Fixed too strict escaping for product names #240

Forceu · Forceu · commit 369798d05395 · 2024-06-02T21:57:10.000+02:00
diff --git a/incl/processing.inc.php b/incl/processing.inc.php
@@ -528,9 +528,9 @@ function sanitizeString(?string $input, bool $strongFilter = false): ?string {
     if ($input == null)
         return null;
     if ($strongFilter) {
-        return filter_var($input, FILTER_SANITIZE_SPECIAL_CHARS, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH);
+        return filter_var($input, FILTER_SANITIZE_FULL_SPECIAL_CHARS, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH);
     } else {
-        return filter_var($input, FILTER_SANITIZE_SPECIAL_CHARS);
+        return filter_var($input, FILTER_SANITIZE_FULL_SPECIAL_CHARS);
     }
 }
 

Original file line number	Diff line number	Diff line change
`@@ -528,9 +528,9 @@ function sanitizeString(?string $input, bool $strongFilter = false): ?string {`
`528`	`528`	`if ($input == null)`
`529`	`529`	`return null;`
`530`	`530`	`if ($strongFilter) {`
`531`		`- return filter_var($input, FILTER_SANITIZE_SPECIAL_CHARS, FILTER_FLAG_STRIP_LOW \| FILTER_FLAG_STRIP_HIGH);`
	`531`	`+ return filter_var($input, FILTER_SANITIZE_FULL_SPECIAL_CHARS, FILTER_FLAG_STRIP_LOW \| FILTER_FLAG_STRIP_HIGH);`
`532`	`532`	`} else {`
`533`		`- return filter_var($input, FILTER_SANITIZE_SPECIAL_CHARS);`
	`533`	`+ return filter_var($input, FILTER_SANITIZE_FULL_SPECIAL_CHARS);`
`534`	`534`	`}`
`535`	`535`	`}`
`536`	`536`