Convert output escaping to use the h() convenience function

XMLWordPrintable

    • Type: Task
    • Resolution: Unresolved
    • Priority: Minor
    • COmanage Registry 5.2.0 SCU
    • Affects Version/s: PE Milestone 10 (It's Getting Tense)
    • None

      In Registry 4.x we adopted the use of filter_var() for output escaping. In PE, we will instead use the much less verbose h() CakePHP convenience function.

      The PHP Sanitize filters page notes:
      "FILTER_SANITIZE_STRING ... (Deprecated as of PHP 8.1.0, use htmlspecialchars() instead.)" (See: https://www.php.net/manual/en/filter.filters.sanitize.php)

      h() is a shorthand for htmlspecialchars().

            Assignee:
            Arlen Johnson
            Reporter:
            Arlen Johnson
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: