diff options
| author | Tristan Darricau <github@nicofuma.fr> | 2017-01-15 12:08:01 +0100 |
|---|---|---|
| committer | Tristan Darricau <github@nicofuma.fr> | 2017-01-15 12:08:01 +0100 |
| commit | 2637606ae1b033c12a34efd946dac145a679945f (patch) | |
| tree | cf4aa932bc638ad62b1b84e90ef5468914e625d1 /phpBB/phpbb/textformatter/data_access.php | |
| parent | d6e42ec63b54c54b488d3e4112f4cd83062731ba (diff) | |
| parent | 499fcbcca96c154298b355a945897aba4164ab8d (diff) | |
| download | forums-2637606ae1b033c12a34efd946dac145a679945f.tar forums-2637606ae1b033c12a34efd946dac145a679945f.tar.gz forums-2637606ae1b033c12a34efd946dac145a679945f.tar.bz2 forums-2637606ae1b033c12a34efd946dac145a679945f.tar.xz forums-2637606ae1b033c12a34efd946dac145a679945f.zip | |
Merge pull request #4631 from JoshyPHP/ticket/14985
[ticket/14985] Decode HTML special chars in plain text columns
* JoshyPHP/ticket/14985:
[ticket/14985] Added functional tests for BBCodes and smilies
[ticket/14985] Decode HTML special chars in plain text columns
Diffstat (limited to 'phpBB/phpbb/textformatter/data_access.php')
| -rw-r--r-- | phpBB/phpbb/textformatter/data_access.php | 50 |
1 files changed, 37 insertions, 13 deletions
diff --git a/phpBB/phpbb/textformatter/data_access.php b/phpBB/phpbb/textformatter/data_access.php index 2103bf8e60..0d37e62c87 100644 --- a/phpBB/phpbb/textformatter/data_access.php +++ b/phpBB/phpbb/textformatter/data_access.php @@ -81,11 +81,8 @@ class data_access public function get_bbcodes() { $sql = 'SELECT bbcode_match, bbcode_tpl FROM ' . $this->bbcodes_table; - $result = $this->db->sql_query($sql); - $rows = $this->db->sql_fetchrowset($result); - $this->db->sql_freeresult($result); - return $rows; + return $this->fetch_decoded_rowset($sql, ['bbcode_match']); } /** @@ -101,11 +98,8 @@ class data_access $sql = 'SELECT code, emotion, smiley_url, smiley_width, smiley_height FROM ' . $this->smilies_table . ' ORDER BY display_on_posting DESC'; - $result = $this->db->sql_query($sql); - $rows = $this->db->sql_fetchrowset($result); - $this->db->sql_freeresult($result); - return $rows; + return $this->fetch_decoded_rowset($sql, ['code', 'emotion', 'smiley_url']); } /** @@ -116,11 +110,8 @@ class data_access protected function get_styles() { $sql = 'SELECT style_id, style_path, style_parent_id, bbcode_bitfield FROM ' . $this->styles_table; - $result = $this->db->sql_query($sql); - $rows = $this->db->sql_fetchrowset($result); - $this->db->sql_freeresult($result); - return $rows; + return $this->fetch_decoded_rowset($sql); } /** @@ -219,10 +210,43 @@ class data_access public function get_censored_words() { $sql = 'SELECT word, replacement FROM ' . $this->words_table; + + return $this->fetch_decoded_rowset($sql, ['word', 'replacement']); + } + + /** + * Decode HTML special chars in given rowset + * + * @param array $rows Original rowset + * @param array $columns List of columns to decode + * @return array Decoded rowset + */ + protected function decode_rowset(array $rows, array $columns) + { + foreach ($rows as &$row) + { + foreach ($columns as $column) + { + $row[$column] = htmlspecialchars_decode($row[$column]); + } + } + + return $rows; + } + + /** + * Fetch all rows for given query and decode plain text columns + * + * @param string $sql SELECT query + * @param array $columns List of columns to decode + * @return array + */ + protected function fetch_decoded_rowset($sql, array $columns = []) + { $result = $this->db->sql_query($sql); $rows = $this->db->sql_fetchrowset($result); $this->db->sql_freeresult($result); - return $rows; + return $this->decode_rowset($rows, $columns); } } |