modifiercompiler.escape.php 3.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990
  1. <?php
  2. /**
  3. * Smarty plugin
  4. *
  5. * @package Smarty
  6. * @subpackage PluginsModifierCompiler
  7. */
  8. /**
  9. * @ignore
  10. */
  11. require_once( SMARTY_PLUGINS_DIR .'shared.literal_compiler_param.php' );
  12. /**
  13. * Smarty escape modifier plugin
  14. *
  15. * Type: modifier<br>
  16. * Name: escape<br>
  17. * Purpose: escape string for output
  18. *
  19. * @link http://www.smarty.net/docsv2/en/language.modifier.escape count_characters (Smarty online manual)
  20. * @author Rodney Rehm
  21. * @param array $params parameters
  22. * @return string with compiled code
  23. */
  24. function smarty_modifiercompiler_escape($params, $compiler)
  25. {
  26. try {
  27. $esc_type = smarty_literal_compiler_param($params, 1, 'html');
  28. $char_set = smarty_literal_compiler_param($params, 2, SMARTY_RESOURCE_CHAR_SET);
  29. $double_encode = smarty_literal_compiler_param($params, 3, true);
  30. if (!$char_set) {
  31. $char_set = SMARTY_RESOURCE_CHAR_SET;
  32. }
  33. switch ($esc_type) {
  34. case 'html':
  35. return 'htmlspecialchars('
  36. . $params[0] .', ENT_QUOTES, '
  37. . var_export($char_set, true) . ', '
  38. . var_export($double_encode, true) . ')';
  39. case 'htmlall':
  40. if (SMARTY_MBSTRING /* ^phpunit */&&empty($_SERVER['SMARTY_PHPUNIT_DISABLE_MBSTRING'])/* phpunit$ */) {
  41. return 'mb_convert_encoding(htmlspecialchars('
  42. . $params[0] .', ENT_QUOTES, '
  43. . var_export($char_set, true) . ', '
  44. . var_export($double_encode, true)
  45. . '), "HTML-ENTITIES", '
  46. . var_export($char_set, true) . ')';
  47. }
  48. // no MBString fallback
  49. return 'htmlentities('
  50. . $params[0] .', ENT_QUOTES, '
  51. . var_export($char_set, true) . ', '
  52. . var_export($double_encode, true) . ')';
  53. case 'url':
  54. return 'rawurlencode(' . $params[0] . ')';
  55. case 'urlpathinfo':
  56. return 'str_replace("%2F", "/", rawurlencode(' . $params[0] . '))';
  57. case 'quotes':
  58. // escape unescaped single quotes
  59. return 'preg_replace("%(?<!\\\\\\\\)\'%", "\\\'",' . $params[0] . ')';
  60. case 'javascript':
  61. // escape quotes and backslashes, newlines, etc.
  62. return 'strtr(' . $params[0] . ', array("\\\\" => "\\\\\\\\", "\'" => "\\\\\'", "\"" => "\\\\\"", "\\r" => "\\\\r", "\\n" => "\\\n", "</" => "<\/" ))';
  63. }
  64. } catch(SmartyException $e) {
  65. // pass through to regular plugin fallback
  66. }
  67. // could not optimize |escape call, so fallback to regular plugin
  68. if ($compiler->tag_nocache | $compiler->nocache) {
  69. $compiler->template->required_plugins['nocache']['escape']['modifier']['file'] = SMARTY_PLUGINS_DIR .'modifier.escape.php';
  70. $compiler->template->required_plugins['nocache']['escape']['modifier']['function'] = 'smarty_modifier_escape';
  71. } else {
  72. $compiler->template->required_plugins['compiled']['escape']['modifier']['file'] = SMARTY_PLUGINS_DIR .'modifier.escape.php';
  73. $compiler->template->required_plugins['compiled']['escape']['modifier']['function'] = 'smarty_modifier_escape';
  74. }
  75. return 'smarty_modifier_escape(' . join( ', ', $params ) . ')';
  76. }
  77. ?>