From 5a14f4bc1f25b1da9b20df0ea56a60e4422aea22 Mon Sep 17 00:00:00 2001
From: David Goodwin <david@codepoets.co.uk>
Date: Mon, 29 Aug 2022 08:35:54 +0100
Subject: [PATCH] this might be a more logical approach - only try and call
 htmlentities on things that are stringy or arrays

---
 model/PFASmarty.php | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/model/PFASmarty.php b/model/PFASmarty.php
index d17f0946..96e64c87 100644
--- a/model/PFASmarty.php
+++ b/model/PFASmarty.php
@@ -138,13 +138,14 @@ class PFASmarty
      * */
     public function sanitise($data)
     {
-        if (is_object($data) || is_null($data)) {
-            return $data; // can't handle
+        if (!is_array($data) && !is_string($data)) {
+            return $data; // bool, int, null, object etc - can't sanitise.
         }
 
-        if (!is_array($data)) {
+        if (is_string($data)) {
             return htmlentities($data, ENT_QUOTES, 'UTF-8', false);
         }
+
         $clean = array();
         foreach ($data as $key => $value) {
             /* as this is a nested data structure it's more likely we'll output the key too (at least in my opinion, so we'll sanitise it too */