/** * Purify an attribute value * * @param string $value * * @return string */ protected function purifyValue($value) { $value['value'] = \XLite\Core\HTMLPurifier::purify($value['value']); return $value; }
/** * Get purified value * * @param array $column Column info * @param mixed $value Value * * @return mixed */ protected function getPurifiedValue(array $column, $value) { if (is_array($value)) { foreach ($value as $k => $v) { $value[$k] = $this->getPurifiedValue($column, $v); } } else { $ignoreWarning = false; $orig = $value; if (!$this->isColumnTagsAllowed($column)) { $value = strip_tags($value); $wrnType = 'CMN-TAGS'; } elseif (!$this->isColumnTrusted($column)) { $value = \XLite\Core\HTMLPurifier::purify($value); $wrnType = 'CMN-XSS'; $ignoreWarning = $this->isIgnoreXSSWarnings($column); } if ($orig != $value && !$ignoreWarning) { $this->addWarning($wrnType, array('column' => $column, 'value' => '')); } } return $value; }
/** * Prepare request value * * @param string $name Param name * @param mixed $value Param value * * @return mixed */ protected function prepareRequestParamValue($name, $value) { if (!empty($value) && !is_numeric($value)) { if (is_array($value)) { foreach ($value as $k => $v) { $value[$k] = $this->prepareRequestParamValue($name, $v); } } elseif (!$this->isParamTrusted($name)) { $value = \XLite\Core\HTMLPurifier::purify($value); } } return $value; }