From 8159cc99a64cfe563dccea6821348764fc40fb85 Mon Sep 17 00:00:00 2001
From: Frédéric Guillot <contact@fredericguillot.com>
Date: Mon, 24 Feb 2014 18:29:09 -0500
Subject: Improve HTML escaping

---
 lib/translator.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'lib')

diff --git a/lib/translator.php b/lib/translator.php
index d9d9a84a..75d40a23 100644
--- a/lib/translator.php
+++ b/lib/translator.php
@@ -11,6 +11,10 @@ namespace Translator {
         \array_shift($args);
         \array_unshift($args, get($identifier, $identifier));
 
+        foreach ($args as &$arg) {
+            $arg = htmlspecialchars($arg, ENT_QUOTES, 'UTF-8', false);
+        }
+
         return \call_user_func_array(
             'sprintf',
             $args
@@ -77,7 +81,6 @@ namespace Translator {
             foreach ($dir as $fileinfo) {
 
                 if (strpos($fileinfo->getFilename(), '.php') !== false) {
-
                     $locales = array_merge($locales, include $fileinfo->getPathname());
                 }
             }
@@ -91,7 +94,6 @@ namespace Translator {
         static $values = array();
 
         if ($locales !== null) {
-
             $values = $locales;
         }
 
-- 
cgit v1.2.3