Merge pull request #31 from wollanup/develop

Remove Xss

Author: wollanup

composer.json

@@ -21,7 +21,7 @@
   },
   "require": {
     "propel/propel": "~2.0@dev",
-    "wollanup/php-api-rest-interfaces": "^1.1.11",
+    "wollanup/php-api-rest-interfaces": "^1.1.12",
     "wollanup/php-api-rest-propel-behavior": "^1.1",
     "wollanup/php-api-rest-service-request": "^1.0.1",
     "wollanup/php-api-rest-utils": "^1.1",

src/Container/Container.php

@@ -19,8 +19,6 @@
 use Eukles\Service\Router\RouterInterface;
 use Eukles\Service\RoutesClasses\Exception\RoutesClassesServiceMissingException;
 use Eukles\Service\RoutesClasses\RoutesClassesInterface;
-use Eukles\Service\XssCleaner\XssCleaner;
-use Eukles\Service\XssCleaner\XssCleanerInterface;
 use Eukles\Slim\Handlers\ActionError;
 use Eukles\Slim\Handlers\ActionErrorInterface;
 use Eukles\Slim\Handlers\EntityRequestError;
@@ -120,13 +118,6 @@ public function __construct(array $values = [])
                 return new ActionError();
             };
         }
-    
-        # Xss cleaner
-        if (!isset($values[self::XSS_CLEANER])) {
-            $this[self::XSS_CLEANER] = function () {
-                return new XssCleaner();
-            };
-        }
     }
 
     /**
@@ -209,11 +200,4 @@ public function getRoutesClasses()
         return $this[self::ROUTES_CLASSES];
     }
 
-    /**
-     * @return XssCleanerInterface
-     */
-    public function getXssCleaner()
-    {
-        return $this[self::XSS_CLEANER];
-    }
 }

src/Entity/EntityFactory.php

@@ -43,9 +43,7 @@ public function create(
 
         # Then, alter object with allowed properties
         /** @noinspection PhpUndefinedMethodInspection */
-        $params = $entityRequest->getContainer()->getXssCleaner()->cleanArray($request->getParams());
-        /** @noinspection PhpUndefinedMethodInspection */
-        $obj->fromArray($entityRequest->getAllowedDataFromRequest($params, $request->getMethod()));
+        $obj->fromArray($entityRequest->getAllowedDataFromRequest($request->getParams(), $request->getMethod()));
 
         # Execute afterCreate hook, which can alter record
         $entityRequest->afterCreate($obj);
@@ -115,7 +113,6 @@ public function fetch(
         if ($postParams) {
             $params = array_merge($params, (array)$postParams);
         }
-        $params = $entityRequest->getContainer()->getXssCleaner()->cleanArray($params);
 
         # Then, alter object with allowed properties
         $obj->fromArray($entityRequest->getAllowedDataFromRequest($params, $request->getMethod()));

src/Service/XssCleaner/XssCleaner.php

@@ -140,7 +140,6 @@ private function buildParams(
                     );
                 }
             } else {
-                $cleaner = $this->container->getXssCleaner();
                 if (isset($routeArguments[$name])) {
                     $paramValue = $routeArguments[$name];
                 } elseif (isset($requestParams[$name])) {
@@ -154,13 +153,7 @@ private function buildParams(
                         "Missing or null required parameter '{$name}' in " . $r->getName() . "::" . $m->getName()
                     );
                 }
-                if (is_array($paramValue)) {
-                    $buildParams[] = $cleaner->cleanArray($paramValue);
-                } elseif (is_scalar($paramValue)) {
-                    $buildParams[] = $cleaner->cleanString($paramValue);
-                } else {
-                    $buildParams[] = $paramValue;
-                }
+                $buildParams[] = $paramValue;
             }
         }