corsacca
commented
4 months ago Read only fix makes sense. I'm not sure about not escaping the keys
Closed cairocoder01 closed 4 months ago
corsacca
commented
4 months ago Read only fix makes sense. I'm not sure about not escaping the keys
cairocoder01
commented
4 months ago @corsacca Totally understand the worry about not escaping keys. I looked at the main posts API and didn't see the same overarching sanitizing. Somehow, we need to not escape that value for the age field - and really any other dropdown field that has pre-defined values that need to match. I'm open to other ways of doing that. I tried to look through that code and make sure everything else that gets saved to the db gets sanitized. Maybe there's a better way though.
corsacca
commented
4 months ago Yeah. That field is a pain. It is the only one with issues. No key should have a > in it. I've considered writing a migration and changing the defaults.
corsacca
commented
4 months ago Thanks @cairocoder01!
This fixes two issues:
key_selectfields)The first is self-explanatory.
To expand on the second, I found that when the
agefield was used in a magic link, the value being saved would be something like<40instead of the correct<40. This is because all fields were being sanitized like they were open text fields. To alleviate that, I moved the sanitize function inside of the switch statement depending on each field type. Those that are open fields for direct user input are sanitized and others are not. This fixed the issue withkey_selectwhile still encoding open input fields.