From b509090530253dafdb5b40a8928afa7a3c6283c5 Mon Sep 17 00:00:00 2001
From: wrongecho <marcus@itflow.org>
Date: Sat, 21 Sep 2024 11:07:53 +0100
Subject: [PATCH] Detect and convert non-UTF8 encoding as part of input
 sanitization

---
 functions.php | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/functions.php b/functions.php
index 909a71c1b..190c1f65a 100644
--- a/functions.php
+++ b/functions.php
@@ -733,6 +733,14 @@ function sanitizeInput($input)
 {
     global $mysqli;
 
+    // Detect encoding
+    $encoding = mb_detect_encoding($input, ['UTF-8', 'ISO-8859-1', 'Windows-1252', 'ISO-8859-15'], true);
+
+    // If not UTF-8, convert to UTF8 (primarily Windows-1252 is problematic)
+    if ($encoding !== 'UTF-8') {
+        $input = mb_convert_encoding($input, 'UTF-8', $encoding);
+    }
+
     // Remove HTML and PHP tags
     $input = strip_tags((string) $input);