Update: 2026-05-03 20:51:50

app/core/Security.php

@@ -9,12 +9,22 @@ namespace App\Core;
 
 final class Security
 {
-    public static function sanitize(string $data): string
+    /**
+     * Recursively sanitize input data (strings and arrays)
+     */
+    public static function sanitize($data)
     {
-        return htmlspecialchars(strip_tags(trim($data)));
+        if (is_array($data)) {
+            foreach ($data as $key => $value) {
+                $data[$key] = self::sanitize($value);
+            }
+        } else if (is_string($data)) {
+            $data = htmlspecialchars(strip_tags(trim($data)), ENT_QUOTES, 'UTF-8');
+        }
+        return $data;
     }
 
-    public static function generateRandomString(int $length = 32): string
+    public static function generateRandomString(int $length = 64): string
     {
         return bin2hex(random_bytes($length / 2));
     }