Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-78893

Libaries: explicity set $flags for htmlspecialchars function

    XMLWordPrintable

Details

    • MOODLE_403_STABLE
    • MOODLE_403_STABLE
    • master_MDL-78893
    • Hide
      1. Navigate to <wwwroot>/iplookup/index.php?popup=1&ip=159.196.159.196 (where wwwroot is your test site domain).
      2. CONFIRM the IP (159.196.159.196) and location name (eg Sydney - Australia) are displayed in the heading at the top of the page.
      3. CONFIRM a map is displayed which approximately shows the location named in the heading at the top of the page.
      Show
      Navigate to <wwwroot>/iplookup/index.php?popup=1&ip=159.196.159.196 (where wwwroot is your test site domain). CONFIRM the IP (159.196.159.196) and location name (eg Sydney - Australia) are displayed in the heading at the top of the page. CONFIRM a map is displayed which approximately shows the location named in the heading at the top of the page.
    • 1
    • Team Hedgehog 2023 Sprint 3.1

    Description

      As part of the preparation for PHP 8.2 a compatibility check was run of the existing Moodle LMS codebase (see: MDL-77104). As part of this check the following was raised:

      FILE: /iplookup/index.php

       

      ------------------------------------------------------------------------------------------------------------------------
      FOUND 1 ERROR AFFECTING 1 LINE
      ------------------------------------------------------------------------------------------------------------------------
       109 | ERROR | The default value of the $flags parameter for htmlspecialchars() was changed from ENT_COMPAT to
           |       | ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML401 in PHP 8.1. For cross-version compatibility, the $flags
           |       | parameter should be explicitly set.
      ------------------------------------------------------------------------------------------------------------------------

       

      We should explicitly set the flags to: `ENT_QUOTES | ENT_HTML401 | ENT_SUBSTITUTE` to convert both single and double quotes to prevent any potential issues and to remove the notification in future checks. i.e.

       

      echo '<h1 class="iplookup h2">' . htmlspecialchars($title, ENT_QUOTES | ENT_HTML401 | ENT_SUBSTITUTE) . '</h1>';

       

      This issue doesn't block PHP 8.2 compatibility for Moodle LMS 4.2.2 as the change is only in master

      Attachments

        Activity

          People

            matt.porritt@moodle.com Matt Porritt
            matt.porritt@moodle.com Matt Porritt
            Stevani Andolo Stevani Andolo
            Ilya Tregubov Ilya Tregubov
            Kim Jared Lucas Kim Jared Lucas
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - 0 minutes
                0m
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 2 hours, 50 minutes
                2h 50m

                Clockify

                  Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.