Changeset 23384 for trunk/include/smarty/libs/plugins/modifier.escape.php
- Timestamp:
- Jun 20, 2013, 5:38:47 AM (11 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/include/smarty/libs/plugins/modifier.escape.php
r3282 r23384 2 2 /** 3 3 * Smarty plugin 4 * 4 5 * @package Smarty 5 * @subpackage plugins6 * @subpackage PluginsModifier 6 7 */ 7 8 8 9 9 /** … … 12 12 * Type: modifier<br> 13 13 * Name: escape<br> 14 * Purpose: Escape the string according to escapement type 15 * @link http://smarty.php.net/manual/en/language.modifier.escape.php 16 * escape (Smarty online manual) 17 * @author Monte Ohrt <monte at ohrt dot com> 18 * @param string 19 * @param html|htmlall|url|quotes|hex|hexentity|javascript 20 * @return string 14 * Purpose: escape string for output 15 * 16 * @link http://www.smarty.net/manual/en/language.modifier.count.characters.php count_characters (Smarty online manual) 17 * @author Monte Ohrt <monte at ohrt dot com> 18 * @param string $string input string 19 * @param string $esc_type escape type 20 * @param string $char_set character set, used for htmlspecialchars() or htmlentities() 21 * @param boolean $double_encode encode already encoded entitites again, used for htmlspecialchars() or htmlentities() 22 * @return string escaped input string 21 23 */ 22 function smarty_modifier_escape($string, $esc_type = 'html', $char_set = 'ISO-8859-1')24 function smarty_modifier_escape($string, $esc_type = 'html', $char_set = null, $double_encode = true) 23 25 { 26 static $_double_encode = null; 27 if ($_double_encode === null) { 28 $_double_encode = version_compare(PHP_VERSION, '5.2.3', '>='); 29 } 30 31 if (!$char_set) { 32 $char_set = Smarty::$_CHARSET; 33 } 34 24 35 switch ($esc_type) { 25 36 case 'html': 26 return htmlspecialchars($string, ENT_QUOTES, $char_set); 37 if ($_double_encode) { 38 // php >=5.3.2 - go native 39 return htmlspecialchars($string, ENT_QUOTES, $char_set, $double_encode); 40 } else { 41 if ($double_encode) { 42 // php <5.2.3 - only handle double encoding 43 return htmlspecialchars($string, ENT_QUOTES, $char_set); 44 } else { 45 // php <5.2.3 - prevent double encoding 46 $string = preg_replace('!&(#?\w+);!', '%%%SMARTY_START%%%\\1%%%SMARTY_END%%%', $string); 47 $string = htmlspecialchars($string, ENT_QUOTES, $char_set); 48 $string = str_replace(array('%%%SMARTY_START%%%', '%%%SMARTY_END%%%'), array('&', ';'), $string); 49 return $string; 50 } 51 } 27 52 28 53 case 'htmlall': 29 return htmlentities($string, ENT_QUOTES, $char_set); 54 if (Smarty::$_MBSTRING) { 55 // mb_convert_encoding ignores htmlspecialchars() 56 if ($_double_encode) { 57 // php >=5.3.2 - go native 58 $string = htmlspecialchars($string, ENT_QUOTES, $char_set, $double_encode); 59 } else { 60 if ($double_encode) { 61 // php <5.2.3 - only handle double encoding 62 $string = htmlspecialchars($string, ENT_QUOTES, $char_set); 63 } else { 64 // php <5.2.3 - prevent double encoding 65 $string = preg_replace('!&(#?\w+);!', '%%%SMARTY_START%%%\\1%%%SMARTY_END%%%', $string); 66 $string = htmlspecialchars($string, ENT_QUOTES, $char_set); 67 $string = str_replace(array('%%%SMARTY_START%%%', '%%%SMARTY_END%%%'), array('&', ';'), $string); 68 return $string; 69 } 70 } 71 72 // htmlentities() won't convert everything, so use mb_convert_encoding 73 return mb_convert_encoding($string, 'HTML-ENTITIES', $char_set); 74 } 75 76 // no MBString fallback 77 if ($_double_encode) { 78 return htmlentities($string, ENT_QUOTES, $char_set, $double_encode); 79 } else { 80 if ($double_encode) { 81 return htmlentities($string, ENT_QUOTES, $char_set); 82 } else { 83 $string = preg_replace('!&(#?\w+);!', '%%%SMARTY_START%%%\\1%%%SMARTY_END%%%', $string); 84 $string = htmlentities($string, ENT_QUOTES, $char_set); 85 $string = str_replace(array('%%%SMARTY_START%%%', '%%%SMARTY_END%%%'), array('&', ';'), $string); 86 return $string; 87 } 88 } 30 89 31 90 case 'url': … … 33 92 34 93 case 'urlpathinfo': 35 return str_replace('%2F', '/',rawurlencode($string));36 94 return str_replace('%2F', '/', rawurlencode($string)); 95 37 96 case 'quotes': 38 97 // escape unescaped single quotes … … 40 99 41 100 case 'hex': 42 // escape every character into hex 101 // escape every byte into hex 102 // Note that the UTF-8 encoded character ä will be represented as %c3%a4 43 103 $return = ''; 44 for ($x=0; $x < strlen($string); $x++) { 104 $_length = strlen($string); 105 for ($x = 0; $x < $_length; $x++) { 45 106 $return .= '%' . bin2hex($string[$x]); 46 107 } 47 108 return $return; 48 109 49 110 case 'hexentity': 50 111 $return = ''; 51 for ($x=0; $x < strlen($string); $x++) { 112 if (Smarty::$_MBSTRING) { 113 require_once(SMARTY_PLUGINS_DIR . 'shared.mb_unicode.php'); 114 $return = ''; 115 foreach (smarty_mb_to_unicode($string, Smarty::$_CHARSET) as $unicode) { 116 $return .= '&#x' . strtoupper(dechex($unicode)) . ';'; 117 } 118 return $return; 119 } 120 // no MBString fallback 121 $_length = strlen($string); 122 for ($x = 0; $x < $_length; $x++) { 52 123 $return .= '&#x' . bin2hex($string[$x]) . ';'; 53 124 } … … 56 127 case 'decentity': 57 128 $return = ''; 58 for ($x=0; $x < strlen($string); $x++) { 129 if (Smarty::$_MBSTRING) { 130 require_once(SMARTY_PLUGINS_DIR . 'shared.mb_unicode.php'); 131 $return = ''; 132 foreach (smarty_mb_to_unicode($string, Smarty::$_CHARSET) as $unicode) { 133 $return .= '&#' . $unicode . ';'; 134 } 135 return $return; 136 } 137 // no MBString fallback 138 $_length = strlen($string); 139 for ($x = 0; $x < $_length; $x++) { 59 140 $return .= '&#' . ord($string[$x]) . ';'; 60 141 } … … 63 144 case 'javascript': 64 145 // escape quotes and backslashes, newlines, etc. 65 return strtr($string, array('\\' =>'\\\\',"'"=>"\\'",'"'=>'\\"',"\r"=>'\\r',"\n"=>'\\n','</'=>'<\/'));66 146 return strtr($string, array('\\' => '\\\\', "'" => "\\'", '"' => '\\"', "\r" => '\\r', "\n" => '\\n', '</' => '<\/')); 147 67 148 case 'mail': 68 // safe way to display e-mail address on a web page 69 return str_replace(array('@', '.'),array(' [AT] ', ' [DOT] '), $string); 70 149 if (Smarty::$_MBSTRING) { 150 require_once(SMARTY_PLUGINS_DIR . 'shared.mb_str_replace.php'); 151 return smarty_mb_str_replace(array('@', '.'), array(' [AT] ', ' [DOT] '), $string); 152 } 153 // no MBString fallback 154 return str_replace(array('@', '.'), array(' [AT] ', ' [DOT] '), $string); 155 71 156 case 'nonstd': 72 // escape non-standard chars, such as ms document quotes 73 $_res = ''; 74 for($_i = 0, $_len = strlen($string); $_i < $_len; $_i++) { 75 $_ord = ord(substr($string, $_i, 1)); 76 // non-standard char, escape it 77 if($_ord >= 126){ 78 $_res .= '&#' . $_ord . ';'; 79 } 80 else { 81 $_res .= substr($string, $_i, 1); 82 } 83 } 84 return $_res; 157 // escape non-standard chars, such as ms document quotes 158 $return = ''; 159 if (Smarty::$_MBSTRING) { 160 require_once(SMARTY_PLUGINS_DIR . 'shared.mb_unicode.php'); 161 foreach (smarty_mb_to_unicode($string, Smarty::$_CHARSET) as $unicode) { 162 if ($unicode >= 126) { 163 $return .= '&#' . $unicode . ';'; 164 } else { 165 $return .= chr($unicode); 166 } 167 } 168 return $return; 169 } 170 171 $_length = strlen($string); 172 for ($_i = 0; $_i < $_length; $_i++) { 173 $_ord = ord(substr($string, $_i, 1)); 174 // non-standard char, escape it 175 if ($_ord >= 126) { 176 $return .= '&#' . $_ord . ';'; 177 } else { 178 $return .= substr($string, $_i, 1); 179 } 180 } 181 return $return; 85 182 86 183 default: … … 89 186 } 90 187 91 /* vim: set expandtab: */92 93 188 ?>
Note: See TracChangeset
for help on using the changeset viewer.
