CRM_Utils_API_HTMLInputCoder

class CRM_Utils_API_HTMLInputCoder extends CRM_Utils_API_AbstractFieldCoder

This class captures the encoding practices of CRM-5667 in a reusable fashion. In this design, all submitted values are partially HTML-encoded before saving to the database. If a DB reader needs to output in non-HTML medium, then it should undo the partial HTML encoding.

This class should be short-lived -- 4.3 should introduce an alternative escaping scheme and consequently remove HTMLInputCoder.

Methods

array
getSkipFields()

Get skipped fields.

bool
isSkippedField(string $fldName)

Is field skipped.

from CRM_Utils_API_AbstractFieldCoder
encodeInput(array|string $values, bool $castToString = FALSE)

going to filter the submitted values across XSS vulnerability.

mixed
decodeOutput(string $values, bool $castToString = FALSE)

No description

array
fromApiInput(array $apiRequest)

No description

from CRM_Utils_API_AbstractFieldCoder
array
toApiOutput(array $apiRequest, array $result)

No description

from CRM_Utils_API_AbstractFieldCoder
bool
isApiControlField($key)

No description

from CRM_Utils_API_AbstractFieldCoder
static CRM_Utils_API_HTMLInputCoder
singleton()

No description

encodeValue($value)

No description

encodeRows(array $rows)

Perform in-place decode on strings (in a list of records).

encodeRow(array $row)

Perform in-place encode on strings (in a single record).

decodeValue($value)

No description

decodeRows(array $rows)

Perform in-place decode on strings (in a list of records).

decodeRow(array $row)

Perform in-place decode on strings (in a single record).

Details

at line 64
array getSkipFields()

Get skipped fields.

Return Value

array List of field names

in CRM_Utils_API_AbstractFieldCoder at line 61
bool isSkippedField(string $fldName)

Is field skipped.

Parameters

string $fldName

Return Value

bool TRUE if encoding should be skipped for this field

at line 142
encodeInput(array|string $values, bool $castToString = FALSE)

going to filter the submitted values across XSS vulnerability.

Parameters

array|string $values the field value from the API
bool $castToString If TRUE, all scalars will be filtered (and therefore cast to strings). If FALSE, then non-string values will be preserved

at line 189
mixed decodeOutput(string $values, bool $castToString = FALSE)

Parameters

string $values
bool $castToString

Return Value

mixed

in CRM_Utils_API_AbstractFieldCoder at line 109
array fromApiInput(array $apiRequest)

Parameters

array $apiRequest

Return Value

array modified $apiRequest

in CRM_Utils_API_AbstractFieldCoder at line 134
array toApiOutput(array $apiRequest, array $result)

Parameters

array $apiRequest
array $result

Return Value

array modified $result

in CRM_Utils_API_AbstractFieldCoder at line 154
protected bool isApiControlField($key)

Parameters

$key

Return Value

bool

at line 51
static CRM_Utils_API_HTMLInputCoder singleton()

Return Value

CRM_Utils_API_HTMLInputCoder

at line 153
encodeValue($value)

Parameters

$value

at line 164
encodeRows(array $rows)

Perform in-place decode on strings (in a list of records).

Parameters

array $rows Ex in: $rows[0] = ['first_name' => 'A&W']. Ex out: $rows[0] = ['first_name' => 'A&W'].

at line 177
encodeRow(array $row)

Perform in-place encode on strings (in a single record).

Parameters

array $row Ex in: ['first_name' => 'A&W']. Ex out: ['first_name' => 'A&W'].

at line 200
decodeValue($value)

Parameters

$value

at line 211
decodeRows(array $rows)

Perform in-place decode on strings (in a list of records).

Parameters

array $rows Ex in: $rows[0] = ['first_name' => 'A&W']. Ex out: $rows[0] = ['first_name' => 'A&W'].

at line 224
decodeRow(array $row)

Perform in-place decode on strings (in a single record).

Parameters

array $row Ex in: ['first_name' => 'A&W']. Ex out: ['first_name' => 'A&W'].