Passed
Push — master ( c0a3a7...3b84a4 )
by Jeroen
58:51
created

views/default/input/userpicker/item.php (1 issue)

1
<?php
2
/**
3
 * User view in User Picker
4
 *
5
 * @package Elgg
6
 * @subpackage Core
7
 *
8
 * @uses $vars['entity'] User entity
9
 * @uses $vars['input_name'] Name of the returned data array
10
 */
11
12
/* @var ElggEntity $entity */
13
$entity = $vars['entity'];
14
$input_name = $vars['input_name'];
15
16
17
$icon = elgg_view_entity_icon($entity, 'tiny', ['use_hover' => false]);
18
19
$name = $entity->name;
20
if ($name == '') {
21
	$name = $entity->title;
22
}
23
24
?>
25
<li class="elgg-item" data-guid='<?php echo $entity->guid ?>'>
26
	<div class='elgg-image-block'>
27
		<div class='elgg-image'><?php echo $icon ?></div>
28
		<div class='elgg-image-alt'><?php echo elgg_view_icon('delete', 'elgg-user-picker-remove'); ?></div>
29
		<div class='elgg-body'><?php echo htmlspecialchars($name, ENT_QUOTES, 'UTF-8'); ?></div>
0 ignored issues
show
It seems like $name can also be of type array; however, parameter $string of htmlspecialchars() does only seem to accept string, maybe add an additional type check? ( Ignorable by Annotation )

If this is a false-positive, you can also ignore this issue in your code via the ignore-type  annotation

29
		<div class='elgg-body'><?php echo htmlspecialchars(/** @scrutinizer ignore-type */ $name, ENT_QUOTES, 'UTF-8'); ?></div>
Loading history...
30
	</div>
31
	<input type="hidden"
32
		   name="<?php echo htmlspecialchars($input_name, ENT_QUOTES, 'UTF-8'); ?>[]"
33
		   value="<?php echo $entity->guid ?>">
34
</li>
35