<?php
/*
+--------------------------------------------------------------------+
- | CiviCRM version 4.6 |
+ | CiviCRM version 4.7 |
+--------------------------------------------------------------------+
- | Copyright CiviCRM LLC (c) 2004-2014 |
+ | Copyright CiviCRM LLC (c) 2004-2015 |
+--------------------------------------------------------------------+
| This file is a part of CiviCRM. |
| |
| GNU Affero General Public License or the licensing of CiviCRM, |
| see the CiviCRM license FAQ at http://civicrm.org/licensing |
+--------------------------------------------------------------------+
-*/
+ */
/**
* This class captures the encoding practices of CRM-5667 in a reusable
* escaping scheme and consequently remove HTMLInputCoder.
*
* @package CRM
- * @copyright CiviCRM LLC (c) 2004-2014
- * $Id$
- *
+ * @copyright CiviCRM LLC (c) 2004-2015
*/
-
class CRM_Utils_API_HTMLInputCoder extends CRM_Utils_API_AbstractFieldCoder {
private $skipFields = NULL;
'pay_later_text',
'pay_later_receipt',
'label', // This is needed for FROM Email Address configuration. dgg
- 'url', // This is needed for navigation items urls
+ 'url', // This is needed for navigation items urls
'details',
'msg_text', // message templates’ text versions
'text_message', // (send an) email to contact’s and CiviMail’s text version
}
/**
- * This function is going to filter the
+ * going to filter the
* submitted values across XSS vulnerability.
*
* @param array|string $values
- * @param bool $castToString If TRUE, all scalars will be filtered (and therefore cast to strings)
+ * @param bool $castToString
+ * If TRUE, all scalars will be filtered (and therefore cast to strings).
* If FALSE, then non-string values will be preserved
*/
public function encodeInput(&$values, $castToString = FALSE) {
foreach ($values as &$value) {
$this->encodeInput($value, TRUE);
}
- } elseif ($castToString || is_string($values)) {
+ }
+ elseif ($castToString || is_string($values)) {
$values = str_replace(array('<', '>'), array('<', '>'), $values);
}
}
/**
- * @param $values
+ * @param array $values
* @param bool $castToString
- *
- * @return mixed|void
*/
public function decodeOutput(&$values, $castToString = FALSE) {
if (is_array($values)) {
foreach ($values as &$value) {
$this->decodeOutput($value, TRUE);
}
- } elseif ($castToString || is_string($values)) {
+ }
+ elseif ($castToString || is_string($values)) {
$values = str_replace(array('<', '>'), array('<', '>'), $values);
}
}
+
}