smarty-php/smarty
1
0
Fork 0
mirror of https://github.com/smarty-php/smarty.git synced 2025-09-25 20:00:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

More concise escape implementation and unit test to cover both modifierplugin and modifiercompiler.

Browse Source
This commit is contained in:
Simon Wisselink
2022-11-18 13:03:45 +01:00
parent 4c39c543d4
commit 6f4025b038
3 changed files with 38 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
libs/plugins/modifier.escape.php
View File

@@ -37,11 +37,8 @@ function smarty_modifier_escape($string, $esc_type = 'html', $char_set = null, $
// no break // no break
case 'htmlall': case 'htmlall':
if (Smarty::$_MBSTRING) { if (Smarty::$_MBSTRING) {
$string = htmlspecialchars($string, ENT_QUOTES, $char_set, $double_encode);
// htmlentities() won't convert everything, so use mb_convert_encoding
$string = mb_convert_encoding($string, 'UTF-8', $char_set); $string = mb_convert_encoding($string, 'UTF-8', $char_set);
$string = htmlentities($string); return htmlentities($string, ENT_QUOTES, 'UTF-8', $double_encode);
return htmlspecialchars_decode($string);
} }
// no MBString fallback // no MBString fallback
return htmlentities($string, ENT_QUOTES, $char_set, $double_encode); return htmlentities($string, ENT_QUOTES, $char_set, $double_encode);

6
libs/plugins/modifiercompiler.escape.php
View File

@@ -44,9 +44,9 @@ function smarty_modifiercompiler_escape($params, Smarty_Internal_TemplateCompile
// no break // no break
case 'htmlall': case 'htmlall':
if (Smarty::$_MBSTRING) { if (Smarty::$_MBSTRING) {
return 'htmlspecialchars_decode(mb_convert_encoding(htmlentities(htmlspecialchars((string)' . $params[ 0 ] . ', ENT_QUOTES, ' . return 'htmlentities(mb_convert_encoding((string)' . $params[ 0 ] . ', \'UTF-8\', ' .
var_export($char_set, true) . ', ' . var_export($double_encode, true) . var_export($char_set, true) . '), ENT_QUOTES, \'UTF-8\', ' .
'), ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML401, ' . var_export($char_set, true) . '),' . var_export($char_set, true) . '))'; var_export($double_encode, true) . ')';
} }
// no MBString fallback // no MBString fallback
return 'htmlentities((string)' . $params[ 0 ] . ', ENT_QUOTES, ' . var_export($char_set, true) . ', ' . return 'htmlentities((string)' . $params[ 0 ] . ', ENT_QUOTES, ' . var_export($char_set, true) . ', ' .

38
tests/UnitTests/TemplateSource/TagTests/PluginModifier/PluginModifierEscapeTest.php
View File

@@ -20,12 +20,19 @@ class PluginModifierEscapeTest extends PHPUnit_Smarty
$this->setUpSmarty(__DIR__); $this->setUpSmarty(__DIR__);
} }
public function testHtml() public function testHtmlCompiled()
{ {
$tpl = $this->smarty->createTemplate('string:{"I\'m some <html> to ä be \"escaped\" or &copy;"|escape:"html"}'); $tpl = $this->smarty->createTemplate('string:{"I\'m some <html> to ä be \"escaped\" or &copy;"|escape:"html"}');
$this->assertEquals("I&#039;m some &lt;html&gt; to ä be &quot;escaped&quot; or &amp;copy;", $this->smarty->fetch($tpl)); $this->assertEquals("I&#039;m some &lt;html&gt; to ä be &quot;escaped&quot; or &amp;copy;", $this->smarty->fetch($tpl));
} }
public function testHtmlModifier()
{
$tpl = $this->smarty->createTemplate('string:{"I\'m some <html> to ä be \"escaped\" or &copy;"|escape:$mode}');
$this->smarty->assign('mode', 'html');
$this->assertEquals("I&#039;m some &lt;html&gt; to ä be &quot;escaped&quot; or &amp;copy;", $this->smarty->fetch($tpl));
}
public function testHtmlWithoutMbstring() public function testHtmlWithoutMbstring()
{ {
Smarty::$_MBSTRING = false;$this->smarty->setCompileId('mb'); Smarty::$_MBSTRING = false;$this->smarty->setCompileId('mb');
@@ -48,13 +55,20 @@ class PluginModifierEscapeTest extends PHPUnit_Smarty
Smarty::$_MBSTRING = true; Smarty::$_MBSTRING = true;
} }
public function testHtmlall() public function testHtmlallCompiled()
{ {
$tpl = $this->smarty->createTemplate('string:{"I\'m some <html> to ä be \"escaped\" or &copy;"|escape:"htmlall"}'); $tpl = $this->smarty->createTemplate('string:{"I\'m some <html> to ä be \"escaped\" or &copy;"|escape:"htmlall"}');
$this->assertEquals("I&#039;m some &lt;html&gt; to &auml; be &quot;escaped&quot; or &amp;copy;", $this->smarty->fetch($tpl)); $this->assertEquals("I&#039;m some &lt;html&gt; to &auml; be &quot;escaped&quot; or &amp;copy;", $this->smarty->fetch($tpl));
} }
public function testHtmlallWithoutMbstring() public function testHtmlallModifier()
{
$tpl = $this->smarty->createTemplate('string:{"I\'m some <html> to ä be \"escaped\" or &copy;"|escape:$mode}');
$this->smarty->assign('mode', 'htmlall');
$this->assertEquals("I&#039;m some &lt;html&gt; to &auml; be &quot;escaped&quot; or &amp;copy;", $this->smarty->fetch($tpl));
}
public function testHtmlallWithoutMbstringCompiled()
{ {
Smarty::$_MBSTRING = false;$this->smarty->setCompileId('mb'); Smarty::$_MBSTRING = false;$this->smarty->setCompileId('mb');
$tpl = $this->smarty->createTemplate('string:{"I\'m some <html> to ä be \"escaped\" or &copy;"|escape:"htmlall"}'); $tpl = $this->smarty->createTemplate('string:{"I\'m some <html> to ä be \"escaped\" or &copy;"|escape:"htmlall"}');
@@ -62,6 +76,15 @@ class PluginModifierEscapeTest extends PHPUnit_Smarty
Smarty::$_MBSTRING = true; Smarty::$_MBSTRING = true;
} }
public function testHtmlallWithoutMbstringModifier()
{
Smarty::$_MBSTRING = false;$this->smarty->setCompileId('mb');
$tpl = $this->smarty->createTemplate('string:{"I\'m some <html> to ä be \"escaped\" or &copy;"|escape:$mode}');
$this->smarty->assign('mode', 'htmlall');
$this->assertEquals("I&#039;m some &lt;html&gt; to &auml; be &quot;escaped&quot; or &amp;copy;", $this->smarty->fetch($tpl));
Smarty::$_MBSTRING = true;
}
public function testHtmlallDouble() public function testHtmlallDouble()
{ {
$tpl = $this->smarty->createTemplate('string:{"I\'m some <html> to ä be \"escaped\" or &copy;"|escape:"htmlall":null:false}'); $tpl = $this->smarty->createTemplate('string:{"I\'m some <html> to ä be \"escaped\" or &copy;"|escape:"htmlall":null:false}');
@@ -76,12 +99,19 @@ class PluginModifierEscapeTest extends PHPUnit_Smarty
Smarty::$_MBSTRING = true; Smarty::$_MBSTRING = true;
} }
public function testUrl() public function testUrlCompiled()
{ {
$tpl = $this->smarty->createTemplate('string:{"http://some.encoded.com/url?parts#foo"|escape:"url"}'); $tpl = $this->smarty->createTemplate('string:{"http://some.encoded.com/url?parts#foo"|escape:"url"}');
$this->assertEquals("http%3A%2F%2Fsome.encoded.com%2Furl%3Fparts%23foo", $this->smarty->fetch($tpl)); $this->assertEquals("http%3A%2F%2Fsome.encoded.com%2Furl%3Fparts%23foo", $this->smarty->fetch($tpl));
} }
public function testUrlModifier()
{
$tpl = $this->smarty->createTemplate('string:{"http://some.encoded.com/url?parts#foo"|escape:$mode}');
$this->smarty->assign('mode', 'url');
$this->assertEquals("http%3A%2F%2Fsome.encoded.com%2Furl%3Fparts%23foo", $this->smarty->fetch($tpl));
}
public function testUrlWithoutMbstring() public function testUrlWithoutMbstring()
{ {
Smarty::$_MBSTRING = false;$this->smarty->setCompileId('mb'); Smarty::$_MBSTRING = false;$this->smarty->setCompileId('mb');