mirror of
https://github.com/postfixadmin/postfixadmin.git
synced 2024-09-19 19:22:14 +02:00
this might be a more logical approach - only try and call htmlentities on things that are stringy or arrays
This commit is contained in:
parent
f760d2cd3a
commit
5a14f4bc1f
@ -138,13 +138,14 @@ class PFASmarty
|
|||||||
* */
|
* */
|
||||||
public function sanitise($data)
|
public function sanitise($data)
|
||||||
{
|
{
|
||||||
if (is_object($data) || is_null($data)) {
|
if (!is_array($data) && !is_string($data)) {
|
||||||
return $data; // can't handle
|
return $data; // bool, int, null, object etc - can't sanitise.
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!is_array($data)) {
|
if (is_string($data)) {
|
||||||
return htmlentities($data, ENT_QUOTES, 'UTF-8', false);
|
return htmlentities($data, ENT_QUOTES, 'UTF-8', false);
|
||||||
}
|
}
|
||||||
|
|
||||||
$clean = array();
|
$clean = array();
|
||||||
foreach ($data as $key => $value) {
|
foreach ($data as $key => $value) {
|
||||||
/* as this is a nested data structure it's more likely we'll output the key too (at least in my opinion, so we'll sanitise it too */
|
/* as this is a nested data structure it's more likely we'll output the key too (at least in my opinion, so we'll sanitise it too */
|
||||||
|
Loading…
Reference in New Issue
Block a user