modifier.escape.php 5.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143
  1. <?php
  2. /**
  3. * Smarty plugin
  4. *
  5. * @package Smarty
  6. * @subpackage PluginsModifier
  7. */
  8. /**
  9. * Smarty escape modifier plugin
  10. *
  11. * Type: modifier<br>
  12. * Name: escape<br>
  13. * Purpose: escape string for output
  14. *
  15. * @link http://www.smarty.net/manual/en/language.modifier.count.characters.php count_characters (Smarty online manual)
  16. * @author Monte Ohrt <monte at ohrt dot com>
  17. * @param string $string input string
  18. * @param string $esc_type escape type
  19. * @param string $char_set character set, used for htmlspecialchars() or htmlentities()
  20. * @param boolean $double_encode encode already encoded entitites again, used for htmlspecialchars() or htmlentities()
  21. * @return string escaped input string
  22. */
  23. function smarty_modifier_escape($string, $esc_type = 'html', $char_set = null, $double_encode = true)
  24. {
  25. if (!$char_set) {
  26. $char_set = SMARTY_RESOURCE_CHAR_SET;
  27. }
  28. switch ($esc_type) {
  29. case 'html':
  30. return htmlspecialchars($string, ENT_QUOTES, $char_set, $double_encode);
  31. case 'htmlall':
  32. if (SMARTY_MBSTRING /* ^phpunit */ && empty($_SERVER['SMARTY_PHPUNIT_DISABLE_MBSTRING'])/* phpunit$ */) {
  33. // mb_convert_encoding ignores htmlspecialchars()
  34. $string = htmlspecialchars($string, ENT_QUOTES, $char_set, $double_encode);
  35. // htmlentities() won't convert everything, so use mb_convert_encoding
  36. return mb_convert_encoding($string, 'HTML-ENTITIES', $char_set);
  37. }
  38. // no MBString fallback
  39. return htmlentities($string, ENT_QUOTES, $char_set, $double_encode);
  40. case 'url':
  41. return rawurlencode($string);
  42. case 'urlpathinfo':
  43. return str_replace('%2F', '/', rawurlencode($string));
  44. case 'quotes':
  45. // escape unescaped single quotes
  46. return preg_replace("%(?<!\\\\)'%", "\\'", $string);
  47. case 'hex':
  48. // escape every byte into hex
  49. // Note that the UTF-8 encoded character ä will be represented as %c3%a4
  50. $return = '';
  51. $_length = strlen($string);
  52. for ($x = 0; $x < $_length; $x++) {
  53. $return .= '%' . bin2hex($string[$x]);
  54. }
  55. return $return;
  56. case 'hexentity':
  57. $return = '';
  58. if (SMARTY_MBSTRING /* ^phpunit */ && empty($_SERVER['SMARTY_PHPUNIT_DISABLE_MBSTRING'])/* phpunit$ */) {
  59. require_once(SMARTY_PLUGINS_DIR . 'shared.mb_unicode.php');
  60. $return = '';
  61. foreach (smarty_mb_to_unicode($string, SMARTY_RESOURCE_CHAR_SET) as $unicode) {
  62. $return .= '&#x' . strtoupper(dechex($unicode)) . ';';
  63. }
  64. return $return;
  65. }
  66. // no MBString fallback
  67. $_length = strlen($string);
  68. for ($x = 0; $x < $_length; $x++) {
  69. $return .= '&#x' . bin2hex($string[$x]) . ';';
  70. }
  71. return $return;
  72. case 'decentity':
  73. $return = '';
  74. if (SMARTY_MBSTRING /* ^phpunit */ && empty($_SERVER['SMARTY_PHPUNIT_DISABLE_MBSTRING'])/* phpunit$ */) {
  75. require_once(SMARTY_PLUGINS_DIR . 'shared.mb_unicode.php');
  76. $return = '';
  77. foreach (smarty_mb_to_unicode($string, SMARTY_RESOURCE_CHAR_SET) as $unicode) {
  78. $return .= '&#' . $unicode . ';';
  79. }
  80. return $return;
  81. }
  82. // no MBString fallback
  83. $_length = strlen($string);
  84. for ($x = 0; $x < $_length; $x++) {
  85. $return .= '&#' . ord($string[$x]) . ';';
  86. }
  87. return $return;
  88. case 'javascript':
  89. // escape quotes and backslashes, newlines, etc.
  90. return strtr($string, array('\\' => '\\\\', "'" => "\\'", '"' => '\\"', "\r" => '\\r', "\n" => '\\n', '</' => '<\/'));
  91. case 'mail':
  92. if (SMARTY_MBSTRING /* ^phpunit */ && empty($_SERVER['SMARTY_PHPUNIT_DISABLE_MBSTRING'])/* phpunit$ */) {
  93. require_once(SMARTY_PLUGINS_DIR . 'shared.mb_str_replace.php');
  94. return smarty_mb_str_replace(array('@', '.'), array(' [AT] ', ' [DOT] '), $string);
  95. }
  96. // no MBString fallback
  97. return str_replace(array('@', '.'), array(' [AT] ', ' [DOT] '), $string);
  98. case 'nonstd':
  99. // escape non-standard chars, such as ms document quotes
  100. $return = '';
  101. if (SMARTY_MBSTRING /* ^phpunit */ && empty($_SERVER['SMARTY_PHPUNIT_DISABLE_MBSTRING'])/* phpunit$ */) {
  102. require_once(SMARTY_PLUGINS_DIR . 'shared.mb_unicode.php');
  103. foreach (smarty_mb_to_unicode($string, SMARTY_RESOURCE_CHAR_SET) as $unicode) {
  104. if ($unicode >= 126) {
  105. $return .= '&#' . $unicode . ';';
  106. } else {
  107. $return .= chr($unicode);
  108. }
  109. }
  110. return $return;
  111. }
  112. $_length = strlen($string);
  113. for ($_i = 0; $_i < $_length; $_i++) {
  114. $_ord = ord(substr($string, $_i, 1));
  115. // non-standard char, escape it
  116. if ($_ord >= 126) {
  117. $return .= '&#' . $_ord . ';';
  118. } else {
  119. $return .= substr($string, $_i, 1);
  120. }
  121. }
  122. return $return;
  123. default:
  124. return $string;
  125. }
  126. }
  127. ?>