aboutsummaryrefslogtreecommitdiffstats
path: root/include/smarty/libs/plugins/modifiercompiler.escape.php
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--include/smarty/libs/plugins/modifiercompiler.escape.php125
1 files changed, 125 insertions, 0 deletions
diff --git a/include/smarty/libs/plugins/modifiercompiler.escape.php b/include/smarty/libs/plugins/modifiercompiler.escape.php
new file mode 100644
index 000000000..f50028bd9
--- /dev/null
+++ b/include/smarty/libs/plugins/modifiercompiler.escape.php
@@ -0,0 +1,125 @@
+<?php
+/**
+ * Smarty plugin
+ *
+ * @package Smarty
+ * @subpackage PluginsModifierCompiler
+ */
+
+/**
+ * @ignore
+ */
+require_once( SMARTY_PLUGINS_DIR .'shared.literal_compiler_param.php' );
+
+/**
+ * Smarty escape modifier plugin
+ *
+ * Type: modifier<br>
+ * Name: escape<br>
+ * Purpose: escape string for output
+ *
+ * @link http://www.smarty.net/docsv2/en/language.modifier.escape count_characters (Smarty online manual)
+ * @author Rodney Rehm
+ * @param array $params parameters
+ * @return string with compiled code
+ */
+function smarty_modifiercompiler_escape($params, $compiler)
+{
+ static $_double_encode = null;
+ if ($_double_encode === null) {
+ $_double_encode = version_compare(PHP_VERSION, '5.2.3', '>=');
+ }
+
+ try {
+ $esc_type = smarty_literal_compiler_param($params, 1, 'html');
+ $char_set = smarty_literal_compiler_param($params, 2, Smarty::$_CHARSET);
+ $double_encode = smarty_literal_compiler_param($params, 3, true);
+
+ if (!$char_set) {
+ $char_set = Smarty::$_CHARSET;
+ }
+
+ switch ($esc_type) {
+ case 'html':
+ if ($_double_encode) {
+ return 'htmlspecialchars('
+ . $params[0] .', ENT_QUOTES, '
+ . var_export($char_set, true) . ', '
+ . var_export($double_encode, true) . ')';
+ } else if ($double_encode) {
+ return 'htmlspecialchars('
+ . $params[0] .', ENT_QUOTES, '
+ . var_export($char_set, true) . ')';
+ } else {
+ // fall back to modifier.escape.php
+ }
+
+ case 'htmlall':
+ if (Smarty::$_MBSTRING) {
+ if ($_double_encode) {
+ // php >=5.2.3 - go native
+ return 'mb_convert_encoding(htmlspecialchars('
+ . $params[0] .', ENT_QUOTES, '
+ . var_export($char_set, true) . ', '
+ . var_export($double_encode, true)
+ . '), "HTML-ENTITIES", '
+ . var_export($char_set, true) . ')';
+ } else if ($double_encode) {
+ // php <5.2.3 - only handle double encoding
+ return 'mb_convert_encoding(htmlspecialchars('
+ . $params[0] .', ENT_QUOTES, '
+ . var_export($char_set, true)
+ . '), "HTML-ENTITIES", '
+ . var_export($char_set, true) . ')';
+ } else {
+ // fall back to modifier.escape.php
+ }
+ }
+
+ // no MBString fallback
+ if ($_double_encode) {
+ // php >=5.2.3 - go native
+ return 'htmlentities('
+ . $params[0] .', ENT_QUOTES, '
+ . var_export($char_set, true) . ', '
+ . var_export($double_encode, true) . ')';
+ } else if ($double_encode) {
+ // php <5.2.3 - only handle double encoding
+ return 'htmlentities('
+ . $params[0] .', ENT_QUOTES, '
+ . var_export($char_set, true) . ')';
+ } else {
+ // fall back to modifier.escape.php
+ }
+
+ case 'url':
+ return 'rawurlencode(' . $params[0] . ')';
+
+ case 'urlpathinfo':
+ return 'str_replace("%2F", "/", rawurlencode(' . $params[0] . '))';
+
+ case 'quotes':
+ // escape unescaped single quotes
+ return 'preg_replace("%(?<!\\\\\\\\)\'%", "\\\'",' . $params[0] . ')';
+
+ case 'javascript':
+ // escape quotes and backslashes, newlines, etc.
+ return 'strtr(' . $params[0] . ', array("\\\\" => "\\\\\\\\", "\'" => "\\\\\'", "\"" => "\\\\\"", "\\r" => "\\\\r", "\\n" => "\\\n", "</" => "<\/" ))';
+
+ }
+ } catch(SmartyException $e) {
+ // pass through to regular plugin fallback
+ }
+
+ // could not optimize |escape call, so fallback to regular plugin
+ if ($compiler->tag_nocache | $compiler->nocache) {
+ $compiler->template->required_plugins['nocache']['escape']['modifier']['file'] = SMARTY_PLUGINS_DIR .'modifier.escape.php';
+ $compiler->template->required_plugins['nocache']['escape']['modifier']['function'] = 'smarty_modifier_escape';
+ } else {
+ $compiler->template->required_plugins['compiled']['escape']['modifier']['file'] = SMARTY_PLUGINS_DIR .'modifier.escape.php';
+ $compiler->template->required_plugins['compiled']['escape']['modifier']['function'] = 'smarty_modifier_escape';
+ }
+ return 'smarty_modifier_escape(' . join( ', ', $params ) . ')';
+}
+
+?> \ No newline at end of file