From f7b172a14c3fc8a391ed5a60aaaf77b98f38f2a0 Mon Sep 17 00:00:00 2001
From: Torsten Dittmann <torsten.dittmann@googlemail.com>
Date: Mon, 8 Jan 2024 13:33:39 +0100
Subject: [PATCH 1/4] feat: escape html in view params by default

---
 src/View.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/View.php b/src/View.php
index ef2796af..a947daf6 100755
--- a/src/View.php
+++ b/src/View.php
@@ -77,12 +77,16 @@ public function __construct(string $path = '')
      *
      * @throws Exception
      */
-    public function setParam(string $key, mixed $value): static
+    public function setParam(string $key, mixed $value, bool $escapeHtml = true): static
     {
         if (\strpos($key, '.') !== false) {
             throw new Exception('$key can\'t contain a dot "." character');
         }
 
+        if (is_string($value) && $escapeHtml) {
+            $value = htmlspecialchars($value, encoding: 'UTF-8');
+        }
+
         $this->params[$key] = $value;
 
         return $this;

From 5b62a82419fab611fa1c99f1243f15d3114d88d9 Mon Sep 17 00:00:00 2001
From: Torsten Dittmann <torsten.dittmann@googlemail.com>
Date: Mon, 8 Jan 2024 13:39:26 +0100
Subject: [PATCH 2/4] test: add tests for escaped html

---
 src/View.php       | 2 +-
 tests/ViewTest.php | 6 ++++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/View.php b/src/View.php
index a947daf6..55e80a67 100755
--- a/src/View.php
+++ b/src/View.php
@@ -84,7 +84,7 @@ public function setParam(string $key, mixed $value, bool $escapeHtml = true): st
         }
 
         if (is_string($value) && $escapeHtml) {
-            $value = htmlspecialchars($value, encoding: 'UTF-8');
+            $value = \htmlspecialchars($value, ENT_QUOTES, 'UTF-8');
         }
 
         $this->params[$key] = $value;
diff --git a/tests/ViewTest.php b/tests/ViewTest.php
index 9b18fb1e..e21131af 100755
--- a/tests/ViewTest.php
+++ b/tests/ViewTest.php
@@ -83,4 +83,10 @@ public function testCanFilterNewLinesToParagraphs()
     {
         $this->assertEquals('<p>line1</p><p>line2</p>', $this->view->print("line1\n\nline2", View::FILTER_NL2P));
     }
+
+    public function testCanSetParamWithEscapedHtml()
+    {
+        $this->view->setParam('key', '<html>value</html>');
+        $this->assertEquals('&lt;html&gt;value&lt;/html&gt;', $this->view->getParam('key', 'default'));
+    }
 }

From efd3871034194116e3173515e7155114c2b8c124 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Matej=20Ba=C4=8Do?= <matejbaco2000@gmail.com>
Date: Wed, 17 Jan 2024 16:40:07 +0000
Subject: [PATCH 3/4] Improve description of arrayList validator

---
 src/Validator/ArrayList.php       |  8 +++++++-
 tests/Validator/ArrayListTest.php | 11 +++++++++++
 2 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/src/Validator/ArrayList.php b/src/Validator/ArrayList.php
index 2c1ed1e1..2468aed0 100644
--- a/src/Validator/ArrayList.php
+++ b/src/Validator/ArrayList.php
@@ -44,7 +44,13 @@ public function __construct(Validator $validator, int $length = 0)
      */
     public function getDescription(): string
     {
-        return 'Value must a valid array and '.$this->validator->getDescription();
+        $msg = 'Value must a valid array';
+
+        if($this->length > 0) {
+            $msg .= ' no longer than ' . $this->length . ' items';
+        }
+
+        return $msg . ' and ' . $this->validator->getDescription();
     }
 
     /**
diff --git a/tests/Validator/ArrayListTest.php b/tests/Validator/ArrayListTest.php
index ceab7932..32e54b16 100755
--- a/tests/Validator/ArrayListTest.php
+++ b/tests/Validator/ArrayListTest.php
@@ -6,6 +6,17 @@
 
 class ArrayListTest extends TestCase
 {
+    public function testDescription(): void
+    {
+        $arrayList = new ArrayList(new Integer());
+        $this->assertFalse($arrayList->isValid(['text']));
+        $this->assertEquals('Value must a valid array and Value must be a valid integer', $arrayList->getDescription());
+
+        $arrayList = new ArrayList(new Integer(100), 3);
+        $this->assertFalse($arrayList->isValid(['a', 'b', 'c', 'd']));
+        $this->assertEquals('Value must a valid array no longer than 3 items and Value must be a valid integer', $arrayList->getDescription());
+    }
+
     public function testCanValidateTextValues(): void
     {
         $arrayList = new ArrayList(new Text(100));

From ed393d5babb8760ee0208bf4da122d2886ab67fd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Matej=20Ba=C4=8Do?= <matejbaco2000@gmail.com>
Date: Wed, 17 Jan 2024 16:45:36 +0000
Subject: [PATCH 4/4] Fix ci/cd

---
 tests/Validator/ArrayListTest.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/Validator/ArrayListTest.php b/tests/Validator/ArrayListTest.php
index 32e54b16..3f079152 100755
--- a/tests/Validator/ArrayListTest.php
+++ b/tests/Validator/ArrayListTest.php
@@ -12,7 +12,7 @@ public function testDescription(): void
         $this->assertFalse($arrayList->isValid(['text']));
         $this->assertEquals('Value must a valid array and Value must be a valid integer', $arrayList->getDescription());
 
-        $arrayList = new ArrayList(new Integer(100), 3);
+        $arrayList = new ArrayList(new Integer(), 3);
         $this->assertFalse($arrayList->isValid(['a', 'b', 'c', 'd']));
         $this->assertEquals('Value must a valid array no longer than 3 items and Value must be a valid integer', $arrayList->getDescription());
     }