projects
/
civicrm-core.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
(security/core#67) Port APIv3's escaping scheme to APIv4
[civicrm-core.git]
/
Civi
/
Api4
/
Utils
/
FormattingUtil.php
diff --git
a/Civi/Api4/Utils/FormattingUtil.php
b/Civi/Api4/Utils/FormattingUtil.php
index b845ea66084389cb26e253535a068077ef29f7f8..f848f5ba2650969b28d0fa09cbcc564fd198db33 100644
(file)
--- a/
Civi/Api4/Utils/FormattingUtil.php
+++ b/
Civi/Api4/Utils/FormattingUtil.php
@@
-81,6
+81,8
@@
class FormattingUtil {
$params[$name] = 'null';
}
}
$params[$name] = 'null';
}
}
+
+ \CRM_Utils_API_HTMLInputCoder::singleton()->encodeRow($params);
}
/**
}
/**
@@
-127,6
+129,11
@@
class FormattingUtil {
$value = date('Ymd', strtotime($value));
break;
}
$value = date('Ymd', strtotime($value));
break;
}
+
+ $hic = \CRM_Utils_API_HTMLInputCoder::singleton();
+ if (!$hic->isSkippedField($fieldSpec['name'])) {
+ $value = $hic->encodeValue($value);
+ }
}
}
}
}