ProPeace/de.forumzfd.twinglecampaign
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

escape html in embed code fields when fetching campaigns from CiviCRM

Browse source
This commit is contained in:
Marc Michalsky forumZFD 2020-11-13 16:20:53 +01:00
parent 6ff2322086
commit 918f8df55a
Signed by untrusted user who does not match committer: marc.koch
GPG key ID: 12406554CFB028B9
1 changed files with 19 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

20
CRM/TwingleCampaign/BAO/Campaign.php
View file

@ -114,6 +114,9 @@ abstract class Campaign {
// Translate custom field names back
$this->translateCustomFields($values, self::OUT);
// Escape html in embed code fields
$this->escapeHtml($values);
// Translate keys from CiviCRM format to Twingle format
self::translateKeys($values, self::OUT);
@ -196,7 +199,6 @@ abstract class Campaign {
* @throws Exception
*/
public function update(array $values) {
// Update campaign values
$this->values = array_merge($this->values, $values);
}
@ -480,6 +482,22 @@ abstract class Campaign {
}
/**
* Escape html in all embed code fields
* @param array $values
*/
protected function escapeHtml(array &$values) {
$embed_data_keys = Cache::getInstance()
->getTemplates()['project_embed_data'];
foreach ($embed_data_keys as $key) {
if (key_exists($key, $values)) {
$values[$key] = htmlspecialchars($values[$key]);
}
}
}
/**
* Validates $input to be either a DateTime string or an Unix timestamp
*