diff --git a/src/api/wishes.php b/src/api/wishes.php index 707c0746..ef742d76 100644 --- a/src/api/wishes.php +++ b/src/api/wishes.php @@ -91,11 +91,11 @@ switch ($_SERVER['REQUEST_METHOD']) { break; } - $wish_title = Sanitiser::getTitle($_POST['wish_title']); - $wish_description = Sanitiser::getText($_POST['wish_description']); - $wish_image = Sanitiser::getURL($_POST['wish_image']); - $wish_url = Sanitiser::getURL($_POST['wish_url']); - $wish_priority = !empty($_POST['wish_priority']) ? Sanitiser::getNumber($_POST['wish_priority']) : null; + $wish_title = addslashes(filter_input(INPUT_POST, 'wish_title', FILTER_SANITIZE_SPECIAL_CHARS)); + $wish_description = addslashes(filter_input(INPUT_POST, 'wish_description', FILTER_SANITIZE_SPECIAL_CHARS)); + $wish_image = addslashes(filter_input(INPUT_POST, 'wish_image', FILTER_SANITIZE_URL)); + $wish_url = addslashes(filter_input(INPUT_POST, 'wish_url', FILTER_SANITIZE_URL)); + $wish_priority = addslashes(filter_input(INPUT_POST, 'wish_priority', FILTER_SANITIZE_NUMBER_INT)); $wish_is_purchasable = isset($_POST['wish_is_purchasable']); if (Wish::NO_IMAGE === $wish_image) { diff --git a/src/assets/js/parts/wish.js b/src/assets/js/parts/wish.js index 51f9c213..e26fad68 100644 --- a/src/assets/js/parts/wish.js +++ b/src/assets/js/parts/wish.js @@ -233,10 +233,13 @@ $(function () { .tab(); /** General */ + var decoded_title = $('
').html(wish_local.title).text(); + var decoded_description = $('
').html(wish_local.description).text(); + $('[name="wish_id"]').val(wish_local.id); $('[name="wishlist_id"]').val(wish_local.wishlist); - $('[name="wish_title"]').val(wish_local.title); - $('[name="wish_description"]').val(wish_local.description); + $('[name="wish_title"]').val(decoded_title); + $('[name="wish_description"]').val(decoded_description); $('[name="wish_image"]').val(wish_local.image); $('[name="wish_url"]').val(wish_local.url); $('.ui.selection.dropdown.priority').dropdown('set selected', wish_local.priority); diff --git a/src/classes/wishthis/Wish.php b/src/classes/wishthis/Wish.php index 478fe82f..13152449 100644 --- a/src/classes/wishthis/Wish.php +++ b/src/classes/wishthis/Wish.php @@ -113,8 +113,8 @@ class Wish } } - $this->title = Sanitiser::render($this->title ?? ''); - $this->description = Sanitiser::render($this->description ?? ''); + $this->title = stripslashes($this->title ?? ''); + $this->description = stripslashes($this->description ?? ''); } }