EDUCATIC
/
h5p-php-library
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Avoid double encoding of htmlspecialchars, we get them encoded from editor

namespaces
Frank Ronny Larsen 2013-07-17 15:11:37 +02:00
parent 67cfc1d333
commit 7736506b39
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
h5p.classes.php
View File

@ -1218,7 +1218,7 @@ class H5PContentValidator {
}
else {
// Filter text to plain text.
$text = htmlspecialchars($text, ENT_QUOTES, 'UTF-8');
$text = htmlspecialchars($text, ENT_QUOTES, 'UTF-8', FALSE);
}
// Check if string is within allowed length
@ -1346,7 +1346,7 @@ class H5PContentValidator {
unset($select[$key]);
}
else {
$select[$key] = htmlspecialchars($value, ENT_QUOTES, 'UTF-8');
$select[$key] = htmlspecialchars($value, ENT_QUOTES, 'UTF-8', FALSE);
}
}
}
@ -1361,7 +1361,7 @@ class H5PContentValidator {
$this->h5pF->setErrorMessage($this->h5pF->t('Invalid selected option in select.'));
$select = $semantics->options[0]->value;
}
$select = htmlspecialchars($select, ENT_QUOTES, 'UTF-8');
$select = htmlspecialchars($select, ENT_QUOTES, 'UTF-8', FALSE);
}
}
@ -1396,9 +1396,9 @@ class H5PContentValidator {
// Validate a filelike object, such as video, image, audio and file.
private function _validateFilelike(&$file, $semantics, $typevalidkeys = array()) {
// Make sure path and mime does not have any special chars
$file->path = htmlspecialchars($file->path, ENT_QUOTES, 'UTF-8');
$file->path = htmlspecialchars($file->path, ENT_QUOTES, 'UTF-8', FALSE);
if (isset($file->mime)) {
$file->mime = htmlspecialchars($file->mime, ENT_QUOTES, 'UTF-8');
$file->mime = htmlspecialchars($file->mime, ENT_QUOTES, 'UTF-8', FALSE);
}
// Remove attributes that should not exist, they may contain JSON escape
@ -1798,7 +1798,7 @@ class H5PContentValidator {
if ($decode) {
$string = html_entity_decode($string, ENT_QUOTES, 'UTF-8');
}
return check_plain($this->_strip_dangerous_protocols($string));
return htmlspecialchars($this->_strip_dangerous_protocols($string), ENT_QUOTES, 'UTF-8', FALSE);
}
/**