Ejemplo n.º 1
0
 /**
  * Purify an attribute value
  *
  * @param string $value
  *
  * @return string
  */
 protected function purifyValue($value)
 {
     $value['value'] = \XLite\Core\HTMLPurifier::purify($value['value']);
     return $value;
 }
Ejemplo n.º 2
0
 /**
  * Get purified value
  *
  * @param array $column Column info
  * @param mixed $value  Value
  *
  * @return mixed
  */
 protected function getPurifiedValue(array $column, $value)
 {
     if (is_array($value)) {
         foreach ($value as $k => $v) {
             $value[$k] = $this->getPurifiedValue($column, $v);
         }
     } else {
         $ignoreWarning = false;
         $orig = $value;
         if (!$this->isColumnTagsAllowed($column)) {
             $value = strip_tags($value);
             $wrnType = 'CMN-TAGS';
         } elseif (!$this->isColumnTrusted($column)) {
             $value = \XLite\Core\HTMLPurifier::purify($value);
             $wrnType = 'CMN-XSS';
             $ignoreWarning = $this->isIgnoreXSSWarnings($column);
         }
         if ($orig != $value && !$ignoreWarning) {
             $this->addWarning($wrnType, array('column' => $column, 'value' => ''));
         }
     }
     return $value;
 }
Ejemplo n.º 3
0
 /**
  * Prepare request value
  *
  * @param string $name  Param name
  * @param mixed  $value Param value
  *
  * @return mixed
  */
 protected function prepareRequestParamValue($name, $value)
 {
     if (!empty($value) && !is_numeric($value)) {
         if (is_array($value)) {
             foreach ($value as $k => $v) {
                 $value[$k] = $this->prepareRequestParamValue($name, $v);
             }
         } elseif (!$this->isParamTrusted($name)) {
             $value = \XLite\Core\HTMLPurifier::purify($value);
         }
     }
     return $value;
 }