smarty-php/smarty
1
0
Fork 0
mirror of https://github.com/smarty-php/smarty.git synced 2025-07-30 16:07:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Do not auto-html-escape custom function results. (#908)

Browse Source 
Fixes #906
This commit is contained in:
Simon Wisselink
2023-11-06 17:36:05 +01:00
committed by GitHub
parent b28b85dbf4
commit bc4e70f2c0
3 changed files with 33 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -9,6 +9,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
### Fixed
- Registered output filters wouldn't run [#899](https://github.com/smarty-php/smarty/issues/899)
- Use of negative numbers in {math} equations [#895](https://github.com/smarty-php/smarty/issues/895)
- Do not auto-html-escape custom function results [#906](https://github.com/smarty-php/smarty/issues/906)
- Fix case-sensitive tag names [#907](https://github.com/smarty-php/smarty/issues/907)
### Removed

2
src/Compiler/Template.php
View File

@ -1143,7 +1143,7 @@ class Template extends BaseCompiler {
if ($this->smarty->getFunctionHandler($base_tag)) {
if (!isset($this->smarty->security_policy) || $this->smarty->security_policy->isTrustedTag($base_tag, $this)) {
return (new \Smarty\Compile\PrintExpressionCompiler())->compile(
[],
['nofilter'], // functions are never auto-escaped
$this,
['value' => $this->compileFunctionCall($base_tag, $args, $parameter)]
);

31
tests/UnitTests/A_Core/AutoEscape/AutoEscapeTest.php
View File

@ -30,4 +30,35 @@ class AutoEscapeTest extends PHPUnit_Smarty
$tpl->assign('foo', '<a@b.c>');
$this->assertEquals("&lt;a@b.c&gt;", $this->smarty->fetch($tpl));
}
/**
* test 'escapeHtml' property
* @group issue906
*/
public function testAutoEscapeDoesNotEscapeFunctionPlugins()
{
$this->smarty->registerPlugin(
\Smarty\Smarty::PLUGIN_FUNCTION,
'horizontal_rule',
function ($params, $smarty) { return "<hr>"; }
);
$tpl = $this->smarty->createTemplate('eval:{horizontal_rule}');
$this->assertEquals("<hr>", $this->smarty->fetch($tpl));
}
/**
* test 'escapeHtml' property
* @group issue906
*/
public function testAutoEscapeDoesNotEscapeBlockPlugins()
{
$this->smarty->registerPlugin(
\Smarty\Smarty::PLUGIN_BLOCK,
'paragraphify',
function ($params, $content) { return $content == null ? null : "<p>".$content."</p>"; }
);
$tpl = $this->smarty->createTemplate('eval:{paragraphify}hi{/paragraphify}');
$this->assertEquals("<p>hi</p>", $this->smarty->fetch($tpl));
}
}