diff options
| author | fwenzel@mozilla.com <fwenzel@mozilla.com@4eb1ac78-321c-0410-a911-ec516a8615a5> | 2007-03-15 22:33:54 (GMT) |
|---|---|---|
| committer | fwenzel@mozilla.com <fwenzel@mozilla.com@4eb1ac78-321c-0410-a911-ec516a8615a5> | 2007-03-15 22:33:54 (GMT) |
| commit | 2037d8760820b0c4bb26822fcb84baefac2ba6ad (patch) | |
| tree | 11f0bf597ad6d6a8c24ea6f593b88fd737cff638 /site/app/app_controller.php | |
| parent | 2e3131660eb45cc9800a2cce9fdb0a1b51d32fdc (diff) | |
introducing publish() function to wrap cake's set() and encode html entities (opt-out) when they are passed to the view. This should fix bugs 374055 and bug 374057 specifically but also reduce the risk of similar encoding issues in other places.
git-svn-id: http://svn.mozilla.org/addons/trunk@2668 4eb1ac78-321c-0410-a911-ec516a8615a5
Diffstat (limited to 'site/app/app_controller.php')
| -rw-r--r-- | site/app/app_controller.php | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/site/app/app_controller.php b/site/app/app_controller.php index a062e56..cfee05e 100644 --- a/site/app/app_controller.php +++ b/site/app/app_controller.php @@ -219,5 +219,50 @@ class AppController extends Controller header('Last-modified: ' . gmdate("D, j M Y H:i:s", time()) . " GMT"); header('Expires: ' . gmdate("D, j M Y H:i:s", time() + HOUR) . " GMT"); } + + /** + * set() replacement that automatically santitzes (html-encodes) data + * and passes it to the view, to avoid repetitive and error-prone manual + * data sanitization in the view or controllers. + * + * @param string viewvar Variable name to be made available in the view + * @param mixed array or string data to be assigned to the variable name + * @param bool sanitizeme do data sanitization on the value before setting it? + * @return void + */ + function publish($viewvar, $value, $sanitizeme = true) { + if ($sanitizeme) { + $this->_sanitizeArray($value); + } + $this->set($viewvar, $value); + } + + /** + * html-encode an array, recursively + * + * @param mixed the data array (or string) to be html-encoded (by reference) + * @param bool clean the array keys as well? + * @return void + */ + function _sanitizeArray(&$data, $cleankeys = true) { + if (is_array($data)) { + // recurse through the array to get all values + foreach ($data as $key => $value) { + $this->_sanitizeArray($data[$key]); + } + + // change the keys if necessary + if ($cleankeys) { + $keys = array_keys($data); + $this->_sanitizeArray($keys, false); + $data = array_combine($keys, array_values($data)); + } + + } elseif (is_string($data)) { + // encode the string + $data = htmlentities($data, ENT_QUOTES, 'UTF-8'); + } + // otherwise, we don't do anything (with ints or null etc.). + } } ?> |