Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[10.x] Gracefully handle invalid code points in e() #46914

Merged
merged 1 commit into from
May 1, 2023

Conversation

crishoj
Copy link
Contributor

@crishoj crishoj commented Apr 28, 2023

When provided a string containing invalid code points (e.g. wrong encoding or unaligned truncation), the e() helper will silently swallow the whole argument and return an empty string.

I propose adding ENT_SUBSTITUTE to the flags for htmlspecialchars(), aligning e() with the default behavior of htmlspecialchars() since PHP 8.1:

ENT_SUBSTITUTE Replace invalid code unit sequences with a Unicode Replacement Character U+FFFD (UTF-8) or � (otherwise) instead of returning an empty string.

Developers and end-users alike will likely be less surprised by the occasional , than the escaped string vanishing entirely.

@taylorotwell taylorotwell merged commit 812ef55 into laravel:10.x May 1, 2023
bert-w added a commit to bert-w/framework that referenced this pull request May 5, 2023
commit 025c912
Author: Taylor Otwell <[email protected]>
Date:   Fri May 5 14:47:22 2023 -0500

    respect parents on middleware priority (laravel#46972)

commit 07a5e09
Author: Saya <[email protected]>
Date:   Sat May 6 01:36:04 2023 +0800

    [10.x] Add url support for mail config (laravel#46964)

    * Add url support for mail config

    * ci fix

    * formatting

    ---------

    Co-authored-by: Taylor Otwell <[email protected]>

commit 1e6b467
Author: Tim MacDonald <[email protected]>
Date:   Sat May 6 03:00:49 2023 +1000

    wip (laravel#46963)

commit 1c783fe
Author: Günther Debrauwer <[email protected]>
Date:   Thu May 4 17:27:41 2023 +0200

    [10.x] Add 'hashed' cast (laravel#46947)

    * Add 'hashed' cast

    * Fix linting issues

commit 51251d4
Author: taylorotwell <[email protected]>
Date:   Thu May 4 14:54:58 2023 +0000

    Update facade docblocks

commit 82a8da7
Author: Anjorin Damilare <[email protected]>
Date:   Thu May 4 15:54:23 2023 +0100

    [10.x] add expression to DB table doctype (laravel#46955)

commit 65f6426
Author: Wouter de Jong <[email protected]>
Date:   Thu May 4 14:41:20 2023 +0200

    Fix typo in PHPdoc tag (laravel#46960)

commit c164078
Author: Tim MacDonald <[email protected]>
Date:   Thu May 4 05:17:54 2023 +1000

    [10.x] Siesta (laravel#46904)

    * wip

    * wip

    * wip

    * wip

    * wip

    * wip

    * wip

    * wip

    * wip

    * wip

    * wip

    * wip

    * wip

    * Update src/Illuminate/Support/Siesta.php

    Co-authored-by: Nuno Maduro <[email protected]>

    * Update src/Illuminate/Support/Siesta.php

    Co-authored-by: Nuno Maduro <[email protected]>

    * Update src/Illuminate/Support/Siesta.php

    Co-authored-by: Nuno Maduro <[email protected]>

    * wip

    * wip

    * wip

    * wip

    * wip

    * wip

    * wip

    * wip

    * formatting and rename to sleep

    ---------

    Co-authored-by: Nuno Maduro <[email protected]>
    Co-authored-by: Taylor Otwell <[email protected]>

commit 6e8b883
Author: Volodya Kurshudyan <[email protected]>
Date:   Wed May 3 22:19:29 2023 +0400

    Add sortRecursiveDesc() method (laravel#46945)

    Co-authored-by: Volodya Khurshudyan <[email protected]>

commit d800f9e
Author: Abu Sayed Jobayer <[email protected]>
Date:   Wed May 3 19:51:21 2023 +0600

    Update doc block to make array notation more consist. (laravel#46942)

commit ba46acb
Author: Bert <[email protected]>
Date:   Tue May 2 23:24:37 2023 +0200

    [10.x] Expose `Js::json()` helper (laravel#46935)

    * change to static

    * Update Js.php

    ---------

    Co-authored-by: Taylor Otwell <[email protected]>

commit 2aff286
Author: StyleCI Bot <[email protected]>
Date:   Mon May 1 16:09:32 2023 +0000

    Apply fixes from StyleCI

commit f8dd01a
Author: Italo <[email protected]>
Date:   Mon May 1 12:09:09 2023 -0400

    [10.x] Adds ability to restore/set Global Scopes (laravel#46922)

    * [10.x] Adds ability to restore/set Global Scopes

    * Update HasGlobalScopes.php

    ---------

    Co-authored-by: Taylor Otwell <[email protected]>

commit a2f35fa
Author: Günther Debrauwer <[email protected]>
Date:   Mon May 1 18:07:12 2023 +0200

    [10.x] Use method on UploadedFile to validate image dimensions (laravel#46912)

    * imageSize method on uploadedfile

    * formatting

    * fix variable

    ---------

    Co-authored-by: Taylor Otwell <[email protected]>

commit 8de1aa2
Author: Kieran <[email protected]>
Date:   Mon May 1 17:05:23 2023 +0100

    [10.x] Mark commands as isolatable (laravel#46925)

    * Ability to set default for --isolated option

    * set default exit code

    * Update Command.php

    ---------

    Co-authored-by: Taylor Otwell <[email protected]>

commit 812ef55
Author: Christian Rishøj <[email protected]>
Date:   Mon May 1 17:52:24 2023 +0200

    follow default PHP behavior and replace invalid codepoints (laravel#46914)

commit 96f0d0e
Author: Choraimy Kroonstuiver <[email protected]>
Date:   Mon May 1 17:41:14 2023 +0200

    Add missing typehint to cache repository contract (laravel#46929)

commit 89ac58a
Author: Taylor Otwell <[email protected]>
Date:   Thu Apr 27 10:29:15 2023 -0500

    fix replace missing_unless

commit 5f30445
Merge: 9cd734c f43355f
Author: Tetiana Blindaruk <[email protected]>
Date:   Tue Apr 25 20:33:53 2023 +0300

    Merge remote-tracking branch 'origin/10.x' into 10.x

    # Conflicts:
    #	CHANGELOG.md

commit 9cd734c
Author: Tetiana Blindaruk <[email protected]>
Date:   Tue Apr 25 20:33:29 2023 +0300

    [10.x] Update CHANGELOG.md

commit f43355f
Author: TBlindaruk <[email protected]>
Date:   Tue Apr 25 16:47:37 2023 +0000

    Update CHANGELOG

commit 3507812
Merge: e2a65b3 675ea86
Author: Taylor Otwell <[email protected]>
Date:   Tue Apr 25 08:47:18 2023 -0500

    fix conflicts

commit 675ea86
Author: Taylor Otwell <[email protected]>
Date:   Tue Apr 25 08:44:05 2023 -0500

    version

commit e2a65b3
Author: Bogdan Lotarev <[email protected]>
Date:   Tue Apr 25 15:40:49 2023 +0200

    [10.x] Use foreignUlid if model uses HasUlids trait when call foreignIdFor  (laravel#46876)

    * fix: use foreignUlid if model uses HasUlids

    * test: add assert for MySql

    * Update Blueprint.php

    ---------

    Co-authored-by: Taylor Otwell <[email protected]>

commit b5bef6b
Author: StyleCI Bot <[email protected]>
Date:   Mon Apr 24 19:32:27 2023 +0000

    Apply fixes from StyleCI

commit 846d1a0
Author: Anjorin Damilare <[email protected]>
Date:   Mon Apr 24 20:32:06 2023 +0100

    [10.x]: improve job release method to accept date instance (laravel#46854)

    * [10.x]: improve job release method to accept date instance

    * Update InteractsWithQueue.php

    ---------

    Co-authored-by: Taylor Otwell <[email protected]>

commit 7136338
Author: Tim MacDonald <[email protected]>
Date:   Tue Apr 25 05:16:49 2023 +1000

    [10.x] Named static methods for middleware (laravel#46362)

    * wip

    * Standardise of `using` for Authorization middleware

    * Update ValidateSignature.php

    * Update ThrottleRequests.php

    * Update ThrottleRequests.php

    * Update RequirePassword.php

    ---------

    Co-authored-by: Taylor Otwell <[email protected]>

commit 2922575
Author: Nuno Maduro <[email protected]>
Date:   Mon Apr 24 19:49:40 2023 +0100

    [10.x] Uses `@template-covariant` in collections (laravel#46872)

    * docs: update collection docs to use template-covariant for the values

    This allows developers to use classes with inheritance on collections. See types/Support/Collection.php for an example

    * Revert `@template-covariant` on Arrayable

    * Apply fixes from StyleCI

    ---------

    Co-authored-by: rvanvelzen <[email protected]>
    Co-authored-by: StyleCI Bot <[email protected]>

commit 1793066
Author: Finn <[email protected]>
Date:   Mon Apr 24 17:59:54 2023 +0200

    Fix implode docblock to accept callable as parameter (laravel#46869)

    Co-authored-by: Finn Paes <[email protected]>

commit 89a5468
Author: Luke Kuzmish <[email protected]>
Date:   Mon Apr 24 09:43:14 2023 -0400

    [10.x] Throw LogicException when calling `FileFactory@image()` if mimetype is not supported (laravel#46859)

    * throw exception if FileFactory does not support mimetype

    * style

    * formatting

    * rely on $functionName

    ---------

    Co-authored-by: Taylor Otwell <[email protected]>

commit 9cfd7e1
Author: Niclas <[email protected]>
Date:   Mon Apr 24 15:25:43 2023 +0200

    Pass through IGNITION_LOCAL_SITES_PATH environment variable when serving (laravel#46857)

    Enables correct link generation for opening files from the error page when running inside docker.

commit d199af3
Author: s4muel <[email protected]>
Date:   Fri Apr 21 17:14:58 2023 +0200

    [10.x] update return type in docblock for Process pipe method (laravel#46848)

    * update return type in docblock for Process pipe method

    * update the Process.php docblock as well

    * Update Factory.php

    ---------

    Co-authored-by: Taylor Otwell <[email protected]>

commit 0c9b3e9
Author: Dries Vints <[email protected]>
Date:   Fri Apr 21 15:14:53 2023 +0200

    Make rules method in FormRequest optional (laravel#46846)

commit 3d28bdc
Author: James Hulse <[email protected]>
Date:   Thu Apr 20 18:37:59 2023 +0100

    [10.x] Allow pruning all cancelled and unfinished queue batches (laravel#46833)

    * Allow pruning all cancelled and unfinished batches

    * Apply fixes from StyleCI

commit 2b463dd
Author: Miran AL Mehrab <[email protected]>
Date:   Thu Apr 20 22:29:37 2023 +0600

    Add new HTTP status assertions (laravel#46841)

    * Adds gone status check

    * Adds service unavailable status check

    * Adds internal server error status check

commit a3cfd2d
Author: Tsuguya Toma <[email protected]>
Date:   Wed Apr 19 22:54:02 2023 +0900

    fix date_format rule throw ValueError (laravel#46824)

commit ed75852
Author: Rudie Dirkx <[email protected]>
Date:   Tue Apr 18 21:06:23 2023 +0200

    Use pivot model fromDateTime instead of assuming Carbon (laravel#46822)

commit 6f575fc
Merge: 3259360 95ffddc
Author: Tetiana Blindaruk <[email protected]>
Date:   Tue Apr 18 21:54:43 2023 +0300

    Merge remote-tracking branch 'origin/10.x' into 10.x

commit 3259360
Author: Tetiana Blindaruk <[email protected]>
Date:   Tue Apr 18 21:54:23 2023 +0300

    [10.x] Update CHANGELOG.md

commit 95ffddc
Author: masoud derakhshi <[email protected]>
Date:   Tue Apr 18 22:00:04 2023 +0330

    [10.x] whereMorphedTo null (laravel#46821)

    * Update QueriesRelationships.php

    * Update DatabaseEloquentBuilderTest.php

    * Update DatabaseEloquentBuilderTest.php

    * Update DatabaseEloquentBuilderTest.php

commit 7aab67d
Author: Gaitholabi <[email protected]>
Date:   Tue Apr 18 21:18:06 2023 +0300

    [10.x] Allow separate directory for locks on filestore (laravel#46811)

    * allow separate directory for locks on filestore

    * fix style

    * fix method signature

    * Update src/Illuminate/Cache/FileStore.php

    Co-authored-by: Dries Vints <[email protected]>

    * apply styleci

    * formatting

    ---------

    Co-authored-by: Dries Vints <[email protected]>
    Co-authored-by: Taylor Otwell <[email protected]>

commit e838b1d
Author: TBlindaruk <[email protected]>
Date:   Tue Apr 18 17:52:33 2023 +0000

    Update CHANGELOG

commit 9747b8c
Author: Tetiana Blindaruk <[email protected]>
Date:   Tue Apr 18 20:48:03 2023 +0300

    [9.x] Update CHANGELOG.md

commit 5d8416e
Merge: 317d7cc 16454f1
Author: Dries Vints <[email protected]>
Date:   Tue Apr 18 17:01:19 2023 +0200

    Merge branch '9.x' into 10.x

    # Conflicts:
    #	src/Illuminate/Foundation/Application.php

commit 317d7cc
Author: Taylor Otwell <[email protected]>
Date:   Tue Apr 18 08:45:33 2023 -0500

    version

commit 16454f1
Author: Taylor Otwell <[email protected]>
Date:   Tue Apr 18 08:44:55 2023 -0500

    version

commit 8ef7a8d
Merge: a56d748 2a6713f
Author: Taylor Otwell <[email protected]>
Date:   Tue Apr 18 08:44:34 2023 -0500

    Merge branch '9.x' into 10.x

commit 2a6713f
Author: Luke Kuzmish <[email protected]>
Date:   Tue Apr 18 09:42:14 2023 -0400

    [9.x] Release lock for job implementing `ShouldBeUnique` that is dispatched `afterResponse()` (laravel#46806)

    * failing test

    * rely on PendingDispatch@afterResponse so that ShouldBeUnique is checked

    * modifications to failing test

    * move lock/middleware handling to CallQueuedHandler@handle()

    * use CallQueuedHandler@handle if job employs InteractsWithQueue

    * style

    * revert changes to CallQueuedHandler & PendingDispatch

    * switch Bus\Dispatcher@dispatchAfterResponse to rely on Dispatcher@dispatchSync()

    * add `dispatchAfterResponse` test

commit a56d748
Author: Mohd Hafizuddin M Marzuki <[email protected]>
Date:   Tue Apr 18 01:41:32 2023 +0800

    Fix `validateDecimal()` (laravel#46809)

commit 88c28e2
Author: Anjorin Damilare <[email protected]>
Date:   Mon Apr 17 17:13:04 2023 +0100

    [10.x]: add max exceptions to broadcast event (laravel#46800)

commit 17ad285
Author: kazunari.ueeda <[email protected]>
Date:   Tue Apr 18 01:01:53 2023 +0900

    Fix return value to int or null. (laravel#46802)

commit 997218b
Author: Luke Kuzmish <[email protected]>
Date:   Sun Apr 16 09:35:36 2023 -0400

    fixes test timestamp properties (laravel#46795)

commit 3e5a6b3
Author: teamradhq <[email protected]>
Date:   Sun Apr 16 07:55:40 2023 +1000

    Fix deprecated class in request.stub (laravel#46787)

    * Replace deprecated Illuminate\Contracts\Validation\Rule with
      ValidationRule.`

commit 0720d08
Author: Taylor Otwell <[email protected]>
Date:   Sat Apr 15 16:53:23 2023 -0500

    [10.x] Minor skeleton slimming (framework edition) (laravel#46786)

    * allow web and api named args on routes method

    * add app skeleton broadcast provider in core

    * add default provider collection

    * remove base broadcast service provider

    * Apply fixes from StyleCI

    * revert route provider change

    ---------

    Co-authored-by: StyleCI Bot <[email protected]>

commit d95f865
Author: Sobhan <[email protected]>
Date:   Fri Apr 14 17:31:33 2023 +0330

    Add headers (laravel#46780)

    * add headers

    * Update Application.php

    ---------

    Co-authored-by: Taylor Otwell <[email protected]>
milwad-dev pushed a commit to milwad-dev/framework that referenced this pull request May 12, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants