FriendsOfREDAXO
diff --git a/‎classes/rex-article.html‎
Lines changed: 54 additions & 38 deletions b/‎classes/rex-article.html‎
Lines changed: 54 additions & 38 deletions
diff --git a/‎classes/rex-category.html‎
Lines changed: 50 additions & 34 deletions b/‎classes/rex-category.html‎
Lines changed: 50 additions & 34 deletions
diff --git a/‎classes/rex-structure-element.html‎
Lines changed: 72 additions & 40 deletions b/‎classes/rex-structure-element.html‎
Lines changed: 72 additions & 40 deletions
diff --git a/‎files/redaxo-main/redaxo/src/addons/mediapool/lib/service_media.php.txt‎
Lines changed: 2 additions & 9 deletions b/‎files/redaxo-main/redaxo/src/addons/mediapool/lib/service_media.php.txt‎
Lines changed: 2 additions & 9 deletions
diff --git a/‎files/redaxo-main/redaxo/src/addons/structure/lib/structure_element.php.txt‎
Lines changed: 2 additions & 1 deletion b/‎files/redaxo-main/redaxo/src/addons/structure/lib/structure_element.php.txt‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎files/redaxo-main/redaxo/src/addons/structure/plugins/content/pages/content.php.txt‎
Lines changed: 1 addition & 1 deletion b/‎files/redaxo-main/redaxo/src/addons/structure/plugins/content/pages/content.php.txt‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎files/redaxo-main/redaxo/src/core/boot.php.txt‎
Lines changed: 1 addition & 1 deletion b/‎files/redaxo-main/redaxo/src/core/boot.php.txt‎
Lines changed: 1 addition & 1 deletion
@@ -1,6 +1,6 @@
 <?php
 
-use voku\helper\AntiXSS;
+use enshrined\svgSanitize\Sanitizer;
 
 /**
  * @package redaxo\mediapool
@@ -389,14 +389,7 @@ final class rex_media_service
 
         $content = rex_type::notNull(rex_file::get($path));
 
-        $antiXss = new AntiXSS();
-        $antiXss->removeNeverAllowedRegex(['&lt;!--', '&lt;!--$1--&gt;']);
-        $antiXss->removeEvilAttributes(['style', 'xlink:href']);
-        $antiXss->removeEvilHtmlTags(['style', 'svg', 'title']);
-
-        $content = $antiXss->xss_clean($content);
-        $content = preg_replace('/^\s*&lt;\?xml(.*?)\?&gt;/', '<?xml$1?>', $content);
-        $content = preg_replace('/&lt;!DOCTYPE(.*?)>/', '<!DOCTYPE$1>', $content);
+        $content = (new Sanitizer())->sanitize($content);
 
         rex_file::put($path, $content);
     }
 
@@ -80,8 +80,8 @@ abstract class rex_structure_element
      * Returns Object Value.
      *
      * @param string $value
-     *
      * @return string|int|null
+     * @psalm-taint-source input
      */
     public function getValue($value)
     {
@@ -334,6 +334,7 @@ abstract class rex_structure_element
      * Returns the name of the article.
      *
      * @return string
+     * @psalm-taint-source input
      */
     public function getName()
     {
 
@@ -72,7 +72,7 @@ $context = new rex_context([
 ]);
 
 // ----- Titel anzeigen
-echo rex_view::title(rex_i18n::msg('content') . ': ' . $OOArt->getName(), '');
+echo rex_view::title(rex_i18n::msg('content') . ': ' . rex_escape($OOArt->getName()), '');
 
 // ----- Languages
 echo rex_view::clangSwitchAsButtons($context);
 
@@ -92,7 +92,7 @@ require_once rex_path::core('functions/function_rex_globals.php');
 require_once rex_path::core('functions/function_rex_other.php');
 
 // ----------------- VERSION
-rex::setProperty('version', '5.18.1');
+rex::setProperty('version', '5.18.2');
 
 $cacheFile = rex_path::coreCache('config.yml.cache');
 $configFile = rex_path::coreData('config.yml');
Original file line number	Diff line number	Diff line change
`@@ -80,8 +80,8 @@ abstract class rex_structure_element`
`80`	`80`	`* Returns Object Value.`
`81`	`81`	`*`
`82`	`82`	`* @param string $value`
`83`		`- *`
`84`	`83`	`* @return string\|int\|null`
	`84`	`+ * @psalm-taint-source input`
`85`	`85`	`*/`
`86`	`86`	`public function getValue($value)`
`87`	`87`	`{`
`@@ -334,6 +334,7 @@ abstract class rex_structure_element`
`334`	`334`	`* Returns the name of the article.`
`335`	`335`	`*`
`336`	`336`	`* @return string`
	`337`	`+ * @psalm-taint-source input`
`337`	`338`	`*/`
`338`	`339`	`public function getName()`
`339`	`340`	`{`