Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Merge branch 'develop' of github.com:fuel/fuel into develop

  • Loading branch information...
commit 06e3ca7b41dad4e34ca790adba8a17e295bbfee4 2 parents baa11da + 558ca2e
Phil Sturgeon philsturgeon authored
5 fuel/app/config/config.php
View
@@ -95,6 +95,11 @@
* dependant on how much input data there is.
*/
'input_filter' => array(),
+
+ /**
+ * Whether to automatically encode (htmlentities) view data
+ */
+ 'auto_encode_view_data' => true,
),
/**
9 fuel/core/classes/controller.php
View
@@ -85,14 +85,9 @@ public function params()
return $this->request->named_params;
}
- public function render($view, $data = array(), $return = false)
+ public function render($view, $data = array(), $auto_encode = null)
{
- if ( ! $return)
- {
- $this->output .= \View::factory($view, $data);
- return;
- }
- return \View::factory($view, $data);
+ $this->output .= \View::factory($view, $data, $auto_encode);
}
}
4 fuel/core/classes/error.php
View
@@ -150,7 +150,7 @@ public static function show_php_error(\Exception $e)
$data['filepath'] = str_replace("\\", "/", $data['filepath']);
$data['error_line'] = $debug_lines['line'];
- echo \View::factory('errors'.DS.'php_error', $data);
+ echo \View::factory('errors'.DS.'php_error', $data, false);
}
public static function notice($msg, $always_show = false)
@@ -170,7 +170,7 @@ public static function notice($msg, $always_show = false)
$data['line'] = $trace['line'];
$data['function'] = $trace['function'];
- echo \View::factory('errors'.DS.'php_short', $data);
+ echo \View::factory('errors'.DS.'php_short', $data, false);
}
}
2  fuel/core/classes/fuel.php
View
@@ -113,6 +113,8 @@ public static function init($config)
static::$_paths = array_merge(\Config::get('module_paths', array()), array(APPPATH, COREPATH));
+ \View::$auto_encode = \Config::get('security.auto_encode_view_data');
+
if ( ! static::$is_cli)
{
if (\Config::get('base_url') === null)
4 fuel/core/classes/security.php
View
@@ -152,11 +152,11 @@ public static function strip_tags($value)
public static function htmlentities($value)
{
- if ( ! is_array($value))
+ if (is_string($value))
{
$value = htmlentities($value, ENT_COMPAT, \Fuel::$encoding, false);
}
- else
+ elseif (is_array($value))
{
foreach ($value as $k => $v)
{
54 fuel/core/classes/view.php
View
@@ -37,6 +37,8 @@ class View {
// Array of global view data
protected static $_global_data = array();
+ public static $auto_encode = true;
+
// View filename
protected $_file;
@@ -53,9 +55,9 @@ class View {
* @param array array of values
* @return View
*/
- public static function factory($file = null, array $data = null)
+ public static function factory($file = null, array $data = null, $auto_encode = null)
{
- return new static($file, $data);
+ return new static($file, $data, $auto_encode);
}
/**
@@ -68,8 +70,10 @@ public static function factory($file = null, array $data = null)
* @return void
* @uses View::set_filename
*/
- public function __construct($file = null, array $data = null)
+ public function __construct($file = null, array $data = null, $encode = null)
{
+ $encode === null and $encode = static::$auto_encode;
+
if ($file !== null)
{
$this->set_filename($file);
@@ -77,6 +81,14 @@ public function __construct($file = null, array $data = null)
if ($data !== null)
{
+ if ($encode)
+ {
+ foreach ($data as $k => $v)
+ {
+ $data[$k] = \Security::htmlentities($v);
+ }
+ }
+
// Add the values to the current data
$this->_data = $data + $this->_data;
}
@@ -122,7 +134,7 @@ public function & __get($key)
*/
public function __set($key, $value)
{
- $this->set($key, $value);
+ $this->set($key, $value, static::$auto_encode);
}
/**
@@ -224,20 +236,23 @@ protected static function capture($view_filename, array $view_data)
*
* @param string variable name or an array of variables
* @param mixed value
+ * @param bool whether to encode the data or not
* @return void
*/
- public static function set_global($key, $value = null)
+ public static function set_global($key, $value = null, $encode = null)
{
+ $encode === null and $encode = static::$auto_encode;
+
if (is_array($key))
{
foreach ($key as $key2 => $value)
{
- static::$_global_data[$key2] = $value;
+ static::$_global_data[$key2] = $encode ? \Security::htmlentities($value) : $value;
}
}
else
{
- static::$_global_data[$key] = $value;
+ static::$_global_data[$key] = $encode ? \Security::htmlentities($value) : $value;
}
}
@@ -257,6 +272,22 @@ public static function bind_global($key, & $value)
}
/**
+ * Sets whether to encode the data or not.
+ *
+ * $view->auto_encode(false);
+ *
+ * @param bool whether to auto encode or not
+ * @return View
+ */
+ public function auto_encode($encode = true)
+ {
+ static::$auto_encode = $encode;
+
+ return $this;
+ }
+
+
+ /**
* Sets the view filename.
*
* $view->set_filename($file);
@@ -292,20 +323,23 @@ public function set_filename($file)
*
* @param string variable name or an array of variables
* @param mixed value
+ * @param bool whether to encode the data or not
* @return $this
*/
- public function set($key, $value = null)
+ public function set($key, $value = null, $encode = null)
{
+ $encode === null and $encode = static::$auto_encode;
+
if (is_array($key))
{
foreach ($key as $name => $value)
{
- $this->_data[$name] = $value;
+ $this->_data[$name] = $encode ? \Security::htmlentities($value) : $value;
}
}
else
{
- $this->_data[$key] = $value;
+ $this->_data[$key] = $encode ? \Security::htmlentities($value) : $value;
}
return $this;
Please sign in to comment.
Something went wrong with that request. Please try again.