* list of field names */ public function getSkipFields() { if ($this->skipFields === NULL) { $this->skipFields = [ 'widget_code', 'html_message', 'body_html', 'msg_html', 'description', 'intro', 'thankyou_text', 'tf_thankyou_text', 'intro_text', 'page_text', 'body_text', 'footer_text', 'thankyou_footer', 'thankyou_footer_text', 'new_text', 'renewal_text', 'help_pre', 'help_post', 'confirm_title', 'confirm_text', 'confirm_footer_text', 'confirm_email_text', 'event_full_text', 'waitlist_text', 'approval_req_text', 'report_header', 'report_footer', 'cc_id', 'bcc_id', 'premiums_intro_text', 'honor_block_text', 'pay_later_text', 'pay_later_receipt', // This is needed for FROM Email Address configuration. dgg 'label', // This is needed for navigation items urls 'url', 'details', // message templates’ text versions 'msg_text', // (send an) email to contact’s and CiviMail’s text version 'text_message', // data i/p of persistent table 'data', // CRM-6673 'sqlQuery', 'pcp_title', 'pcp_intro_text', // The 'new' text in word replacements 'new', // e.g. '"Full Name" ' 'replyto_email', 'operator', // CRM-20468 'content', // CiviCampaign Goal Details 'goal_general', ]; $custom = CRM_Core_DAO::executeQuery('SELECT id FROM civicrm_custom_field WHERE html_type = "RichTextEditor"'); while ($custom->fetch()) { $this->skipFields[] = 'custom_' . $custom->id; } } return $this->skipFields; } /** * going to filter the * submitted values across XSS vulnerability. * * @param array|string $values * @param bool $castToString * If TRUE, all scalars will be filtered (and therefore cast to strings). * If FALSE, then non-string values will be preserved */ public function encodeInput(&$values, $castToString = FALSE) { if (is_array($values)) { foreach ($values as &$value) { $this->encodeInput($value, TRUE); } } elseif ($castToString || is_string($values)) { $values = str_replace(['<', '>'], ['<', '>'], $values); } } /** * @param array $values * @param bool $castToString */ public function decodeOutput(&$values, $castToString = FALSE) { if (is_array($values)) { foreach ($values as &$value) { $this->decodeOutput($value, TRUE); } } elseif ($castToString || is_string($values)) { $values = str_replace(['<', '>'], ['<', '>'], $values); } } }