From a3e8039f2a7f6b922a6adf312c4e35ee0a84d4c4 Mon Sep 17 00:00:00 2001
From: Cleric-K <9365881+Cleric-K@users.noreply.github.com>
Date: Mon, 18 Mar 2024 10:27:33 +0200
Subject: [PATCH] Fix esc() for 'raw' context (#8624)

---
 system/Common.php | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/system/Common.php b/system/Common.php
index 093943effb47..cc101900e7e0 100644
--- a/system/Common.php
+++ b/system/Common.php
@@ -426,6 +426,13 @@ function env(string $key, $default = null)
      */
     function esc($data, string $context = 'html', ?string $encoding = null)
     {
+        // Provide a way to NOT escape data since
+        // this could be called automatically by
+        // the View library.
+        if ($context === 'raw') {
+            return $data;
+        }
+
         if (is_array($data)) {
             foreach ($data as &$value) {
                 $value = esc($value, $context);
@@ -435,13 +442,6 @@ function esc($data, string $context = 'html', ?string $encoding = null)
         if (is_string($data)) {
             $context = strtolower($context);
 
-            // Provide a way to NOT escape data since
-            // this could be called automatically by
-            // the View library.
-            if ($context === 'raw') {
-                return $data;
-            }
-
             if (! in_array($context, ['html', 'js', 'css', 'url', 'attr'], true)) {
                 throw new InvalidArgumentException('Invalid escape context provided.');
             }