library/smarty/libs/plugins/modifiercompiler.escape.php
changeset 46 f11c31f7fa3e
parent 45 a56e7f9a0463
child 47 03388ec805b4
equal deleted inserted replaced
45:a56e7f9a0463 46:f11c31f7fa3e
     1 <?php
       
     2 /**
       
     3  * Smarty plugin
       
     4  *
       
     5  * @package    Smarty
       
     6  * @subpackage PluginsModifierCompiler
       
     7  */
       
     8 
       
     9 /**
       
    10  * @ignore
       
    11  */
       
    12 require_once(SMARTY_PLUGINS_DIR . 'shared.literal_compiler_param.php');
       
    13 
       
    14 /**
       
    15  * Smarty escape modifier plugin
       
    16  * Type:     modifier<br>
       
    17  * Name:     escape<br>
       
    18  * Purpose:  escape string for output
       
    19  *
       
    20  * @link   http://www.smarty.net/docsv2/en/language.modifier.escape count_characters (Smarty online manual)
       
    21  * @author Rodney Rehm
       
    22  *
       
    23  * @param array $params parameters
       
    24  * @param       $compiler
       
    25  *
       
    26  * @return string with compiled code
       
    27  */
       
    28 function smarty_modifiercompiler_escape($params, $compiler) {
       
    29     static $_double_encode = null;
       
    30     if ($_double_encode === null) {
       
    31         $_double_encode = version_compare(PHP_VERSION, '5.2.3', '>=');
       
    32     }
       
    33 
       
    34     try {
       
    35         $esc_type = smarty_literal_compiler_param($params, 1, 'html');
       
    36         $char_set = smarty_literal_compiler_param($params, 2, Smarty::$_CHARSET);
       
    37         $double_encode = smarty_literal_compiler_param($params, 3, true);
       
    38 
       
    39         if (!$char_set) {
       
    40             $char_set = Smarty::$_CHARSET;
       
    41         }
       
    42 
       
    43         switch ($esc_type) {
       
    44             case 'html':
       
    45                 if ($_double_encode) {
       
    46                     return 'htmlspecialchars('
       
    47                     . $params[0] . ', ENT_QUOTES, '
       
    48                     . var_export($char_set, true) . ', '
       
    49                     . var_export($double_encode, true) . ')';
       
    50                 } elseif ($double_encode) {
       
    51                     return 'htmlspecialchars('
       
    52                     . $params[0] . ', ENT_QUOTES, '
       
    53                     . var_export($char_set, true) . ')';
       
    54                 } else {
       
    55                     // fall back to modifier.escape.php
       
    56                 }
       
    57 
       
    58             case 'htmlall':
       
    59                 if (Smarty::$_MBSTRING) {
       
    60                     if ($_double_encode) {
       
    61                         // php >=5.2.3 - go native
       
    62                         return 'mb_convert_encoding(htmlspecialchars('
       
    63                         . $params[0] . ', ENT_QUOTES, '
       
    64                         . var_export($char_set, true) . ', '
       
    65                         . var_export($double_encode, true)
       
    66                         . '), "HTML-ENTITIES", '
       
    67                         . var_export($char_set, true) . ')';
       
    68                     } elseif ($double_encode) {
       
    69                         // php <5.2.3 - only handle double encoding
       
    70                         return 'mb_convert_encoding(htmlspecialchars('
       
    71                         . $params[0] . ', ENT_QUOTES, '
       
    72                         . var_export($char_set, true)
       
    73                         . '), "HTML-ENTITIES", '
       
    74                         . var_export($char_set, true) . ')';
       
    75                     } else {
       
    76                         // fall back to modifier.escape.php
       
    77                     }
       
    78                 }
       
    79 
       
    80                 // no MBString fallback
       
    81                 if ($_double_encode) {
       
    82                     // php >=5.2.3 - go native
       
    83                     return 'htmlentities('
       
    84                     . $params[0] . ', ENT_QUOTES, '
       
    85                     . var_export($char_set, true) . ', '
       
    86                     . var_export($double_encode, true) . ')';
       
    87                 } elseif ($double_encode) {
       
    88                     // php <5.2.3 - only handle double encoding
       
    89                     return 'htmlentities('
       
    90                     . $params[0] . ', ENT_QUOTES, '
       
    91                     . var_export($char_set, true) . ')';
       
    92                 } else {
       
    93                     // fall back to modifier.escape.php
       
    94                 }
       
    95 
       
    96             case 'url':
       
    97                 return 'rawurlencode(' . $params[0] . ')';
       
    98 
       
    99             case 'urlpathinfo':
       
   100                 return 'str_replace("%2F", "/", rawurlencode(' . $params[0] . '))';
       
   101 
       
   102             case 'quotes':
       
   103                 // escape unescaped single quotes
       
   104                 return 'preg_replace("%(?<!\\\\\\\\)\'%", "\\\'",' . $params[0] . ')';
       
   105 
       
   106             case 'javascript':
       
   107                 // escape quotes and backslashes, newlines, etc.
       
   108                 return 'strtr(' . $params[0] . ', array("\\\\" => "\\\\\\\\", "\'" => "\\\\\'", "\"" => "\\\\\"", "\\r" => "\\\\r", "\\n" => "\\\n", "</" => "<\/" ))';
       
   109         }
       
   110     } catch (SmartyException $e) {
       
   111         // pass through to regular plugin fallback
       
   112     }
       
   113 
       
   114     // could not optimize |escape call, so fallback to regular plugin
       
   115     if ($compiler->template->caching && ($compiler->tag_nocache | $compiler->nocache)) {
       
   116         $compiler->template->required_plugins['nocache']['escape']['modifier']['file'] = SMARTY_PLUGINS_DIR . 'modifier.escape.php';
       
   117         $compiler->template->required_plugins['nocache']['escape']['modifier']['function'] = 'smarty_modifier_escape';
       
   118     } else {
       
   119         $compiler->template->required_plugins['compiled']['escape']['modifier']['file'] = SMARTY_PLUGINS_DIR . 'modifier.escape.php';
       
   120         $compiler->template->required_plugins['compiled']['escape']['modifier']['function'] = 'smarty_modifier_escape';
       
   121     }
       
   122 
       
   123     return 'smarty_modifier_escape(' . join(', ', $params) . ')';
       
   124 }