html-encode dynamic values in buypoints.php (#364)

* add html encoding function * html-encode dynamic values important if the values contain special characters like '&<>" (for example if $config['site_title'] is `AT&T` or `<AWESOMESERVER>`, the old code would generate invalid html, but this updated code will generate valid html.)
2025-10-13 18:04:54 +02:00 · 2019-08-26 02:11:02 +02:00
parent 53dbc9fdd7
commit 01c5da322a
2 changed files with 21 additions and 17 deletions
--- a/engine/function/general.php
+++ b/engine/function/general.php
@@ -559,5 +559,9 @@ function verifyGoogleReCaptcha($postResponse = null) {
 	$json = json_decode($response);
 	return isset($json->success) && $json->success;
 }
+// html encoding function (encode any string to valid UTF-8 HTML)
+function hhb_tohtml(/*string*/ $str)/*:string*/ {
+	return htmlentities($str, ENT_QUOTES | ENT_HTML401 | ENT_SUBSTITUTE | ENT_DISALLOWED, 'UTF-8', true);
+}

 ?>