Here's what I've come up with (so far) for the EO sanitizer; please let me know if there's a better way. This approach gets the product's name and text attributes to not get &'d to death:
Code:
$eo_sanitizer = AdminRequestSanitizer::getInstance();
$eo_group = array(
'update_products' => array(
'sanitizerType' => 'MULTI_DIMENSIONAL',
'method' => 'post',
'pages' => array('edit_orders'),
'params' => array(
'update_products' => array('sanitizerType' => 'CONVERT_INT'),
'qty' => array('sanitizerType' => 'CONVERT_INT'), //-This one should really be a float
'name' => array('sanitizerType' => 'PRODUCT_DESC_REGEX'),
'onetime_charges' => array('sanitizerType' => 'CURRENCY_VALUE_REGEX'),
'attr' => array(
'sanitizerType' => 'MULTI_DIMENSIONAL',
'params' => array(
'attr' => array('sanitizerType' => 'CONVERT_INT'),
'value' => array('sanitizerType' => 'PRODUCT_DESC_REGEX'),
'type' => array('sanitizerType' => 'CONVERT_INT')
)
),
'model' => array('sanitizerType' => 'WORDS_AND_SYMBOLS_REGEX'),
'tax' => array('sanitizerType' => 'CURRENCY_VALUE_REGEX'),
'final_price' => array('sanitizerType' => 'CURRENCY_VALUE_REGEX'),
)
)
);
$eo_sanitizer->addComplexSanitization ($eo_group);
Bookmarks