Closed wxiaoguang closed 6 months ago
Hi @wisskid, is there any interest in this fix? 4.x also needs this fix IMO.
I think so. Can you clarify the actual error this causes?
The function: htmlspecialchars(string $string, ....)
, the first argument's type is string (PHP is more and more strict about typing)
But {$foo+$bar}
would result in non-string type:
$ php -r 'echo gettype( (string)1+2 );'
integer%
So, it needs to use htmlspecialchars((string) ({$output}),
to make sure the type is string:
$ php -r 'echo gettype( (string)(1+2) );'
string%
Fix #928
When setting
escape_html=true
, the following code:becomes:
The code:
(string) $a + $b
is not correct, it should be(string) ($a + $b)
.