You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

modifiercompiler.escape.php 4.9KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126
  1. <?php
  2. /**
  3. * Smarty plugin
  4. *
  5. * @package Smarty
  6. * @subpackage PluginsModifierCompiler
  7. */
  8. /**
  9. * @ignore
  10. */
  11. require_once(SMARTY_PLUGINS_DIR . 'shared.literal_compiler_param.php');
  12. /**
  13. * Smarty escape modifier plugin
  14. * Type: modifier<br>
  15. * Name: escape<br>
  16. * Purpose: escape string for output
  17. *
  18. * @link http://www.smarty.net/docsv2/en/language.modifier.escape count_characters (Smarty online manual)
  19. * @author Rodney Rehm
  20. *
  21. * @param array $params parameters
  22. * @param $compiler
  23. *
  24. * @return string with compiled code
  25. */
  26. function smarty_modifiercompiler_escape($params, $compiler)
  27. {
  28. static $_double_encode = null;
  29. if ($_double_encode === null) {
  30. $_double_encode = version_compare(PHP_VERSION, '5.2.3', '>=');
  31. }
  32. try {
  33. $esc_type = smarty_literal_compiler_param($params, 1, 'html');
  34. $char_set = smarty_literal_compiler_param($params, 2, Smarty::$_CHARSET);
  35. $double_encode = smarty_literal_compiler_param($params, 3, true);
  36. if (!$char_set) {
  37. $char_set = Smarty::$_CHARSET;
  38. }
  39. switch ($esc_type) {
  40. case 'html':
  41. if ($_double_encode) {
  42. return 'htmlspecialchars('
  43. . $params[0] . ', ENT_QUOTES, '
  44. . var_export($char_set, true) . ', '
  45. . var_export($double_encode, true) . ')';
  46. } elseif ($double_encode) {
  47. return 'htmlspecialchars('
  48. . $params[0] . ', ENT_QUOTES, '
  49. . var_export($char_set, true) . ')';
  50. } else {
  51. // fall back to modifier.escape.php
  52. }
  53. case 'htmlall':
  54. if (Smarty::$_MBSTRING) {
  55. if ($_double_encode) {
  56. // php >=5.2.3 - go native
  57. return 'mb_convert_encoding(htmlspecialchars('
  58. . $params[0] . ', ENT_QUOTES, '
  59. . var_export($char_set, true) . ', '
  60. . var_export($double_encode, true)
  61. . '), "HTML-ENTITIES", '
  62. . var_export($char_set, true) . ')';
  63. } elseif ($double_encode) {
  64. // php <5.2.3 - only handle double encoding
  65. return 'mb_convert_encoding(htmlspecialchars('
  66. . $params[0] . ', ENT_QUOTES, '
  67. . var_export($char_set, true)
  68. . '), "HTML-ENTITIES", '
  69. . var_export($char_set, true) . ')';
  70. } else {
  71. // fall back to modifier.escape.php
  72. }
  73. }
  74. // no MBString fallback
  75. if ($_double_encode) {
  76. // php >=5.2.3 - go native
  77. return 'htmlentities('
  78. . $params[0] . ', ENT_QUOTES, '
  79. . var_export($char_set, true) . ', '
  80. . var_export($double_encode, true) . ')';
  81. } elseif ($double_encode) {
  82. // php <5.2.3 - only handle double encoding
  83. return 'htmlentities('
  84. . $params[0] . ', ENT_QUOTES, '
  85. . var_export($char_set, true) . ')';
  86. } else {
  87. // fall back to modifier.escape.php
  88. }
  89. case 'url':
  90. return 'rawurlencode(' . $params[0] . ')';
  91. case 'urlpathinfo':
  92. return 'str_replace("%2F", "/", rawurlencode(' . $params[0] . '))';
  93. case 'quotes':
  94. // escape unescaped single quotes
  95. return 'preg_replace("%(?<!\\\\\\\\)\'%", "\\\'",' . $params[0] . ')';
  96. case 'javascript':
  97. // escape quotes and backslashes, newlines, etc.
  98. return 'strtr(' . $params[0] . ', array("\\\\" => "\\\\\\\\", "\'" => "\\\\\'", "\"" => "\\\\\"", "\\r" => "\\\\r", "\\n" => "\\\n", "</" => "<\/" ))';
  99. }
  100. }
  101. catch (SmartyException $e) {
  102. // pass through to regular plugin fallback
  103. }
  104. // could not optimize |escape call, so fallback to regular plugin
  105. if ($compiler->template->caching && ($compiler->tag_nocache | $compiler->nocache)) {
  106. $compiler->parent_compiler->template->compiled->required_plugins['nocache']['escape']['modifier']['file'] = SMARTY_PLUGINS_DIR . 'modifier.escape.php';
  107. $compiler->parent_compiler->template->compiled->required_plugins['nocache']['escape']['modifier']['function'] = 'smarty_modifier_escape';
  108. } else {
  109. $compiler->parent_compiler->template->compiled->required_plugins['compiled']['escape']['modifier']['file'] = SMARTY_PLUGINS_DIR . 'modifier.escape.php';
  110. $compiler->parent_compiler->template->compiled->required_plugins['compiled']['escape']['modifier']['function'] = 'smarty_modifier_escape';
  111. }
  112. return 'smarty_modifier_escape(' . join(', ', $params) . ')';
  113. }