Use var_export() instead of check_plain() when exporting to PHP

Created on 14 October 2017, over 7 years ago
Updated 1 June 2024, 11 months ago

In field_group_field_group_to_hook_code(), check_plain() is used to "sanitize" strings for PHP.
It would be better / more robust to use var_export() instead.

The check_plain() is in safe, because every single quote is replaced with "'".
It also does not usually mess up the string, because it is only used for group machine names.

However, check_plain(), which uses htmlspecialchars(), is designed for HTML, not for PHP code generation.
Better to use var_export().

📌 Task
Status

Closed: won't fix

Version

1.0

Component

Miscellaneous

Created by

🇩🇪Germany donquixote

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Production build 0.71.5 2024