优化xss攻击字符过滤部分代码

13fc05ef · root · 11ecc08b · 13fc05ef · 13fc05ef · 13fc05ef
33 changed file
--- a/app/appfront/modules/Catalog/controllers/ReviewproductController.php
+++ b/app/appfront/modules/Catalog/controllers/ReviewproductController.php
@@ -35,18 +35,14 @@ class ReviewproductController extends AppfrontController
 			
 		}
 		$editForm = Yii::$app->request->post('editForm');
-		if(!empty($editForm) && is_array($editForm) ){
-			foreach($editForm as $k=>$v){
-				$editForm[$k] = \yii\helpers\Html::encode($v);
-			}
-		}
+		$editForm = \Yii::$service->helper->htmlEncode($editForm);
 		if(!empty($editForm) && is_array($editForm) ){
 			$saveStatus = $this->getBlock()->saveReview($editForm);
 			if($saveStatus){
 				$spu = Yii::$app->request->get('spu');
 				$_id = Yii::$app->request->get('_id');
-				$spu = \yii\helpers\Html::encode($spu);
-				$_id = \yii\helpers\Html::encode($_id);
+				$spu = \Yii::$service->helper->htmlEncode($spu);
+				$_id = \Yii::$service->helper->htmlEncode($_id);
 				if($spu && $_id){
 					$url = Yii::$service->url->getUrl('catalog/reviewproduct/lists',['spu' => $spu,'_id'=>$_id]);
 					$this->redirect($url);

--- a/app/appfront/modules/Catalogsearch/block/index/Index.php
+++ b/app/appfront/modules/Catalogsearch/block/index/Index.php
@@ -364,7 +364,7 @@ class Index {
 		//$category 	= Yii::$service->category->getByPrimaryKey($primaryVal);
 		//$this->_category = $category ;
 		$searchText = Yii::$app->request->get('q');
-		$searchText = \yii\helpers\Html::encode($searchText);
+		$searchText = \Yii::$service->helper->htmlEncode($searchText);
 		$this->_searchText = $searchText;
 		$search_page_title_format 			= Yii::$app->controller->module->params['search_page_title_format'];
 		$search_page_meta_keywords_format 	= Yii::$app->controller->module->params['search_page_meta_keywords_format'];

--- a/app/appfront/modules/Checkout/block/onepage/Index.php
+++ b/app/appfront/modules/Checkout/block/onepage/Index.php
@@ -251,7 +251,7 @@ class Index {
 	 */
 	public function ajaxChangecountry(){
 		$country = Yii::$app->request->get('country');
-		$country = \yii\helpers\Html::encode($country);
+		$country = \Yii::$service->helper->htmlEncode($country);
 		$state = $this->initState($country);
 		echo json_encode([
 			'state' => $this->_stateHtml,
@@ -473,10 +473,10 @@ class Index {
 		$shipping_method 	= Yii::$app->request->get('shipping_method');
 		$address_id 		= Yii::$app->request->get('address_id');
 		$state 				= Yii::$app->request->get('state');
-		$country			= \yii\helpers\Html::encode($country);
-		$shipping_method	= \yii\helpers\Html::encode($shipping_method);
-		$address_id			= \yii\helpers\Html::encode($address_id);
-		$state				= \yii\helpers\Html::encode($state);
+		$country			= \Yii::$service->helper->htmlEncode($country);
+		$shipping_method		= \Yii::$service->helper->htmlEncode($shipping_method);
+		$address_id			= \Yii::$service->helper->htmlEncode($address_id);
+		$state				= \Yii::$service->helper->htmlEncode($state);
 		if($address_id){
 			$this->_address_id = $address_id;
 			$addressModel = Yii::$service->customer->address->getByPrimaryKey($this->_address_id);

--- a/app/appfront/modules/Checkout/block/onepage/Placeorder.php
+++ b/app/appfront/modules/Checkout/block/onepage/Placeorder.php
@@ -34,25 +34,10 @@ class Placeorder{
 		$post = Yii::$app->request->post();
 		if(is_array($post) && !empty($post)){
 			/**
-			 * 对传递的数据，去除掉非法xss攻击部分内容（通过\yii\helpers\Html::encode()）
+			 * 对传递的数据，去除掉非法xss攻击部分内容（通过\Yii::$service->helper->htmlEncode()）
 			 */
-			foreach($post as $k=>$v){
-				if(is_array($v)){
-					foreach($v as $vk => $vv){
-						if(is_array($vv)){
-							foreach($vv as $vvk => $vvv){
-								$post[$k][$vk][$vvk] = \yii\helpers\Html::encode($vvv);
-							}
-						}else{
-							$post[$k][$vk] = \yii\helpers\Html::encode($vv);
-						}
-					}
-				}else{
-					$post[$k] = \yii\helpers\Html::encode($v);
-				}
-			}
-			# 检查前台传递的数据的完整性
-			if($this->checkOrderInfoAndInit($post)){
+			$post = \Yii::$service->helper->htmlEncode($post);
+			# 检查前台传递的数据的完整($this->checkOrderInfoAndInit($post)){
 				# 如果游客用户勾选了注册账号，则注册，登录，并把地址写入到用户的address中
 				$gus_status = $this->guestCreateAndLoginAccount($post);
 				$save_address_status = $this->updateAddress($post);
@@ -266,4 +251,4 @@ class Placeorder{
 	
 	
 	
-}
\ No newline at end of file
+}
--- a/app/appfront/modules/Checkout/controllers/CartController.php
+++ b/app/appfront/modules/Checkout/controllers/CartController.php
@@ -31,9 +31,9 @@ class CartController extends AppfrontController
 		$custom_option 	= Yii::$app->request->post('custom_option');
 		$product_id 	= Yii::$app->request->post('product_id');
 		$qty 			= Yii::$app->request->post('qty');
-		//$custom_option  = \yii\helpers\Html::encode($custom_option);
-		$product_id  	= \yii\helpers\Html::encode($product_id);
-		$qty  			= \yii\helpers\Html::encode($qty);
+		//$custom_option  = \Yii::$service->helper->htmlEncode($custom_option);
+		$product_id  	= \Yii::$service->helper->htmlEncode($product_id);
+		$qty  			= \Yii::$service->helper->htmlEncode($qty);
 		$qty  = abs(ceil((int)$qty));
 		if($qty  && $product_id){
 			if($custom_option){
@@ -82,7 +82,7 @@ class CartController extends AppfrontController
 			exit;
 		}
 		$coupon_code = trim(Yii::$app->request->post('coupon_code'));
-		$coupon_code = \yii\helpers\Html::encode($coupon_code);
+		$coupon_code = \Yii::$service->helper->htmlEncode($coupon_code);
 		if($coupon_code){
 			Yii::$service->cart->coupon->addCoupon($coupon_code);
 			$error_arr = Yii::$service->helper->errors->get(true);

--- a/app/appfront/modules/Customer/block/address/Edit.php
+++ b/app/appfront/modules/Customer/block/address/Edit.php
@@ -27,9 +27,7 @@ class Edit {
 		$address = Yii::$app->request->post('address');
 		$isSave = 0;
 		if(is_array($address) && !empty($address)){
-			foreach($address as $k => $v){
-				$address[$k] = \yii\helpers\Html::encode($v);
-			}
+			$address = \Yii::$service->helper->htmlEncode($address);
 			$this->save($address);
 			$isSave = 1;
 		}

--- a/app/appfront/modules/Customer/block/contacts/Index.php
+++ b/app/appfront/modules/Customer/block/contacts/Index.php
@@ -35,11 +35,7 @@ class Index {
 		
 		
 		$editForm 	= Yii::$app->request->post('editForm');
-		if(is_array($editForm) && !empty($editForm)){
-			foreach($editForm as $k=>$v){
-				$editForm[$k] = \yii\helpers\Html::encode($v);
-			}
-		}
+		$editForm 	= \Yii::$service->helper->htmlEncode($editForm);
 		$name 		= isset($editForm['name']) ? $editForm['name'] : '';
 		$email		= isset($editForm['email']) ? $editForm['email'] : '';
 		$telephone	= isset($editForm['telephone']) ? $editForm['telephone'] : '';
@@ -92,7 +88,7 @@ class Index {
 		}
 		
 		$captcha = Yii::$app->request->post('sercrity_code');
-		$captcha = \yii\helpers\Html::encode($captcha);
+		$captcha = \Yii::$service->helper->htmlEncode($captcha);
 		$contacts = Yii::$app->getModule("customer")->params['contacts'];
 		$contactsCaptcha = isset($contacts['contactsCaptcha']) ? $contacts['contactsCaptcha'] : false;
 		
@@ -115,4 +111,4 @@ class Index {
 		
 	}
 	
-}
\ No newline at end of file
+}
--- a/app/appfront/modules/Customer/block/editaccount/Index.php
+++ b/app/appfront/modules/Customer/block/editaccount/Index.php
@@ -32,14 +32,12 @@ class Index {
 	 */
 	public function saveAccount($editForm){
 		if(is_array($editForm) && !empty($editForm)){
-			foreach($editForm as $k=>$v){
-				$editForm[$k] = \yii\helpers\Html::encode($v);
-			}
+			$editForm = \Yii::$service->helper->htmlEncode($editForm);
 			$identity = Yii::$app->user->identity;
-			$firstname 			= $editForm['firstname'] ? $editForm['firstname'] : '';
-			$lastname 			= $editForm['lastname'] ? $editForm['lastname'] : '';
+			$firstname 		= $editForm['firstname'] ? $editForm['firstname'] : '';
+			$lastname 		= $editForm['lastname'] ? $editForm['lastname'] : '';
 			$current_password 	= $editForm['current_password'] ? $editForm['current_password'] : '';
-			$password 			= $editForm['password'] ? $editForm['password'] : '';
+			$password 		= $editForm['password'] ? $editForm['password'] : '';
 			$confirmation 		= $editForm['confirmation'] ? $editForm['confirmation'] : '';
 			$change_password 	= $editForm['change_password'] ? $editForm['change_password'] : '';
 			
@@ -102,4 +100,4 @@ class Index {
 	
 	
 	
-}
\ No newline at end of file
+}
--- a/app/appfront/modules/Customer/block/newsletter/Index.php
+++ b/app/appfront/modules/Customer/block/newsletter/Index.php
@@ -20,7 +20,7 @@ class Index {
 	
 	public function getLastData(){
 		$email = Yii::$app->request->get('email');
-		$email = \yii\helpers\Html::encode($email);
+		$email = \Yii::$service->helper->htmlEncode($email);
 		$status = Yii::$service->customer->newsletter->subscribe($email);
 		$message = Yii::$service->helper->errors->get();
 		if(!$message){
@@ -36,4 +36,4 @@ class Index {
 	
 	
 	
-}
\ No newline at end of file
+}
--- a/app/appfront/modules/Customer/controllers/AccountController.php
+++ b/app/appfront/modules/Customer/controllers/AccountController.php
@@ -68,9 +68,7 @@ class AccountController extends AppfrontController
 		}
 		$param = Yii::$app->request->post('editForm');
 		if(!empty($param) && is_array($param)){
-			foreach($param as $k => $v){
-				$param[$k] = \yii\helpers\Html::encode($v);
-			}
+			$param = \Yii::$service->helper->htmlEncode($param);
 			$registerStatus = $this->getBlock()->register($param);
 			//echo $registerStatus;exit;
 			if($registerStatus){
@@ -104,7 +102,7 @@ class AccountController extends AppfrontController
 		}
 		if($rt){
 			$redirectUrl = base64_decode($rt);
-			$redirectUrl = \yii\helpers\Html::encode($redirectUrl);
+			$redirectUrl = \Yii::$service->helper->htmlEncode($redirectUrl);
 			//exit;
 			Yii::$service->url->redirect($redirectUrl);
 		}else{

--- a/app/appfront/modules/Payment/block/paypal/express/Placeorder.php
+++ b/app/appfront/modules/Payment/block/paypal/express/Placeorder.php
@@ -35,16 +35,7 @@ class Placeorder {
 	public function getLastData(){
 		$post = Yii::$app->request->post();
 		if(is_array($post) && !empty($post)){
-			# post 是二维数组，需要多层处理
-			foreach($post as $k=>$v){
-				if(is_array($v)){
-					foreach($v as $k2=>$v2){
-						$post[$k][$k2] = \yii\helpers\Html::encode($v2);
-					}
-				}else{
-					$post[$k] = \yii\helpers\Html::encode($v);
-				}
-			}
+			$post = \Yii::$service->helper->htmlEncode($post);
 			# 设置paypal快捷支付
 			$post['payment_method'] = Yii::$service->payment->paypal->express_payment_method;
 			# 检查前台传递的数据的完整性

--- a/app/appfront/modules/Payment/block/paypal/express/Review.php
+++ b/app/appfront/modules/Payment/block/paypal/express/Review.php
@@ -226,7 +226,7 @@ class Review {
 	 */
 	public function ajaxChangecountry(){
 		$country = Yii::$app->request->get('country');
-		$country = \yii\helpers\Html::encode($country);
+		$country = \Yii::$service->helper->htmlEncode($country);
 		$state = $this->initState($country);
 		echo json_encode([
 			'state' => $this->_stateHtml,

--- a/app/appfront/theme/base/front/catalog/category/index/filter/refineby.php
+++ b/app/appfront/theme/base/front/catalog/category/index/filter/refineby.php
@@ -3,8 +3,8 @@
 		<div class="filter_attr_title"><?= Yii::$service->page->translate->__('Refine By'); ?></div>
 		<div class="filter_refine_by_content">
 		<?php foreach($parentThis['refine_by_info'] as $one){  ?>
-			<?php $name = \yii\helpers\Html::encode($one['name']);  ?>
-			<?php $url 	= \yii\helpers\Html::encode($one['url']); ?>
+			<?php $name = \Yii::$service->helper->htmlEncode($one['name']);  ?>
+			<?php $url  = \Yii::$service->helper->htmlEncode($one['url']); ?>
 			<div><a href="<?= $url ?>"><i class="closeBtn c_tagbg"></i><span><?= Yii::$service->page->translate->__($name); ?></span></a></div>
 		<?php } ?>
 		</div>

--- a/app/appfront/theme/base/front/site/helper/error.php
+++ b/app/appfront/theme/base/front/site/helper/error.php
@@ -20,10 +20,10 @@ $this->title = $name;
 		<!--
 		<div class="site-error">

-			<h1><?= Html::encode($this->title) ?></h1>
+			<h1><?= \Yii::$service->helper->htmlEncode($this->title) ?></h1>

 			<div class="alert alert-danger">
-				<?= nl2br(Html::encode($message)) ?>
+				<?= nl2br(\Yii::$service->helper->htmlEncode($message)) ?>
 			</div>

 			<p>
@@ -35,4 +35,4 @@ $this->title = $name;

 		</div>
 		-->
-</div>
\ No newline at end of file
+</div>
--- a/app/appfront/theme/base/front/widgets/topsearch.php
+++ b/app/appfront/theme/base/front/widgets/topsearch.php
 <form method="get" name="searchFrom" class="js_topSeachForm" action="<?= Yii::$service->url->getUrl('catalogsearch/index');   ?>">
 	<div class="top_seachBox">
 		<div class="searchInput fl">
-			<input type="text"  value="<?=  \yii\helpers\Html::encode(Yii::$app->request->get('q'));  ?>" maxlength="150" placeholder="<?= Yii::$service->page->translate->__('Products keyword'); ?>" class="searchArea js_k2 ac_input" name="q">
+			<input type="text"  value="<?=  \Yii::$service->helper->htmlEncode(Yii::$app->request->get('q'));  ?>" maxlength="150" placeholder="<?= Yii::$service->page->translate->__('Products keyword'); ?>" class="searchArea js_k2 ac_input" name="q">
 		</div>
 		<button class="fl js_topSearch seachBtn" type="submit"><span class="t_hidden">search</span></button>
 		<!-- <input type="hidden" class="category" value="0" name="category"> -->
 	</div><!--end .top_seachBox-->
-</form>
\ No newline at end of file
+</form>
--- a/app/apphtml5/modules/Catalog/controllers/ReviewproductController.php
+++ b/app/apphtml5/modules/Catalog/controllers/ReviewproductController.php
@@ -35,18 +35,12 @@ class ReviewproductController extends AppfrontController
 			
 		}
 		$editForm = Yii::$app->request->post('editForm');
-		if(!empty($editForm) && is_array($editForm) ){
-			foreach($editForm as $k=>$v){
-				$editForm[$k] = \yii\helpers\Html::encode($v);
-			}
-		}
+		$editForm = \Yii::$service->helper->htmlEncode($editForm);
 		if(!empty($editForm) && is_array($editForm) ){
 			$saveStatus = $this->getBlock()->saveReview($editForm);
 			if($saveStatus){
 				$spu = Yii::$app->request->get('spu');
 				$_id = Yii::$app->request->get('_id');
-				$spu = \yii\helpers\Html::encode($spu);
-				$_id = \yii\helpers\Html::encode($_id);
 				if($spu && $_id){
 					$url = Yii::$service->url->getUrl('catalog/reviewproduct/lists',['spu' => $spu,'_id'=>$_id]);
 					$this->redirect($url);

--- a/app/apphtml5/modules/Catalogsearch/block/index/Index.php
+++ b/app/apphtml5/modules/Catalogsearch/block/index/Index.php
@@ -364,7 +364,7 @@ class Index {
 		//$category 	= Yii::$service->category->getByPrimaryKey($primaryVal);
 		//$this->_category = $category ;
 		$searchText = Yii::$app->request->get('q');
-		$searchText = \yii\helpers\Html::encode($searchText);
+		$searchText = \Yii::$service->helper->htmlEncode($searchText);
 		$this->_searchText = $searchText;
 		$search_page_title_format 			= Yii::$app->controller->module->params['search_page_title_format'];
 		$search_page_meta_keywords_format 	= Yii::$app->controller->module->params['search_page_meta_keywords_format'];

--- a/app/apphtml5/modules/Checkout/block/onepage/Index.php
+++ b/app/apphtml5/modules/Checkout/block/onepage/Index.php
@@ -251,7 +251,7 @@ class Index {
 	 */
 	public function ajaxChangecountry(){
 		$country = Yii::$app->request->get('country');
-		$country = \yii\helpers\Html::encode($country);
+		$country = \Yii::$service->helper->htmlEncode($country);
 		$state = $this->initState($country);
 		echo json_encode([
 			'state' => $this->_stateHtml,
@@ -473,10 +473,10 @@ class Index {
 		$shipping_method 	= Yii::$app->request->get('shipping_method');
 		$address_id 		= Yii::$app->request->get('address_id');
 		$state 				= Yii::$app->request->get('state');
-		$country			= \yii\helpers\Html::encode($country);
-		$shipping_method	= \yii\helpers\Html::encode($shipping_method);
-		$address_id			= \yii\helpers\Html::encode($address_id);
-		$state				= \yii\helpers\Html::encode($state);
+		$country			= \Yii::$service->helper->htmlEncode($country);
+		$shipping_method		= \Yii::$service->helper->htmlEncode($shipping_method);
+		$address_id			= \Yii::$service->helper->htmlEncode($address_id);
+		$state				= \Yii::$service->helper->htmlEncode($state);
 		if($address_id){
 			$this->_address_id = $address_id;
 			$addressModel = Yii::$service->customer->address->getByPrimaryKey($this->_address_id);

--- a/app/apphtml5/modules/Checkout/block/onepage/Placeorder.php
+++ b/app/apphtml5/modules/Checkout/block/onepage/Placeorder.php
@@ -34,23 +34,9 @@ class Placeorder{
 		$post = Yii::$app->request->post();
 		if(is_array($post) && !empty($post)){
 			/**
-			 * 对传递的数据，去除掉非法xss攻击部分内容（通过\yii\helpers\Html::encode()）
+			 * 对传递的数据，去除掉非法xss攻击部分内容（通过 \Yii::$service->helper->htmlEncode()）
 			 */
-			foreach($post as $k=>$v){
-				if(is_array($v)){
-					foreach($v as $vk => $vv){
-						if(is_array($vv)){
-							foreach($vv as $vvk => $vvv){
-								$post[$k][$vk][$vvk] = \yii\helpers\Html::encode($vvv);
-							}
-						}else{
-							$post[$k][$vk] = \yii\helpers\Html::encode($vv);
-						}
-					}
-				}else{
-					$post[$k] = \yii\helpers\Html::encode($v);
-				}
-			}
+			$post = \Yii::$service->helper->htmlEncode($post);
 			# 检查前台传递的数据的完整性
 			if($this->checkOrderInfoAndInit($post)){
 				# 如果游客用户勾选了注册账号，则注册，登录，并把地址写入到用户的address中
@@ -266,4 +252,4 @@ class Placeorder{
 	
 	
 	
-}
\ No newline at end of file
+}
--- a/app/apphtml5/modules/Checkout/controllers/CartController.php
+++ b/app/apphtml5/modules/Checkout/controllers/CartController.php
@@ -31,9 +31,9 @@ class CartController extends AppfrontController
 		$custom_option 	= Yii::$app->request->post('custom_option');
 		$product_id 	= Yii::$app->request->post('product_id');
 		$qty 			= Yii::$app->request->post('qty');
-		//$custom_option  = \yii\helpers\Html::encode($custom_option);
-		$product_id  	= \yii\helpers\Html::encode($product_id);
-		$qty  			= \yii\helpers\Html::encode($qty);
+		//$custom_option  = \Yii::$service->helper->htmlEncode($custom_option);
+		$product_id  	= \Yii::$service->helper->htmlEncode($product_id);
+		$qty  			= \Yii::$service->helper->htmlEncode($qty);
 		$qty  = abs(ceil((int)$qty));
 		if($qty  && $product_id){
 			if($custom_option){
@@ -82,7 +82,7 @@ class CartController extends AppfrontController
 			exit;
 		}
 		$coupon_code = trim(Yii::$app->request->post('coupon_code'));
-		$coupon_code = \yii\helpers\Html::encode($coupon_code);
+		$coupon_code = \Yii::$service->helper->htmlEncode($coupon_code);
 		if($coupon_code){
 			Yii::$service->cart->coupon->addCoupon($coupon_code);
 			$error_arr = Yii::$service->helper->errors->get(true);

--- a/app/apphtml5/modules/Customer/block/address/Edit.php
+++ b/app/apphtml5/modules/Customer/block/address/Edit.php
@@ -27,9 +27,7 @@ class Edit {
 		$address = Yii::$app->request->post('address');
 		$isSave = 0;
 		if(is_array($address) && !empty($address)){
-			foreach($address as $k => $v){
-				$address[$k] = \yii\helpers\Html::encode($v);
-			}
+			$address = \Yii::$service->helper->htmlEncode($address);
 			$this->save($address);
 			$isSave = 1;
 		}

--- a/app/apphtml5/modules/Customer/block/contacts/Index.php
+++ b/app/apphtml5/modules/Customer/block/contacts/Index.php
@@ -36,9 +36,7 @@ class Index {
 		
 		$editForm 	= Yii::$app->request->post('editForm');
 		if(is_array($editForm) && !empty($editForm)){
-			foreach($editForm as $k=>$v){
-				$editForm[$k] = \yii\helpers\Html::encode($v);
-			}
+			$editForm = \Yii::$service->helper->htmlEncode($editForm);
 		}
 		$name 		= isset($editForm['name']) ? $editForm['name'] : '';
 		$email		= isset($editForm['email']) ? $editForm['email'] : '';
@@ -92,7 +90,7 @@ class Index {
 		}
 		
 		$captcha = Yii::$app->request->post('sercrity_code');
-		$captcha = \yii\helpers\Html::encode($captcha);
+		$captcha = \Yii::$service->helper->htmlEncode($captcha);
 		$contacts = Yii::$app->getModule("customer")->params['contacts'];
 		$contactsCaptcha = isset($contacts['contactsCaptcha']) ? $contacts['contactsCaptcha'] : false;
 		
@@ -115,4 +113,4 @@ class Index {
 		
 	}
 	
-}
\ No newline at end of file
+}
--- a/app/apphtml5/modules/Customer/block/editaccount/Index.php
+++ b/app/apphtml5/modules/Customer/block/editaccount/Index.php
@@ -32,9 +32,7 @@ class Index {
 	 */
 	public function saveAccount($editForm){
 		if(is_array($editForm) && !empty($editForm)){
-			foreach($editForm as $k=>$v){
-				$editForm[$k] = \yii\helpers\Html::encode($v);
-			}
+			$editForm = \Yii::$service->helper->htmlEncode($editForm);
 			$identity = Yii::$app->user->identity;
 			$firstname 			= $editForm['firstname'] ? $editForm['firstname'] : '';
 			$lastname 			= $editForm['lastname'] ? $editForm['lastname'] : '';
@@ -102,4 +100,4 @@ class Index {
 	
 	
 	
-}
\ No newline at end of file
+}
--- a/app/apphtml5/modules/Customer/block/newsletter/Index.php
+++ b/app/apphtml5/modules/Customer/block/newsletter/Index.php
@@ -20,7 +20,7 @@ class Index {
 	
 	public function getLastData(){
 		$email = Yii::$app->request->get('email');
-		$email = \yii\helpers\Html::encode($email);
+		$email = \Yii::$service->helper->htmlEncode($email);
 		$status = Yii::$service->customer->newsletter->subscribe($email);
 		$message = Yii::$service->helper->errors->get();
 		if(!$message){
@@ -36,4 +36,4 @@ class Index {
 	
 	
 	
-}
\ No newline at end of file
+}
--- a/app/apphtml5/modules/Customer/controllers/AccountController.php
+++ b/app/apphtml5/modules/Customer/controllers/AccountController.php
@@ -68,9 +68,7 @@ class AccountController extends AppfrontController
 		}
 		$param = Yii::$app->request->post('editForm');
 		if(!empty($param) && is_array($param)){
-			foreach($param as $k => $v){
-				$param[$k] = \yii\helpers\Html::encode($v);
-			}
+			$param = \Yii::$service->helper->htmlEncode($param);
 			$registerStatus = $this->getBlock()->register($param);
 			//echo $registerStatus;exit;
 			if($registerStatus){
@@ -104,8 +102,6 @@ class AccountController extends AppfrontController
 		}
 		if($rt){
 			$redirectUrl = base64_decode($rt);
-			$redirectUrl = \yii\helpers\Html::encode($redirectUrl);
-			//exit;
 			Yii::$service->url->redirect($redirectUrl);
 		}else{
 			Yii::$service->url->redirect(Yii::$service->url->HomeUrl());

--- a/app/apphtml5/modules/Payment/block/paypal/express/Placeorder.php
+++ b/app/apphtml5/modules/Payment/block/paypal/express/Placeorder.php
@@ -36,15 +36,7 @@ class Placeorder {
 		$post = Yii::$app->request->post();
 		if(is_array($post) && !empty($post)){
 			# post 是二维数组，需要多层处理
-			foreach($post as $k=>$v){
-				if(is_array($v)){
-					foreach($v as $k2=>$v2){
-						$post[$k][$k2] = \yii\helpers\Html::encode($v2);
-					}
-				}else{
-					$post[$k] = \yii\helpers\Html::encode($v);
-				}
-			}
+			$post = \Yii::$service->helper->htmlEncode($post);
 			# 设置paypal快捷支付
 			$post['payment_method'] = Yii::$service->payment->paypal->express_payment_method;
 			# 检查前台传递的数据的完整性

--- a/app/apphtml5/modules/Payment/block/paypal/express/Review.php
+++ b/app/apphtml5/modules/Payment/block/paypal/express/Review.php
@@ -226,7 +226,7 @@ class Review {
 	 */
 	public function ajaxChangecountry(){
 		$country = Yii::$app->request->get('country');
-		$country = \yii\helpers\Html::encode($country);
+		$country = \Yii::$service->helper->htmlEncode($country);
 		$state = $this->initState($country);
 		echo json_encode([
 			'state' => $this->_stateHtml,

--- a/app/apphtml5/modules/Payment/controllers/paypal/StandardController.php
+++ b/app/apphtml5/modules/Payment/controllers/paypal/StandardController.php
@@ -34,11 +34,18 @@ class StandardController extends AppfrontController
 	
 	
 	public function actionIpn(){
+		\Yii::info('paypal ipn begin','fecshop_debug');
+		
 		$post = Yii::$app->request->post();
 		if(is_array($post) && !empty($post)){
-			foreach($post as $k=>$v){
-				$post[$k] = \yii\helpers\Html::encode($v);
-			}
+			$post = \Yii::$service->helper->htmlEncode($post);
+			
+			ob_start();    
+			ob_implicit_flush(false);        
+			var_dump($post);    
+			$post_log = ob_get_clean(); 
+			\Yii::info($post_log,'fecshop_debug');
+			
 			Yii::$service->payment->paypal->receiveIpn($post);
 		}
 	}

--- a/app/apphtml5/theme/base/html5/catalog/category/index/filter/refineby.php
+++ b/app/apphtml5/theme/base/html5/catalog/category/index/filter/refineby.php
@@ -3,8 +3,8 @@
 		<div class="filter_attr_title"><?= Yii::$service->page->translate->__('Refine By'); ?></div>
 		<div class="filter_refine_by_content">
 		<?php foreach($parentThis['refine_by_info'] as $one){  ?>
-			<?php $name = \yii\helpers\Html::encode($one['name']);  ?>
-			<?php $url 	= \yii\helpers\Html::encode($one['url']); ?>
+			<?php $name = \Yii::$service->helper->htmlEncode($one['name']);  ?>
+			<?php $url 	= \Yii::$service->helper->htmlEncode($one['url']); ?>
 			<div><a external href="<?= $url ?>"><i class="closeBtn c_tagbg"></i><span><?= Yii::$service->page->translate->__($name); ?></span></a></div>
 		<?php } ?>
 		</div>

--- a/app/apphtml5/theme/base/html5/site/helper/error.php
+++ b/app/apphtml5/theme/base/html5/site/helper/error.php
@@ -20,10 +20,10 @@ $this->title = $name;
 		<!--
 		<div class="site-error">

-			<h1><?= Html::encode($this->title) ?></h1>
+			<h1><?= \Yii::$service->helper->htmlEncode($this->title) ?></h1>

 			<div class="alert alert-danger">
-				<?= nl2br(Html::encode($message)) ?>
+				<?= nl2br(\Yii::$service->helper->htmlEncode($message)) ?>
 			</div>

 			<p>
@@ -35,4 +35,4 @@ $this->title = $name;

 		</div>
 		-->
-</div>
\ No newline at end of file
+</div>
--- a/app/apphtml5/theme/base/html5/widgets/topsearch.php
+++ b/app/apphtml5/theme/base/html5/widgets/topsearch.php
 <form method="get" name="searchFrom" class="js_topSeachForm" action="<?= Yii::$service->url->getUrl('catalogsearch/index');   ?>">
 	<div class="top_seachBox">
 		<div class="searchInput fl">
-			<input type="text"  value="<?=  \yii\helpers\Html::encode(Yii::$app->request->get('q'));  ?>" maxlength="150" placeholder="<?= Yii::$service->page->translate->__('Products keyword'); ?>" class="searchArea js_k2 ac_input" name="q">
+			<input type="text"  value="<?=  \Yii::$service->helper->htmlEncode(Yii::$app->request->get('q'));  ?>" maxlength="150" placeholder="<?= Yii::$service->page->translate->__('Products keyword'); ?>" class="searchArea js_k2 ac_input" name="q">
 		</div>
 		<button class="fl js_topSearch seachBtn" type="submit"><span class="t_hidden">search</span></button>
 		<!-- <input type="hidden" class="category" value="0" name="category"> -->
 	</div><!--end .top_seachBox-->
-</form>
\ No newline at end of file
+</form>
--- a/services/email/views/customer/account/login/body_en.php
+++ b/services/email/views/customer/account/login/body_en.php
@@ -5,8 +5,8 @@ use yii\helpers\Html;
 /* @var $user common\models\User */

 ?>
-Get <?= Html::encode($name) ?>, message<br/>
+Get <?= \Yii::$service->helper->htmlEncode($name) ?>, message<br/>
 Store:"en"<br/>
-Email:<?= Html::encode($email) ?><br/>
-Mobile:<?= Html::encode($contactsPhone)?><br/>
-Content:<?= Html::encode($comment) ?>
\ No newline at end of file
+Email:<?= \Yii::$service->helper->htmlEncode($email) ?><br/>
+Mobile:<?= \Yii::$service->helper->htmlEncode($contactsPhone) ?><br/>
+Content:<?= \Yii::$service->helper->htmlEncode($comment) ?>
--- a/services/payment/Paypal.php
+++ b/services/payment/Paypal.php
@@ -509,7 +509,7 @@ class Paypal extends Service
 	 */
 	public function setExpressToken(){
 		$token = Yii::$app->request->get('token');
-		$token = \yii\helpers\Html::encode($token);
+		$token = \Yii::$service->helper->htmlEncode($token);
 		if($token){
 			Yii::$app->session->set(self::EXPRESS_TOKEN,$token);
 			return true;
@@ -521,7 +521,7 @@ class Paypal extends Service
 	 */
 	public function setExpressPayerID(){
 		$PayerID = Yii::$app->request->get('PayerID');
-		$PayerID = \yii\helpers\Html::encode($PayerID);
+		$PayerID = \Yii::$service->helper->htmlEncode($PayerID);
 		if($PayerID){
 			Yii::$app->session->set(self::EXPRESS_PAYER_ID,$PayerID);
 			return true;
@@ -606,4 +606,4 @@ class Paypal extends Service
 		return false;
 	}
 	
-}
\ No newline at end of file
+}