From 9dc9453ba76ce49737d8a1d44049e49e522d875b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=B8nstantine=20Kovalensky?=
 <45331093+kovalensky@users.noreply.github.com>
Date: Fri, 27 Oct 2023 13:01:43 +0400
Subject: [PATCH] Escape HTML characters for peer_id once to avoid load (#1002)

---
 bt/announce.php                | 2 +-
 library/includes/functions.php | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/bt/announce.php b/bt/announce.php
index a17957531..cec592bb1 100644
--- a/bt/announce.php
+++ b/bt/announce.php
@@ -70,7 +70,7 @@ if (!isset($info_hash)) {
 $info_hash_hex = bin2hex($info_hash);
 
 // Store peer id
-$peer_id_sql = rtrim(DB()->escape(substr($peer_id, 0, 10)), ' ');
+$peer_id_sql = rtrim(DB()->escape(htmlspecialchars($peer_id, ENT_QUOTES, 'UTF-8', false)), ' ');
 
 // Check info_hash version
 if (strlen($info_hash) === 32) {
diff --git a/library/includes/functions.php b/library/includes/functions.php
index f73462a53..a90fd7fd5 100644
--- a/library/includes/functions.php
+++ b/library/includes/functions.php
@@ -1223,7 +1223,7 @@ function get_user_torrent_client(string $peer_id): mixed
     ];
 
     $bestMatchLength = 0;
-    $peer_id = htmlCHR($peer_id);
+
     foreach ($clients as $key => $clientName) {
         if (str_starts_with($peer_id, $key) !== false && strlen($key) > $bestMatchLength) {
             $bestMatch = $clientName;