modif page, création d'un bloc

author: polo-pc-greta <ordipolo@gmx.fr> 2025-05-08 12:32:34 +0200
committer: polo-pc-greta <ordipolo@gmx.fr> 2025-05-08 12:32:34 +0200
commit: 28698982ff6dc67a331788c2637bce8689121769 (patch)
tree: 6df30593fdcdd2ead77dd894467e5031a31cfde9 /src/controller/Security.php
parent: 2d8ec75f4aaf3b93fd9f6758f8dcb4f1f9f03d0c (diff)
download: cms-28698982ff6dc67a331788c2637bce8689121769.tar.gz
cms-28698982ff6dc67a331788c2637bce8689121769.tar.bz2
cms-28698982ff6dc67a331788c2637bce8689121769.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/src/controller/Security.php b/src/controller/Security.php
index f9092e2..7d592e9 100644
--- a/src/controller/Security.php
+++ b/src/controller/Security.php
@@ -3,6 +3,8 @@
 //
 // htmlawed nettoie les entrées de l'utilisateur, en particulier le html de l'éditeur
+declare(strict_types=1);
 class Security
 {
        private static $configHtmLawed = array(
@@ -14,10 +16,10 @@ class Security
            // liste noire d'attributs HTML
            'deny_attribute'=> 'id, class' // on garde 'style'
        );
        // faire qu'un certain élément puisse n'avoir que certains attributs, regarder la doc
        private static $specHtmLawed = '';
+        // ATTENTION, n'applique pas htmlspecialchars() !!
        public static function secureString(string $chaine): string
        {
            return trim(htmLawed($chaine, self::$configHtmLawed, self::$specHtmLawed));;
author	polo-pc-greta <ordipolo@gmx.fr>	2025-05-08 12:32:34 +0200
committer	polo-pc-greta <ordipolo@gmx.fr>	2025-05-08 12:32:34 +0200
commit	28698982ff6dc67a331788c2637bce8689121769 (patch)
tree	6df30593fdcdd2ead77dd894467e5031a31cfde9 /src/controller/Security.php
parent	2d8ec75f4aaf3b93fd9f6758f8dcb4f1f9f03d0c (diff)
download	cms-28698982ff6dc67a331788c2637bce8689121769.tar.gz cms-28698982ff6dc67a331788c2637bce8689121769.tar.bz2 cms-28698982ff6dc67a331788c2637bce8689121769.zip