Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: bump to laminas-escaper v2.15 #9333

Merged
merged 1 commit into from
Dec 21, 2024
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
31 changes: 14 additions & 17 deletions system/ThirdParty/Escaper/Escaper.php
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,8 @@

/**
* Context specific methods for use in secure output escaping
*
* @final
*/
class Escaper
{
Expand All @@ -49,7 +51,7 @@ class Escaper
* Current encoding for escaping. If not UTF-8, we convert strings from this encoding
* pre-escaping and back to this encoding post-escaping.
*
* @var string
* @var non-empty-string
*/
protected $encoding = 'utf-8';

Expand Down Expand Up @@ -88,7 +90,7 @@ class Escaper
/**
* List of all encoding supported by this class
*
* @var array
* @var list<non-empty-string>
*/
protected $supportedEncodings = [
'iso-8859-1',
Expand Down Expand Up @@ -131,6 +133,7 @@ class Escaper
* Constructor: Single parameter allows setting of global encoding for use by
* the current object.
*
* @param non-empty-string|null $encoding
* @throws Exception\InvalidArgumentException
*/
public function __construct(?string $encoding = null)
Expand Down Expand Up @@ -159,25 +162,19 @@ public function __construct(?string $encoding = null)
// set matcher callbacks
$this->htmlAttrMatcher =
/** @param array<array-key, string> $matches */
function (array $matches): string {
return $this->htmlAttrMatcher($matches);
};
fn(array $matches): string => $this->htmlAttrMatcher($matches);
$this->jsMatcher =
/** @param array<array-key, string> $matches */
function (array $matches): string {
return $this->jsMatcher($matches);
};
fn(array $matches): string => $this->jsMatcher($matches);
$this->cssMatcher =
/** @param array<array-key, string> $matches */
function (array $matches): string {
return $this->cssMatcher($matches);
};
fn(array $matches): string => $this->cssMatcher($matches);
}

/**
* Return the encoding that all output/input is expected to be encoded in.
*
* @return string
* @return non-empty-string
*/
public function getEncoding()
{
Expand All @@ -188,7 +185,7 @@ public function getEncoding()
* Escape a string for the HTML Body context where there are very few characters
* of special meaning. Internally this will use htmlspecialchars().
*
* @return string
* @return ($string is non-empty-string ? non-empty-string : string)
*/
public function escapeHtml(string $string)
{
Expand All @@ -200,7 +197,7 @@ public function escapeHtml(string $string)
* to escape that are not covered by htmlspecialchars() to cover cases where an attribute
* might be unquoted or quoted illegally (e.g. backticks are valid quotes for IE).
*
* @return string
* @return ($string is non-empty-string ? non-empty-string : string)
*/
public function escapeHtmlAttr(string $string)
{
Expand All @@ -222,7 +219,7 @@ public function escapeHtmlAttr(string $string)
* Backslash escaping is not used as it still leaves the escaped character as-is and so
* is not useful in a HTML context.
*
* @return string
* @return ($string is non-empty-string ? non-empty-string : string)
*/
public function escapeJs(string $string)
{
Expand All @@ -240,7 +237,7 @@ public function escapeJs(string $string)
* an entire URI - only a subcomponent being inserted. The function is a simple proxy
* to rawurlencode() which now implements RFC 3986 since PHP 5.3 completely.
*
* @return string
* @return ($string is non-empty-string ? non-empty-string : string)
*/
public function escapeUrl(string $string)
{
Expand All @@ -251,7 +248,7 @@ public function escapeUrl(string $string)
* Escape a string for the CSS context. CSS escaping can be applied to any string being
* inserted into CSS and escapes everything except alphanumerics.
*
* @return string
* @return ($string is non-empty-string ? non-empty-string : string)
*/
public function escapeCss(string $string)
{
Expand Down
Loading