/** * Get safe HTML from an input parameter. * This method uses htmlawed to clean input HTML. * * @param array $params An associative array of input params * @param string $key The key to the associative array * @param string $dflt The default value to use if the key does not exist in the $params aray. */ public static function get_html($params, $key, $dflt = null) { $val = \cge_utils::get_param($params, $key, $dflt); $val = html_entity_decode($val); return \cge_utils::clean_input_html($val); }
$params['field_' . $thefield] = $filename; } } // merge field values back into the fields array foreach ($params as $key => $value) { if (!startswith($key, 'field_')) { continue; } $fieldname = substr($key, strlen('field_')); switch ($fields[$fieldname]->type) { case 0: $value = filter_var(trim($value), FILTER_SANITIZE_STRING); break; case 2: $value = html_entity_decode(trim($value)); $value = cge_utils::clean_input_html($value); break; } $fields[$fieldname]->value = $value; } // merge category values back into the categories array if (isset($params['event_categories'])) { foreach ($categories as &$one) { $one->checked = 0; if (isset($params['event_categories'][$one->id])) { $one->checked = $params['event_categories'][$one->id]; } } } // ready to insert or update $fieldtext = '';