<?php
function safehtml ($str) {
if (isset($GLOBALS['encoding'])) {
$encoding = $GLOBALS['encoding'];
} else {
$encoding = 'ISO-8859-1';
}
if (defined("ENT_XHTML")) {
$newstr = htmlentities($str, ENT_COMPAT | ENT_XHTML, $encoding); // FIND-PHP-IGNORE-LINE-P$
} else {
$newstr = htmlentities($str, ENT_COMPAT, $encoding); // FIND-PHP-IGNORE-LINE-PAUL
}
if (strlen($str) !== 0 && strlen($newstr) === 0) {
trigger_error('safehtml returned blank string. Input: "'.$str.'"');
}
return $newstr;
}
echo safehtml("'';!--\"<XSS>=&{()}");
?>
- Output for 4.3.2 - 4.3.11, 4.4.0 - 4.4.9, 5.0.0 - 5.0.5, 5.1.0 - 5.1.6, 5.2.0 - 5.2.17, 5.3.0 - 5.3.29, 5.4.0 - 5.4.45, 5.5.0 - 5.5.38, 5.6.0 - 5.6.40, 7.0.0 - 7.0.33, 7.1.0 - 7.1.33, 7.2.0 - 7.2.33, 7.3.0 - 7.3.33, 7.4.0 - 7.4.33, 8.0.0 - 8.0.30, 8.1.0 - 8.1.28, 8.2.0 - 8.2.18, 8.3.0 - 8.3.6
- '';!--"<XSS>=&{()}
- Output for 4.3.0 - 4.3.1
Process exited with code 139.
preferences:
282.88 ms | 401 KiB | 456 Q