fix sanitization in AppController #96

pull/64/merge
Christophe Vandeplas 2013-04-24 16:01:44 +02:00
parent b0f9c92434
commit 8e720f87f2
1 changed files with 2 additions and 31 deletions

View File

@ -23,8 +23,6 @@
// TODO GPG encryption has issues when keys are expired
App::uses('Controller', 'Controller');
App::uses('Sanitize', 'Utility');
App::uses('File', 'Utility');
/**
@ -96,9 +94,7 @@ class AppController extends Controller {
// Authenticate user with authkey in Authorization HTTP header
if (!empty($_SERVER['HTTP_AUTHORIZATION'])) {
//Sanitize the authkey
$authkey = Sanitize::clean($_SERVER['HTTP_AUTHORIZATION']);
if (!$this->checkAuthUser($authkey)) {
if (!$this->checkAuthUser($_SERVER['HTTP_AUTHORIZATION'])) {
throw new ForbiddenException('The authentication key provided cannot be used for syncing.');
}
$this->loadModel('User');
@ -124,7 +120,7 @@ class AppController extends Controller {
}
// These variables are required for every view
$this->set('me', Sanitize::clean($this->Auth->user()));
$this->set('me', $this->Auth->user());
$this->set('isAdmin', $this->_isAdmin());
$this->set('isSiteAdmin', $this->_isSiteAdmin());
@ -726,30 +722,5 @@ class AppController extends Controller {
return false;
}
public $reservedTags = array( // TODO custom Tags like <Random>
array('<Random>', '[RaDdom]')
);
public function beforeSanitizeClean($str) {
// TODO custom Tags like <Random>
foreach ($this->reservedTags as $reservedTagset) {
$str = str_replace($reservedTagset[0], $reservedTagset[1], $str);
}
return $str;
}
public function counterSanitizeClean($str) {
// TODO custom Tags like <Random>
foreach ($this->reservedTags as $reservedTagset) {
$str = str_replace($reservedTagset[1], $reservedTagset[0], $str);
}
// TODO standard HTML 'markup'
$str = str_replace('\n', chr(10), $str);
$str = str_replace('\\\\', '\\', $str);
$str = str_replace('&amp;', '&', $str);
$str = str_replace('&quot;', '"', $str);
return $str;
}
}