diff options
author | mattab <matthieu.aubry@gmail.com> | 2014-10-14 08:05:39 +0400 |
---|---|---|
committer | mattab <matthieu.aubry@gmail.com> | 2014-10-14 08:05:39 +0400 |
commit | bd7dc4d60dd03c01d8ada55d2e4db392315c7ce7 (patch) | |
tree | 3c7ee0e5a5fb469b1f96ddb4b4d9942db4e9a61f /core/Common.php | |
parent | fa106611dfd493e360b22938b35471582f26ac6c (diff) |
Refs #6372 Textarea Settings value should conserve line breaks
Diffstat (limited to 'core/Common.php')
-rw-r--r-- | core/Common.php | 21 |
1 files changed, 16 insertions, 5 deletions
diff --git a/core/Common.php b/core/Common.php index 5c1391bfdb..a11b3f977b 100644 --- a/core/Common.php +++ b/core/Common.php @@ -263,7 +263,7 @@ class Common if (is_numeric($value)) { return $value; } elseif (is_string($value)) { - $value = self::sanitizeInputValue($value); + $value = self::sanitizeString($value); if (!$alreadyStripslashed) // a JSON array was already stripslashed, don't do it again for each value { @@ -289,21 +289,31 @@ class Common } /** - * Sanitize a single input value + * Sanitize a single input value and removes line breaks, tabs and null characters. * * @param string $value * @return string sanitized input */ public static function sanitizeInputValue($value) { + $value = self::sanitizeLineBreaks($value); + $value = self::sanitizeString($value); + return $value; + } + + /** + * Sanitize a single input value + * + * @param $value + * @return string + */ + private static function sanitizeString($value) + { // $_GET and $_REQUEST already urldecode()'d // decode // note: before php 5.2.7, htmlspecialchars() double encodes &#x hex items $value = html_entity_decode($value, self::HTML_ENCODING_QUOTE_STYLE, 'UTF-8'); - // filter - $value = self::sanitizeLineBreaks($value); - // escape $tmp = @htmlspecialchars($value, self::HTML_ENCODING_QUOTE_STYLE, 'UTF-8'); @@ -312,6 +322,7 @@ class Common // convert and escape $value = utf8_encode($value); $tmp = htmlspecialchars($value, self::HTML_ENCODING_QUOTE_STYLE, 'UTF-8'); + return $tmp; } return $tmp; } |