fix: wish title and description encoding
This commit is contained in:
parent
b8ca7786ce
commit
815f1cbd37
3 changed files with 12 additions and 9 deletions
|
@ -91,11 +91,11 @@ switch ($_SERVER['REQUEST_METHOD']) {
|
|||
break;
|
||||
}
|
||||
|
||||
$wish_title = Sanitiser::getTitle($_POST['wish_title']);
|
||||
$wish_description = Sanitiser::getText($_POST['wish_description']);
|
||||
$wish_image = Sanitiser::getURL($_POST['wish_image']);
|
||||
$wish_url = Sanitiser::getURL($_POST['wish_url']);
|
||||
$wish_priority = !empty($_POST['wish_priority']) ? Sanitiser::getNumber($_POST['wish_priority']) : null;
|
||||
$wish_title = addslashes(filter_input(INPUT_POST, 'wish_title', FILTER_SANITIZE_SPECIAL_CHARS));
|
||||
$wish_description = addslashes(filter_input(INPUT_POST, 'wish_description', FILTER_SANITIZE_SPECIAL_CHARS));
|
||||
$wish_image = addslashes(filter_input(INPUT_POST, 'wish_image', FILTER_SANITIZE_URL));
|
||||
$wish_url = addslashes(filter_input(INPUT_POST, 'wish_url', FILTER_SANITIZE_URL));
|
||||
$wish_priority = addslashes(filter_input(INPUT_POST, 'wish_priority', FILTER_SANITIZE_NUMBER_INT));
|
||||
$wish_is_purchasable = isset($_POST['wish_is_purchasable']);
|
||||
|
||||
if (Wish::NO_IMAGE === $wish_image) {
|
||||
|
|
|
@ -233,10 +233,13 @@ $(function () {
|
|||
.tab();
|
||||
|
||||
/** General */
|
||||
var decoded_title = $('<div>').html(wish_local.title).text();
|
||||
var decoded_description = $('<div>').html(wish_local.description).text();
|
||||
|
||||
$('[name="wish_id"]').val(wish_local.id);
|
||||
$('[name="wishlist_id"]').val(wish_local.wishlist);
|
||||
$('[name="wish_title"]').val(wish_local.title);
|
||||
$('[name="wish_description"]').val(wish_local.description);
|
||||
$('[name="wish_title"]').val(decoded_title);
|
||||
$('[name="wish_description"]').val(decoded_description);
|
||||
$('[name="wish_image"]').val(wish_local.image);
|
||||
$('[name="wish_url"]').val(wish_local.url);
|
||||
$('.ui.selection.dropdown.priority').dropdown('set selected', wish_local.priority);
|
||||
|
|
|
@ -113,8 +113,8 @@ class Wish
|
|||
}
|
||||
}
|
||||
|
||||
$this->title = Sanitiser::render($this->title ?? '');
|
||||
$this->description = Sanitiser::render($this->description ?? '');
|
||||
$this->title = stripslashes($this->title ?? '');
|
||||
$this->description = stripslashes($this->description ?? '');
|
||||
}
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue