mirror/postfixadmin
0
0
Fork 0
mirror of https://github.com/postfixadmin/postfixadmin.git synced 2024-09-19 19:22:14 +02:00
Code

this might be a more logical approach - only try and call htmlentities on things that are stringy or arrays

Browse Source
This commit is contained in:
David Goodwin 2022-08-29 08:35:54 +01:00
parent f760d2cd3a
commit 5a14f4bc1f
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
model/PFASmarty.php
View File

@ -138,13 +138,14 @@ class PFASmarty
* */
public function sanitise($data)
{
if (is_object($data) || is_null($data)) {
return $data; // can't handle
if (!is_array($data) && !is_string($data)) {
return $data; // bool, int, null, object etc - can't sanitise.
}
if (!is_array($data)) {
if (is_string($data)) {
return htmlentities($data, ENT_QUOTES, 'UTF-8', false);
}
$clean = array();
foreach ($data as $key => $value) {
/* as this is a nested data structure it's more likely we'll output the key too (at least in my opinion, so we'll sanitise it too */