Subversion Repositories ALCASAR

Rev

Details | Last modification | View Log

Rev Author Line No. Line
2809 rexy 1
<?php
2
/**
3
 * Smarty plugin
4
 *
5
 * @package    Smarty
6
 * @subpackage PluginsModifierCompiler
7
 */
8
/**
9
 * Smarty escape modifier plugin
10
 * Type:     modifier
11
 * Name:     escape
12
 * Purpose:  escape string for output
13
 *
14
 * @link   http://www.smarty.net/docsv2/en/language.modifier.escape count_characters (Smarty online manual)
15
 * @author Rodney Rehm
16
 *
17
 * @param array                                $params parameters
18
 * @param Smarty_Internal_TemplateCompilerBase $compiler
19
 *
20
 * @return string with compiled code
21
 * @throws \SmartyException
22
 */
23
function smarty_modifiercompiler_escape($params, Smarty_Internal_TemplateCompilerBase $compiler)
24
{
25
    static $_double_encode = null;
26
    static $is_loaded = false;
27
    $compiler->template->_checkPlugins(
28
        array(
29
            array(
30
                'function' => 'smarty_literal_compiler_param',
31
                'file'     => SMARTY_PLUGINS_DIR . 'shared.literal_compiler_param.php'
32
            )
33
        )
34
    );
35
    if ($_double_encode === null) {
36
        $_double_encode = version_compare(PHP_VERSION, '5.2.3', '>=');
37
    }
38
    try {
39
        $esc_type = smarty_literal_compiler_param($params, 1, 'html');
40
        $char_set = smarty_literal_compiler_param($params, 2, Smarty::$_CHARSET);
41
        $double_encode = smarty_literal_compiler_param($params, 3, true);
42
        if (!$char_set) {
43
            $char_set = Smarty::$_CHARSET;
44
        }
45
        switch ($esc_type) {
46
            case 'html':
47
                if ($_double_encode) {
48
                    return 'htmlspecialchars(' . $params[ 0 ] . ', ENT_QUOTES, ' . var_export($char_set, true) . ', ' .
49
                           var_export($double_encode, true) . ')';
50
                } elseif ($double_encode) {
51
                    return 'htmlspecialchars(' . $params[ 0 ] . ', ENT_QUOTES, ' . var_export($char_set, true) . ')';
52
                } else {
53
                    // fall back to modifier.escape.php
54
                }
55
            // no break
56
            case 'htmlall':
57
                if (Smarty::$_MBSTRING) {
58
                    if ($_double_encode) {
59
                        // php >=5.2.3 - go native
60
                        return 'mb_convert_encoding(htmlspecialchars(' . $params[ 0 ] . ', ENT_QUOTES, ' .
61
                               var_export($char_set, true) . ', ' . var_export($double_encode, true) .
62
                               '), "HTML-ENTITIES", ' . var_export($char_set, true) . ')';
63
                    } elseif ($double_encode) {
64
                        // php <5.2.3 - only handle double encoding
65
                        return 'mb_convert_encoding(htmlspecialchars(' . $params[ 0 ] . ', ENT_QUOTES, ' .
66
                               var_export($char_set, true) . '), "HTML-ENTITIES", ' . var_export($char_set, true) . ')';
67
                    } else {
68
                        // fall back to modifier.escape.php
69
                    }
70
                }
71
                // no MBString fallback
72
                if ($_double_encode) {
73
                    // php >=5.2.3 - go native
74
                    return 'htmlentities(' . $params[ 0 ] . ', ENT_QUOTES, ' . var_export($char_set, true) . ', ' .
75
                           var_export($double_encode, true) . ')';
76
                } elseif ($double_encode) {
77
                    // php <5.2.3 - only handle double encoding
78
                    return 'htmlentities(' . $params[ 0 ] . ', ENT_QUOTES, ' . var_export($char_set, true) . ')';
79
                } else {
80
                    // fall back to modifier.escape.php
81
                }
82
            // no break
83
            case 'url':
84
                return 'rawurlencode(' . $params[ 0 ] . ')';
85
            case 'urlpathinfo':
86
                return 'str_replace("%2F", "/", rawurlencode(' . $params[ 0 ] . '))';
87
            case 'quotes':
88
                // escape unescaped single quotes
89
                return 'preg_replace("%(?<!\\\\\\\\)\'%", "\\\'",' . $params[ 0 ] . ')';
90
            case 'javascript':
91
                // escape quotes and backslashes, newlines, etc.
92
                return 'strtr(' .
93
                       $params[ 0 ] .
94
                       ', array("\\\\" => "\\\\\\\\", "\'" => "\\\\\'", "\"" => "\\\\\"", "\\r" => "\\\\r", "\\n" => "\\\n", "</" => "<\/" ))';
95
        }
96
    } catch (SmartyException $e) {
97
        // pass through to regular plugin fallback
98
    }
99
    // could not optimize |escape call, so fallback to regular plugin
100
    if ($compiler->template->caching && ($compiler->tag_nocache | $compiler->nocache)) {
101
        $compiler->required_plugins[ 'nocache' ][ 'escape' ][ 'modifier' ][ 'file' ] =
102
            SMARTY_PLUGINS_DIR . 'modifier.escape.php';
103
        $compiler->required_plugins[ 'nocache' ][ 'escape' ][ 'modifier' ][ 'function' ] =
104
            'smarty_modifier_escape';
105
    } else {
106
        $compiler->required_plugins[ 'compiled' ][ 'escape' ][ 'modifier' ][ 'file' ] =
107
            SMARTY_PLUGINS_DIR . 'modifier.escape.php';
108
        $compiler->required_plugins[ 'compiled' ][ 'escape' ][ 'modifier' ][ 'function' ] =
109
            'smarty_modifier_escape';
110
    }
111
    return 'smarty_modifier_escape(' . join(', ', $params) . ')';
112
}