Subversion Repositories ALCASAR

Rev

Details | Last modification | View Log

Rev Author Line No. Line
2809 rexy 1
<?php
2
/**
3
 * Smarty plugin
4
 *
5
 * @package    Smarty
6
 * @subpackage PluginsModifier
7
 */
8
/**
9
 * Smarty escape modifier plugin
10
 * Type:     modifier
11
 * Name:     escape
12
 * Purpose:  escape string for output
13
 *
14
 * @link   http://www.smarty.net/docs/en/language.modifier.escape
15
 * @author Monte Ohrt <monte at ohrt dot com>
16
 *
17
 * @param string  $string        input string
18
 * @param string  $esc_type      escape type
19
 * @param string  $char_set      character set, used for htmlspecialchars() or htmlentities()
20
 * @param boolean $double_encode encode already encoded entitites again, used for htmlspecialchars() or htmlentities()
21
 *
22
 * @return string escaped input string
23
 */
24
function smarty_modifier_escape($string, $esc_type = 'html', $char_set = null, $double_encode = true)
25
{
26
    static $_double_encode = null;
27
    static $is_loaded_1 = false;
28
    static $is_loaded_2 = false;
29
    if ($_double_encode === null) {
30
        $_double_encode = version_compare(PHP_VERSION, '5.2.3', '>=');
31
    }
32
    if (!$char_set) {
33
        $char_set = Smarty::$_CHARSET;
34
    }
35
    switch ($esc_type) {
36
        case 'html':
37
            if ($_double_encode) {
38
                // php >=5.3.2 - go native
39
                return htmlspecialchars($string, ENT_QUOTES, $char_set, $double_encode);
40
            } else {
41
                if ($double_encode) {
42
                    // php <5.2.3 - only handle double encoding
43
                    return htmlspecialchars($string, ENT_QUOTES, $char_set);
44
                } else {
45
                    // php <5.2.3 - prevent double encoding
46
                    $string = preg_replace('!&(#?\w+);!', '%%%SMARTY_START%%%\\1%%%SMARTY_END%%%', $string);
47
                    $string = htmlspecialchars($string, ENT_QUOTES, $char_set);
48
                    $string = str_replace(
49
                        array(
50
                            '%%%SMARTY_START%%%',
51
                            '%%%SMARTY_END%%%'
52
                        ),
53
                        array(
54
                            '&',
55
                            ';'
56
                        ),
57
                        $string
58
                    );
59
                    return $string;
60
                }
61
            }
62
        // no break
63
        case 'htmlall':
64
            if (Smarty::$_MBSTRING) {
65
                // mb_convert_encoding ignores htmlspecialchars()
66
                if ($_double_encode) {
67
                    // php >=5.3.2 - go native
68
                    $string = htmlspecialchars($string, ENT_QUOTES, $char_set, $double_encode);
69
                } else {
70
                    if ($double_encode) {
71
                        // php <5.2.3 - only handle double encoding
72
                        $string = htmlspecialchars($string, ENT_QUOTES, $char_set);
73
                    } else {
74
                        // php <5.2.3 - prevent double encoding
75
                        $string = preg_replace('!&(#?\w+);!', '%%%SMARTY_START%%%\\1%%%SMARTY_END%%%', $string);
76
                        $string = htmlspecialchars($string, ENT_QUOTES, $char_set);
77
                        $string =
78
                            str_replace(
79
                                array(
80
                                    '%%%SMARTY_START%%%',
81
                                    '%%%SMARTY_END%%%'
82
                                ),
83
                                array(
84
                                    '&',
85
                                    ';'
86
                                ),
87
                                $string
88
                            );
89
                        return $string;
90
                    }
91
                }
92
                // htmlentities() won't convert everything, so use mb_convert_encoding
93
                return mb_convert_encoding($string, 'HTML-ENTITIES', $char_set);
94
            }
95
            // no MBString fallback
96
            if ($_double_encode) {
97
                return htmlentities($string, ENT_QUOTES, $char_set, $double_encode);
98
            } else {
99
                if ($double_encode) {
100
                    return htmlentities($string, ENT_QUOTES, $char_set);
101
                } else {
102
                    $string = preg_replace('!&(#?\w+);!', '%%%SMARTY_START%%%\\1%%%SMARTY_END%%%', $string);
103
                    $string = htmlentities($string, ENT_QUOTES, $char_set);
104
                    $string = str_replace(
105
                        array(
106
                            '%%%SMARTY_START%%%',
107
                            '%%%SMARTY_END%%%'
108
                        ),
109
                        array(
110
                            '&',
111
                            ';'
112
                        ),
113
                        $string
114
                    );
115
                    return $string;
116
                }
117
            }
118
        // no break
119
        case 'url':
120
            return rawurlencode($string);
121
        case 'urlpathinfo':
122
            return str_replace('%2F', '/', rawurlencode($string));
123
        case 'quotes':
124
            // escape unescaped single quotes
125
            return preg_replace("%(?<!\\\\)'%", "\\'", $string);
126
        case 'hex':
127
            // escape every byte into hex
128
            // Note that the UTF-8 encoded character รค will be represented as %c3%a4
129
            $return = '';
130
            $_length = strlen($string);
131
            for ($x = 0; $x < $_length; $x++) {
132
                $return .= '%' . bin2hex($string[ $x ]);
133
            }
134
            return $return;
135
        case 'hexentity':
136
            $return = '';
137
            if (Smarty::$_MBSTRING) {
138
                if (!$is_loaded_1) {
139
                    if (!is_callable('smarty_mb_to_unicode')) {
140
                        include_once SMARTY_PLUGINS_DIR . 'shared.mb_unicode.php';
141
                    }
142
                    $is_loaded_1 = true;
143
                }
144
                $return = '';
145
                foreach (smarty_mb_to_unicode($string, Smarty::$_CHARSET) as $unicode) {
146
                    $return .= '&#x' . strtoupper(dechex($unicode)) . ';';
147
                }
148
                return $return;
149
            }
150
            // no MBString fallback
151
            $_length = strlen($string);
152
            for ($x = 0; $x < $_length; $x++) {
153
                $return .= '&#x' . bin2hex($string[ $x ]) . ';';
154
            }
155
            return $return;
156
        case 'decentity':
157
            $return = '';
158
            if (Smarty::$_MBSTRING) {
159
                if (!$is_loaded_1) {
160
                    if (!is_callable('smarty_mb_to_unicode')) {
161
                        include_once SMARTY_PLUGINS_DIR . 'shared.mb_unicode.php';
162
                    }
163
                    $is_loaded_1 = true;
164
                }
165
                $return = '';
166
                foreach (smarty_mb_to_unicode($string, Smarty::$_CHARSET) as $unicode) {
167
                    $return .= '&#' . $unicode . ';';
168
                }
169
                return $return;
170
            }
171
            // no MBString fallback
172
            $_length = strlen($string);
173
            for ($x = 0; $x < $_length; $x++) {
174
                $return .= '&#' . ord($string[ $x ]) . ';';
175
            }
176
            return $return;
177
        case 'javascript':
178
            // escape quotes and backslashes, newlines, etc.
179
            return strtr(
180
                $string,
181
                array(
182
                    '\\' => '\\\\',
183
                    "'"  => "\\'",
184
                    '"'  => '\\"',
185
                    "\r" => '\\r',
186
                    "\n" => '\\n',
187
                    '</' => '<\/'
188
                )
189
            );
190
        case 'mail':
191
            if (Smarty::$_MBSTRING) {
192
                if (!$is_loaded_2) {
193
                    if (!is_callable('smarty_mb_str_replace')) {
194
                        include_once SMARTY_PLUGINS_DIR . 'shared.mb_str_replace.php';
195
                    }
196
                    $is_loaded_2 = true;
197
                }
198
                return smarty_mb_str_replace(
199
                    array(
200
                        '@',
201
                        '.'
202
                    ),
203
                    array(
204
                        ' [AT] ',
205
                        ' [DOT] '
206
                    ),
207
                    $string
208
                );
209
            }
210
            // no MBString fallback
211
            return str_replace(
212
                array(
213
                    '@',
214
                    '.'
215
                ),
216
                array(
217
                    ' [AT] ',
218
                    ' [DOT] '
219
                ),
220
                $string
221
            );
222
        case 'nonstd':
223
            // escape non-standard chars, such as ms document quotes
224
            $return = '';
225
            if (Smarty::$_MBSTRING) {
226
                if (!$is_loaded_1) {
227
                    if (!is_callable('smarty_mb_to_unicode')) {
228
                        include_once SMARTY_PLUGINS_DIR . 'shared.mb_unicode.php';
229
                    }
230
                    $is_loaded_1 = true;
231
                }
232
                foreach (smarty_mb_to_unicode($string, Smarty::$_CHARSET) as $unicode) {
233
                    if ($unicode >= 126) {
234
                        $return .= '&#' . $unicode . ';';
235
                    } else {
236
                        $return .= chr($unicode);
237
                    }
238
                }
239
                return $return;
240
            }
241
            $_length = strlen($string);
242
            for ($_i = 0; $_i < $_length; $_i++) {
243
                $_ord = ord(substr($string, $_i, 1));
244
                // non-standard char, escape it
245
                if ($_ord >= 126) {
246
                    $return .= '&#' . $_ord . ';';
247
                } else {
248
                    $return .= substr($string, $_i, 1);
249
                }
250
            }
251
            return $return;
252
        default:
253
            return $string;
254
    }
255
}