From e2bf66d0658ae7d7bb253083b73d5769c117746a Mon Sep 17 00:00:00 2001 From: David King Date: Sun, 18 Nov 2012 15:58:47 -0500 Subject: [PATCH] [feature/controller] Add documentation about input being HTML-escaped PHPBB3-10864 --- phpBB/includes/functions.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 820d96c9aa..cdc05ca649 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -5436,6 +5436,9 @@ function phpbb_to_numeric($input) /** * Create a Symfony Request object from a given URI and phpbb_request object * +* Note that everything passed into the Request object has already been HTML +* escaped by the phpbb_request object. +* * @param string $uri Request URI * @param phpbb_request $request Request object * @return Request A Symfony Request object