diff --git a/lib/Cake/Test/TestCase/Utility/SanitizeTest.php b/lib/Cake/Test/TestCase/Utility/SanitizeTest.php index efd85e19682..2c4adf8aa76 100644 --- a/lib/Cake/Test/TestCase/Utility/SanitizeTest.php +++ b/lib/Cake/Test/TestCase/Utility/SanitizeTest.php @@ -88,37 +88,6 @@ class SanitizeTest extends TestCase { */ public $fixtures = array('core.data_test', 'core.article'); -/** - * testEscapeAlphaNumeric method - * - * @return void - */ - public function testEscapeAlphaNumeric() { - $resultAlpha = Sanitize::escape('abc', 'test'); - $this->assertEquals('abc', $resultAlpha); - - $resultNumeric = Sanitize::escape('123', 'test'); - $this->assertEquals('123', $resultNumeric); - - $resultNumeric = Sanitize::escape(1234, 'test'); - $this->assertEquals(1234, $resultNumeric); - - $resultNumeric = Sanitize::escape(1234.23, 'test'); - $this->assertEquals(1234.23, $resultNumeric); - - $resultNumeric = Sanitize::escape('#1234.23', 'test'); - $this->assertEquals('#1234.23', $resultNumeric); - - $resultNull = Sanitize::escape(null, 'test'); - $this->assertEquals(null, $resultNull); - - $resultNull = Sanitize::escape(false, 'test'); - $this->assertEquals(false, $resultNull); - - $resultNull = Sanitize::escape(true, 'test'); - $this->assertEquals(true, $resultNull); - } - /** * testClean method * @@ -131,7 +100,7 @@ public function testClean() { $this->assertEquals($expected, $result); $string = 'test & "quote" \'other\' ;.$ symbol.' . "\r" . 'another line'; - $expected = 'test & ' . Sanitize::escape('"quote"', 'test') . ' ' . Sanitize::escape('\'other\'', 'test') . ' ;.$ symbol.another line'; + $expected = 'test & "quote" \'other\' ;.$ symbol.another line'; $result = Sanitize::clean($string, array('encode' => false, 'connection' => 'test')); $this->assertEquals($expected, $result); diff --git a/lib/Cake/Utility/Sanitize.php b/lib/Cake/Utility/Sanitize.php index fa0b9cddc22..88d95bbc1d2 100644 --- a/lib/Cake/Utility/Sanitize.php +++ b/lib/Cake/Utility/Sanitize.php @@ -61,27 +61,6 @@ public static function paranoid($string, $allowed = array()) { return $cleaned; } -/** - * Makes a string SQL-safe. - * - * @param string $string String to sanitize - * @param string $connection Database connection being used - * @return string SQL safe string - */ - public static function escape($string, $connection = 'default') { - $db = ConnectionManager::getDataSource($connection); - if (is_numeric($string) || $string === null || is_bool($string)) { - return $string; - } - $string = $db->value($string, 'string'); - $start = 1; - if ($string{0} === 'N') { - $start = 2; - } - - return substr(substr($string, $start), 0, -1); - } - /** * Returns given string safe for display as HTML. Renders entities. * @@ -210,13 +189,13 @@ public static function stripTags($str) { * - dollar - Escape `$` with `\$` * - carriage - Remove `\r` * - unicode - - * - escape - Should the string be SQL escaped. * - backslash - * - remove_html - Strip HTML with strip_tags. `encode` must be true for this option to work. * * @param string|array $data Data to sanitize * @param string|array $options If string, DB connection being used, otherwise set of options * @return mixed Sanitized data + * @deprecated This method will be removed. */ public static function clean($data, $options = array()) { if (empty($data)) { @@ -235,7 +214,6 @@ public static function clean($data, $options = array()) { 'dollar' => true, 'carriage' => true, 'unicode' => true, - 'escape' => true, 'backslash' => true ), $options); @@ -261,9 +239,6 @@ public static function clean($data, $options = array()) { if ($options['unicode']) { $data = preg_replace("/&#([0-9]+);/s", "&#\\1;", $data); } - if ($options['escape']) { - $data = Sanitize::escape($data, $options['connection']); - } if ($options['backslash']) { $data = preg_replace("/\\\(?!&#|\?#)/", "\\", $data); }