CRM_Utils_API_HTMLInputCoder
extends CRM_Utils_API_AbstractFieldCoder
in package
This class captures the encoding practices of CRM-5667 in a reusable fashion. In this design, all submitted values are partially HTML-encoded before saving to the database. If a DB reader needs to output in non-HTML medium, then it should undo the partial HTML encoding.
This class should be short-lived -- 4.3 should introduce an alternative escaping scheme and consequently remove HTMLInputCoder.
Tags
Table of Contents
Properties
- $_singleton : CRM_Utils_API_HTMLInputCoder
- $skipFields : array<string|int, string>
Methods
- decodeOutput() : mixed
- Decode output.
- decodeRow() : mixed
- Perform in-place decode on strings (in a single record).
- decodeRows() : mixed
- Perform in-place decode on strings (in a list of records).
- decodeValue() : mixed
- encodeInput() : mixed
- going to filter the submitted values across XSS vulnerability.
- encodeRow() : mixed
- Perform in-place encode on strings (in a single record).
- encodeRows() : mixed
- Perform in-place decode on strings (in a list of records).
- encodeValue() : mixed
- flushCache() : void
- fromApiInput() : array<string|int, mixed>
- Interface for interpreting api input.
- getSkipFields() : array<string|int, string>
- Get skipped fields.
- isSkippedField() : bool
- Is field skipped.
- singleton() : CRM_Utils_API_HTMLInputCoder
- toApiOutput() : array<string|int, mixed>
- Interface for interpreting api output.
- isApiControlField() : bool
Properties
$_singleton
private
static CRM_Utils_API_HTMLInputCoder
$_singleton
= \NULL
$skipFields
private
array<string|int, string>
$skipFields
= \NULL
Methods
decodeOutput()
Decode output.
public
decodeOutput(array<string|int, mixed> &$values[, bool $castToString = FALSE ]) : mixed
Parameters
- $values : array<string|int, mixed>
- $castToString : bool = FALSE
decodeRow()
Perform in-place decode on strings (in a single record).
public
decodeRow(array<string|int, mixed> &$row) : mixed
Parameters
- $row : array<string|int, mixed>
-
Ex in: ['first_name' => 'A&W']. Ex out: ['first_name' => 'A&W'].
decodeRows()
Perform in-place decode on strings (in a list of records).
public
decodeRows(array<string|int, mixed> &$rows) : mixed
Parameters
- $rows : array<string|int, mixed>
-
Ex in: $rows[0] = ['first_name' => 'A&W']. Ex out: $rows[0] = ['first_name' => 'A&W'].
decodeValue()
public
decodeValue(mixed $value) : mixed
Parameters
- $value : mixed
encodeInput()
going to filter the submitted values across XSS vulnerability.
public
encodeInput(array<string|int, mixed>|string &$values[, bool $castToString = FALSE ]) : mixed
Parameters
- $values : array<string|int, mixed>|string
- $castToString : bool = FALSE
-
If TRUE, all scalars will be filtered (and therefore cast to strings). If FALSE, then non-string values will be preserved
encodeRow()
Perform in-place encode on strings (in a single record).
public
encodeRow(array<string|int, mixed> &$row) : mixed
Parameters
- $row : array<string|int, mixed>
-
Ex in: ['first_name' => 'A&W']. Ex out: ['first_name' => 'A&W'].
encodeRows()
Perform in-place decode on strings (in a list of records).
public
encodeRows(array<string|int, mixed> &$rows) : mixed
Parameters
- $rows : array<string|int, mixed>
-
Ex in: $rows[0] = ['first_name' => 'A&W']. Ex out: $rows[0] = ['first_name' => 'A&W'].
encodeValue()
public
encodeValue(mixed $value) : mixed
Parameters
- $value : mixed
flushCache()
public
flushCache() : void
fromApiInput()
Interface for interpreting api input.
public
fromApiInput(mixed $apiRequest) : array<string|int, mixed>
Parameters
- $apiRequest : mixed
Tags
Return values
array<string|int, mixed> —modified $apiRequest
getSkipFields()
Get skipped fields.
public
getSkipFields() : array<string|int, string>
Return values
array<string|int, string> —list of field names
isSkippedField()
Is field skipped.
public
isSkippedField(string $fldName) : bool
Parameters
- $fldName : string
Return values
bool —TRUE if encoding should be skipped for this field
singleton()
public
static singleton() : CRM_Utils_API_HTMLInputCoder
Return values
CRM_Utils_API_HTMLInputCodertoApiOutput()
Interface for interpreting api output.
public
toApiOutput(mixed $apiRequest, mixed $result) : array<string|int, mixed>
Parameters
- $apiRequest : mixed
- $result : mixed
Tags
Return values
array<string|int, mixed> —modified $result
isApiControlField()
protected
isApiControlField(mixed $key) : bool
Parameters
- $key : mixed