Use filter_var in getContent

carlbennett · carlbennett · commit 0c7703cf446f · 2021-06-29T22:02:07.000-05:00
diff --git a/src/libraries/NewsPost.php b/src/libraries/NewsPost.php
@@ -236,15 +236,15 @@ public function getCategoryId() {
     return $this->category_id;
   }
 
-  public function getContent($prepare) {
-    if (!$prepare) {
+  public function getContent(bool $render) {
+    if (!$render) {
       return $this->content;
     }
     if ($this->options_bitmask & self::OPTION_MARKDOWN) {
       $md = new Parsedown();
       return $md->text($this->content);
     } else {
-      return htmlspecialchars($this->content, ENT_HTML5, "UTF-8");
+      return filter_var($this->content, FILTER_SANITIZE_FULL_SPECIAL_CHARS);
     }
   }
 

Original file line number	Diff line number	Diff line change
`@@ -236,15 +236,15 @@ public function getCategoryId() {`
`236`	`236`	`return $this->category_id;`
`237`	`237`	`}`
`238`	`238`
`239`		`- public function getContent($prepare) {`
`240`		`- if (!$prepare) {`
	`239`	`+ public function getContent(bool $render) {`
	`240`	`+ if (!$render) {`
`241`	`241`	`return $this->content;`
`242`	`242`	`}`
`243`	`243`	`if ($this->options_bitmask & self::OPTION_MARKDOWN) {`
`244`	`244`	`$md = new Parsedown();`
`245`	`245`	`return $md->text($this->content);`
`246`	`246`	`} else {`
`247`		`- return htmlspecialchars($this->content, ENT_HTML5, "UTF-8");`
	`247`	`+ return filter_var($this->content, FILTER_SANITIZE_FULL_SPECIAL_CHARS);`
`248`	`248`	`}`
`249`	`249`	`}`
`250`	`250`