diff options
| author | fwenzel@mozilla.com <fwenzel@mozilla.com@4eb1ac78-321c-0410-a911-ec516a8615a5> | 2008-01-22 16:57:21 (GMT) |
|---|---|---|
| committer | fwenzel@mozilla.com <fwenzel@mozilla.com@4eb1ac78-321c-0410-a911-ec516a8615a5> | 2008-01-22 16:57:21 (GMT) |
| commit | 592fc685d01b35892db8068554e320b07e6b0500 (patch) | |
| tree | c20e3033b59e8e4a1f6460c44b5cf59b9484ff22 /site/app/app_controller.php | |
| parent | 86d2bfb3bfb9e4b300d1b4f609604c08fd280cd8 (diff) | |
fixing data sanitization for UTF-8 characters: bug 412580, r=laura
git-svn-id: http://svn.mozilla.org/addons/trunk@9724 4eb1ac78-321c-0410-a911-ec516a8615a5
Diffstat (limited to 'site/app/app_controller.php')
| -rw-r--r-- | site/app/app_controller.php | 18 |
1 files changed, 11 insertions, 7 deletions
diff --git a/site/app/app_controller.php b/site/app/app_controller.php index 325605e..ab4130e 100644 --- a/site/app/app_controller.php +++ b/site/app/app_controller.php @@ -54,6 +54,11 @@ class AppController extends Controller * @var string 'high' or 'low' */ var $securityLevel = 'high'; + + /** + * array keys not to be sanitized when using publish() + */ + var $dontsanitize = array('locale','locale_html', 'created', 'modified', 'datestatuschanged'); function __construct() { parent::__construct(); @@ -246,11 +251,8 @@ class AppController extends Controller * @return void */ function publish($viewvar, $value, $sanitizeme = true) { - if ($sanitizeme) { - uses('Sanitize'); - if (!isset($this->Sanitize)) $this->Sanitize = new Sanitize(); + if ($sanitizeme) $this->_sanitizeArray($value); - } $this->set($viewvar, $value); } @@ -262,6 +264,8 @@ class AppController extends Controller * @return void */ function _sanitizeArray(&$data, $cleankeys = true) { + global $sanitize_patterns; + if (is_array($data)) { if (empty($data)) return; // prevents removal of empty arrays // recurse through the array to get all values @@ -270,7 +274,7 @@ class AppController extends Controller // a better way of excluding fields from being sanitized. This // particular array keeps the translations locale strings from // becoming entities - if (!in_array($key, array('locale','locale_html'), true)) { + if (!in_array($key, $this->dontsanitize, true)) { $this->_sanitizeArray($data[$key]); } } @@ -284,8 +288,8 @@ class AppController extends Controller } elseif (is_string($data)) { // encode the string - if (!empty($data) && (-1 === strtotime($data) || false === strtotime($data))) - $data = $this->Sanitize->html($data); + if (!empty($data)) + $data = preg_replace($sanitize_patterns['patterns'], $sanitize_patterns['replacements'], $data); } // otherwise, we don't do anything (with ints or null etc.). } |