1 | <?php |
---|
2 | /** |
---|
3 | * Smarty plugin |
---|
4 | * |
---|
5 | * @package Smarty |
---|
6 | * @subpackage PluginsModifier |
---|
7 | */ |
---|
8 | |
---|
9 | /** |
---|
10 | * Smarty escape modifier plugin |
---|
11 | * |
---|
12 | * Type: modifier<br> |
---|
13 | * Name: escape<br> |
---|
14 | * Purpose: escape string for output |
---|
15 | * |
---|
16 | * @link http://www.smarty.net/manual/en/language.modifier.count.characters.php count_characters (Smarty online manual) |
---|
17 | * @author Monte Ohrt <monte at ohrt dot com> |
---|
18 | * @param string $string input string |
---|
19 | * @param string $esc_type escape type |
---|
20 | * @param string $char_set character set, used for htmlspecialchars() or htmlentities() |
---|
21 | * @param boolean $double_encode encode already encoded entitites again, used for htmlspecialchars() or htmlentities() |
---|
22 | * @return string escaped input string |
---|
23 | */ |
---|
24 | function smarty_modifier_escape($string, $esc_type = 'html', $char_set = null, $double_encode = true) |
---|
25 | { |
---|
26 | static $_double_encode = null; |
---|
27 | if ($_double_encode === null) { |
---|
28 | $_double_encode = version_compare(PHP_VERSION, '5.2.3', '>='); |
---|
29 | } |
---|
30 | |
---|
31 | if (!$char_set) { |
---|
32 | $char_set = Smarty::$_CHARSET; |
---|
33 | } |
---|
34 | |
---|
35 | switch ($esc_type) { |
---|
36 | case 'html': |
---|
37 | if ($_double_encode) { |
---|
38 | // php >=5.3.2 - go native |
---|
39 | return htmlspecialchars($string, ENT_QUOTES, $char_set, $double_encode); |
---|
40 | } else { |
---|
41 | if ($double_encode) { |
---|
42 | // php <5.2.3 - only handle double encoding |
---|
43 | return htmlspecialchars($string, ENT_QUOTES, $char_set); |
---|
44 | } else { |
---|
45 | // php <5.2.3 - prevent double encoding |
---|
46 | $string = preg_replace('!&(#?\w+);!', '%%%SMARTY_START%%%\\1%%%SMARTY_END%%%', $string); |
---|
47 | $string = htmlspecialchars($string, ENT_QUOTES, $char_set); |
---|
48 | $string = str_replace(array('%%%SMARTY_START%%%', '%%%SMARTY_END%%%'), array('&', ';'), $string); |
---|
49 | return $string; |
---|
50 | } |
---|
51 | } |
---|
52 | |
---|
53 | case 'htmlall': |
---|
54 | if (Smarty::$_MBSTRING) { |
---|
55 | // mb_convert_encoding ignores htmlspecialchars() |
---|
56 | if ($_double_encode) { |
---|
57 | // php >=5.3.2 - go native |
---|
58 | $string = htmlspecialchars($string, ENT_QUOTES, $char_set, $double_encode); |
---|
59 | } else { |
---|
60 | if ($double_encode) { |
---|
61 | // php <5.2.3 - only handle double encoding |
---|
62 | $string = htmlspecialchars($string, ENT_QUOTES, $char_set); |
---|
63 | } else { |
---|
64 | // php <5.2.3 - prevent double encoding |
---|
65 | $string = preg_replace('!&(#?\w+);!', '%%%SMARTY_START%%%\\1%%%SMARTY_END%%%', $string); |
---|
66 | $string = htmlspecialchars($string, ENT_QUOTES, $char_set); |
---|
67 | $string = str_replace(array('%%%SMARTY_START%%%', '%%%SMARTY_END%%%'), array('&', ';'), $string); |
---|
68 | return $string; |
---|
69 | } |
---|
70 | } |
---|
71 | |
---|
72 | // htmlentities() won't convert everything, so use mb_convert_encoding |
---|
73 | return mb_convert_encoding($string, 'HTML-ENTITIES', $char_set); |
---|
74 | } |
---|
75 | |
---|
76 | // no MBString fallback |
---|
77 | if ($_double_encode) { |
---|
78 | return htmlentities($string, ENT_QUOTES, $char_set, $double_encode); |
---|
79 | } else { |
---|
80 | if ($double_encode) { |
---|
81 | return htmlentities($string, ENT_QUOTES, $char_set); |
---|
82 | } else { |
---|
83 | $string = preg_replace('!&(#?\w+);!', '%%%SMARTY_START%%%\\1%%%SMARTY_END%%%', $string); |
---|
84 | $string = htmlentities($string, ENT_QUOTES, $char_set); |
---|
85 | $string = str_replace(array('%%%SMARTY_START%%%', '%%%SMARTY_END%%%'), array('&', ';'), $string); |
---|
86 | return $string; |
---|
87 | } |
---|
88 | } |
---|
89 | |
---|
90 | case 'url': |
---|
91 | return rawurlencode($string); |
---|
92 | |
---|
93 | case 'urlpathinfo': |
---|
94 | return str_replace('%2F', '/', rawurlencode($string)); |
---|
95 | |
---|
96 | case 'quotes': |
---|
97 | // escape unescaped single quotes |
---|
98 | return preg_replace("%(?<!\\\\)'%", "\\'", $string); |
---|
99 | |
---|
100 | case 'hex': |
---|
101 | // escape every byte into hex |
---|
102 | // Note that the UTF-8 encoded character ä will be represented as %c3%a4 |
---|
103 | $return = ''; |
---|
104 | $_length = strlen($string); |
---|
105 | for ($x = 0; $x < $_length; $x++) { |
---|
106 | $return .= '%' . bin2hex($string[$x]); |
---|
107 | } |
---|
108 | return $return; |
---|
109 | |
---|
110 | case 'hexentity': |
---|
111 | $return = ''; |
---|
112 | if (Smarty::$_MBSTRING) { |
---|
113 | require_once(SMARTY_PLUGINS_DIR . 'shared.mb_unicode.php'); |
---|
114 | $return = ''; |
---|
115 | foreach (smarty_mb_to_unicode($string, Smarty::$_CHARSET) as $unicode) { |
---|
116 | $return .= '&#x' . strtoupper(dechex($unicode)) . ';'; |
---|
117 | } |
---|
118 | return $return; |
---|
119 | } |
---|
120 | // no MBString fallback |
---|
121 | $_length = strlen($string); |
---|
122 | for ($x = 0; $x < $_length; $x++) { |
---|
123 | $return .= '&#x' . bin2hex($string[$x]) . ';'; |
---|
124 | } |
---|
125 | return $return; |
---|
126 | |
---|
127 | case 'decentity': |
---|
128 | $return = ''; |
---|
129 | if (Smarty::$_MBSTRING) { |
---|
130 | require_once(SMARTY_PLUGINS_DIR . 'shared.mb_unicode.php'); |
---|
131 | $return = ''; |
---|
132 | foreach (smarty_mb_to_unicode($string, Smarty::$_CHARSET) as $unicode) { |
---|
133 | $return .= '&#' . $unicode . ';'; |
---|
134 | } |
---|
135 | return $return; |
---|
136 | } |
---|
137 | // no MBString fallback |
---|
138 | $_length = strlen($string); |
---|
139 | for ($x = 0; $x < $_length; $x++) { |
---|
140 | $return .= '&#' . ord($string[$x]) . ';'; |
---|
141 | } |
---|
142 | return $return; |
---|
143 | |
---|
144 | case 'javascript': |
---|
145 | // escape quotes and backslashes, newlines, etc. |
---|
146 | return strtr($string, array('\\' => '\\\\', "'" => "\\'", '"' => '\\"', "\r" => '\\r', "\n" => '\\n', '</' => '<\/')); |
---|
147 | |
---|
148 | case 'mail': |
---|
149 | if (Smarty::$_MBSTRING) { |
---|
150 | require_once(SMARTY_PLUGINS_DIR . 'shared.mb_str_replace.php'); |
---|
151 | return smarty_mb_str_replace(array('@', '.'), array(' [AT] ', ' [DOT] '), $string); |
---|
152 | } |
---|
153 | // no MBString fallback |
---|
154 | return str_replace(array('@', '.'), array(' [AT] ', ' [DOT] '), $string); |
---|
155 | |
---|
156 | case 'nonstd': |
---|
157 | // escape non-standard chars, such as ms document quotes |
---|
158 | $return = ''; |
---|
159 | if (Smarty::$_MBSTRING) { |
---|
160 | require_once(SMARTY_PLUGINS_DIR . 'shared.mb_unicode.php'); |
---|
161 | foreach (smarty_mb_to_unicode($string, Smarty::$_CHARSET) as $unicode) { |
---|
162 | if ($unicode >= 126) { |
---|
163 | $return .= '&#' . $unicode . ';'; |
---|
164 | } else { |
---|
165 | $return .= chr($unicode); |
---|
166 | } |
---|
167 | } |
---|
168 | return $return; |
---|
169 | } |
---|
170 | |
---|
171 | $_length = strlen($string); |
---|
172 | for ($_i = 0; $_i < $_length; $_i++) { |
---|
173 | $_ord = ord(substr($string, $_i, 1)); |
---|
174 | // non-standard char, escape it |
---|
175 | if ($_ord >= 126) { |
---|
176 | $return .= '&#' . $_ord . ';'; |
---|
177 | } else { |
---|
178 | $return .= substr($string, $_i, 1); |
---|
179 | } |
---|
180 | } |
---|
181 | return $return; |
---|
182 | |
---|
183 | default: |
---|
184 | return $string; |
---|
185 | } |
---|
186 | } |
---|
187 | |
---|
188 | ?> |
---|