move Latin1 -> UTF8 logic to a single function in base.inc
standardize and ensure proper command escaping
2 is the big one here and touches all of the action files. It ensures that all arguments originating from the user (via upload filename or page POST) are properly escaped.
In adjusting this I fixed the handling of jeebies for non-English languages in pptext. The code implied that jeebies should not be used with pptext if at least one of the languages wasn't English, but that part was not properly enforced -- it is now.
asylumcs
commented
3 years ago
This has two commits:
base.inc2 is the big one here and touches all of the action files. It ensures that all arguments originating from the user (via upload filename or page POST) are properly escaped.
In adjusting this I fixed the handling of jeebies for non-English languages in pptext. The code implied that jeebies should not be used with pptext if at least one of the languages wasn't English, but that part was not properly enforced -- it is now.
Testable in the better-command-escaping sandbox.