[BUG]: Filter::StringVal with <<>> #15978
Labels
5.0
The issues we want to solve in the 5.0 release
bug
A bug report
discussion
Request for comments and discussion
status: medium
Medium
Projects
FILTER_SANITIZE_STRING
is to be removed from PHP 8.1. TheStringVal
filter relies onfilter_var()
to sanitize strings.As per the documentation as well as the relevant RFC that removes the constant,
htmlspecialchars()
is a better alternative to the functionality.The current implementation - which no longer uses
filter_var
is based onpreg_match
is:When using the following string:
the expected result is:
' ' ' ' ' " " " " - - ... '
but instead we get:
'> ' ' ' ' " " " " - - ... '
Options:
preg_match
to pick up the>
StringVal
filter to usehtmlspecialchars()
and also introduceStringValLegacy
as a new filter which will only work for PHP 7.4 and 8.0 and will utilizefilter_var()
. This way we have something that people can use as they have been, and offer a path to upgrade the filter within the next major version.The text was updated successfully, but these errors were encountered: