removed invalid UTF-8 characters coming into repositories to sanitize malicious inputs

Lung · Lung · commit f8c8c4589612 · 2026-03-14T17:27:59.000+01:00
diff --git a/src/Orm/Repository.php b/src/Orm/Repository.php
@@ -133,6 +133,9 @@ protected function addConditions(Fluent $qb, array $criteria): void
                 $qb->where("$field = %i", $value);
             } elseif (is_float($value)) {
                 $qb->where("$field = %f", $value);
+            } elseif (is_string($value)) {
+                // remove invalid UTF-8 characters to sanitize malicious inputs
+                $qb->where("$field = %s", mb_convert_encoding($value, 'UTF-8', 'UTF-8'));
             } else {
                 $qb->where("$field = %s", $value);
             }
