}
// unserialise
+ // byte処理
+ $characterProfileArchive['CharacterProfileArchive']['value'] = preg_replace('!s:(\d+):"(.*?)";!e', "'s:'.strlen('$2').':\"$2\";'", $characterProfileArchive['CharacterProfileArchive']['value']);
+ // unserialise&stripslashes
$characterProfileArchive['CharacterProfileArchive']['value'] = unserialize($this->CharacterProfileArchive->restore_escape($characterProfileArchive['CharacterProfileArchive']['value']));
+
if (empty($characterProfileArchive['CharacterProfileArchive']['value'])) {
$this->Session->setFlash(__('This archive could not be viewable.', true));
$characterProfileArchive['CharacterProfileArchive']['value'] = array();
}
- $this->set('characterProfileArchive', $characterProfileArchive);
-
// Systemチェック
$this->set('systemValid', 'public');
if (!isset($characterProfileArchive['CharacterProfileArchive']['value']['System']) || !$characterProfileArchive['CharacterProfileArchive']['value']['System']) {
);
}
+
+ foreach ($characterProfileArchive['CharacterProfileArchive']['value']['System']['Profile'] as $k => $v) {
+ if (!empty($v['CharactersHasProfile'])) {
+ // サニタイズ
+ foreach ($v['CharactersHasProfile'] as $k2 => $v2) {
+ $characterProfileArchive['CharacterProfileArchive']['value']['System']['Profile'][$k]['CharactersHasProfile'][$k2]['value'] = $this->{$this->modelClass}->restore_html($v2['value'], false, false, false);
+ if ($v['profile_type'] == 'textarea') {
+ $characterProfileArchive['CharacterProfileArchive']['value']['System']['Profile'][$k]['CharactersHasProfile'][$k2]['value'] = str_replace('<br />', "\n", $characterProfileArchive['CharacterProfileArchive']['value']['System']['Profile'][$k]['CharactersHasProfile'][$k2]['value']);
+ }
+ }
+ }
+ }
+ $this->set('characterProfileArchive', $characterProfileArchive);
+
$this->set('title_for_layout', " - ".
$characterProfileArchive['Character']['name'].
" - ".
- date('Y/m/d', strtotime($characterProfileArchive['CharacterProfileArchive']['disp_date']))
+ date('Y/m/d', strtotime($characterProfileArchive['CharacterProfileArchive']['disp_date'])).
+ ' '.
+ $characterProfileArchive['CharacterProfileArchive']['title']
);
}
$this->isNpc = true;
}*/
$character = $this->_restore_html_system($character);
+ $character['System']['Profile'] = $this->_restore_html_characters_has_profiles($character['System']['Profile'], false);
$this->set('title_for_layout', " - ". $character['Character']['name']);
}
// サニタイズ
- $characters_has_profiles[$k]['value'] = Sanitize::html($characters_has_profiles[$k]['value']);
$characters_has_profiles[$k]['value'] = preg_replace('/[\\\n]/', '', $characters_has_profiles[$k]['value']);
$characters_has_profiles[$k]['value'] = preg_replace('/[\\\r]/', '', $characters_has_profiles[$k]['value']);
// textarea改行処理
if (isset($v['is_textarea']) && $v['is_textarea'] == 1) {
- $characters_has_profiles[$k]['value'] = str_replace(array("\n\r", '\n', "\r"), '<br />', $characters_has_profiles[$k]['value']);
+// $characters_has_profiles[$k]['value'] = str_replace(array("\n\r", '\n', "\r"), '<br />', $characters_has_profiles[$k]['value']);
$characters_has_profiles[$k]['value'] = str_replace("\\", '', $characters_has_profiles[$k]['value']);
}
- $characters_has_profiles[$k]['value'] = Sanitize::stripAll($characters_has_profiles[$k]['value']);
// 空の値処理, public_flag
// table: 一時保管して全項目空の場合行削除
}
}
}
-
return $data;
}
{
// $fieldsの設定でSanitize
if (isset($this->data[$this->name])) {
- foreach($this->data[$this->name] as $field => $value) {
- $this->data[$this->name][$field] = $this->escapeByFields($field, $value);
- }
- // Sanitize(不正コード、SQL Injection)
- $this->data = Sanitize::clean(
- $this->data,
- array(
- 'encode' => false,
- )
- );
+ $this->data[$this->name] = $this->_sanitizeByFields($this->data[$this->name]);
+ }
+
+ // Sanitize(不正コード、SQL Injection)
+ if (isset($this->data)) {
+ $this->data = $this->_sanitizeBasic($this->data);
}
return parent::beforeSave($options);
}
+ function _sanitizeByFields($data)
+ {
+ if (empty($data) || !is_array($data)) {
+ return $data;
+ }
+
+ foreach($data as $field => $value) {
+ $data[$field] = $this->escapeByFields($field, $value);
+ }
+
+ return $data;
+ }
+ function _sanitizeBasic($data)
+ {
+ if (empty($data) || !is_array($data)) {
+ return $data;
+ }
+
+ $data = Sanitize::clean(
+ $data,
+ array(
+ 'encode' => false,
+ )
+ );
+
+ return $data;
+ }
+
/* Validation */
/* alphaNumeric() */
/** It Overwrites the original alphaNumeric() **/
function beforeSerialize(&$item)
{
- $item = str_replace('\"', '', $item);
+ $item = preg_replace('/\\\n/', "<br />", $item);
+ $item = addslashes($item);
return $item;
}
var $fields = array(
'add' => array('character_id', 'profile_id', 'profile_select_id', 'profile_table_id', 'profile_table_static_id', 'value', 'public_flag', 'link_value'),
'escape' => array(
+ 'value' => array(
+ 'html' => true,
+ 'tags' => true,
+ 'images' => true,
+ 'sctipts' => true,
+ ),
+ 'link_value' => array(
+ 'html' => true,
+ 'tags' => true,
+ 'all' => true,
+ ),
),
);
)
);
+ function beforeSave($options = array())
+ {
+ // $fieldsの設定でSanitize
+ if (isset($this->data[$this->name])) {
+ $this->data[$this->name] = $this->_sanitizeByFields($this->data[$this->name]);
+ }
+
+ // Sanitize(不正コード、SQL Injection)
+ if (isset($this->data)) {
+ $this->data = $this->_sanitizeBasic($this->data);
+ }
+
+ return $this->data;
+ }
+
/* Validation */
function validProfileId($data, $system_id)
{
} elseif(isset($characterSheets['System']['name'])) {
$system_name = $characterSheets['System']['name'];
$system_id = $characterSheets['System']['id'];
+} elseif(isset($profile['System']['name'])) {
+ $system_name = $profile['System']['name'];
+ $system_id = $profile['System']['id'];
} else {
$system_name = null;
$system_id = null;
} elseif(isset($characterSheets['System']['name'])) {
$system_name = $characterSheets['System']['name'];
$system_id = $characterSheets['System']['id'];
+} elseif(isset($profile['System']['name'])) {
+ $system_name = $profile['System']['name'];
+ $system_id = $profile['System']['id'];
} else {
$system_name = null;
$system_id = null;