Skip to content

Commit

Permalink
[Instruments] Bugfix multi-escaped special characters (aces#6223)
Browse files Browse the repository at this point in the history
Removed duplicate call to HTMLSpecialChars() causing double escaping on any instrument field with one of the following characters & < > "

The removal is justified since these fields are being escaped directly in the database class
https://github.com/aces/Loris/blob/master/php/libraries/Database.class.inc#L538
  • Loading branch information
ridz1208 authored and spell00 committed Jun 2, 2020
1 parent f64db81 commit fbf06f0
Showing 1 changed file with 0 additions and 4 deletions.
4 changes: 0 additions & 4 deletions php/libraries/LorisForm.class.inc
Original file line number Diff line number Diff line change
Expand Up @@ -695,10 +695,6 @@ class LorisForm
}
}
}
// Always sanitize user-controlled input
if (!is_array($newValue)) {
$newValue = htmlspecialchars($newValue);
}

return $newValue;
}
Expand Down

0 comments on commit fbf06f0

Please sign in to comment.