blob: f2629618b1b80643cd9529181e87ed454a04bed7 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
|
<?php
/**
* Piwik - free/libre analytics platform
*
* @link http://piwik.org
* @license http://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later
*
*/
namespace Piwik\DataTable\Filter;
use Piwik\DataTable;
use Piwik\DataTable\BaseFilter;
/**
* Sanitizes DataTable labels as an extra precaution. Called internally by Piwik.
*
*/
class SafeDecodeLabel extends BaseFilter
{
private $columnToDecode;
/**
* @param DataTable $table
*/
public function __construct($table)
{
parent::__construct($table);
$this->columnToDecode = 'label';
}
/**
* Decodes the given value
*
* @param string $value
* @return mixed|string
*/
public static function decodeLabelSafe($value)
{
if (empty($value)) {
return $value;
}
$raw = urldecode($value);
$value = htmlspecialchars_decode($raw, ENT_QUOTES);
// ENT_IGNORE so that if utf8 string has some errors, we simply discard invalid code unit sequences
$style = ENT_QUOTES | ENT_IGNORE;
// See changes in 5.4: http://nikic.github.com/2012/01/28/htmlspecialchars-improvements-in-PHP-5-4.html
// Note: at some point we should change ENT_IGNORE to ENT_SUBSTITUTE
$value = htmlspecialchars($value, $style, 'UTF-8');
return $value;
}
/**
* Decodes all columns of the given data table
*
* @param DataTable $table
*/
public function filter($table)
{
foreach ($table->getRows() as $row) {
$value = $row->getColumn($this->columnToDecode);
if ($value !== false) {
$value = self::decodeLabelSafe($value);
$row->setColumn($this->columnToDecode, $value);
$this->filterSubTable($row);
}
}
}
}
|