gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-05-14 05:31:42 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

do not call htmlspecialchars() for json data

Browse Source 
it doesn't do any harm and it's up to the application to encode the data
This commit is contained in:
Uwe Steinmann 2017-12-20 11:33:21 +01:00
parent be112427d6
commit b539921c23
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
restapi/index.php
View File

@ -215,7 +215,7 @@ function getFolderPath($id) { /* {{{ */
$path = $folder->getPath(); $path = $folder->getPath();
$data = array(); $data = array();
foreach($path as $element) { foreach($path as $element) {
$data[] = array('id'=>$element->getId(), 'name'=>htmlspecialchars($element->getName())); $data[] = array('id'=>$element->getId(), 'name'=>$element->getName());
} }
echo json_encode(array('success'=>true, 'message'=>'', 'data'=>$data)); echo json_encode(array('success'=>true, 'message'=>'', 'data'=>$data));
} /* }}} */ } /* }}} */
@ -261,7 +261,7 @@ function getFolderChildren($id) { /* {{{ */
$recs[] = array( $recs[] = array(
'type'=>'folder', 'type'=>'folder',
'id'=>$subfolder->getId(), 'id'=>$subfolder->getId(),
'name'=>htmlspecialchars($subfolder->getName()), 'name'=>$subfolder->getName(),
'comment'=>$subfolder->getComment(), 'comment'=>$subfolder->getComment(),
'date'=>$subfolder->getDate(), 'date'=>$subfolder->getDate(),
); );
@ -275,7 +275,7 @@ function getFolderChildren($id) { /* {{{ */
'type'=>'document', 'type'=>'document',
'id'=>$document->getId(), 'id'=>$document->getId(),
'date'=>$document->getDate(), 'date'=>$document->getDate(),
'name'=>htmlspecialchars($document->getName()), 'name'=>$document->getName(),
'mimetype'=>$lc->getMimeType(), 'mimetype'=>$lc->getMimeType(),
'version'=>$lc->getVersion(), 'version'=>$lc->getVersion(),
'size'=>$lc->getFileSize(), 'size'=>$lc->getFileSize(),
@ -464,8 +464,8 @@ function getDocument($id) { /* {{{ */
$app->response()->header('Content-Type', 'application/json'); $app->response()->header('Content-Type', 'application/json');
$data = array( $data = array(
'id'=>$id, 'id'=>$id,
'name'=>htmlspecialchars($document->getName()), 'name'=>$document->getName(),
'comment'=>htmlspecialchars($document->getComment()), 'comment'=>$document->getComment(),
'date'=>$document->getDate(), 'date'=>$document->getDate(),
'mimetype'=>$lc->getMimeType(), 'mimetype'=>$lc->getMimeType(),
'version'=>$lc->getVersion(), 'version'=>$lc->getVersion(),
@ -576,7 +576,7 @@ function getDocumentVersions($id) { /* {{{ */
'date'=>$lc->getDate(), 'date'=>$lc->getDate(),
'mimetype'=>$lc->getMimeType(), 'mimetype'=>$lc->getMimeType(),
'size'=>$lc->getFileSize(), 'size'=>$lc->getFileSize(),
'comment'=>htmlspecialchars($lc->getComment()), 'comment'=>$lc->getComment(),
); );
} }
$app->response()->header('Content-Type', 'application/json'); $app->response()->header('Content-Type', 'application/json');