mirror of
https://github.com/postfixadmin/postfixadmin.git
synced 2024-09-19 11:12:15 +02:00
this might be a more logical approach - only try and call htmlentities on things that are stringy or arrays
This commit is contained in:
parent
f760d2cd3a
commit
5a14f4bc1f
@ -138,13 +138,14 @@ class PFASmarty
|
||||
* */
|
||||
public function sanitise($data)
|
||||
{
|
||||
if (is_object($data) || is_null($data)) {
|
||||
return $data; // can't handle
|
||||
if (!is_array($data) && !is_string($data)) {
|
||||
return $data; // bool, int, null, object etc - can't sanitise.
|
||||
}
|
||||
|
||||
if (!is_array($data)) {
|
||||
if (is_string($data)) {
|
||||
return htmlentities($data, ENT_QUOTES, 'UTF-8', false);
|
||||
}
|
||||
|
||||
$clean = array();
|
||||
foreach ($data as $key => $value) {
|
||||
/* as this is a nested data structure it's more likely we'll output the key too (at least in my opinion, so we'll sanitise it too */
|
||||
|
Loading…
Reference in New Issue
Block a user