From 9a6233ad3a63db63cd4b241918ca83da7f8cbea0 Mon Sep 17 00:00:00 2001 From: Alex Tselegidis Date: Mon, 13 Mar 2023 08:08:43 +0100 Subject: [PATCH] Add a new string escape helper function --- application/helpers/html_helper.php | 19 +++++++++++++++++++ application/helpers/language_helper.php | 2 +- .../views/components/booking_header.php | 8 ++++---- 3 files changed, 24 insertions(+), 5 deletions(-) diff --git a/application/helpers/html_helper.php b/application/helpers/html_helper.php index 226ce529..7fc46faa 100644 --- a/application/helpers/html_helper.php +++ b/application/helpers/html_helper.php @@ -11,6 +11,25 @@ * @since v1.4.0 * ---------------------------------------------------------------------------- */ +if ( ! function_exists('e')) +{ + /** + * HTML escape function for templates. + * + * Use this helper function to easily escape all the outputted HTML markup. + * + * Example: + * + * + * + * @param mixed $string Provide anything that can be converted to a string. + */ + function e(mixed $string): string + { + return htmlspecialchars($string, ENT_QUOTES, 'UTF-8'); + } +} + if ( ! function_exists('component')) { /** diff --git a/application/helpers/language_helper.php b/application/helpers/language_helper.php index c79fa811..0b7b5984 100644 --- a/application/helpers/language_helper.php +++ b/application/helpers/language_helper.php @@ -37,6 +37,6 @@ if ( ! function_exists('lang')) $result = ''; } - return $result ?: $line; + return e($result ?: $line); } } diff --git a/application/views/components/booking_header.php b/application/views/components/booking_header.php index f42b4f13..e0501295 100644 --- a/application/views/components/booking_header.php +++ b/application/views/components/booking_header.php @@ -1,7 +1,7 @@ @@ -9,11 +9,11 @@