library/smarty/libs/plugins/modifier.escape.php
changeset 0 4869aea77e21
equal deleted inserted replaced
-1:000000000000 0:4869aea77e21
       
     1 <?php
       
     2 /**
       
     3  * Smarty plugin
       
     4  *
       
     5  * @package    Smarty
       
     6  * @subpackage PluginsModifier
       
     7  */
       
     8 
       
     9 /**
       
    10  * Smarty escape modifier plugin
       
    11  * Type:     modifier<br>
       
    12  * Name:     escape<br>
       
    13  * Purpose:  escape string for output
       
    14  *
       
    15  * @link   http://www.smarty.net/docs/en/language.modifier.escape
       
    16  * @author Monte Ohrt <monte at ohrt dot com>
       
    17  *
       
    18  * @param string $string input string
       
    19  * @param string $esc_type escape type
       
    20  * @param string $char_set character set, used for htmlspecialchars() or htmlentities()
       
    21  * @param boolean $double_encode encode already encoded entitites again, used for htmlspecialchars() or htmlentities()
       
    22  *
       
    23  * @return string escaped input string
       
    24  */
       
    25 function smarty_modifier_escape($string, $esc_type = 'html', $char_set = null, $double_encode = true) {
       
    26     static $_double_encode = null;
       
    27     if ($_double_encode === null) {
       
    28         $_double_encode = version_compare(PHP_VERSION, '5.2.3', '>=');
       
    29     }
       
    30 
       
    31     if (!$char_set) {
       
    32         $char_set = Smarty::$_CHARSET;
       
    33     }
       
    34 
       
    35     switch ($esc_type) {
       
    36         case 'html':
       
    37             if ($_double_encode) {
       
    38                 // php >=5.3.2 - go native
       
    39                 return htmlspecialchars($string, ENT_QUOTES, $char_set, $double_encode);
       
    40             } else {
       
    41                 if ($double_encode) {
       
    42                     // php <5.2.3 - only handle double encoding
       
    43                     return htmlspecialchars($string, ENT_QUOTES, $char_set);
       
    44                 } else {
       
    45                     // php <5.2.3 - prevent double encoding
       
    46                     $string = preg_replace('!&(#?\w+);!', '%%%SMARTY_START%%%\\1%%%SMARTY_END%%%', $string);
       
    47                     $string = htmlspecialchars($string, ENT_QUOTES, $char_set);
       
    48                     $string = str_replace(array('%%%SMARTY_START%%%', '%%%SMARTY_END%%%'), array('&', ';'), $string);
       
    49 
       
    50                     return $string;
       
    51                 }
       
    52             }
       
    53 
       
    54         case 'htmlall':
       
    55             if (Smarty::$_MBSTRING) {
       
    56                 // mb_convert_encoding ignores htmlspecialchars()
       
    57                 if ($_double_encode) {
       
    58                     // php >=5.3.2 - go native
       
    59                     $string = htmlspecialchars($string, ENT_QUOTES, $char_set, $double_encode);
       
    60                 } else {
       
    61                     if ($double_encode) {
       
    62                         // php <5.2.3 - only handle double encoding
       
    63                         $string = htmlspecialchars($string, ENT_QUOTES, $char_set);
       
    64                     } else {
       
    65                         // php <5.2.3 - prevent double encoding
       
    66                         $string = preg_replace('!&(#?\w+);!', '%%%SMARTY_START%%%\\1%%%SMARTY_END%%%', $string);
       
    67                         $string = htmlspecialchars($string, ENT_QUOTES, $char_set);
       
    68                         $string = str_replace(array('%%%SMARTY_START%%%', '%%%SMARTY_END%%%'), array('&', ';'), $string);
       
    69 
       
    70                         return $string;
       
    71                     }
       
    72                 }
       
    73 
       
    74                 // htmlentities() won't convert everything, so use mb_convert_encoding
       
    75                 return mb_convert_encoding($string, 'HTML-ENTITIES', $char_set);
       
    76             }
       
    77 
       
    78             // no MBString fallback
       
    79             if ($_double_encode) {
       
    80                 return htmlentities($string, ENT_QUOTES, $char_set, $double_encode);
       
    81             } else {
       
    82                 if ($double_encode) {
       
    83                     return htmlentities($string, ENT_QUOTES, $char_set);
       
    84                 } else {
       
    85                     $string = preg_replace('!&(#?\w+);!', '%%%SMARTY_START%%%\\1%%%SMARTY_END%%%', $string);
       
    86                     $string = htmlentities($string, ENT_QUOTES, $char_set);
       
    87                     $string = str_replace(array('%%%SMARTY_START%%%', '%%%SMARTY_END%%%'), array('&', ';'), $string);
       
    88 
       
    89                     return $string;
       
    90                 }
       
    91             }
       
    92 
       
    93         case 'url':
       
    94             return rawurlencode($string);
       
    95 
       
    96         case 'urlpathinfo':
       
    97             return str_replace('%2F', '/', rawurlencode($string));
       
    98 
       
    99         case 'quotes':
       
   100             // escape unescaped single quotes
       
   101             return preg_replace("%(?<!\\\\)'%", "\\'", $string);
       
   102 
       
   103         case 'hex':
       
   104             // escape every byte into hex
       
   105             // Note that the UTF-8 encoded character รค will be represented as %c3%a4
       
   106             $return = '';
       
   107             $_length = strlen($string);
       
   108             for ($x = 0; $x < $_length; $x++) {
       
   109                 $return .= '%' . bin2hex($string[$x]);
       
   110             }
       
   111 
       
   112             return $return;
       
   113 
       
   114         case 'hexentity':
       
   115             $return = '';
       
   116             if (Smarty::$_MBSTRING) {
       
   117                 require_once(SMARTY_PLUGINS_DIR . 'shared.mb_unicode.php');
       
   118                 $return = '';
       
   119                 foreach (smarty_mb_to_unicode($string, Smarty::$_CHARSET) as $unicode) {
       
   120                     $return .= '&#x' . strtoupper(dechex($unicode)) . ';';
       
   121                 }
       
   122 
       
   123                 return $return;
       
   124             }
       
   125             // no MBString fallback
       
   126             $_length = strlen($string);
       
   127             for ($x = 0; $x < $_length; $x++) {
       
   128                 $return .= '&#x' . bin2hex($string[$x]) . ';';
       
   129             }
       
   130 
       
   131             return $return;
       
   132 
       
   133         case 'decentity':
       
   134             $return = '';
       
   135             if (Smarty::$_MBSTRING) {
       
   136                 require_once(SMARTY_PLUGINS_DIR . 'shared.mb_unicode.php');
       
   137                 $return = '';
       
   138                 foreach (smarty_mb_to_unicode($string, Smarty::$_CHARSET) as $unicode) {
       
   139                     $return .= '&#' . $unicode . ';';
       
   140                 }
       
   141 
       
   142                 return $return;
       
   143             }
       
   144             // no MBString fallback
       
   145             $_length = strlen($string);
       
   146             for ($x = 0; $x < $_length; $x++) {
       
   147                 $return .= '&#' . ord($string[$x]) . ';';
       
   148             }
       
   149 
       
   150             return $return;
       
   151 
       
   152         case 'javascript':
       
   153             // escape quotes and backslashes, newlines, etc.
       
   154             return strtr($string, array('\\' => '\\\\', "'" => "\\'", '"' => '\\"', "\r" => '\\r', "\n" => '\\n', '</' => '<\/'));
       
   155 
       
   156         case 'mail':
       
   157             if (Smarty::$_MBSTRING) {
       
   158                 require_once(SMARTY_PLUGINS_DIR . 'shared.mb_str_replace.php');
       
   159 
       
   160                 return smarty_mb_str_replace(array('@', '.'), array(' [AT] ', ' [DOT] '), $string);
       
   161             }
       
   162             // no MBString fallback
       
   163             return str_replace(array('@', '.'), array(' [AT] ', ' [DOT] '), $string);
       
   164 
       
   165         case 'nonstd':
       
   166             // escape non-standard chars, such as ms document quotes
       
   167             $return = '';
       
   168             if (Smarty::$_MBSTRING) {
       
   169                 require_once(SMARTY_PLUGINS_DIR . 'shared.mb_unicode.php');
       
   170                 foreach (smarty_mb_to_unicode($string, Smarty::$_CHARSET) as $unicode) {
       
   171                     if ($unicode >= 126) {
       
   172                         $return .= '&#' . $unicode . ';';
       
   173                     } else {
       
   174                         $return .= chr($unicode);
       
   175                     }
       
   176                 }
       
   177 
       
   178                 return $return;
       
   179             }
       
   180 
       
   181             $_length = strlen($string);
       
   182             for ($_i = 0; $_i < $_length; $_i++) {
       
   183                 $_ord = ord(substr($string, $_i, 1));
       
   184                 // non-standard char, escape it
       
   185                 if ($_ord >= 126) {
       
   186                     $return .= '&#' . $_ord . ';';
       
   187                 } else {
       
   188                     $return .= substr($string, $_i, 1);
       
   189                 }
       
   190             }
       
   191 
       
   192             return $return;
       
   193 
       
   194         default:
       
   195             return $string;
       
   196     }
       
   197 }