@@ -67,7 +67,7 @@ public function api($api_function = false, $params = false)
6767
6868
6969 if (defined ('TEMPLATE_DIR ' )) {
70- app ()->template_manager ->boot_template ();
70+ app ()->template_manager ->boot_template ();
7171 }
7272
7373 //$api_function_full = str_ireplace('api/', '', $api_function_full);
@@ -916,7 +916,7 @@ public function module()
916916 $ mod_iframe = true ;
917917 }
918918
919- // $data = $request_data;
919+ $ data = $ request_data ;
920920
921921 if (($ _POST )) {
922922 $ data = $ _POST ;
@@ -987,7 +987,7 @@ public function module()
987987
988988 unset($ data ['ondrop ' ]);
989989 }
990- // d($data);
990+
991991
992992
993993 $ opts = array ();
@@ -1035,7 +1035,10 @@ public function module()
10351035
10361036 $ has_id = false ;
10371037 if (isset ($ data ) and is_array ($ data )) {
1038+ $ data = xss_clean ($ data );
10381039 foreach ($ data as $ k => $ v ) {
1040+ $ k = $ this ->app ->module_manager ->format_attr ($ k );
1041+
10391042 if ($ k != 'ondrop ' ) {
10401043 if ($ k == 'id ' ) {
10411044 $ has_id = true ;
@@ -1045,9 +1048,7 @@ public function module()
10451048 $ v1 = $ this ->app ->format ->array_to_base64 ($ v );
10461049 $ tags .= "{$ k }= \"$ v1 \" " ;
10471050 } else {
1048- $ v = $ this ->app ->format ->clean_html ($ v );
1049-
1050- //$v = app()->database_manager->escape_string($v);
1051+ $ v = $ this ->app ->module_manager ->format_attr ($ v );
10511052
10521053 $ tags .= "{$ k }= \"$ v \" " ;
10531054 }
@@ -1193,7 +1194,7 @@ public function editor_tools()
11931194 }
11941195
11951196 $ this ->return_data = 1 ;
1196- $ page = $ this ->frontend ();
1197+ $ page = $ this ->frontend ();
11971198 } else {
11981199 $ page = $ this ->app ->content_manager ->get_by_id ($ _REQUEST ['content_id ' ]);
11991200 }
0 commit comments