From 978e670fd4f37fd9d0a1c3f92845bb0fd3ce267f Mon Sep 17 00:00:00 2001 From: ochorocho Date: Tue, 29 Aug 2023 10:05:45 +0200 Subject: [PATCH] [BUGFIX] Do not htmlspecialchar ampersand --- Classes/Interceptor/RemoveXSS.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Classes/Interceptor/RemoveXSS.php b/Classes/Interceptor/RemoveXSS.php index e6f6bc27..2b359ce7 100644 --- a/Classes/Interceptor/RemoveXSS.php +++ b/Classes/Interceptor/RemoveXSS.php @@ -118,7 +118,7 @@ public function sanitizeValues($values) if (!$isUTF8) { $value = utf8_encode($value); } - $value = htmlspecialchars($value, ENT_NOQUOTES | ENT_SUBSTITUTE | ENT_HTML401); + $value = str_replace('&', '&', htmlspecialchars($value, ENT_NOQUOTES | ENT_SUBSTITUTE | ENT_HTML401)); if (!$isUTF8) { $value = utf8_decode($value);