use FilterInterface::prepare() to escape things

Actually, looking at version 7 of this module, this is how it should have been all along since D8, and it's probably broken because of this.

D7 code has this:

    'prepare callback' => '_codefilter_prepare',
    'process callback' => '_codefilter_process',

where the prepare callback is:

> prepare callback: The name of a function that escapes the content before the actual filtering happens. See callback_filter_prepare() for details.

So all this code:

function _codefilter_prepare($text, $format) {
  $callback_prefix = $format->settings['codefilter_prism'] ? '_codefilter_prism' : '_codefilter';
  $text = preg_replace_callback('@<code([^>]*)>(.+?)

@s', "{$callback_prefix}_escape_code_tag_callback", $text);
$text = preg_replace_callback('@[\[<](\?php)(.+?)(\?)[\]>]@s', "{$callback_prefix}_escape_php_tag_callback", $text);
return $text;
}

Should be in prepare().

And all the code and comments that currently escape things only to un-escape them a few lines later will make more sense, because at the moment they seem pointless!!!

At least on D10, CodeFilter extends FilterBase and FilterBase::prepare() simply returns its text argument without any processing.

Yup.

Working on this now -- this was a mistake made when converting the hook code to a plugin. Fixing this fixes various problems.

Automatically closed - issue fixed for 2 weeks with no activity.