libs/plugins/modifier.escape.php Quellcode

modifier.escape.php
gehe zur Dokumentation dieser Datei
1 <?php
25 function smarty_modifier_escape($string, $esc_type = 'html', $char_set = null, $double_encode = true)
26 {
27  static $_double_encode = null;
28  if ($_double_encode === null) {
29  $_double_encode = version_compare(PHP_VERSION, '5.2.3', '>=');
30  }
31 
32  if (!$char_set) {
33  $char_set = Smarty::$_CHARSET;
34  }
35 
36  switch ($esc_type) {
37  case 'html':
38  if ($_double_encode) {
39  // php >=5.3.2 - go native
40  return htmlspecialchars($string, ENT_QUOTES, $char_set, $double_encode);
41  } else {
42  if ($double_encode) {
43  // php <5.2.3 - only handle double encoding
44  return htmlspecialchars($string, ENT_QUOTES, $char_set);
45  } else {
46  // php <5.2.3 - prevent double encoding
47  $string = preg_replace('!&(#?\w+);!', '%%%SMARTY_START%%%\\1%%%SMARTY_END%%%', $string);
48  $string = htmlspecialchars($string, ENT_QUOTES, $char_set);
49  $string = str_replace(array('%%%SMARTY_START%%%', '%%%SMARTY_END%%%'), array('&', ';'), $string);
50 
51  return $string;
52  }
53  }
54 
55  case 'htmlall':
56  if (Smarty::$_MBSTRING) {
57  // mb_convert_encoding ignores htmlspecialchars()
58  if ($_double_encode) {
59  // php >=5.3.2 - go native
60  $string = htmlspecialchars($string, ENT_QUOTES, $char_set, $double_encode);
61  } else {
62  if ($double_encode) {
63  // php <5.2.3 - only handle double encoding
64  $string = htmlspecialchars($string, ENT_QUOTES, $char_set);
65  } else {
66  // php <5.2.3 - prevent double encoding
67  $string = preg_replace('!&(#?\w+);!', '%%%SMARTY_START%%%\\1%%%SMARTY_END%%%', $string);
68  $string = htmlspecialchars($string, ENT_QUOTES, $char_set);
69  $string = str_replace(array('%%%SMARTY_START%%%', '%%%SMARTY_END%%%'), array('&', ';'), $string);
70 
71  return $string;
72  }
73  }
74 
75  // htmlentities() won't convert everything, so use mb_convert_encoding
76  return mb_convert_encoding($string, 'HTML-ENTITIES', $char_set);
77  }
78 
79  // no MBString fallback
80  if ($_double_encode) {
81  return htmlentities($string, ENT_QUOTES, $char_set, $double_encode);
82  } else {
83  if ($double_encode) {
84  return htmlentities($string, ENT_QUOTES, $char_set);
85  } else {
86  $string = preg_replace('!&(#?\w+);!', '%%%SMARTY_START%%%\\1%%%SMARTY_END%%%', $string);
87  $string = htmlentities($string, ENT_QUOTES, $char_set);
88  $string = str_replace(array('%%%SMARTY_START%%%', '%%%SMARTY_END%%%'), array('&', ';'), $string);
89 
90  return $string;
91  }
92  }
93 
94  case 'url':
95  return rawurlencode($string);
96 
97  case 'urlpathinfo':
98  return str_replace('%2F', '/', rawurlencode($string));
99 
100  case 'quotes':
101  // escape unescaped single quotes
102  return preg_replace("%(?<!\\\\)'%", "\\'", $string);
103 
104  case 'hex':
105  // escape every byte into hex
106  // Note that the UTF-8 encoded character ä will be represented as %c3%a4
107  $return = '';
108  $_length = strlen($string);
109  for ($x = 0; $x < $_length; $x ++) {
110  $return .= '%' . bin2hex($string[$x]);
111  }
112 
113  return $return;
114 
115  case 'hexentity':
116  $return = '';
117  if (Smarty::$_MBSTRING) {
118  require_once(SMARTY_PLUGINS_DIR . 'shared.mb_unicode.php');
119  $return = '';
120  foreach (smarty_mb_to_unicode($string, Smarty::$_CHARSET) as $unicode) {
121  $return .= '&#x' . strtoupper(dechex($unicode)) . ';';
122  }
123 
124  return $return;
125  }
126  // no MBString fallback
127  $_length = strlen($string);
128  for ($x = 0; $x < $_length; $x ++) {
129  $return .= '&#x' . bin2hex($string[$x]) . ';';
130  }
131 
132  return $return;
133 
134  case 'decentity':
135  $return = '';
136  if (Smarty::$_MBSTRING) {
137  require_once(SMARTY_PLUGINS_DIR . 'shared.mb_unicode.php');
138  $return = '';
139  foreach (smarty_mb_to_unicode($string, Smarty::$_CHARSET) as $unicode) {
140  $return .= '&#' . $unicode . ';';
141  }
142 
143  return $return;
144  }
145  // no MBString fallback
146  $_length = strlen($string);
147  for ($x = 0; $x < $_length; $x ++) {
148  $return .= '&#' . ord($string[$x]) . ';';
149  }
150 
151  return $return;
152 
153  case 'javascript':
154  // escape quotes and backslashes, newlines, etc.
155  return strtr($string, array('\\' => '\\\\', "'" => "\\'", '"' => '\\"', "\r" => '\\r', "\n" => '\\n', '</' => '<\/'));
156 
157  case 'mail':
158  if (Smarty::$_MBSTRING) {
159  require_once(SMARTY_PLUGINS_DIR . 'shared.mb_str_replace.php');
160 
161  return smarty_mb_str_replace(array('@', '.'), array(' [AT] ', ' [DOT] '), $string);
162  }
163  // no MBString fallback
164  return str_replace(array('@', '.'), array(' [AT] ', ' [DOT] '), $string);
165 
166  case 'nonstd':
167  // escape non-standard chars, such as ms document quotes
168  $return = '';
169  if (Smarty::$_MBSTRING) {
170  require_once(SMARTY_PLUGINS_DIR . 'shared.mb_unicode.php');
171  foreach (smarty_mb_to_unicode($string, Smarty::$_CHARSET) as $unicode) {
172  if ($unicode >= 126) {
173  $return .= '&#' . $unicode . ';';
174  } else {
175  $return .= chr($unicode);
176  }
177  }
178 
179  return $return;
180  }
181 
182  $_length = strlen($string);
183  for ($_i = 0; $_i < $_length; $_i ++) {
184  $_ord = ord(substr($string, $_i, 1));
185  // non-standard char, escape it
186  if ($_ord >= 126) {
187  $return .= '&#' . $_ord . ';';
188  } else {
189  $return .= substr($string, $_i, 1);
190  }
191  }
192 
193  return $return;
194 
195  default:
196  return $string;
197  }
198 }




Korrekturen, Hinweise und Ergänzungen

Bitte scheuen Sie sich nicht und melden Sie, was auf dieser Seite sachlich falsch oder irreführend ist, was ergänzt werden sollte, was fehlt usw. Dazu bitte oben aus dem Menü Seite den Eintrag Support Forum wählen. Es ist eine kostenlose Anmeldung erforderlich, um Anmerkungen zu posten. Unpassende Postings, Spam usw. werden kommentarlos entfernt.