diff options
| author | Benaka Moorthi <benaka.moorthi@gmail.com> | 2013-05-27 00:53:18 +0400 |
|---|---|---|
| committer | Benaka Moorthi <benaka.moorthi@gmail.com> | 2013-05-27 00:53:18 +0400 |
| commit | 367a411520fef0f3e7388919b8157670d549145e (patch) | |
| tree | 4381c8ff3b297fc4b42d2234012fc0322a060498 | |
| parent | e573b61a4219401de0b9b0a41c1508931bcf6924 (diff) | |
Make sure goals data is not double encoded when editing an existing goal.
| -rw-r--r-- | plugins/Goals/Controller.php | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/plugins/Goals/Controller.php b/plugins/Goals/Controller.php index 639bcb7708..9d0a97018c 100644 --- a/plugins/Goals/Controller.php +++ b/plugins/Goals/Controller.php @@ -201,7 +201,18 @@ class Piwik_Goals_Controller extends Piwik_Controller public function index() { $view = $this->getOverviewView(); - $view->goalsJSON = Piwik_Common::json_encode($this->goals); + + // unsanitize goal names and other text data (not done in API so as not to break + // any other code/cause security issues) + $goals = $this->goals; + foreach ($goals as &$goal) { + $goal['name'] = Piwik_Common::unsanitizeInputValue($goal['name']); + if (isset($goal['pattern'])) { + $goal['pattern'] = Piwik_Common::unsanitizeInputValue($goal['pattern']); + } + } + $view->goalsJSON = Piwik_Common::json_encode($goals); + $view->userCanEditGoals = Piwik::isUserHasAdminAccess($this->idSite); $view->ecommerceEnabled = $this->site->isEcommerceEnabled(); $view->displayFullReport = true; |