diff --git a/CHANGELOG.md b/CHANGELOG.md index efa525eb1aa..7bf9ce4eef3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,7 @@ - Fixed a bug where `craft\helpers\DateTimeHelper::toDateInterval()` didn’t support negative integers. ([#13463](https://github.com/craftcms/cms/pull/13463)) - Fixed a bug where admin tables were initially displaying an empty results message rather than a loading spinner, when the initial data was loading via Ajax. ([#13459](https://github.com/craftcms/cms/issues/13459)) - Fixed a bug where garbage collection could terminate prematurely if an exception was thrown when deleting a pending user. ([#13490](https://github.com/craftcms/cms/issues/13490)) +- Fixed an error that occurred if the `purify` Twig filter was applied to a `null` value. ([#13495](https://github.com/craftcms/cms/issues/13495)) - Fixed an information disclosure vulnerability. ## 4.4.16.1 - 2023-07-19 diff --git a/src/web/twig/Extension.php b/src/web/twig/Extension.php index e55bafdf6ff..19d1953e8eb 100644 --- a/src/web/twig/Extension.php +++ b/src/web/twig/Extension.php @@ -801,14 +801,18 @@ public function prependFilter(string $tag, string $html, ?string $ifExists = nul /** * Purifies the given HTML using HTML Purifier. * - * @param string $html The HTML to be purified + * @param string|null $html The HTML to be purified * @param string|array|null $config The HTML Purifier config. This can either be the name of a JSON file within * `config/htmlpurifier/` (sans `.json` extension) or a config array. - * @return string The purified HTML + * @return string|null The purified HTML * @since 3.4.0 */ - public function purifyFilter(string $html, array|string|null $config = null): string + public function purifyFilter(?string $html, array|string|null $config = null): ?string { + if ($html === null) { + return null; + } + if (is_string($config)) { $path = Craft::$app->getPath()->getConfigPath() . DIRECTORY_SEPARATOR . 'htmlpurifier' . DIRECTORY_SEPARATOR . $config . '.json';