The `htmlspecialchars()` function is used to escape arbitrary text strings for display.
Original the default for the `$flags` parameter of that function in PHP was `ENT_COMPAT`, which translates to "convert double quotes to `"` and leave single quotes alone".
As of PHP 8.1, the default value for the `$flags` parameter has been made more robust and was changed to `ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML401`, which translates to "convert both double and single quotes, replace invalid code unit sequences with a Unicode Replacement Character and treat code as HTML 4.01".
For code to provide the same/predictable output cross-version PHP, the `$flags` parameter should be explicitly set and what with the new default value being the more robust one, this commit adds that value for `$flags` in all instances of function calls to `htmlspecialchars()`.
Once the application minimum PHP version is PHP 8.1 or higher, the parameter can be removed again (as the value will then be the same as the default parameter value).
Ref: https://www.php.net/manual/en/function.htmlspecialchars.php
* PHPCS: rename config file
... to `phpcs.xml.dist` to allow devs to locally overload the file by using a `.phpcs.xml` or `phpcs.xml` file, to, for instance, test out some new rules.
Includes:
* Adding the local overload files to `.gitignore`.
* Adding the standard config file to `.gitattributes`.
* PHPCS: scan missing file
The `get_oauth_token.php` file in the project root seems to have been overlooked when configuring the PHPCS ruleset.
Fixed now by adding it to the file to be scanned.
Includes minor fixes to make the file comply with the configured standard.
* CS: fix two files
Two minor CS fixes.
* PHPCS: miscellaneous changes
* Don't fix the PHPCS/external standards version restraints.
* Add the PHPCS cache file to `.gitignore`.
* Removing the no longer existent `.php_cs` file from `.gitattributes`.
Co-authored-by: jrfnl <jrfnl@users.noreply.github.com>
jrfnl
Marcus Bointon
Jesper Skytte
rx80
Steve
Juliette
sherryl4george
François B