smarty-php/smarty
1
0
Fork 0
mirror of https://github.com/smarty-php/smarty.git synced 2025-08-03 18:04:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

PHP 8.1: fix deprecation in escape modifier

Browse Source
This commit is contained in:
Libor M
2022-02-08 13:30:19 +01:00
parent 50c4604857
commit a2e1df1768
2 changed files with 13 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
libs/plugins/modifier.escape.php
View File

@@ -29,6 +29,9 @@ function smarty_modifier_escape($string, $esc_type = 'html', $char_set = null, $
if (!$char_set) { if (!$char_set) {
$char_set = Smarty::$_CHARSET; $char_set = Smarty::$_CHARSET;
} }
$string = (string)$string;
switch ($esc_type) { switch ($esc_type) {
case 'html': case 'html':
if ($_double_encode) { if ($_double_encode) {

20
libs/plugins/modifiercompiler.escape.php
View File

@@ -42,10 +42,10 @@ function smarty_modifiercompiler_escape($params, Smarty_Internal_TemplateCompile
switch ($esc_type) { switch ($esc_type) {
case 'html': case 'html':
if ($_double_encode) { if ($_double_encode) {
return 'htmlspecialchars(' . $params[ 0 ] . ', ENT_QUOTES, ' . var_export($char_set, true) . ', ' . return 'htmlspecialchars((string)' . $params[ 0 ] . ', ENT_QUOTES, ' . var_export($char_set, true) . ', ' .
var_export($double_encode, true) . ')'; var_export($double_encode, true) . ')';
} elseif ($double_encode) { } elseif ($double_encode) {
return 'htmlspecialchars(' . $params[ 0 ] . ', ENT_QUOTES, ' . var_export($char_set, true) . ')'; return 'htmlspecialchars((string)' . $params[ 0 ] . ', ENT_QUOTES, ' . var_export($char_set, true) . ')';
} else { } else {
// fall back to modifier.escape.php // fall back to modifier.escape.php
} }
@@ -54,12 +54,12 @@ function smarty_modifiercompiler_escape($params, Smarty_Internal_TemplateCompile
if (Smarty::$_MBSTRING) { if (Smarty::$_MBSTRING) {
if ($_double_encode) { if ($_double_encode) {
// php >=5.2.3 - go native // php >=5.2.3 - go native
return 'mb_convert_encoding(htmlspecialchars(' . $params[ 0 ] . ', ENT_QUOTES, ' . return 'mb_convert_encoding(htmlspecialchars((string)' . $params[ 0 ] . ', ENT_QUOTES, ' .
var_export($char_set, true) . ', ' . var_export($double_encode, true) . var_export($char_set, true) . ', ' . var_export($double_encode, true) .
'), "HTML-ENTITIES", ' . var_export($char_set, true) . ')'; '), "HTML-ENTITIES", ' . var_export($char_set, true) . ')';
} elseif ($double_encode) { } elseif ($double_encode) {
// php <5.2.3 - only handle double encoding // php <5.2.3 - only handle double encoding
return 'mb_convert_encoding(htmlspecialchars(' . $params[ 0 ] . ', ENT_QUOTES, ' . return 'mb_convert_encoding(htmlspecialchars((string)' . $params[ 0 ] . ', ENT_QUOTES, ' .
var_export($char_set, true) . '), "HTML-ENTITIES", ' . var_export($char_set, true) . ')'; var_export($char_set, true) . '), "HTML-ENTITIES", ' . var_export($char_set, true) . ')';
} else { } else {
// fall back to modifier.escape.php // fall back to modifier.escape.php
@@ -68,26 +68,26 @@ function smarty_modifiercompiler_escape($params, Smarty_Internal_TemplateCompile
// no MBString fallback // no MBString fallback
if ($_double_encode) { if ($_double_encode) {
// php >=5.2.3 - go native // php >=5.2.3 - go native
return 'htmlentities(' . $params[ 0 ] . ', ENT_QUOTES, ' . var_export($char_set, true) . ', ' . return 'htmlentities((string)' . $params[ 0 ] . ', ENT_QUOTES, ' . var_export($char_set, true) . ', ' .
var_export($double_encode, true) . ')'; var_export($double_encode, true) . ')';
} elseif ($double_encode) { } elseif ($double_encode) {
// php <5.2.3 - only handle double encoding // php <5.2.3 - only handle double encoding
return 'htmlentities(' . $params[ 0 ] . ', ENT_QUOTES, ' . var_export($char_set, true) . ')'; return 'htmlentities((string)' . $params[ 0 ] . ', ENT_QUOTES, ' . var_export($char_set, true) . ')';
} else { } else {
// fall back to modifier.escape.php // fall back to modifier.escape.php
} }
// no break // no break
case 'url': case 'url':
return 'rawurlencode(' . $params[ 0 ] . ')'; return 'rawurlencode((string)' . $params[ 0 ] . ')';
case 'urlpathinfo': case 'urlpathinfo':
return 'str_replace("%2F", "/", rawurlencode(' . $params[ 0 ] . '))'; return 'str_replace("%2F", "/", rawurlencode((string)' . $params[ 0 ] . '))';
case 'quotes': case 'quotes':
// escape unescaped single quotes // escape unescaped single quotes
return 'preg_replace("%(?<!\\\\\\\\)\'%", "\\\'",' . $params[ 0 ] . ')'; return 'preg_replace("%(?<!\\\\\\\\)\'%", "\\\'", (string)' . $params[ 0 ] . ')';
case 'javascript': case 'javascript':
// escape quotes and backslashes, newlines, etc. // escape quotes and backslashes, newlines, etc.
// see https://html.spec.whatwg.org/multipage/scripting.html#restrictions-for-contents-of-script-elements // see https://html.spec.whatwg.org/multipage/scripting.html#restrictions-for-contents-of-script-elements
return 'strtr(' . return 'strtr((string)' .
$params[ 0 ] . $params[ 0 ] .
', array("\\\\" => "\\\\\\\\", "\'" => "\\\\\'", "\"" => "\\\\\"", "\\r" => "\\\\r", "\\n" => "\\\n", "</" => "<\/", "<!--" => "<\!--", "<s" => "<\s", "<S" => "<\S" ))'; ', array("\\\\" => "\\\\\\\\", "\'" => "\\\\\'", "\"" => "\\\\\"", "\\r" => "\\\\r", "\\n" => "\\\n", "</" => "<\/", "<!--" => "<\!--", "<s" => "<\s", "<S" => "<\S" ))';
} }