Fix quotes in html decode entities uses

Author: iMattPro

controller/manifest.php

@@ -15,6 +15,7 @@
 use phpbb\language\language;
 use phpbb\path_helper;
 use phpbb\user;
+use phpbb\webpushnotifications\ext;
 use Symfony\Component\HttpFoundation\JsonResponse;
 use Symfony\Component\HttpFoundation\Response;
 
@@ -64,8 +65,8 @@ public function handle(): JsonResponse
 		$board_url = generate_board_url();
 
 		// Emoji fixer-uppers
-		$sitename = html_entity_decode($this->config['sitename'], ENT_QUOTES, 'UTF-8');
-		$pwa_short_name = html_entity_decode($this->config['pwa_short_name'], ENT_QUOTES, 'UTF-8');
+		$sitename = ext::decode_entities($this->config['sitename'], ENT_QUOTES);
+		$pwa_short_name = ext::decode_entities($this->config['pwa_short_name'], ENT_QUOTES);
 
 		$manifest = [
 			'name'			=> $sitename,

event/listener.php

@@ -17,6 +17,7 @@
 use phpbb\notification\manager;
 use phpbb\template\template;
 use phpbb\user;
+use phpbb\webpushnotifications\ext;
 use phpbb\webpushnotifications\form\form_helper;
 use Symfony\Component\EventDispatcher\EventSubscriberInterface;
 
@@ -210,7 +211,7 @@ public function pwa_icon_name($value, $key)
 	 */
 	public function pwa_short_sitename($value, $key)
 	{
-		$placeholder = $this->trim_shortname($this->decode_entities($this->config['sitename']));
+		$placeholder = $this->trim_shortname(ext::decode_entities($this->config['sitename']));
 
 		return '<input id="' . $key . '" type="text" size="40" maxlength="12" name="config[' . $key . ']" value="' . $value . '" placeholder="' . $placeholder . '">';
 	}
@@ -242,7 +243,7 @@ public function validate_pwa_options($event)
 					return;
 				}
 
-				$short_name = $this->decode_entities($event['cfg_array']['pwa_short_name']);
+				$short_name = ext::decode_entities($event['cfg_array']['pwa_short_name'], ENT_QUOTES);
 
 				// Do not allow strings longer than 12 characters
 				if (utf8_strlen($short_name) > 12)
@@ -367,15 +368,4 @@ protected function trim_shortname($name)
 	{
 		return utf8_substr($name, 0, 12);
 	}
-
-	/**
-	 * Decode entities, used primarily to fix emoji for display
-	 *
-	 * @param $text
-	 * @return string Decoded string
-	 */
-	protected function decode_entities($text)
-	{
-		return html_entity_decode($text, ENT_QUOTES, 'UTF-8');
-	}
 }

ext.php

@@ -124,4 +124,17 @@ protected function result()
 
 		return false;
 	}
+
+	/**
+	 * Decode entities, used primarily to fix emoji for display
+	 *
+	 * @param string $text
+	 * @param int $flags Uses ENT_NOQUOTES to leave single and double quotes encoded by default
+	 * @param string $encoding
+	 * @return string Decoded string
+	 */
+	public static function decode_entities($text, $flags = ENT_NOQUOTES, $encoding = 'UTF-8')
+	{
+		return html_entity_decode($text, $flags, $encoding);
+	}
 }

ucp/controller/webpush.php

@@ -16,6 +16,7 @@
 use phpbb\exception\http_exception;
 use phpbb\language\language;
 use phpbb\notification\manager;
+use phpbb\webpushnotifications\ext;
 use phpbb\webpushnotifications\form\form_helper;
 use phpbb\webpushnotifications\json\sanitizer as json_sanitizer;
 use phpbb\path_helper;
@@ -240,8 +241,8 @@ private function get_notification_data(string $notification_data): string
 
 		return json_encode([
 			'heading'	=> $this->config['sitename'],
-			'title'		=> strip_tags(html_entity_decode($notification->get_title(), ENT_NOQUOTES, 'UTF-8')),
-			'text'		=> strip_tags(html_entity_decode($notification->get_reference(), ENT_NOQUOTES, 'UTF-8')),
+			'title'		=> strip_tags(ext::decode_entities($notification->get_title())),
+			'text'		=> strip_tags(ext::decode_entities($notification->get_reference())),
 			'url'		=> htmlspecialchars_decode($notification->get_url()),
 			'avatar'	=> $this->prepare_avatar($notification->get_avatar()),
 		]);