Don't use FILTER_SANITIZE_STRING for PHP 8.1 compat

wecodemore · Nov 25, 2021 · e16fa13 · e16fa13
1 parent 6489087
commit e16fa13
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/src/Env/Filters.php b/src/Env/Filters.php
@@ -138,7 +138,7 @@ private function filterString($value): string
             throw new \Exception('Invalid scalar.');
         }
 
-        return (string)filter_var($value, FILTER_SANITIZE_STRING);
+        return htmlspecialchars(strip_tags((string)$value), ENT_QUOTES, 'UTF-8', false);
     }
 
     /**

diff --git a/tests/unit/Env/FiltersTest.php b/tests/unit/Env/FiltersTest.php
@@ -76,7 +76,7 @@ public function filterDataProvider(): array
             [Filters::FILTER_INT, [], null],
             [Filters::FILTER_INT, new \ArrayObject(), null],
             [Filters::FILTER_STRING, 'hello!', 'hello!'],
-            [Filters::FILTER_STRING, '<script>alert(\'hi!\')</script>', 'alert(&#39;hi!&#39;)'],
+            [Filters::FILTER_STRING, '<script>alert(\'hi!\')</script>', 'alert(&#039;hi!&#039;)'],
             [Filters::FILTER_STRING, 1, '1'],
             [Filters::FILTER_STRING, 123.456, '123.456'],
             [Filters::FILTER_STRING, 0, '0'],
-Original file line number
+Diff line change
@@ Expand Up / @@ -138,7 +138,7 @@ private function filterString($value): string @@
                 throw new \Exception('Invalid scalar.');
             }
-            return (string)filter_var($value, FILTER_SANITIZE_STRING);
+            return htmlspecialchars(strip_tags((string)$value), ENT_QUOTES, 'UTF-8', false);
         }
         /**
@@ Expand Down @@