Skip to content

Commit

Permalink
ENT_QUOTES
Browse files Browse the repository at this point in the history
  • Loading branch information
@danielkerr
danielkerr committed Apr 5, 2015
1 parent 4f27522 commit 9a5ceb0
Show file tree
Hide file tree
Showing 14 changed files with 42 additions and 47 deletions.
4 changes: 2 additions & 2 deletions upload/admin/controller/common/forgotten.php
View file
Expand Up @@ -24,9 +24,9 @@ public function index() {

$this->model_user_user->editCode($this->request->post['email'], $code);

$subject = sprintf($this->language->get('text_subject'), $this->config->get('config_name'));
$subject = sprintf($this->language->get('text_subject'), html_entity_decode($this->config->get('config_name'), ENT_QUOTES, 'UTF-8'));

$message = sprintf($this->language->get('text_greeting'), $this->config->get('config_name')) . "\n\n";
$message = sprintf($this->language->get('text_greeting'), html_entity_decode($this->config->get('config_name'), ENT_QUOTES, 'UTF-8')) . "\n\n";
$message .= $this->language->get('text_change') . "\n\n";
$message .= $this->url->link('common/reset', 'code=' . $code, 'SSL') . "\n\n";
$message .= sprintf($this->language->get('text_ip'), $this->request->server['REMOTE_ADDR']) . "\n\n";
Expand Down
4 changes: 2 additions & 2 deletions upload/admin/controller/common/header.php
View file
Expand Up @@ -117,7 +117,7 @@ public function index() {
$data['stores'] = array();

$data['stores'][] = array(
'name' => $this->config->get('config_name'),
'name' => html_entity_decode($this->config->get('config_name'), ENT_QUOTES, 'UTF-8'),
'href' => HTTP_CATALOG
);

Expand All @@ -127,7 +127,7 @@ public function index() {

foreach ($results as $result) {
$data['stores'][] = array(
'name' => $result['name'],
'name' => html_entity_decode($result['name'], ENT_QUOTES, 'UTF-8'),
'href' => $result['url']
);
}
Expand Down
8 changes: 4 additions & 4 deletions upload/admin/controller/marketing/contact.php
View file
Expand Up @@ -131,8 +131,8 @@ public function send() {
break;
case 'customer_all':
$customer_data = array(
'start' => ($page - 1) * 10,
'limit' => 10
'start' => ($page - 1) * 10,
'limit' => 10
);

$email_total = $this->model_sale_customer->getTotalCustomers($customer_data);
Expand Down Expand Up @@ -171,8 +171,8 @@ public function send() {
break;
case 'affiliate_all':
$affiliate_data = array(
'start' => ($page - 1) * 10,
'limit' => 10
'start' => ($page - 1) * 10,
'limit' => 10
);

$email_total = $this->model_marketing_affiliate->getTotalAffiliates($affiliate_data);
Expand Down
34 changes: 17 additions & 17 deletions upload/admin/controller/sale/order.php
View file
Expand Up @@ -1152,7 +1152,7 @@ public function info() {
$data['invoice_no'] = '';
}

$data['store_name'] = $order_info['store_name'];
$data['store_name'] = html_entity_decode($order_info['store_name'], ENT_QUOTES, 'UTF-8');
$data['store_url'] = $order_info['store_url'];
$data['firstname'] = $order_info['firstname'];
$data['lastname'] = $order_info['lastname'];
Expand Down Expand Up @@ -2207,7 +2207,7 @@ public function invoice() {
'order_id' => $order_id,
'invoice_no' => $invoice_no,
'date_added' => date($this->language->get('date_format_short'), strtotime($order_info['date_added'])),
'store_name' => $order_info['store_name'],
'store_name' => html_entity_decode($order_info['store_name'], ENT_QUOTES, 'UTF-8'),
'store_url' => rtrim($order_info['store_url'], '/'),
'store_address' => nl2br($store_address),
'store_email' => $store_email,
Expand Down Expand Up @@ -2398,21 +2398,21 @@ public function shipping() {
}

$data['orders'][] = array(
'order_id' => $order_id,
'invoice_no' => $invoice_no,
'date_added' => date($this->language->get('date_format_short'), strtotime($order_info['date_added'])),
'store_name' => html_entity_decode($order_info['store_name'], ENT_QUOTES, 'UTF-8'),
'store_url' => rtrim($order_info['store_url'], '/'),
'store_address' => nl2br($store_address),
'store_email' => $store_email,
'store_telephone' => $store_telephone,
'store_fax' => $store_fax,
'email' => $order_info['email'],
'telephone' => $order_info['telephone'],
'shipping_address' => $shipping_address,
'shipping_method' => $order_info['shipping_method'],
'product' => $product_data,
'comment' => nl2br($order_info['comment'])
'order_id' => $order_id,
'invoice_no' => $invoice_no,
'date_added' => date($this->language->get('date_format_short'), strtotime($order_info['date_added'])),
'store_name' => html_entity_decode($order_info['store_name'], ENT_QUOTES, 'UTF-8'),
'store_url' => rtrim($order_info['store_url'], '/'),
'store_address' => nl2br($store_address),
'store_email' => $store_email,
'store_telephone' => $store_telephone,
'store_fax' => $store_fax,
'email' => $order_info['email'],
'telephone' => $order_info['telephone'],
'shipping_address' => $shipping_address,
'shipping_method' => $order_info['shipping_method'],
'product' => $product_data,
'comment' => nl2br($order_info['comment'])
);
}
}
Expand Down
4 changes: 2 additions & 2 deletions upload/admin/controller/setting/store.php
View file
Expand Up @@ -106,7 +106,7 @@ protected function getList() {

$data['stores'][] = array(
'store_id' => 0,
'name' => $this->config->get('config_name') . $this->language->get('text_default'),
'name' => html_entity_decode($this->config->get('config_name'), ENT_QUOTES, 'UTF-8') . $this->language->get('text_default'),
'url' => HTTP_CATALOG,
'edit' => $this->url->link('setting/setting', 'token=' . $this->session->data['token'], 'SSL')
);
Expand All @@ -118,7 +118,7 @@ protected function getList() {
foreach ($results as $result) {
$data['stores'][] = array(
'store_id' => $result['store_id'],
'name' => $result['name'],
'name' => html_entity_decode($result['name'], ENT_QUOTES, 'UTF-8'),
'url' => $result['url'],
'edit' => $this->url->link('setting/store/edit', 'token=' . $this->session->data['token'] . '&store_id=' . $result['store_id'], 'SSL')
);
Expand Down
9 changes: 4 additions & 5 deletions upload/admin/model/marketing/affiliate.php
View file
Expand Up @@ -118,7 +118,6 @@ public function getAffiliates($data = array()) {
}

public function approve($affiliate_id) {

$affiliate_info = $this->getAffiliate($affiliate_id);

if ($affiliate_info) {
Expand All @@ -128,12 +127,12 @@ public function approve($affiliate_id) {

$this->load->language('mail/affiliate');

$message = sprintf($this->language->get('text_approve_welcome'), $this->config->get('config_name')) . "\n\n";
$message = sprintf($this->language->get('text_approve_welcome'), html_entity_decode($this->config->get('config_name'), ENT_QUOTES, 'UTF-8')) . "\n\n";
$message .= $this->language->get('text_approve_login') . "\n";
$message .= HTTP_CATALOG . 'index.php?route=affiliate/login' . "\n\n";
$message .= $this->language->get('text_approve_services') . "\n\n";
$message .= $this->language->get('text_approve_thanks') . "\n";
$message .= $this->config->get('config_name');
$message .= html_entity_decode($this->config->get('config_name'), ENT_QUOTES, 'UTF-8');

$mail = new Mail();
$mail->protocol = $this->config->get('config_mail_protocol');
Expand All @@ -147,7 +146,7 @@ public function approve($affiliate_id) {
$mail->setTo($affiliate_info['email']);
$mail->setFrom($this->config->get('config_email'));
$mail->setSender(html_entity_decode($this->config->get('config_name'), ENT_QUOTES, 'UTF-8'));
$mail->setSubject(html_entity_decode(sprintf($this->language->get('text_approve_subject'), $this->config->get('config_name')), ENT_QUOTES, 'UTF-8'));
$mail->setSubject(sprintf($this->language->get('text_approve_subject'), html_entity_decode($this->config->get('config_name'), ENT_QUOTES, 'UTF-8')));
$mail->setText($message);
$mail->send();

Expand Down Expand Up @@ -240,7 +239,7 @@ public function addTransaction($affiliate_id, $description = '', $amount = '', $
$mail->setTo($affiliate_info['email']);
$mail->setFrom($this->config->get('config_email'));
$mail->setSender(html_entity_decode($this->config->get('config_name'), ENT_QUOTES, 'UTF-8'));
$mail->setSubject(html_entity_decode(sprintf($this->language->get('text_transaction_subject'), $this->config->get('config_name')), ENT_QUOTES, 'UTF-8'));
$mail->setSubject(sprintf($this->language->get('text_transaction_subject'), html_entity_decode($this->config->get('config_name'), ENT_QUOTES, 'UTF-8')));
$mail->setText($message);
$mail->send();

Expand Down
8 changes: 4 additions & 4 deletions upload/admin/model/sale/customer.php
View file
Expand Up @@ -172,7 +172,7 @@ public function approve($customer_id) {
$store_url = HTTP_CATALOG . 'index.php?route=account/login';
}

$message = sprintf($this->language->get('text_approve_welcome'), $store_name) . "\n\n";
$message = sprintf($this->language->get('text_approve_welcome'), html_entity_decode($store_name, ENT_QUOTES, 'UTF-8')) . "\n\n";
$message .= $this->language->get('text_approve_login') . "\n";
$message .= $store_url . "\n\n";
$message .= $this->language->get('text_approve_services') . "\n\n";
Expand All @@ -191,7 +191,7 @@ public function approve($customer_id) {
$mail->setTo($customer_info['email']);
$mail->setFrom($this->config->get('config_email'));
$mail->setSender(html_entity_decode($store_name, ENT_QUOTES, 'UTF-8'));
$mail->setSubject(html_entity_decode(sprintf($this->language->get('text_approve_subject'), $store_name), ENT_QUOTES, 'UTF-8'));
$mail->setSubject(sprintf($this->language->get('text_approve_subject'), html_entity_decode($store_name, ENT_QUOTES, 'UTF-8')));
$mail->setText($message);
$mail->send();
}
Expand Down Expand Up @@ -397,7 +397,7 @@ public function addTransaction($customer_id, $description = '', $amount = '', $o
$mail->setTo($customer_info['email']);
$mail->setFrom($this->config->get('config_email'));
$mail->setSender(html_entity_decode($store_name, ENT_QUOTES, 'UTF-8'));
$mail->setSubject(html_entity_decode(sprintf($this->language->get('text_transaction_subject'), $this->config->get('config_name')), ENT_QUOTES, 'UTF-8'));
$mail->setSubject(sprintf($this->language->get('text_transaction_subject'), html_entity_decode($this->config->get('config_name'), ENT_QUOTES, 'UTF-8')));
$mail->setText($message);
$mail->send();
}
Expand Down Expand Up @@ -472,7 +472,7 @@ public function addReward($customer_id, $description = '', $points = '', $order_
$mail->setTo($customer_info['email']);
$mail->setFrom($this->config->get('config_email'));
$mail->setSender(html_entity_decode($store_name, ENT_QUOTES, 'UTF-8'));
$mail->setSubject(html_entity_decode(sprintf($this->language->get('text_reward_subject'), $store_name), ENT_QUOTES, 'UTF-8'));
$mail->setSubject(sprintf($this->language->get('text_reward_subject'), html_entity_decode($store_name, ENT_QUOTES, 'UTF-8')));
$mail->setText($message);
$mail->send();
}
Expand Down
4 changes: 2 additions & 2 deletions upload/admin/model/sale/return.php
View file
Expand Up @@ -175,7 +175,7 @@ public function addReturnHistory($return_id, $data) {
if ($return_query->num_rows) {
$this->load->language('mail/return');

$subject = sprintf($this->language->get('text_subject'), $this->config->get('config_name'), $return_id);
$subject = sprintf($this->language->get('text_subject'), html_entity_decode($this->config->get('config_name'), ENT_QUOTES, 'UTF-8'), $return_id);

$message = $this->language->get('text_return_id') . ' ' . $return_id . "\n";
$message .= $this->language->get('text_date_added') . ' ' . date($this->language->get('date_format_short'), strtotime($return_query->row['date_added'])) . "\n\n";
Expand All @@ -201,7 +201,7 @@ public function addReturnHistory($return_id, $data) {
$mail->setTo($return_query->row['email']);
$mail->setFrom($this->config->get('config_email'));
$mail->setSender(html_entity_decode($this->config->get('config_name'), ENT_QUOTES, 'UTF-8'));
$mail->setSubject(html_entity_decode($subject, ENT_QUOTES, 'UTF-8'));
$mail->setSubject($subject);
$mail->setText($message);
$mail->send();
}
Expand Down
2 changes: 1 addition & 1 deletion upload/admin/model/sale/voucher.php
View file
Expand Up @@ -156,7 +156,7 @@ public function sendVoucher($voucher_id) {
$data['image'] = '';
}

$data['store_name'] = $this->config->get('config_name');
$data['store_name'] = html_entity_decode($this->config->get('config_name'), ENT_QUOTES, 'UTF-8');
$data['store_url'] = HTTP_CATALOG;
$data['message'] = nl2br($voucher_info['message']);

Expand Down
2 changes: 1 addition & 1 deletion upload/catalog/controller/payment/pp_express.php
View file
Expand Up @@ -842,7 +842,7 @@ public function expressComplete() {

$data['invoice_prefix'] = $this->config->get('config_invoice_prefix');
$data['store_id'] = $this->config->get('config_store_id');
$data['store_name'] = $this->config->get('config_name');
$data['store_name'] = html_entity_decode($this->config->get('config_name'), ENT_QUOTES, 'UTF-8');

if ($data['store_id']) {
$data['store_url'] = $this->config->get('config_url');
Expand Down
2 changes: 1 addition & 1 deletion upload/catalog/model/checkout/order.php
View file
Expand Up @@ -440,7 +440,7 @@ public function addOrderHistory($order_id, $order_status_id, $comment = '', $not
$data['text_footer'] = $language->get('text_new_footer');

$data['logo'] = $this->config->get('config_url') . 'image/' . $this->config->get('config_logo');
$data['store_name'] = $order_info['store_name'];
$data['store_name'] = html_entity_decode($order_info['store_name'], ENT_QUOTES, 'UTF-8');
$data['store_url'] = $order_info['store_url'];
$data['customer_id'] = $order_info['customer_id'];
$data['link'] = $order_info['store_url'] . 'index.php?route=account/order/info&order_id=' . $order_id;
Expand Down
2 changes: 1 addition & 1 deletion upload/catalog/model/checkout/voucher.php
View file
Expand Up @@ -102,7 +102,7 @@ public function confirm($order_id) {
$data['image'] = '';
}

$data['store_name'] = $order_info['store_name'];
$data['store_name'] = html_entity_decode($order_info['store_name'], ENT_QUOTES, 'UTF-8');
$data['store_url'] = $order_info['store_url'];
$data['message'] = nl2br($voucher['message']);

Expand Down
2 changes: 1 addition & 1 deletion upload/catalog/model/openbay/ebay_order.php
View file
Expand Up @@ -323,7 +323,7 @@ public function confirm($order_id, $order_status_id, $comment = '') {
}

$data['logo'] = HTTPS_SERVER . 'image/' . $this->config->get('config_logo');
$data['store_name'] = $order_info['store_name'];
$data['store_name'] = html_entity_decode($order_info['store_name'], ENT_QUOTES, 'UTF-8');
$data['store_url'] = $order_info['store_url'];
$data['customer_id'] = $order_info['customer_id'];
$data['link'] = $order_info['store_url'] . 'index.php?route=account/order/info&order_id=' . $order_id;
Expand Down
4 changes: 0 additions & 4 deletions upload/system/library/mail.php
View file
Expand Up @@ -82,10 +82,6 @@ public function send() {
exit();
}

if (!$this->replyto) {
$this->setReplyTo($this->sender);
}

if (is_array($this->to)) {
$to = implode(',', $this->to);
} else {
Expand Down

2 comments on commit 9a5ceb0

@osworx
Copy link
Contributor

@osworx osworx commented on 9a5ceb0 Apr 6, 2015

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How many times you want to add repeated code like html_entity_decode($var, ENT_QUOTES, 'UTF-8');??
Why not creating a simple function and call that?

@pine3ree
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@osworx 👍
in my own implementation i have he() hd() (and _t(..) for language->get(..), _j() for javascript string) model/controller/view utility methods, but having methods with more semantic names like htmlEncode(), htmlDecode(), jsEncode(), ... with default encoding/decoding params would be good.

It would be good also to always store unescaped data in the database and escape what need to be escaped in templates. That is also what most frameworks do.

Please sign in to comment.