Add a recursion guard in Gdn_Format::to() #9644
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
We have an ill-advised use of
Gdn_Format::to()
where we allow arrays or objects to be passed and the class will format everything in them. Although the practice is heavily discouraged, we still support it.There is a problem with self-referencing objects or arrays where
Gdn_Format::to()
will infinitely recurse when formatting in that case. This fix puts a guard against infinite recursion by keeping track of the objects and arrays that have already been formatted and not re-formatting them.This also adds core support for the “display” format as a sanitized format. That’s our version of
htmlspecialchars()
with some extra processing. I think that’s an okay thing to do, but am asking reviewers to check it out.Closes https://github.com/vanilla/support/issues/316.