diff --git a/system/Common.php b/system/Common.php index 093943effb47..2ad287fb26ea 100644 --- a/system/Common.php +++ b/system/Common.php @@ -426,6 +426,15 @@ function env(string $key, $default = null) */ function esc($data, string $context = 'html', ?string $encoding = null) { + $context = strtolower($context); + + // Provide a way to NOT escape data since + // this could be called automatically by + // the View library. + if ($context === 'raw') { + return $data; + } + if (is_array($data)) { foreach ($data as &$value) { $value = esc($value, $context); @@ -433,15 +442,6 @@ function esc($data, string $context = 'html', ?string $encoding = null) } if (is_string($data)) { - $context = strtolower($context); - - // Provide a way to NOT escape data since - // this could be called automatically by - // the View library. - if ($context === 'raw') { - return $data; - } - if (! in_array($context, ['html', 'js', 'css', 'url', 'attr'], true)) { throw new InvalidArgumentException('Invalid escape context provided.'); } diff --git a/tests/system/CommonFunctionsTest.php b/tests/system/CommonFunctionsTest.php index a097cb2a81a0..89da3e89c4ad 100644 --- a/tests/system/CommonFunctionsTest.php +++ b/tests/system/CommonFunctionsTest.php @@ -247,6 +247,27 @@ public function testEscapeBadContextZero(): void esc('