fix Filter sanitize string deprecated CORE #81

2025-04-09 03:26:11 +00:00
parent 9ad5ead4bd
commit 16d3ddafba
2 changed files with 4 additions and 4 deletions
--- a/gulliver/system/class.inputfilter.php
+++ b/gulliver/system/class.inputfilter.php
@@ -602,13 +602,13 @@ class InputFilter
                }
                break;
            case 'nosql':
-                $value = (string)filter_var($value, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH);
+                $value = htmlspecialchars(trim($value), ENT_QUOTES, 'UTF-8');
                if (preg_match('/\b(or|and|xor|drop|insert|update|delete|select)\b/i', $value, $matches, PREG_OFFSET_CAPTURE)) {
                    $value = substr($value, 0, $matches[0][1]);
                }
                break;
            default:
-                $value = (string)filter_var($value, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW);
+                $value = htmlspecialchars(trim($value), ENT_QUOTES, 'UTF-8');
        }

        return $value;