Congegni/sintonia
7
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

CC-6055: Improved escaping

Browse source
This commit is contained in:
Albert Santoni 2015-06-12 13:48:54 -04:00
parent abc81a92b4
commit b4c9a77e7c
10 changed files with 46 additions and 50 deletions
Download patch file Download diff file Expand all files Collapse all files

44
airtime_mvc/application/common/WidgetHelper.php
View file

@ -46,13 +46,14 @@ class WidgetHelper
);
$result[$dow[$i]] = $shows;
// XSS exploit prevention
self::convertSpecialChars($result, array("name", "url"));
// convert image paths to point to api endpoints
self::findAndConvertPaths($result);
}
// XSS exploit prevention
SecurityHelper::htmlescape_recursive($result);
// convert image paths to point to api endpoints
self::findAndConvertPaths($result);
return $result;
}
@ -124,37 +125,18 @@ class WidgetHelper
}
$result[$weekCounter][$dayOfWeekCounter]["shows"] = $shows;
// XSS exploit prevention
self::convertSpecialChars($result, array("name", "url"));
// convert image paths to point to api endpoints
self::findAndConvertPaths($result);
}
$weekCounter += 1;
}
return $result;
}
/**
* Go through a given array and sanitize any potentially exploitable fields
* by passing them through htmlspecialchars
*
* @param unknown $arr the array to sanitize
* @param unknown $keys indexes of values to be sanitized
*/
public static function convertSpecialChars(&$arr, $keys)
{
foreach ($arr as &$a) {
if (is_array($a)) {
foreach ($keys as &$key) {
if (array_key_exists($key, $a)) {
$a[$key] = htmlspecialchars($a[$key]);
}
}
self::convertSpecialChars($a, $keys);
}
}
// XSS exploit prevention
SecurityHelper::htmlescape_recursive($result);
// convert image paths to point to api endpoints
self::findAndConvertPaths($result);
return $result;
}
/**