modifiercompiler.escape.php 5.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125
  1. <?php
  2. /**
  3. * Smarty plugin
  4. *
  5. * @package Smarty
  6. * @subpackage PluginsModifierCompiler
  7. */
  8. /**
  9. * @ignore
  10. */
  11. require_once( SMARTY_PLUGINS_DIR .'shared.literal_compiler_param.php' );
  12. /**
  13. * Smarty escape modifier plugin
  14. *
  15. * Type: modifier<br>
  16. * Name: escape<br>
  17. * Purpose: escape string for output
  18. *
  19. * @link http://www.smarty.net/docsv2/en/language.modifier.escape count_characters (Smarty online manual)
  20. * @author Rodney Rehm
  21. * @param array $params parameters
  22. * @return string with compiled code
  23. */
  24. function smarty_modifiercompiler_escape($params, $compiler)
  25. {
  26. static $_double_encode = null;
  27. if ($_double_encode === null) {
  28. $_double_encode = version_compare(PHP_VERSION, '5.2.3', '>=');
  29. }
  30. try {
  31. $esc_type = smarty_literal_compiler_param($params, 1, 'html');
  32. $char_set = smarty_literal_compiler_param($params, 2, Smarty::$_CHARSET);
  33. $double_encode = smarty_literal_compiler_param($params, 3, true);
  34. if (!$char_set) {
  35. $char_set = Smarty::$_CHARSET;
  36. }
  37. switch ($esc_type) {
  38. case 'html':
  39. if ($_double_encode) {
  40. return 'htmlspecialchars('
  41. . $params[0] .', ENT_QUOTES, '
  42. . var_export($char_set, true) . ', '
  43. . var_export($double_encode, true) . ')';
  44. } else if ($double_encode) {
  45. return 'htmlspecialchars('
  46. . $params[0] .', ENT_QUOTES, '
  47. . var_export($char_set, true) . ')';
  48. } else {
  49. // fall back to modifier.escape.php
  50. }
  51. case 'htmlall':
  52. if (Smarty::$_MBSTRING) {
  53. if ($_double_encode) {
  54. // php >=5.3.2 - go native
  55. return 'mb_convert_encoding(htmlspecialchars('
  56. . $params[0] .', ENT_QUOTES, '
  57. . var_export($char_set, true) . ', '
  58. . var_export($double_encode, true)
  59. . '), "HTML-ENTITIES", '
  60. . var_export($char_set, true) . ')';
  61. } else if ($double_encode) {
  62. // php <5.3.2 - only handle double encoding
  63. return 'mb_convert_encoding(htmlspecialchars('
  64. . $params[0] .', ENT_QUOTES, '
  65. . var_export($char_set, true)
  66. . '), "HTML-ENTITIES", '
  67. . var_export($char_set, true) . ')';
  68. } else {
  69. // fall back to modifier.escape.php
  70. }
  71. }
  72. // no MBString fallback
  73. if ($_double_encode) {
  74. // php >=5.3.2 - go native
  75. return 'htmlentities('
  76. . $params[0] .', ENT_QUOTES, '
  77. . var_export($char_set, true) . ', '
  78. . var_export($double_encode, true) . ')';
  79. } else if ($double_encode) {
  80. // php <5.3.2 - only handle double encoding
  81. return 'htmlentities('
  82. . $params[0] .', ENT_QUOTES, '
  83. . var_export($char_set, true) . ')';
  84. } else {
  85. // fall back to modifier.escape.php
  86. }
  87. case 'url':
  88. return 'rawurlencode(' . $params[0] . ')';
  89. case 'urlpathinfo':
  90. return 'str_replace("%2F", "/", rawurlencode(' . $params[0] . '))';
  91. case 'quotes':
  92. // escape unescaped single quotes
  93. return 'preg_replace("%(?<!\\\\\\\\)\'%", "\\\'",' . $params[0] . ')';
  94. case 'javascript':
  95. // escape quotes and backslashes, newlines, etc.
  96. return 'strtr(' . $params[0] . ', array("\\\\" => "\\\\\\\\", "\'" => "\\\\\'", "\"" => "\\\\\"", "\\r" => "\\\\r", "\\n" => "\\\n", "</" => "<\/" ))';
  97. }
  98. } catch(SmartyException $e) {
  99. // pass through to regular plugin fallback
  100. }
  101. // could not optimize |escape call, so fallback to regular plugin
  102. if ($compiler->tag_nocache | $compiler->nocache) {
  103. $compiler->template->required_plugins['nocache']['escape']['modifier']['file'] = SMARTY_PLUGINS_DIR .'modifier.escape.php';
  104. $compiler->template->required_plugins['nocache']['escape']['modifier']['function'] = 'smarty_modifier_escape';
  105. } else {
  106. $compiler->template->required_plugins['compiled']['escape']['modifier']['file'] = SMARTY_PLUGINS_DIR .'modifier.escape.php';
  107. $compiler->template->required_plugins['compiled']['escape']['modifier']['function'] = 'smarty_modifier_escape';
  108. }
  109. return 'smarty_modifier_escape(' . join( ', ', $params ) . ')';
  110. }
  111. ?>