From 4921345b889e0344303ae04af2af3371bce23aff Mon Sep 17 00:00:00 2001 From: Marc Michalsky forumZFD Date: Thu, 10 Dec 2020 15:27:21 +0100 Subject: [PATCH] do not escape html in embed codes --- CRM/TwingleCampaign/BAO/Campaign.php | 20 -------------------- CRM/TwingleCampaign/BAO/TwingleProject.php | 2 +- 2 files changed, 1 insertion(+), 21 deletions(-) diff --git a/CRM/TwingleCampaign/BAO/Campaign.php b/CRM/TwingleCampaign/BAO/Campaign.php index 2430e3e..aa09a28 100644 --- a/CRM/TwingleCampaign/BAO/Campaign.php +++ b/CRM/TwingleCampaign/BAO/Campaign.php @@ -111,9 +111,6 @@ abstract class CRM_TwingleCampaign_BAO_Campaign { // Translate custom field names back $this->translateCustomFields($values, self::OUT); - // Escape html in embed code fields - $this->escapeHtml($values); - // Translate keys from CiviCRM format to Twingle format self::translateKeys($values, self::OUT); @@ -420,23 +417,6 @@ abstract class CRM_TwingleCampaign_BAO_Campaign { ]; } - - /** - * Escape html in all embed code fields - * @param array $values - */ - protected function escapeHtml(array &$values) { - $embed_data_keys = Cache::getInstance() - ->getTemplates()['project_embed_data']; - - foreach ($embed_data_keys as $key) { - if (key_exists($key, $values)) { - $values[$key] = htmlspecialchars($values[$key]); - } - } - } - - /** * Validates $input to be either a DateTime string or an Unix timestamp * diff --git a/CRM/TwingleCampaign/BAO/TwingleProject.php b/CRM/TwingleCampaign/BAO/TwingleProject.php index 16299e6..b69c592 100644 --- a/CRM/TwingleCampaign/BAO/TwingleProject.php +++ b/CRM/TwingleCampaign/BAO/TwingleProject.php @@ -342,7 +342,7 @@ class CRM_TwingleCampaign_BAO_TwingleProject extends Campaign { // Transfer all embed_data values foreach ($embed_data_keys as $key) { - $this->values[$key] = htmlspecialchars($embedData[$key]); + $this->values[$key] = $embedData[$key]; } }