surprised by the occasional , than the escaped string vanishing entirely.

@taylorotwell taylorotwell merged commit 812ef55 into laravel:10.x May 1, 2023
bert-w added a commit to bert-w/framework that referenced this pull request May 5, 2023
commit 025c912
Author: Taylor Otwell <taylor@laravel.com>
Date:   Fri May 5 14:47:22 2023 -0500

    respect parents on middleware priority (laravel#46972)

commit 07a5e09
Author: Saya <379924+chu121su12@users.noreply.github.com>
Date:   Sat May 6 01:36:04 2023 +0800

    [10.x] Add url support for mail config (laravel#46964)

    * Add url support for mail config

    * ci fix

    * formatting

    ---------

    Co-authored-by: Taylor Otwell <taylor@laravel.com>

commit 1e6b467
Author: Tim MacDonald <hello@timacdonald.me>
Date:   Sat May 6 03:00:49 2023 +1000

    wip (laravel#46963)

commit 1c783fe
Author: Günther Debrauwer <gunther@nextapps.be>
Date:   Thu May 4 17:27:41 2023 +0200

    [10.x] Add 'hashed' cast (laravel#46947)

    * Add 'hashed' cast

    * Fix linting issues

commit 51251d4
Author: taylorotwell <taylorotwell@users.noreply.github.com>
Date:   Thu May 4 14:54:58 2023 +0000

    Update facade docblocks

commit 82a8da7
Author: Anjorin Damilare <damilareanjorin1@gmail.com>
Date:   Thu May 4 15:54:23 2023 +0100

    [10.x] add expression to DB table doctype (laravel#46955)

commit 65f6426
Author: Wouter de Jong <wouterj@users.noreply.github.com>
Date:   Thu May 4 14:41:20 2023 +0200

    Fix typo in PHPdoc tag (laravel#46960)

commit c164078
Author: Tim MacDonald <hello@timacdonald.me>
Date:   Thu May 4 05:17:54 2023 +1000

    [10.x] Siesta (laravel#46904)

    * wip

    * wip

    * wip

    * wip

    * wip

    * wip

    * wip

    * wip

    * wip

    * wip

    * wip

    * wip

    * wip

    * Update src/Illuminate/Support/Siesta.php

    Co-authored-by: Nuno Maduro <enunomaduro@gmail.com>

    * Update src/Illuminate/Support/Siesta.php

    Co-authored-by: Nuno Maduro <enunomaduro@gmail.com>

    * Update src/Illuminate/Support/Siesta.php

    Co-authored-by: Nuno Maduro <enunomaduro@gmail.com>

    * wip

    * wip

    * wip

    * wip

    * wip

    * wip

    * wip

    * wip

    * formatting and rename to sleep

    ---------

    Co-authored-by: Nuno Maduro <enunomaduro@gmail.com>
    Co-authored-by: Taylor Otwell <taylor@laravel.com>

commit 6e8b883
Author: Volodya Kurshudyan <70023120+xurshudyan@users.noreply.github.com>
Date:   Wed May 3 22:19:29 2023 +0400

    Add sortRecursiveDesc() method (laravel#46945)

    Co-authored-by: Volodya Khurshudyan <volodya.khurshudyan@softconstruct.com>

commit d800f9e
Author: Abu Sayed Jobayer <aszubayr@gmail.com>
Date:   Wed May 3 19:51:21 2023 +0600

    Update doc block to make array notation more consist. (laravel#46942)

commit ba46acb
Author: Bert <bertwijnhoven@hotmail.com>
Date:   Tue May 2 23:24:37 2023 +0200

    [10.x] Expose `Js::json()` helper (laravel#46935)

    * change to static

    * Update Js.php

    ---------

    Co-authored-by: Taylor Otwell <taylor@laravel.com>

commit 2aff286
Author: StyleCI Bot <bot@styleci.io>
Date:   Mon May 1 16:09:32 2023 +0000

    Apply fixes from StyleCI

commit f8dd01a
Author: Italo <DarkGhostHunter@Gmail.com>
Date:   Mon May 1 12:09:09 2023 -0400

    [10.x] Adds ability to restore/set Global Scopes (laravel#46922)

    * [10.x] Adds ability to restore/set Global Scopes

    * Update HasGlobalScopes.php

    ---------

    Co-authored-by: Taylor Otwell <taylor@laravel.com>

commit a2f35fa
Author: Günther Debrauwer <gunther@nextapps.be>
Date:   Mon May 1 18:07:12 2023 +0200

    [10.x] Use method on UploadedFile to validate image dimensions (laravel#46912)

    * imageSize method on uploadedfile

    * formatting

    * fix variable

    ---------

    Co-authored-by: Taylor Otwell <taylor@laravel.com>

commit 8de1aa2
Author: Kieran <kieran@supportpal.com>
Date:   Mon May 1 17:05:23 2023 +0100

    [10.x] Mark commands as isolatable (laravel#46925)

    * Ability to set default for --isolated option

    * set default exit code

    * Update Command.php

    ---------

    Co-authored-by: Taylor Otwell <taylor@laravel.com>

commit 812ef55
Author: Christian Rishøj <christian@rishoj.net>
Date:   Mon May 1 17:52:24 2023 +0200

    follow default PHP behavior and replace invalid codepoints (laravel#46914)

commit 96f0d0e
Author: Choraimy Kroonstuiver <3661474+axlon@users.noreply.github.com>
Date:   Mon May 1 17:41:14 2023 +0200

    Add missing typehint to cache repository contract (laravel#46929)

commit 89ac58a
Author: Taylor Otwell <taylor@laravel.com>
Date:   Thu Apr 27 10:29:15 2023 -0500

    fix replace missing_unless

commit 5f30445
Merge: 9cd734c f43355f
Author: Tetiana Blindaruk <t.blindaruk@gmail.com>
Date:   Tue Apr 25 20:33:53 2023 +0300

    Merge remote-tracking branch 'origin/10.x' into 10.x

    # Conflicts:
    #	CHANGELOG.md

commit 9cd734c
Author: Tetiana Blindaruk <t.blindaruk@gmail.com>
Date:   Tue Apr 25 20:33:29 2023 +0300

    [10.x] Update CHANGELOG.md

commit f43355f
Author: TBlindaruk <TBlindaruk@users.noreply.github.com>
Date:   Tue Apr 25 16:47:37 2023 +0000

    Update CHANGELOG

commit 3507812
Merge: e2a65b3 675ea86
Author: Taylor Otwell <taylor@laravel.com>
Date:   Tue Apr 25 08:47:18 2023 -0500

    fix conflicts

commit 675ea86
Author: Taylor Otwell <taylor@laravel.com>
Date:   Tue Apr 25 08:44:05 2023 -0500

    version

commit e2a65b3
Author: Bogdan Lotarev <bogdanlotar@gmail.com>
Date:   Tue Apr 25 15:40:49 2023 +0200

    [10.x] Use foreignUlid if model uses HasUlids trait when call foreignIdFor  (laravel#46876)

    * fix: use foreignUlid if model uses HasUlids

    * test: add assert for MySql

    * Update Blueprint.php

    ---------

    Co-authored-by: Taylor Otwell <taylor@laravel.com>

commit b5bef6b
Author: StyleCI Bot <bot@styleci.io>
Date:   Mon Apr 24 19:32:27 2023 +0000

    Apply fixes from StyleCI

commit 846d1a0
Author: Anjorin Damilare <damilareanjorin1@gmail.com>
Date:   Mon Apr 24 20:32:06 2023 +0100

    [10.x]: improve job release method to accept date instance (laravel#46854)

    * [10.x]: improve job release method to accept date instance

    * Update InteractsWithQueue.php

    ---------

    Co-authored-by: Taylor Otwell <taylor@laravel.com>

commit 7136338
Author: Tim MacDonald <hello@timacdonald.me>
Date:   Tue Apr 25 05:16:49 2023 +1000

    [10.x] Named static methods for middleware (laravel#46362)

    * wip

    * Standardise of `using` for Authorization middleware

    * Update ValidateSignature.php

    * Update ThrottleRequests.php

    * Update ThrottleRequests.php

    * Update RequirePassword.php

    ---------

    Co-authored-by: Taylor Otwell <taylor@laravel.com>

commit 2922575
Author: Nuno Maduro <enunomaduro@gmail.com>
Date:   Mon Apr 24 19:49:40 2023 +0100

    [10.x] Uses `@template-covariant` in collections (laravel#46872)

    * docs: update collection docs to use template-covariant for the values

    This allows developers to use classes with inheritance on collections. See types/Support/Collection.php for an example

    * Revert `@template-covariant` on Arrayable

    * Apply fixes from StyleCI

    ---------

    Co-authored-by: rvanvelzen <rvanvelzen@swis.nl>
    Co-authored-by: StyleCI Bot <bot@styleci.io>

commit 1793066
Author: Finn <71390226+FinnPaes@users.noreply.github.com>
Date:   Mon Apr 24 17:59:54 2023 +0200

    Fix implode docblock to accept callable as parameter (laravel#46869)

    Co-authored-by: Finn Paes <finn@justbetter.nl>

commit 89a5468
Author: Luke Kuzmish <42181698+cosmastech@users.noreply.github.com>
Date:   Mon Apr 24 09:43:14 2023 -0400

    [10.x] Throw LogicException when calling `FileFactory@image()` if mimetype is not supported (laravel#46859)

    * throw exception if FileFactory does not support mimetype

    * style

    * formatting

    * rely on $functionName

    ---------

    Co-authored-by: Taylor Otwell <taylor@laravel.com>

commit 9cfd7e1
Author: Niclas <NiclasvanEyk@users.noreply.github.com>
Date:   Mon Apr 24 15:25:43 2023 +0200

    Pass through IGNITION_LOCAL_SITES_PATH environment variable when serving (laravel#46857)

    Enables correct link generation for opening files from the error page when running inside docker.

commit d199af3
Author: s4muel <s4muel@users.noreply.github.com>
Date:   Fri Apr 21 17:14:58 2023 +0200

    [10.x] update return type in docblock for Process pipe method (laravel#46848)

    * update return type in docblock for Process pipe method

    * update the Process.php docblock as well

    * Update Factory.php

    ---------

    Co-authored-by: Taylor Otwell <taylor@laravel.com>

commit 0c9b3e9
Author: Dries Vints <dries@vints.io>
Date:   Fri Apr 21 15:14:53 2023 +0200

    Make rules method in FormRequest optional (laravel#46846)

commit 3d28bdc
Author: James Hulse <jameshulse@users.noreply.github.com>
Date:   Thu Apr 20 18:37:59 2023 +0100

    [10.x] Allow pruning all cancelled and unfinished queue batches (laravel#46833)

    * Allow pruning all cancelled and unfinished batches

    * Apply fixes from StyleCI

commit 2b463dd
Author: Miran AL Mehrab <miranalmehrab@protonmail.com>
Date:   Thu Apr 20 22:29:37 2023 +0600

    Add new HTTP status assertions (laravel#46841)

    * Adds gone status check

    * Adds service unavailable status check

    * Adds internal server error status check

commit a3cfd2d
Author: Tsuguya Toma <tsuguya.toma@tgy.io>
Date:   Wed Apr 19 22:54:02 2023 +0900

    fix date_format rule throw ValueError (laravel#46824)

commit ed75852
Author: Rudie Dirkx <168024+rudiedirkx@users.noreply.github.com>
Date:   Tue Apr 18 21:06:23 2023 +0200

    Use pivot model fromDateTime instead of assuming Carbon (laravel#46822)

commit 6f575fc
Merge: 3259360 95ffddc
Author: Tetiana Blindaruk <t.blindaruk@gmail.com>
Date:   Tue Apr 18 21:54:43 2023 +0300

    Merge remote-tracking branch 'origin/10.x' into 10.x

commit 3259360
Author: Tetiana Blindaruk <t.blindaruk@gmail.com>
Date:   Tue Apr 18 21:54:23 2023 +0300

    [10.x] Update CHANGELOG.md

commit 95ffddc
Author: masoud derakhshi <59544612+mderakhshi@users.noreply.github.com>
Date:   Tue Apr 18 22:00:04 2023 +0330

    [10.x] whereMorphedTo null (laravel#46821)

    * Update QueriesRelationships.php

    * Update DatabaseEloquentBuilderTest.php

    * Update DatabaseEloquentBuilderTest.php

    * Update DatabaseEloquentBuilderTest.php

commit 7aab67d
Author: Gaitholabi <24876890+Gaitholabi@users.noreply.github.com>
Date:   Tue Apr 18 21:18:06 2023 +0300

    [10.x] Allow separate directory for locks on filestore (laravel#46811)

    * allow separate directory for locks on filestore

    * fix style

    * fix method signature

    * Update src/Illuminate/Cache/FileStore.php

    Co-authored-by: Dries Vints <dries@vints.be>

    * apply styleci

    * formatting

    ---------

    Co-authored-by: Dries Vints <dries@vints.be>
    Co-authored-by: Taylor Otwell <taylor@laravel.com>

commit e838b1d
Author: TBlindaruk <TBlindaruk@users.noreply.github.com>
Date:   Tue Apr 18 17:52:33 2023 +0000

    Update CHANGELOG

commit 9747b8c
Author: Tetiana Blindaruk <t.blindaruk@gmail.com>
Date:   Tue Apr 18 20:48:03 2023 +0300

    [9.x] Update CHANGELOG.md

commit 5d8416e
Merge: 317d7cc 16454f1
Author: Dries Vints <dries@vints.be>
Date:   Tue Apr 18 17:01:19 2023 +0200

    Merge branch '9.x' into 10.x

    # Conflicts:
    #	src/Illuminate/Foundation/Application.php

commit 317d7cc
Author: Taylor Otwell <taylor@laravel.com>
Date:   Tue Apr 18 08:45:33 2023 -0500

    version

commit 16454f1
Author: Taylor Otwell <taylor@laravel.com>
Date:   Tue Apr 18 08:44:55 2023 -0500

    version

commit 8ef7a8d
Merge: a56d748 2a6713f
Author: Taylor Otwell <taylor@laravel.com>
Date:   Tue Apr 18 08:44:34 2023 -0500

    Merge branch '9.x' into 10.x

commit 2a6713f
Author: Luke Kuzmish <42181698+cosmastech@users.noreply.github.com>
Date:   Tue Apr 18 09:42:14 2023 -0400

    [9.x] Release lock for job implementing `ShouldBeUnique` that is dispatched `afterResponse()` (laravel#46806)

    * failing test

    * rely on PendingDispatch@afterResponse so that ShouldBeUnique is checked

    * modifications to failing test

    * move lock/middleware handling to CallQueuedHandler@handle()

    * use CallQueuedHandler@handle if job employs InteractsWithQueue

    * style

    * revert changes to CallQueuedHandler & PendingDispatch

    * switch Bus\Dispatcher@dispatchAfterResponse to rely on Dispatcher@dispatchSync()

    * add `dispatchAfterResponse` test

commit a56d748
Author: Mohd Hafizuddin M Marzuki <hafizuddin_83@yahoo.com>
Date:   Tue Apr 18 01:41:32 2023 +0800

    Fix `validateDecimal()` (laravel#46809)

commit 88c28e2
Author: Anjorin Damilare <damilareanjorin1@gmail.com>
Date:   Mon Apr 17 17:13:04 2023 +0100

    [10.x]: add max exceptions to broadcast event (laravel#46800)

commit 17ad285
Author: kazunari.ueeda <34956483+UserKazun@users.noreply.github.com>
Date:   Tue Apr 18 01:01:53 2023 +0900

    Fix return value to int or null. (laravel#46802)

commit 997218b
Author: Luke Kuzmish <42181698+cosmastech@users.noreply.github.com>
Date:   Sun Apr 16 09:35:36 2023 -0400

    fixes test timestamp properties (laravel#46795)

commit 3e5a6b3
Author: teamradhq <14055161+teamradhq@users.noreply.github.com>
Date:   Sun Apr 16 07:55:40 2023 +1000

    Fix deprecated class in request.stub (laravel#46787)

    * Replace deprecated Illuminate\Contracts\Validation\Rule with
      ValidationRule.`

commit 0720d08
Author: Taylor Otwell <taylor@laravel.com>
Date:   Sat Apr 15 16:53:23 2023 -0500

    [10.x] Minor skeleton slimming (framework edition) (laravel#46786)

    * allow web and api named args on routes method

    * add app skeleton broadcast provider in core

    * add default provider collection

    * remove base broadcast service provider

    * Apply fixes from StyleCI

    * revert route provider change

    ---------

    Co-authored-by: StyleCI Bot <bot@styleci.io>

commit d95f865
Author: Sobhan <44964722+sobhan-m94@users.noreply.github.com>
Date:   Fri Apr 14 17:31:33 2023 +0330

    Add headers (laravel#46780)

    * add headers

    * Update Application.php

    ---------

    Co-authored-by: Taylor Otwell <taylor@laravel.com>
milwad-dev pushed a commit to milwad-dev/framework that referenced this pull request May 12, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants