X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=CRM%2FCore%2FHTMLInputCoder.php;h=50cc79783222ee0db15ea736b706b66b2a880b08;hb=e63aff1ca2719cc1ec5c4fcbb24217940cbb265d;hp=e7de451b30dde2048208b5e1ce7954b25863a20f;hpb=a3f6b977640050235de1e96ff81258d797f25075;p=civicrm-core.git

diff --git a/CRM/Core/HTMLInputCoder.php b/CRM/Core/HTMLInputCoder.php
index e7de451b30..50cc797832 100644
--- a/CRM/Core/HTMLInputCoder.php
+++ b/CRM/Core/HTMLInputCoder.php
@@ -1,9 +1,9 @@
 <?php
 /*
  +--------------------------------------------------------------------+
- | CiviCRM version 4.3                                                |
+ | CiviCRM version 4.5                                                |
  +--------------------------------------------------------------------+
- | Copyright CiviCRM LLC (c) 2004-2013                                |
+ | Copyright CiviCRM LLC (c) 2004-2014                                |
  +--------------------------------------------------------------------+
  | This file is a part of CiviCRM.                                    |
  |                                                                    |
@@ -24,117 +24,14 @@
  | see the CiviCRM license FAQ at http://civicrm.org/licensing        |
  +--------------------------------------------------------------------+
 */
-
-/**
- * This class captures the encoding practices of CRM-5667 in a reusable
- * fashion.  In this design, all submitted values are partially HTML-encoded
- * before saving to the database.  If a DB reader needs to output in
- * non-HTML medium, then it should undo the partial HTML encoding.
- *
- * This class should be short-lived -- 4.3 should introduce an alternative
- * escaping scheme and consequently remove HTMLInputCoder.
- *
- * @package CRM
- * @copyright CiviCRM LLC (c) 2004-2013
- * $Id$
- *
- */
-
-require_once 'api/Wrapper.php';
-class CRM_Core_HTMLInputCoder implements API_Wrapper {
-  private static $skipFields = NULL;
-
-  /**
-   * @var CRM_Core_HTMLInputCoder
-   */
-  private static $_singleton = NULL;
-
-  /**
-   * @return CRM_Core_HTMLInputCoder
-   */
-  public static function singleton() {
-    if (self::$_singleton === NULL) {
-      self::$_singleton = new CRM_Core_HTMLInputCoder();
-    }
-    return self::$_singleton;
-  }
-
-  /**
-   * @return array<string> list of field names
-   */
-  public static function getSkipFields() {
-    if (self::$skipFields === NULL) {
-      self::$skipFields = array(
-        'widget_code',
-        'html_message',
-        'body_html',
-        'msg_html',
-        'description',
-        'intro',
-        'thankyou_text',
-        'tf_thankyou_text',
-        'intro_text',
-        'page_text',
-        'body_text',
-        'footer_text',
-        'thankyou_footer',
-        'thankyou_footer_text',
-        'new_text',
-        'renewal_text',
-        'help_pre',
-        'help_post',
-        'confirm_title',
-        'confirm_text',
-        'confirm_footer_text',
-        'confirm_email_text',
-        'event_full_text',
-        'waitlist_text',
-        'approval_req_text',
-        'report_header',
-        'report_footer',
-        'cc_id',
-        'bcc_id',
-        'premiums_intro_text',
-        'honor_block_text',
-        'pay_later_receipt',
-        'label', // This is needed for FROM Email Address configuration. dgg
-        'url',  // This is needed for navigation items urls
-        'details',
-        'msg_text', // message templatesâ text versions
-        'text_message', // (send an) email to contactâs and CiviMailâs text version
-        'data', // data i/p of persistent table
-        'sqlQuery', // CRM-6673
-        'pcp_title',
-        'pcp_intro_text',
-        'new', // The 'new' text in word replacements
-      );
-    }
-    return self::$skipFields;
-  }
+class CRM_Core_HTMLInputCoder {
 
   /**
    * @param string $fldName
    * @return bool TRUE if encoding should be skipped for this field
    */
   public static function isSkippedField($fldName) {
-    $skipFields = self::getSkipFields();
-
-    // Field should be skipped
-    if (in_array($fldName, $skipFields)) {
-      return TRUE;
-    }
-    // Field is multilingual and after cutting off _xx_YY should be skipped (CRM-7230)â¦
-    if ((preg_match('/_[a-z][a-z]_[A-Z][A-Z]$/', $fldName) && in_array(substr($fldName, 0, -6), $skipFields))) {
-      return TRUE;
-    }
-    // Field can take multiple entries, eg. fieldName[1], fieldName[2], etc.
-    // We remove the index and check again if the fieldName in the list of skipped fields.
-    $matches = array();
-    if (preg_match('/^(.*)\[\d+\]/', $fldName, $matches) && in_array($matches[1], $skipFields)) {
-      return TRUE;
-    }
-
-    return FALSE;
+    return CRM_Utils_API_HTMLInputCoder::singleton()->isSkippedField($fldName);
   }
 
   /**
@@ -146,71 +43,7 @@ class CRM_Core_HTMLInputCoder implements API_Wrapper {
    *    If FALSE, then non-string values will be preserved
    */
   public static function encodeInput(&$values, $castToString = TRUE) {
-    if (is_array($values)) {
-      foreach ($values as &$value) {
-        self::encodeInput($value);
-      }
-    } elseif ($castToString || is_string($values)) {
-      $values = str_replace(array('<', '>'), array('&lt;', '&gt;'), $values);
-    }
-  }
-
-  public static function decodeOutput(&$values, $castToString = TRUE) {
-    if (is_array($values)) {
-      foreach ($values as &$value) {
-        self::decodeOutput($value);
-      }
-    } elseif ($castToString || is_string($values)) {
-      $values = str_replace(array('&lt;', '&gt;'), array('<', '>'), $values);
-    }
-  }
-
-  /**
-   * {@inheritDoc}
-   */
-  public function fromApiInput($apiRequest) {
-    $lowerAction = strtolower($apiRequest['action']);
-    if ($apiRequest['version'] == 3 && in_array($lowerAction, array('get', 'create'))) {
-      // note: 'getsingle', 'replace', 'update', and chaining all build on top of 'get'/'create'
-      foreach ($apiRequest['params'] as $key => $value) {
-        // Don't apply escaping to API control parameters (e.g. 'api.foo' or 'options.foo')
-        // and don't apply to other skippable fields
-        if (!self::isApiControlField($key) && !self::isSkippedField($key)) {
-          self::encodeInput($apiRequest['params'][$key], FALSE);
-        }
-      }
-    } elseif ($apiRequest['version'] == 3 && $lowerAction == 'setvalue') {
-      if (isset($apiRequest['params']['field']) && isset($apiRequest['params']['value'])) {
-        if (!self::isSkippedField($apiRequest['params']['field'])) {
-          self::encodeInput($apiRequest['params']['value'], FALSE);
-        }
-      }
-    }
-    return $apiRequest;
+    return CRM_Utils_API_HTMLInputCoder::singleton()->encodeInput($values, $castToString);
   }
 
-  /**
-   * {@inheritDoc}
-   */
-  public function toApiOutput($apiRequest, $result) {
-    $lowerAction = strtolower($apiRequest['action']);
-    if ($apiRequest['version'] == 3 && in_array($lowerAction, array('get', 'create', 'setvalue'))) {
-      foreach ($result as $key => $value) {
-        // Don't apply escaping to API control parameters (e.g. 'api.foo' or 'options.foo')
-        // and don't apply to other skippable fields
-        if (!self::isApiControlField($key) && !self::isSkippedField($key)) {
-          self::decodeOutput($result[$key], FALSE);
-        }
-      }
-    }
-    // setvalue?
-    return $result;
-  }
-
-  /**
-   * @return bool
-   */
-  protected function isApiControlField($key) {
-    return (FALSE !== strpos($key, '.'));
-  }
 }
