Add a new string escape helper function

2023-03-13 08:08:43 +01:00 · 2023-03-13 08:08:43 +01:00 · 9a6233ad3a
parent 10ce6bbf11
commit 9a6233ad3a
3 changed files with 24 additions and 5 deletions
--- a/application/helpers/html_helper.php
+++ b/application/helpers/html_helper.php
@ -11,6 +11,25 @@
 * @since       v1.4.0
 * ---------------------------------------------------------------------------- */

+if ( ! function_exists('e'))
+{
+    /**
+     * HTML escape function for templates.
+     *
+     * Use this helper function to easily escape all the outputted HTML markup.
+     *
+     * Example:
+     *
+     * <?= e($string) ?>
+     *
+     * @param mixed $string Provide anything that can be converted to a string.
+     */
+    function e(mixed $string): string
+    {
+        return htmlspecialchars($string, ENT_QUOTES, 'UTF-8');
+    }
+}
+
 if ( ! function_exists('component'))
 {
    /**
--- a/application/helpers/language_helper.php
+++ b/application/helpers/language_helper.php
@ -37,6 +37,6 @@ if ( ! function_exists('lang'))
            $result = '<label for="' . $for . '"' . _stringify_attributes($attributes) . '>' . $result . '</label>';
        }

-        return $result ?: $line;
+        return e($result ?: $line);
    }
 }
--- a/application/views/components/booking_header.php
+++ b/application/views/components/booking_header.php
@ -1,7 +1,7 @@
 <?php
 /**
 * Local variables.
- * 
+ *
 * @var string $company_name
 */
 ?>
@ -9,11 +9,11 @@
 <div id="header">
    <div id="company-name">
        <img src="<?= vars('company_logo') ?: base_url('assets/img/logo.png') ?>" alt="logo" id="company-logo">
-        
+
        <span>
-            <?= $company_name ?>
+            <?= e($company_name) ?>
        </span>
-        
+
        <div class="d-flex justify-content-center justify-content-md-start">
            <span class="display-selected-service me-1 pe-1 border-end invisible">
                <?= lang('service') ?>