add appropriate warnings when passing array as extra parameter

2025-08-04 18:34:27 +02:00 · 2003-04-14 16:57:40 +00:00
parent 7221c8afee
commit 423c1a2eae
5 changed files with 43 additions and 25 deletions
--- a/libs/plugins/function.html_checkboxes.php
+++ b/libs/plugins/function.html_checkboxes.php
@@ -67,7 +67,11 @@ function smarty_function_html_checkboxes($params, &$smarty)
         break;

      default:
-         $extra .= ' '.$_key.'="'.smarty_function_escape_special_chars((string)$_val).'"';
+		if(!is_array($_val)) {
+			$extra .= ' '.$_key.'="'.smarty_function_escape_special_chars($_val).'"';
+		} else {
+			$smarty->trigger_error("html_checkboxes: extra attribute '$_key' cannot be an array", E_USER_NOTICE);
+		}
         break;
      }
   }
--- a/libs/plugins/function.html_image.php
+++ b/libs/plugins/function.html_image.php
@@ -63,7 +63,11 @@ function smarty_function_html_image($params, &$smarty)
 				$dpi = $_val;
 				break;
 			default:
-				$extra .= ' '.$_key.'="'.smarty_function_escape_special_chars($_val).'"';
+				if(!is_array($_val)) {
+					$extra .= ' '.$_key.'="'.smarty_function_escape_special_chars($_val).'"';
+				} else {
+					$smarty->trigger_error("html_image: extra attribute '$_key' cannot be an array", E_USER_NOTICE);
+				}
 				break;					
 		}
 	}
--- a/libs/plugins/function.html_options.php
+++ b/libs/plugins/function.html_options.php
@@ -26,27 +26,31 @@ function smarty_function_html_options($params, &$smarty)

   $extra = '';
  
-   foreach($params as $_key => $_val) {	
-      switch($_key) {
-      case 'name':
-	 $$_key = (string)$_val;
-	 break;
+	foreach($params as $_key => $_val) {	
+		switch($_key) {
+			case 'name':
+			$$_key = (string)$_val;
+			break;

-      case 'options':
-	 $$_key = (array)$_val;
-	 break;
+		case 'options':
+			$$_key = (array)$_val;
+			break;

-      case 'selected':
-      case 'values':
-      case 'output':
-	 $$_key = array_values((array)$_val);      
-	 break;
+		case 'selected':
+		case 'values':
+		case 'output':
+			$$_key = array_values((array)$_val);      
+			break;

-      default:
-	 $extra .= ' '.$_key.'="'.smarty_function_escape_special_chars($_val).'"';
-	 break;					
-      }
-   }
+		default:
+			if(!is_array($_val)) {
+				$extra .= ' '.$_key.'="'.smarty_function_escape_special_chars($_val).'"';
+			} else {
+				$smarty->trigger_error("html_options: extra attribute '$_key' cannot be an array", E_USER_NOTICE);
+			}
+			break;					
+		}
+	}

   if (!isset($options) && !isset($values))
      return ''; /* raise error here? */
--- a/libs/plugins/function.html_radios.php
+++ b/libs/plugins/function.html_radios.php
@@ -71,7 +71,11 @@ function smarty_function_html_radios($params, &$smarty)


 		default:
-			$extra .= ' '.$_key.'="'.smarty_function_escape_special_chars((string)$_val).'"';
+			if(!is_array($_val)) {
+				$extra .= ' '.$_key.'="'.smarty_function_escape_special_chars($_val).'"';
+			} else {
+				$smarty->trigger_error("html_radios: extra attribute '$_key' cannot be an array", E_USER_NOTICE);
+			}
 			break;
 		}
   }
--- a/libs/plugins/shared.escape_special_chars.php
+++ b/libs/plugins/shared.escape_special_chars.php
@@ -7,9 +7,11 @@
 \*======================================================================*/
 function smarty_function_escape_special_chars($string)
 {
-	$string = preg_replace('!&(#?\w+);!', '%%%SMARTY_START%%%\\1%%%SMARTY_END%%%', $string);
-	$string = htmlspecialchars($string);
-	$string = str_replace(array('%%%SMARTY_START%%%','%%%SMARTY_END%%%'), array('&',';'), $string);
+	if(!is_array($string))	{
+		$string = preg_replace('!&(#?\w+);!', '%%%SMARTY_START%%%\\1%%%SMARTY_END%%%', $string);
+		$string = htmlspecialchars($string);
+		$string = str_replace(array('%%%SMARTY_START%%%','%%%SMARTY_END%%%'), array('&',';'), $string);
+	}
 	return $string;	
 }