added htmlspecialchars to visible fields

2022-10-27 15:42:43 +02:00 · 2022-10-27 15:42:43 +02:00 · affe02ec04
parent b678720ebd
commit affe02ec04
1 changed files with 21 additions and 3 deletions
--- a/src/Repository/UserRepository.php
+++ b/src/Repository/UserRepository.php
@ -38,7 +38,13 @@ class UserRepository
            $statement->execute();
            while ($result = $statement->fetch(mode: PDO::FETCH_ASSOC)) {
-                $user = new User(nick: $result['nick'], password: $result['password'], first: $result['first'], last: $result['last'], id: $result['id'], isAdmin: $result['is_admin']);
+                $user = new User(
                    nick: htmlspecialchars(string: $result['nick']),
                    password: $result['password'],
                    first: htmlspecialchars(string: $result['first']),
                    last: htmlspecialchars(string: $result['last']),
                    id: $result['id'],
                    isAdmin: $result['is_admin']);
                $users[] = $user;
            }
            return $users;
@ -60,7 +66,13 @@ class UserRepository
            $statement->bindParam(param: ':id', var: $id);
            $statement->execute();
            if ($result = $statement->fetch(mode: PDO::FETCH_ASSOC)) {
-                return new User(nick: $result['nick'], password: $result['password'], first: $result['first'], last: $result['last'], id: $result['id'], isAdmin: $result['is_admin']);
+                return new User(
                    nick: htmlspecialchars(string: $result['nick']),
                    password: $result['password'],
                    first: htmlspecialchars(string: $result['first']),
                    last: htmlspecialchars(string: $result['last']),
                    id: $result['id'],
                    isAdmin: $result['is_admin']);
            } else {
                return null;
            }
@ -83,7 +95,13 @@ class UserRepository
            $statement->bindParam(param: ':nick', var: $nick);
            $statement->execute();
            if ($result = $statement->fetch(mode: PDO::FETCH_ASSOC)) {
-                return new User(nick: $result['nick'], password: $result['password'], first: $result['first'], last: $result['last'], id: $result['id'], isAdmin: $result['is_admin']);
+                return new User(
                    nick: htmlspecialchars(string: $result['nick']),
                    password: $result['password'],
                    first: htmlspecialchars(string: $result['first']),
                    last: htmlspecialchars(string: $result['last']),
                    id: $result['id'],
                    isAdmin: $result['is_admin']);
            } else {
                return null;
            }