Closed cairocoder01 closed 4 months ago
Read only fix makes sense. I'm not sure about not escaping the keys
@corsacca Totally understand the worry about not escaping keys. I looked at the main posts API and didn't see the same overarching sanitizing. Somehow, we need to not escape that value for the age field - and really any other dropdown field that has pre-defined values that need to match. I'm open to other ways of doing that. I tried to look through that code and make sure everything else that gets saved to the db gets sanitized. Maybe there's a better way though.
Yeah. That field is a pain. It is the only one with issues. No key should have a >
in it. I've considered writing a migration and changing the defaults.
Thanks @cairocoder01!
This fixes two issues:
key_select
fields)The first is self-explanatory.
To expand on the second, I found that when the
age
field was used in a magic link, the value being saved would be something like<40
instead of the correct<40
. This is because all fields were being sanitized like they were open text fields. To alleviate that, I moved the sanitize function inside of the switch statement depending on each field type. Those that are open fields for direct user input are sanitized and others are not. This fixed the issue withkey_select
while still encoding open input fields.