From 88ec458cb0fd88a5b696aeaef9aac9cf1f466011 Mon Sep 17 00:00:00 2001 From: Cleric-K Date: Mon, 18 Mar 2024 11:26:02 +0200 Subject: [PATCH] esc() for 'raw' context (Fixes #8624) --- system/Common.php | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/system/Common.php b/system/Common.php index 093943effb47..2ad287fb26ea 100644 --- a/system/Common.php +++ b/system/Common.php @@ -426,6 +426,15 @@ function env(string $key, $default = null) */ function esc($data, string $context = 'html', ?string $encoding = null) { + $context = strtolower($context); + + // Provide a way to NOT escape data since + // this could be called automatically by + // the View library. + if ($context === 'raw') { + return $data; + } + if (is_array($data)) { foreach ($data as &$value) { $value = esc($value, $context); @@ -433,15 +442,6 @@ function esc($data, string $context = 'html', ?string $encoding = null) } if (is_string($data)) { - $context = strtolower($context); - - // Provide a way to NOT escape data since - // this could be called automatically by - // the View library. - if ($context === 'raw') { - return $data; - } - if (! in_array($context, ['html', 'js', 'css', 'url', 'attr'], true)) { throw new InvalidArgumentException('Invalid escape context provided.'); }