robin.thoni
/
docker-mx-server
Watch 1
Star 0
Fork 0
Code Issues 2 Pull Requests 0 Releases 12 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
43 Commits
3 Branches
Tree: 16cad24392
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '16cad24392'
${ noResults }
docker-mx-server/postfixadmin/postfixadmin-3.2.2/lib/smarty/libs/plugins/modifier.escape.php

modifier.escape.php 8.8KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235 
  1. <?php

  2. /**

  3.  * Smarty plugin

  4.  *

  5.  * @package    Smarty

  6.  * @subpackage PluginsModifier

  7.  */

  8. 

  9. /**

  10.  * Smarty escape modifier plugin

  11.  * Type:     modifier

  12.  * Name:     escape

  13.  * Purpose:  escape string for output

  14.  *

  15.  * @link   http://www.smarty.net/docs/en/language.modifier.escape

  16.  * @author Monte Ohrt <monte at ohrt dot com>

  17.  *

  18.  * @param string  $string        input string

  19.  * @param string  $esc_type      escape type

  20.  * @param string  $char_set      character set, used for htmlspecialchars() or htmlentities()

  21.  * @param boolean $double_encode encode already encoded entitites again, used for htmlspecialchars() or htmlentities()

  22.  *

  23.  * @return string escaped input string

  24.  */

  25. function smarty_modifier_escape($string, $esc_type = 'html', $char_set = null, $double_encode = true)

  26. {

  27.     static $_double_encode = null;

  28.     static $is_loaded_1 = false;

  29.     static $is_loaded_2 = false;

  30.     if ($_double_encode === null) {

  31.         $_double_encode = version_compare(PHP_VERSION, '5.2.3', '>=');

  32.     }

  33. 

  34.     if (!$char_set) {

  35.         $char_set = Smarty::$_CHARSET;

  36.     }

  37. 

  38.     switch ($esc_type) {

  39.         case 'html':

  40.             if ($_double_encode) {

  41.                 // php >=5.3.2 - go native

  42.                 return htmlspecialchars($string, ENT_QUOTES, $char_set, $double_encode);

  43.             } else {

  44.                 if ($double_encode) {

  45.                     // php <5.2.3 - only handle double encoding

  46.                     return htmlspecialchars($string, ENT_QUOTES, $char_set);

  47.                 } else {

  48.                     // php <5.2.3 - prevent double encoding

  49.                     $string = preg_replace('!&(#?\w+);!', '%%%SMARTY_START%%%\\1%%%SMARTY_END%%%', $string);

  50.                     $string = htmlspecialchars($string, ENT_QUOTES, $char_set);

  51.                     $string = str_replace(array('%%%SMARTY_START%%%',

  52.                                                 '%%%SMARTY_END%%%'), array('&',

  53.                                                                            ';'), $string);

  54. 

  55.                     return $string;

  56.                 }

  57.             }

  58. 

  59.         case 'htmlall':

  60.             if (Smarty::$_MBSTRING) {

  61.                 // mb_convert_encoding ignores htmlspecialchars()

  62.                 if ($_double_encode) {

  63.                     // php >=5.3.2 - go native

  64.                     $string = htmlspecialchars($string, ENT_QUOTES, $char_set, $double_encode);

  65.                 } else {

  66.                     if ($double_encode) {

  67.                         // php <5.2.3 - only handle double encoding

  68.                         $string = htmlspecialchars($string, ENT_QUOTES, $char_set);

  69.                     } else {

  70.                         // php <5.2.3 - prevent double encoding

  71.                         $string = preg_replace('!&(#?\w+);!', '%%%SMARTY_START%%%\\1%%%SMARTY_END%%%', $string);

  72.                         $string = htmlspecialchars($string, ENT_QUOTES, $char_set);

  73.                         $string =

  74.                             str_replace(array('%%%SMARTY_START%%%',

  75.                                               '%%%SMARTY_END%%%'), array('&',

  76.                                                                          ';'), $string);

  77. 

  78.                         return $string;

  79.                     }

  80.                 }

  81. 

  82.                 // htmlentities() won't convert everything, so use mb_convert_encoding

  83.                 return mb_convert_encoding($string, 'HTML-ENTITIES', $char_set);

  84.             }

  85. 

  86.             // no MBString fallback

  87.             if ($_double_encode) {

  88.                 return htmlentities($string, ENT_QUOTES, $char_set, $double_encode);

  89.             } else {

  90.                 if ($double_encode) {

  91.                     return htmlentities($string, ENT_QUOTES, $char_set);

  92.                 } else {

  93.                     $string = preg_replace('!&(#?\w+);!', '%%%SMARTY_START%%%\\1%%%SMARTY_END%%%', $string);

  94.                     $string = htmlentities($string, ENT_QUOTES, $char_set);

  95.                     $string = str_replace(array('%%%SMARTY_START%%%',

  96.                                                 '%%%SMARTY_END%%%'), array('&',

  97.                                                                            ';'), $string);

  98. 

  99.                     return $string;

  100.                 }

  101.             }

  102. 

  103.         case 'url':

  104.             return rawurlencode($string);

  105. 

  106.         case 'urlpathinfo':

  107.             return str_replace('%2F', '/', rawurlencode($string));

  108. 

  109.         case 'quotes':

  110.             // escape unescaped single quotes

  111.             return preg_replace("%(?<!\\\\)'%", "\\'", $string);

  112. 

  113.         case 'hex':

  114.             // escape every byte into hex

  115.             // Note that the UTF-8 encoded character ä will be represented as %c3%a4

  116.             $return = '';

  117.             $_length = strlen($string);

  118.             for ($x = 0; $x < $_length; $x ++) {

  119.                 $return .= '%' . bin2hex($string[ $x ]);

  120.             }

  121. 

  122.             return $return;

  123. 

  124.         case 'hexentity':

  125.             $return = '';

  126.             if (Smarty::$_MBSTRING) {

  127.                 if (!$is_loaded_1) {

  128.                     if (!is_callable('smarty_mb_to_unicode')) {

  129.                         require_once(SMARTY_PLUGINS_DIR . 'shared.mb_unicode.php');

  130.                     }

  131.                     $is_loaded_1 = true;

  132.                 }

  133.                 $return = '';

  134.                 foreach (smarty_mb_to_unicode($string, Smarty::$_CHARSET) as $unicode) {

  135.                     $return .= '&#x' . strtoupper(dechex($unicode)) . ';';

  136.                 }

  137. 

  138.                 return $return;

  139.             }

  140.             // no MBString fallback

  141.             $_length = strlen($string);

  142.             for ($x = 0; $x < $_length; $x ++) {

  143.                 $return .= '&#x' . bin2hex($string[ $x ]) . ';';

  144.             }

  145. 

  146.             return $return;

  147. 

  148.         case 'decentity':

  149.             $return = '';

  150.             if (Smarty::$_MBSTRING) {

  151.                 if (!$is_loaded_1) {

  152.                     if (!is_callable('smarty_mb_to_unicode')) {

  153.                         require_once(SMARTY_PLUGINS_DIR . 'shared.mb_unicode.php');

  154.                     }

  155.                     $is_loaded_1 = true;

  156.                 }

  157.                 $return = '';

  158.                 foreach (smarty_mb_to_unicode($string, Smarty::$_CHARSET) as $unicode) {

  159.                     $return .= '&#' . $unicode . ';';

  160.                 }

  161. 

  162.                 return $return;

  163.             }

  164.             // no MBString fallback

  165.             $_length = strlen($string);

  166.             for ($x = 0; $x < $_length; $x ++) {

  167.                 $return .= '&#' . ord($string[ $x ]) . ';';

  168.             }

  169. 

  170.             return $return;

  171. 

  172.         case 'javascript':

  173.             // escape quotes and backslashes, newlines, etc.

  174.             return strtr($string, array('\\' => '\\\\',

  175.                                         "'" => "\\'",

  176.                                         '"' => '\\"',

  177.                                         "\r" => '\\r',

  178.                                         "\n" => '\\n',

  179.                                         '</' => '<\/'));

  180. 

  181.         case 'mail':

  182.             if (Smarty::$_MBSTRING) {

  183.                 if (!$is_loaded_2) {

  184.                     if (!is_callable('smarty_mb_str_replace')) {

  185.                         require_once(SMARTY_PLUGINS_DIR . 'shared.mb_str_replace.php');

  186.                     }

  187.                     $is_loaded_2 = true;

  188.                 }

  189.                 return smarty_mb_str_replace(array('@',

  190.                                                    '.'), array(' [AT] ',

  191.                                                                ' [DOT] '), $string);

  192.             }

  193.             // no MBString fallback

  194.             return str_replace(array('@',

  195.                                      '.'), array(' [AT] ',

  196.                                                  ' [DOT] '), $string);

  197. 

  198.         case 'nonstd':

  199.             // escape non-standard chars, such as ms document quotes

  200.             $return = '';

  201.             if (Smarty::$_MBSTRING) {

  202.                 if (!$is_loaded_1) {

  203.                     if (!is_callable('smarty_mb_to_unicode')) {

  204.                         require_once(SMARTY_PLUGINS_DIR . 'shared.mb_unicode.php');

  205.                     }

  206.                     $is_loaded_1 = true;

  207.                 }

  208.                 foreach (smarty_mb_to_unicode($string, Smarty::$_CHARSET) as $unicode) {

  209.                     if ($unicode >= 126) {

  210.                         $return .= '&#' . $unicode . ';';

  211.                     } else {

  212.                         $return .= chr($unicode);

  213.                     }

  214.                 }

  215. 

  216.                 return $return;

  217.             }

  218. 

  219.             $_length = strlen($string);

  220.             for ($_i = 0; $_i < $_length; $_i ++) {

  221.                 $_ord = ord(substr($string, $_i, 1));

  222.                 // non-standard char, escape it

  223.                 if ($_ord >= 126) {

  224.                     $return .= '&#' . $_ord . ';';

  225.                 } else {

  226.                     $return .= substr($string, $_i, 1);

  227.                 }

  228.             }

  229. 

  230.             return $return;

  231. 

  232.         default:

  233.             return $string;

  234.     }

  235. }