* list of field names */ public function getSkipFields() { if ($this->skipFields === NULL) { $this->skipFields = array( 'widget_code', 'html_message', 'body_html', 'msg_html', 'description', 'intro', 'thankyou_text', 'tf_thankyou_text', 'intro_text', 'page_text', 'body_text', 'footer_text', 'thankyou_footer', 'thankyou_footer_text', 'new_text', 'renewal_text', 'help_pre', 'help_post', 'confirm_title', 'confirm_text', 'confirm_footer_text', 'confirm_email_text', 'event_full_text', 'waitlist_text', 'approval_req_text', 'report_header', 'report_footer', 'cc_id', 'bcc_id', 'premiums_intro_text', 'honor_block_text', 'pay_later_text', 'pay_later_receipt', 'label', // This is needed for FROM Email Address configuration. dgg 'url', // This is needed for navigation items urls 'details', 'msg_text', // message templates’ text versions 'text_message', // (send an) email to contact’s and CiviMail’s text version 'data', // data i/p of persistent table 'sqlQuery', // CRM-6673 'pcp_title', 'pcp_intro_text', 'new', // The 'new' text in word replacements 'replyto_email', // e.g. '"Full Name" ' 'operator', ); } return $this->skipFields; } /** * going to filter the * submitted values across XSS vulnerability. * * @param array|string $values * @param bool $castToString * If TRUE, all scalars will be filtered (and therefore cast to strings). * If FALSE, then non-string values will be preserved */ public function encodeInput(&$values, $castToString = FALSE) { if (is_array($values)) { foreach ($values as &$value) { $this->encodeInput($value, TRUE); } } elseif ($castToString || is_string($values)) { $values = str_replace(array('<', '>'), array('<', '>'), $values); } } /** * @param array $values * @param bool $castToString */ public function decodeOutput(&$values, $castToString = FALSE) { if (is_array($values)) { foreach ($values as &$value) { $this->decodeOutput($value, TRUE); } } elseif ($castToString || is_string($values)) { $values = str_replace(array('<', '>'), array('<', '>'), $values); } } }