update functions with separate escape_special_chars routine

2025-08-04 10:24:26 +02:00 · 2003-02-24 21:45:19 +00:00
parent f83592dc82
commit ae704af588
5 changed files with 58 additions and 21 deletions
--- a/libs/plugins/function.html_checkboxes.php
+++ b/libs/plugins/function.html_checkboxes.php
@@ -21,6 +21,7 @@
 *             {html_checkboxes values=$ids checked=$checked separator='<br>' output=$names}
 * -------------------------------------------------------------
 */
+require_once $this->_get_plugin_filepath('shared','escape_special_chars');
 function smarty_function_html_checkboxes($params, &$smarty)
 {
    extract($params);
@@ -47,12 +48,12 @@ function smarty_function_html_checkboxes($params, &$smarty)
 }

 function smarty_function_html_checkboxes_output($name, $value, $output, $checked, $separator) {
-	$_output = '<input type="checkbox" name="' . htmlspecialchars($name) . '[]' .'" value="' . htmlspecialchars($value) . '"';
+	$_output = '<input type="checkbox" name="' . smarty_function_escape_special_chars($name) . '[]' .'" value="' . smarty_function_escape_special_chars($value) . '"';
 	
    if (in_array($value, $checked)) {
       	$_output .= " checked=\"checked\"";
 	}
-    $_output .= '>' . $name . $separator . "\n";
+    $_output .= '>' . $output . $separator . "\n";

 	return $_output;	
 }
--- a/libs/plugins/function.html_image.php
+++ b/libs/plugins/function.html_image.php
@@ -20,16 +20,35 @@
 * Output:   <img src="images/masthead.gif" border=0 width=400 height=23>
 * -------------------------------------------------------------
 */
+require_once $this->_get_plugin_filepath('shared','escape_special_chars');
 function smarty_function_html_image($params, &$smarty)
 {	
 	$name = '';
 	$border = 0;
 	$height = null;
 	$width = null;
+	$extra = '';
 	$basedir = isset($GLOBALS['HTTP_SERVER_VARS']['DOCUMENT_ROOT'])
 			? $GLOBALS['HTTP_SERVER_VARS']['DOCUMENT_ROOT'] : null;
 	
-    extract($params);
+	foreach($params as $_key => $_val) {	
+		switch($_key) {
+			case 'name':
+				$name = $_val;
+				break;
+			case 'border':
+				$border = $_val;
+				break;
+			case 'height':
+				$height = $_val;
+				break;
+			case 'width':
+				$width = $_val;
+				break;
+			default:
+				$extra .= ' '.$_key.'="'.smarty_function_escape_special_chars($_val).'"';					
+		}
+	}

    if (empty($name)) {
        $smarty->trigger_error("html_image: missing 'name' parameter", E_USER_ERROR);
@@ -48,12 +67,16 @@ function smarty_function_html_image($params, &$smarty)
 	if(!is_readable($_image_path)) {
        $smarty->trigger_error("html_image: unable to read '$_image_path'", E_USER_ERROR);		
 	}
-	
+
+	if(!$smarty->security && substr($_image_path,0,strlen($basedir)) != $basedir) {
+        $smarty->trigger_error("html_image: (secure) '$_image_path' not within basedir ($basedir)", E_USER_ERROR);		
+	}	
+		
 	if(!$_image_data = getimagesize($_image_path)) {
        $smarty->trigger_error("html_image: '$_image_path' is not a valid image file", E_USER_ERROR);
 	}
 			
-	return "<img src=\"$name\" border=\"$border\" ".$_image_data[3].'>';
+	return "<img src=\"$name\" border=\"$border\" ".$_image_data[3]."$extra>";
 }

 /* vim: set expandtab: */
--- a/libs/plugins/function.html_options.php
+++ b/libs/plugins/function.html_options.php
@@ -1,5 +1,7 @@
 <?php

+require('shared.escape_special_chars.php');
+
 /*
 * Smarty plugin
 * -------------------------------------------------------------
@@ -38,11 +40,11 @@ function smarty_function_html_options($params, &$smarty)

 function smarty_function_html_options_optoutput($key, $value, $selected) {
 	if(!is_array($value)) {
-    	$html_result = '<option label="' . smarty_function_html_options_htmlspecialchars($value) . '" value="' . 
-				smarty_function_html_options_htmlspecialchars($key) . '"';
+    	$html_result = '<option label="' . smarty_function_escape_special_chars($value) . '" value="' . 
+				smarty_function_escape_special_chars($key) . '"';
    	if (in_array($key, $selected))
        	$html_result .= " selected=\"selected\"";
-    	$html_result .= '>' . smarty_function_html_options_htmlspecialchars($value) . '</option>' . "\n";
+    	$html_result .= '>' . smarty_function_escape_special_chars($value) . '</option>' . "\n";
 	} else {
 		$html_result = smarty_function_html_options_optgroup($key, $value, $selected);
 	}
@@ -50,7 +52,7 @@ function smarty_function_html_options_optoutput($key, $value, $selected) {
 }

 function smarty_function_html_options_optgroup($key, $values, $selected) {
-	$optgroup_html = '<optgroup label="' . smarty_function_html_options_htmlspecialchars($value) . '">' . "\n";
+	$optgroup_html = '<optgroup label="' . smarty_function_escape_special_chars($value) . '">' . "\n";
 	foreach ($values as $key => $value) {
 		$optgroup_html .= smarty_function_html_options_optoutput($key, $value, $selected);
 	}
@@ -58,14 +60,6 @@ function smarty_function_html_options_optgroup($key, $values, $selected) {
 	return $optgroup_html;
 }

-function smarty_function_html_options_htmlspecialchars($text) {
-	// do not escape already escaped entities (&amp; &#123;)
-	$text = preg_replace('!&(#?\w+);!', '%%%SMARTY_START%%%\\1%%%SMARTY_END%%%', $text);
-	$text = htmlspecialchars($text);
-	$text = str_replace(array('%%%SMARTY_START%%%','%%%SMARTY_END%%%'), array('&',';'), $text);
-	return $text;
-}
-
 /* vim: set expandtab: */

 ?>
--- a/libs/plugins/function.html_radios.php
+++ b/libs/plugins/function.html_radios.php
@@ -8,7 +8,7 @@
 * Name:       html_radios	
 * Version:    1.0
 * Date:       24.Feb.2003
- * Purpose:    Prints out a list of radio button input types
+ * Purpose:    Prints out a list of radio input types
 * Input:      name       (optional) - string default "radio"
 *             values     (required) - array
 *             checked    (optional) - array default not set
@@ -17,10 +17,11 @@
 * Author:     Christopher Kvarme <christopher.kvarme@flashjab.com>
 * Credits:    Monte Ohrt <monte@ispi.net>
 * Examples:   {html_radios values=$ids output=$names}
- *             {html_radios values=$ids name='choices' separator='<br>' output=$names}
+ *             {html_radios values=$ids name='box' separator='<br>' output=$names}
 *             {html_radios values=$ids checked=$checked separator='<br>' output=$names}
 * -------------------------------------------------------------
 */
+require_once $this->_get_plugin_filepath('shared','escape_special_chars');
 function smarty_function_html_radios($params, &$smarty)
 {
    extract($params);
@@ -47,12 +48,12 @@ function smarty_function_html_radios($params, &$smarty)
 }

 function smarty_function_html_radios_output($name, $value, $output, $checked, $separator) {
-	$_output = '<input type="radio" name="' . htmlspecialchars($name) . '[]' .'" value="' . htmlspecialchars($value) . '"';
+	$_output = '<input type="radio" name="' . smarty_function_escape_special_chars($name) . '[]' .'" value="' . smarty_function_escape_special_chars($value) . '"';
 	
    if (in_array($value, $checked)) {
       	$_output .= " checked=\"checked\"";
 	}
-    $_output .= '>' . $name . $separator . "\n";
+    $_output .= '>' . $output . $separator . "\n";

 	return $_output;	
 }
--- a/libs/plugins/shared.escape_special_chars.php
+++ b/libs/plugins/shared.escape_special_chars.php
@@ -0,0 +1,18 @@
+<?php
+
+/*======================================================================*\
+    Function: smarty_function_escape_special_chars
+    Purpose:  used by other smarty functions to escape
+	          special chars except for already escaped ones
+\*======================================================================*/
+function smarty_function_escape_special_chars($string)
+{	
+	$string = preg_replace('!&(#?\w+);!', '%%%SMARTY_START%%%\\1%%%SMARTY_END%%%', $string);
+	$string = htmlspecialchars($string);
+	$string = str_replace(array('%%%SMARTY_START%%%','%%%SMARTY_END%%%'), array('&',';'), $string);
+	return $string;	
+}
+
+/* vim: set expandtab: */
+
+?>