CRM_Utils_API_HTMLInputCoder

class CRM_Utils_API_HTMLInputCoder extends CRM_Utils_API_AbstractFieldCoder

This class captures the encoding practices of CRM-5667 in a reusable fashion. In this design, all submitted values are partially HTML-encoded before saving to the database. If a DB reader needs to output in non-HTML medium, then it should undo the partial HTML encoding.

This class should be short-lived -- 4.3 should introduce an alternative escaping scheme and consequently remove HTMLInputCoder.

Methods

array

getSkipFields()

Get skipped fields.

bool

isSkippedField(string $fldName)

Is field skipped.

from CRM_Utils_API_AbstractFieldCoder

encodeInput(array|string $values, bool $castToString = FALSE)

going to filter the submitted values across XSS vulnerability.

mixed

decodeOutput(string $values, bool $castToString = FALSE)

No description

array

fromApiInput(array $apiRequest)

No description

from CRM_Utils_API_AbstractFieldCoder

array

toApiOutput(array $apiRequest, array $result)

No description

from CRM_Utils_API_AbstractFieldCoder

bool

isApiControlField($key)

No description

from CRM_Utils_API_AbstractFieldCoder

static CRM_Utils_API_HTMLInputCoder

singleton()

No description

Details

at line 64
`array getSkipFields()`

Get skipped fields.

Return Value

array

List of field names

in CRM_Utils_API_AbstractFieldCoder at line 61
`bool isSkippedField(string $fldName)`

Is field skipped.

Parameters

string

$fldName

Return Value

bool	TRUE if encoding should be skipped for this field

at line 126
`encodeInput(array|string $values, bool $castToString = FALSE)`

going to filter the submitted values across XSS vulnerability.

Parameters

array\|string	$values	the field value from the API
bool	$castToString	If TRUE, all scalars will be filtered (and therefore cast to strings). If FALSE, then non-string values will be preserved

at line 141
`mixed decodeOutput(string $values, bool $castToString = FALSE)`

Parameters

string	$values
bool	$castToString

Return Value

mixed

in CRM_Utils_API_AbstractFieldCoder at line 104
`array fromApiInput(array $apiRequest)`

Parameters

array

$apiRequest

Return Value

array

modified $apiRequest

in CRM_Utils_API_AbstractFieldCoder at line 129
`array toApiOutput(array $apiRequest, array $result)`

Parameters

array	$apiRequest
array	$result

Return Value

array

modified $result

in CRM_Utils_API_AbstractFieldCoder at line 149
`protected bool isApiControlField($key)`

Parameters

$key

Return Value

bool

at line 51
`static CRM_Utils_API_HTMLInputCoder singleton()`

Return Value

CRM_Utils_API_HTMLInputCoder

Methods

Details

at line 64 array getSkipFields()

Return Value

in CRM_Utils_API_AbstractFieldCoder at line 61 bool isSkippedField(string $fldName)

Parameters

Return Value

at line 126 encodeInput(array|string $values, bool $castToString = FALSE)

Parameters

at line 141 mixed decodeOutput(string $values, bool $castToString = FALSE)

Parameters

Return Value

in CRM_Utils_API_AbstractFieldCoder at line 104 array fromApiInput(array $apiRequest)

Parameters

Return Value

in CRM_Utils_API_AbstractFieldCoder at line 129 array toApiOutput(array $apiRequest, array $result)

Parameters

Return Value

in CRM_Utils_API_AbstractFieldCoder at line 149 protected bool isApiControlField($key)

Parameters

Return Value

at line 51 static CRM_Utils_API_HTMLInputCoder singleton()

Return Value

at line 64
`array getSkipFields()`

in CRM_Utils_API_AbstractFieldCoder at line 61
`bool isSkippedField(string $fldName)`

at line 126
`encodeInput(array|string $values, bool $castToString = FALSE)`

at line 141
`mixed decodeOutput(string $values, bool $castToString = FALSE)`

in CRM_Utils_API_AbstractFieldCoder at line 104
`array fromApiInput(array $apiRequest)`

in CRM_Utils_API_AbstractFieldCoder at line 129
`array toApiOutput(array $apiRequest, array $result)`

in CRM_Utils_API_AbstractFieldCoder at line 149
`protected bool isApiControlField($key)`

at line 51
`static CRM_Utils_API_HTMLInputCoder singleton()`