Permalink
Browse files

remove needless line of code

as pointed out by maurymmarques, in pull request 126
  • Loading branch information...
1 parent 694819c commit 26aeb1155063f9e4169dc5820d18fe159c066989 @AD7six AD7six committed Jun 22, 2011
Showing with 0 additions and 2 deletions.
  1. +0 −2 lib/Cake/Utility/Sanitize.php
View
2 lib/Cake/Utility/Sanitize.php
@@ -243,8 +243,6 @@ public static function clean($data, $options = array()) {
$data = str_replace("\r", "", $data);
}
- $data = str_replace("'", "'", str_replace("!", "!", $data));
@josegonzalez
josegonzalez Jun 22, 2011

I know this is going to notify all the committers, but why was this line needed in the first place?

@AD7six
AD7six Jun 22, 2011

Multiple choice

  • I doubt it ever was needed.
  • It was trying to replace {looks like '} with {'} but they are infact the same charcode
  • some malicious attempt to write code that looks a bit like a pair of bums
@markstory
markstory Jun 22, 2011

I think in the far distant past ! allowed you to bypass sql escaping, but that died long ago.

-
if ($options['unicode']) {
$data = preg_replace("/&#([0-9]+);/s", "&#\\1;", $data);
}

0 comments on commit 26aeb11

Please sign in to comment.