|
1 <?php |
|
2 /** |
|
3 * Smarty plugin |
|
4 * |
|
5 * @package Smarty |
|
6 * @subpackage PluginsModifier |
|
7 */ |
|
8 |
|
9 /** |
|
10 * Smarty escape modifier plugin |
|
11 * |
|
12 * Type: modifier<br> |
|
13 * Name: escape<br> |
|
14 * Purpose: escape string for output |
|
15 * |
|
16 * @link http://www.smarty.net/manual/en/language.modifier.count.characters.php count_characters (Smarty online manual) |
|
17 * @author Monte Ohrt <monte at ohrt dot com> |
|
18 * @param string $string input string |
|
19 * @param string $esc_type escape type |
|
20 * @param string $char_set character set, used for htmlspecialchars() or htmlentities() |
|
21 * @param boolean $double_encode encode already encoded entitites again, used for htmlspecialchars() or htmlentities() |
|
22 * @return string escaped input string |
|
23 */ |
|
24 function smarty_modifier_escape($string, $esc_type = 'html', $char_set = null, $double_encode = true) |
|
25 { |
|
26 static $_double_encode = null; |
|
27 if ($_double_encode === null) { |
|
28 $_double_encode = version_compare(PHP_VERSION, '5.2.3', '>='); |
|
29 } |
|
30 |
|
31 if (!$char_set) { |
|
32 $char_set = Smarty::$_CHARSET; |
|
33 } |
|
34 |
|
35 switch ($esc_type) { |
|
36 case 'html': |
|
37 if ($_double_encode) { |
|
38 // php >=5.3.2 - go native |
|
39 return htmlspecialchars($string, ENT_QUOTES, $char_set, $double_encode); |
|
40 } else { |
|
41 if ($double_encode) { |
|
42 // php <5.2.3 - only handle double encoding |
|
43 return htmlspecialchars($string, ENT_QUOTES, $char_set); |
|
44 } else { |
|
45 // php <5.2.3 - prevent double encoding |
|
46 $string = preg_replace('!&(#?\w+);!', '%%%SMARTY_START%%%\\1%%%SMARTY_END%%%', $string); |
|
47 $string = htmlspecialchars($string, ENT_QUOTES, $char_set); |
|
48 $string = str_replace(array('%%%SMARTY_START%%%', '%%%SMARTY_END%%%'), array('&', ';'), $string); |
|
49 return $string; |
|
50 } |
|
51 } |
|
52 |
|
53 case 'htmlall': |
|
54 if (Smarty::$_MBSTRING) { |
|
55 // mb_convert_encoding ignores htmlspecialchars() |
|
56 if ($_double_encode) { |
|
57 // php >=5.3.2 - go native |
|
58 $string = htmlspecialchars($string, ENT_QUOTES, $char_set, $double_encode); |
|
59 } else { |
|
60 if ($double_encode) { |
|
61 // php <5.2.3 - only handle double encoding |
|
62 $string = htmlspecialchars($string, ENT_QUOTES, $char_set); |
|
63 } else { |
|
64 // php <5.2.3 - prevent double encoding |
|
65 $string = preg_replace('!&(#?\w+);!', '%%%SMARTY_START%%%\\1%%%SMARTY_END%%%', $string); |
|
66 $string = htmlspecialchars($string, ENT_QUOTES, $char_set); |
|
67 $string = str_replace(array('%%%SMARTY_START%%%', '%%%SMARTY_END%%%'), array('&', ';'), $string); |
|
68 return $string; |
|
69 } |
|
70 } |
|
71 |
|
72 // htmlentities() won't convert everything, so use mb_convert_encoding |
|
73 return mb_convert_encoding($string, 'HTML-ENTITIES', $char_set); |
|
74 } |
|
75 |
|
76 // no MBString fallback |
|
77 if ($_double_encode) { |
|
78 return htmlentities($string, ENT_QUOTES, $char_set, $double_encode); |
|
79 } else { |
|
80 if ($double_encode) { |
|
81 return htmlentities($string, ENT_QUOTES, $char_set); |
|
82 } else { |
|
83 $string = preg_replace('!&(#?\w+);!', '%%%SMARTY_START%%%\\1%%%SMARTY_END%%%', $string); |
|
84 $string = htmlentities($string, ENT_QUOTES, $char_set); |
|
85 $string = str_replace(array('%%%SMARTY_START%%%', '%%%SMARTY_END%%%'), array('&', ';'), $string); |
|
86 return $string; |
|
87 } |
|
88 } |
|
89 |
|
90 case 'url': |
|
91 return rawurlencode($string); |
|
92 |
|
93 case 'urlpathinfo': |
|
94 return str_replace('%2F', '/', rawurlencode($string)); |
|
95 |
|
96 case 'quotes': |
|
97 // escape unescaped single quotes |
|
98 return preg_replace("%(?<!\\\\)'%", "\\'", $string); |
|
99 |
|
100 case 'hex': |
|
101 // escape every byte into hex |
|
102 // Note that the UTF-8 encoded character รค will be represented as %c3%a4 |
|
103 $return = ''; |
|
104 $_length = strlen($string); |
|
105 for ($x = 0; $x < $_length; $x++) { |
|
106 $return .= '%' . bin2hex($string[$x]); |
|
107 } |
|
108 return $return; |
|
109 |
|
110 case 'hexentity': |
|
111 $return = ''; |
|
112 if (Smarty::$_MBSTRING) { |
|
113 require_once(SMARTY_PLUGINS_DIR . 'shared.mb_unicode.php'); |
|
114 $return = ''; |
|
115 foreach (smarty_mb_to_unicode($string, Smarty::$_CHARSET) as $unicode) { |
|
116 $return .= '&#x' . strtoupper(dechex($unicode)) . ';'; |
|
117 } |
|
118 return $return; |
|
119 } |
|
120 // no MBString fallback |
|
121 $_length = strlen($string); |
|
122 for ($x = 0; $x < $_length; $x++) { |
|
123 $return .= '&#x' . bin2hex($string[$x]) . ';'; |
|
124 } |
|
125 return $return; |
|
126 |
|
127 case 'decentity': |
|
128 $return = ''; |
|
129 if (Smarty::$_MBSTRING) { |
|
130 require_once(SMARTY_PLUGINS_DIR . 'shared.mb_unicode.php'); |
|
131 $return = ''; |
|
132 foreach (smarty_mb_to_unicode($string, Smarty::$_CHARSET) as $unicode) { |
|
133 $return .= '&#' . $unicode . ';'; |
|
134 } |
|
135 return $return; |
|
136 } |
|
137 // no MBString fallback |
|
138 $_length = strlen($string); |
|
139 for ($x = 0; $x < $_length; $x++) { |
|
140 $return .= '&#' . ord($string[$x]) . ';'; |
|
141 } |
|
142 return $return; |
|
143 |
|
144 case 'javascript': |
|
145 // escape quotes and backslashes, newlines, etc. |
|
146 return strtr($string, array('\\' => '\\\\', "'" => "\\'", '"' => '\\"', "\r" => '\\r', "\n" => '\\n', '</' => '<\/')); |
|
147 |
|
148 case 'mail': |
|
149 if (Smarty::$_MBSTRING) { |
|
150 require_once(SMARTY_PLUGINS_DIR . 'shared.mb_str_replace.php'); |
|
151 return smarty_mb_str_replace(array('@', '.'), array(' [AT] ', ' [DOT] '), $string); |
|
152 } |
|
153 // no MBString fallback |
|
154 return str_replace(array('@', '.'), array(' [AT] ', ' [DOT] '), $string); |
|
155 |
|
156 case 'nonstd': |
|
157 // escape non-standard chars, such as ms document quotes |
|
158 $return = ''; |
|
159 if (Smarty::$_MBSTRING) { |
|
160 require_once(SMARTY_PLUGINS_DIR . 'shared.mb_unicode.php'); |
|
161 foreach (smarty_mb_to_unicode($string, Smarty::$_CHARSET) as $unicode) { |
|
162 if ($unicode >= 126) { |
|
163 $return .= '&#' . $unicode . ';'; |
|
164 } else { |
|
165 $return .= chr($unicode); |
|
166 } |
|
167 } |
|
168 return $return; |
|
169 } |
|
170 |
|
171 $_length = strlen($string); |
|
172 for ($_i = 0; $_i < $_length; $_i++) { |
|
173 $_ord = ord(substr($string, $_i, 1)); |
|
174 // non-standard char, escape it |
|
175 if ($_ord >= 126) { |
|
176 $return .= '&#' . $_ord . ';'; |
|
177 } else { |
|
178 $return .= substr($string, $_i, 1); |
|
179 } |
|
180 } |
|
181 return $return; |
|
182 |
|
183 default: |
|
184 return $string; |
|
185 } |
|
186 } |
|
187 |
|
188 ?> |