fix for site variables to escape HTML code in list items view

daylightstudio · Sep 28, 2012 · 7c403b1 · 7c403b1
1 parent 31acdb4
commit 7c403b1
Showing 1 changed file with 12 additions and 0 deletions.
diff --git a/fuel/modules/fuel/models/sitevariables_model.php b/fuel/modules/fuel/models/sitevariables_model.php
@@ -12,6 +12,18 @@ function __construct()
 		parent::__construct('fuel_site_variables');
 	}
 
+	function list_items($limit = NULL, $offset = NULL, $col = 'name', $order = 'desc')
+	{
+
+		$this->db->select('id, name, SUBSTRING(value, 1, 50) as value, scope, active', FALSE);	
+		$data = parent::list_items($limit, $offset, $col, $order);
+		foreach($data as $key => $val)
+		{
+			$data[$key]['value'] = htmlentities($val['value'], ENT_QUOTES, 'UTF-8');
+		}
+		return $data;
+	}
+
 	function retrieve_all()
 	{
 		$vars = $this->options_list('name', 'value', array('active' => 'yes'));