1 <?php |
|
2 /** |
|
3 * Smarty plugin |
|
4 * |
|
5 * @package Smarty |
|
6 * @subpackage PluginsModifierCompiler |
|
7 */ |
|
8 |
|
9 /** |
|
10 * @ignore |
|
11 */ |
|
12 require_once(SMARTY_PLUGINS_DIR . 'shared.literal_compiler_param.php'); |
|
13 |
|
14 /** |
|
15 * Smarty escape modifier plugin |
|
16 * Type: modifier<br> |
|
17 * Name: escape<br> |
|
18 * Purpose: escape string for output |
|
19 * |
|
20 * @link http://www.smarty.net/docsv2/en/language.modifier.escape count_characters (Smarty online manual) |
|
21 * @author Rodney Rehm |
|
22 * |
|
23 * @param array $params parameters |
|
24 * @param $compiler |
|
25 * |
|
26 * @return string with compiled code |
|
27 */ |
|
28 function smarty_modifiercompiler_escape($params, $compiler) { |
|
29 static $_double_encode = null; |
|
30 if ($_double_encode === null) { |
|
31 $_double_encode = version_compare(PHP_VERSION, '5.2.3', '>='); |
|
32 } |
|
33 |
|
34 try { |
|
35 $esc_type = smarty_literal_compiler_param($params, 1, 'html'); |
|
36 $char_set = smarty_literal_compiler_param($params, 2, Smarty::$_CHARSET); |
|
37 $double_encode = smarty_literal_compiler_param($params, 3, true); |
|
38 |
|
39 if (!$char_set) { |
|
40 $char_set = Smarty::$_CHARSET; |
|
41 } |
|
42 |
|
43 switch ($esc_type) { |
|
44 case 'html': |
|
45 if ($_double_encode) { |
|
46 return 'htmlspecialchars(' |
|
47 . $params[0] . ', ENT_QUOTES, ' |
|
48 . var_export($char_set, true) . ', ' |
|
49 . var_export($double_encode, true) . ')'; |
|
50 } elseif ($double_encode) { |
|
51 return 'htmlspecialchars(' |
|
52 . $params[0] . ', ENT_QUOTES, ' |
|
53 . var_export($char_set, true) . ')'; |
|
54 } else { |
|
55 // fall back to modifier.escape.php |
|
56 } |
|
57 |
|
58 case 'htmlall': |
|
59 if (Smarty::$_MBSTRING) { |
|
60 if ($_double_encode) { |
|
61 // php >=5.2.3 - go native |
|
62 return 'mb_convert_encoding(htmlspecialchars(' |
|
63 . $params[0] . ', ENT_QUOTES, ' |
|
64 . var_export($char_set, true) . ', ' |
|
65 . var_export($double_encode, true) |
|
66 . '), "HTML-ENTITIES", ' |
|
67 . var_export($char_set, true) . ')'; |
|
68 } elseif ($double_encode) { |
|
69 // php <5.2.3 - only handle double encoding |
|
70 return 'mb_convert_encoding(htmlspecialchars(' |
|
71 . $params[0] . ', ENT_QUOTES, ' |
|
72 . var_export($char_set, true) |
|
73 . '), "HTML-ENTITIES", ' |
|
74 . var_export($char_set, true) . ')'; |
|
75 } else { |
|
76 // fall back to modifier.escape.php |
|
77 } |
|
78 } |
|
79 |
|
80 // no MBString fallback |
|
81 if ($_double_encode) { |
|
82 // php >=5.2.3 - go native |
|
83 return 'htmlentities(' |
|
84 . $params[0] . ', ENT_QUOTES, ' |
|
85 . var_export($char_set, true) . ', ' |
|
86 . var_export($double_encode, true) . ')'; |
|
87 } elseif ($double_encode) { |
|
88 // php <5.2.3 - only handle double encoding |
|
89 return 'htmlentities(' |
|
90 . $params[0] . ', ENT_QUOTES, ' |
|
91 . var_export($char_set, true) . ')'; |
|
92 } else { |
|
93 // fall back to modifier.escape.php |
|
94 } |
|
95 |
|
96 case 'url': |
|
97 return 'rawurlencode(' . $params[0] . ')'; |
|
98 |
|
99 case 'urlpathinfo': |
|
100 return 'str_replace("%2F", "/", rawurlencode(' . $params[0] . '))'; |
|
101 |
|
102 case 'quotes': |
|
103 // escape unescaped single quotes |
|
104 return 'preg_replace("%(?<!\\\\\\\\)\'%", "\\\'",' . $params[0] . ')'; |
|
105 |
|
106 case 'javascript': |
|
107 // escape quotes and backslashes, newlines, etc. |
|
108 return 'strtr(' . $params[0] . ', array("\\\\" => "\\\\\\\\", "\'" => "\\\\\'", "\"" => "\\\\\"", "\\r" => "\\\\r", "\\n" => "\\\n", "</" => "<\/" ))'; |
|
109 } |
|
110 } catch (SmartyException $e) { |
|
111 // pass through to regular plugin fallback |
|
112 } |
|
113 |
|
114 // could not optimize |escape call, so fallback to regular plugin |
|
115 if ($compiler->template->caching && ($compiler->tag_nocache | $compiler->nocache)) { |
|
116 $compiler->template->required_plugins['nocache']['escape']['modifier']['file'] = SMARTY_PLUGINS_DIR . 'modifier.escape.php'; |
|
117 $compiler->template->required_plugins['nocache']['escape']['modifier']['function'] = 'smarty_modifier_escape'; |
|
118 } else { |
|
119 $compiler->template->required_plugins['compiled']['escape']['modifier']['file'] = SMARTY_PLUGINS_DIR . 'modifier.escape.php'; |
|
120 $compiler->template->required_plugins['compiled']['escape']['modifier']['function'] = 'smarty_modifier_escape'; |
|
121 } |
|
122 |
|
123 return 'smarty_modifier_escape(' . join(', ', $params) . ')'; |
|
124 } |
|