Harden JSONP callback filter

[osma]

Reasons for creating this PR

I noticed that the FILTER_UNSAFE_RAW input filter was still used once in the Controller, for processing the name of the JSONP callback method/function. As the name implies, this filter is unsafe by design. In PR #1385, other input filters were changed but not this one. I don't see why a stricter filter couldn't be used here, because JSONP callbacks are typically just alphanumeric function names, so this PR switches to FILTER_SANITIZE_FULL_SPECIAL_CHARS.

In practice, this is very unlikely to be exploitable at least in the normal JSONP usage scenario (which itself has gone out of fashion as applications have switched to CORS). The application constructing the JSONP URL already has full control of the JS environment, so being able to run arbitrary JS code via the callback method name doesn't add any new capabilities. But better safe than sorry, and maybe code scanning tools will be happier.

Link to relevant issue(s), if any

• follow-up fix to Add support for PHP 8.1 #1385

Description of the changes in this PR

• switch the input filter used for JSONP callback method names to FILTER_SANITIZE_FULL_SPECIAL_CHARS

Known problems or uncertainties in this PR

This needs to be adapted to Skosmos 3 as well and applied to the skosmos-3 branch.

Checklist

• phpUnit tests pass locally with my changes
• I have added tests that show that the new code works, or tests are not relevant for this PR (e.g. only HTML/CSS changes)
• The PR doesn't reduce accessibility of the front-end code (e.g. tab focus, scaling to different resolutions, use of .sr-only class, color contrast)
• The PR doesn't introduce unintended code changes (e.g. empty lines or useless reindentation)

[sonarcloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
1 Code Smell

No Coverage information
0.0% Duplication

[codecov]

Codecov Report

Attention: 1 lines in your changes are missing coverage. Please review.

Comparison is base (e9e5447) 70.20% compared to head (33ef7e8) 70.20%.

Files	Patch %	Lines
controller/RestController.php	0.00%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff            @@
##             master    #1553   +/-   ##
=========================================
  Coverage     70.20%   70.20%           
  Complexity     1664     1664           
=========================================
  Files            32       32           
  Lines          4293     4293           
=========================================
  Hits           3014     3014           
  Misses         1279     1279           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.