Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

changed filter to prevent xss in templates.

  • Loading branch information...
commit 9ed4336a1b72745bf7214a2c9810dc8831cbb7e3 1 parent be32cdc
Gabor authored
Showing with 13 additions and 2 deletions.
  1. +13 −2 StampTE.php
View
15 StampTE.php
@@ -186,8 +186,8 @@ public function glue($what,$snippet) {
*
* @return StampEngine $snippet self, chainable
*/
- public function inject($where,$data, $raw=false) {
- if (!$raw) $data = htmlspecialchars($data);
+ public function inject($where, $data, $raw=false) {
+ if (!$raw) $data = $this->filter($data);
$where = "#$where#";
$this->template = str_replace($where,$data,$this->template);
return $this;
@@ -253,5 +253,16 @@ public function loadIntoCache($rawCacheData) {
$this->cache = unserialize($rawCacheData);
}
+ /**
+ * Filters data.
+ *
+ * @param string $string
+ *
+ * @return string $string
+ */
+ protected function filter($data) {
+ return htmlspecialchars($data,ENT_COMPAT,'UTF-8');
+ }
+
}
Please sign in to comment.
Something went wrong with that request. Please try again.