Namespaces

Classes

Interfaces

Exceptions

Functions

1: <?php
2: /**
3: * Smarty plugin
4: *
5: * @package Smarty
6: * @subpackage PluginsModifierCompiler
7: */
8: /**
9: * Smarty escape modifier plugin
10: * Type: modifier
11: * Name: escape
12: * Purpose: escape string for output
13: *
14: * @link http://www.smarty.net/docsv2/en/language.modifier.escape count_characters (Smarty online manual)
15: * @author Rodney Rehm
16: *
17: * @param array $params parameters
18: * @param Smarty_Internal_TemplateCompilerBase $compiler
19: *
20: * @return string with compiled code
21: * @throws \SmartyException
22: */
23: function smarty_modifiercompiler_escape($params, Smarty_Internal_TemplateCompilerBase $compiler)
24: {
25: static $_double_encode = null;
26: static $is_loaded = false;
27: $compiler->template->_checkPlugins(
28: array(
29: array(
30: 'function' => 'smarty_literal_compiler_param',
31: 'file' => SMARTY_PLUGINS_DIR . 'shared.literal_compiler_param.php'
32: )
33: )
34: );
35: if ($_double_encode === null) {
36: $_double_encode = version_compare(PHP_VERSION, '5.2.3', '>=');
37: }
38: try {
39: $esc_type = smarty_literal_compiler_param($params, 1, 'html');
40: $char_set = smarty_literal_compiler_param($params, 2, Smarty::$_CHARSET);
41: $double_encode = smarty_literal_compiler_param($params, 3, true);
42: if (!$char_set) {
43: $char_set = Smarty::$_CHARSET;
44: }
45: switch ($esc_type) {
46: case 'html':
47: if ($_double_encode) {
48: return 'htmlspecialchars(' . $params[ 0 ] . ', ENT_QUOTES, ' . var_export($char_set, true) . ', ' .
49: var_export($double_encode, true) . ')';
50: } elseif ($double_encode) {
51: return 'htmlspecialchars(' . $params[ 0 ] . ', ENT_QUOTES, ' . var_export($char_set, true) . ')';
52: } else {
53: // fall back to modifier.escape.php
54: }
55: // no break
56: case 'htmlall':
57: if (Smarty::$_MBSTRING) {
58: if ($_double_encode) {
59: // php >=5.2.3 - go native
60: return 'mb_convert_encoding(htmlspecialchars(' . $params[ 0 ] . ', ENT_QUOTES, ' .
61: var_export($char_set, true) . ', ' . var_export($double_encode, true) .
62: '), "HTML-ENTITIES", ' . var_export($char_set, true) . ')';
63: } elseif ($double_encode) {
64: // php <5.2.3 - only handle double encoding
65: return 'mb_convert_encoding(htmlspecialchars(' . $params[ 0 ] . ', ENT_QUOTES, ' .
66: var_export($char_set, true) . '), "HTML-ENTITIES", ' . var_export($char_set, true) . ')';
67: } else {
68: // fall back to modifier.escape.php
69: }
70: }
71: // no MBString fallback
72: if ($_double_encode) {
73: // php >=5.2.3 - go native
74: return 'htmlentities(' . $params[ 0 ] . ', ENT_QUOTES, ' . var_export($char_set, true) . ', ' .
75: var_export($double_encode, true) . ')';
76: } elseif ($double_encode) {
77: // php <5.2.3 - only handle double encoding
78: return 'htmlentities(' . $params[ 0 ] . ', ENT_QUOTES, ' . var_export($char_set, true) . ')';
79: } else {
80: // fall back to modifier.escape.php
81: }
82: // no break
83: case 'url':
84: return 'rawurlencode(' . $params[ 0 ] . ')';
85: case 'urlpathinfo':
86: return 'str_replace("%2F", "/", rawurlencode(' . $params[ 0 ] . '))';
87: case 'quotes':
88: // escape unescaped single quotes
89: return 'preg_replace("%(?<!\\\\\\\\)\'%", "\\\'",' . $params[ 0 ] . ')';
90: case 'javascript':
91: // escape quotes and backslashes, newlines, etc.
92: // see https://html.spec.whatwg.org/multipage/scripting.html#restrictions-for-contents-of-script-elements
93: return 'strtr(' .
94: $params[ 0 ] .
95: ', array("\\\\" => "\\\\\\\\", "\'" => "\\\\\'", "\"" => "\\\\\"", "\\r" => "\\\\r",
96: "\\n" => "\\\n", "</" => "<\/", "<!--" => "<\!--", "<s" => "<\s", "<S" => "<\S",
97: "`" => "\\\\`", "\${" => "\\\\\\$\\{"))';
98: }
99: } catch (SmartyException $e) {
100: // pass through to regular plugin fallback
101: }
102: // could not optimize |escape call, so fallback to regular plugin
103: if ($compiler->template->caching && ($compiler->tag_nocache | $compiler->nocache)) {
104: $compiler->required_plugins[ 'nocache' ][ 'escape' ][ 'modifier' ][ 'file' ] =
105: SMARTY_PLUGINS_DIR . 'modifier.escape.php';
106: $compiler->required_plugins[ 'nocache' ][ 'escape' ][ 'modifier' ][ 'function' ] =
107: 'smarty_modifier_escape';
108: } else {
109: $compiler->required_plugins[ 'compiled' ][ 'escape' ][ 'modifier' ][ 'file' ] =
110: SMARTY_PLUGINS_DIR . 'modifier.escape.php';
111: $compiler->required_plugins[ 'compiled' ][ 'escape' ][ 'modifier' ][ 'function' ] =
112: 'smarty_modifier_escape';
113: }
114: return 'smarty_modifier_escape(' . join(', ', $params) . ')';
115: }
116:
API documentation generated by ApiGen v7.0.0-alpha.6