From edcc3b7d8eff8271ffdaa7511c98debde90b1f4b Mon Sep 17 00:00:00 2001
From: mohrt <mohrt@localhost>
Date: Wed, 20 Feb 2002 20:56:53 +0000
Subject: [PATCH] removed global vars from fetch function, added attrs to
 escape modifier

---
 NEWS                             |  3 ++-
 docs.sgml                        |  9 +++++++--
 libs/plugins/modifier.escape.php | 11 +++++++++++
 plugins/modifier.escape.php      | 11 +++++++++++
 4 files changed, 31 insertions(+), 3 deletions(-)

diff --git a/NEWS b/NEWS
index b51dbbe2..44d5e0eb 100644
--- a/NEWS
+++ b/NEWS
@@ -1,7 +1,8 @@
+    - added "hex" and "hexentity" attributes to escape modifier (Monte)
     - removed dependency on PEAR. (Andrei)
     - update popup_init to accept src attribute. (Monte, Duncan Forrest)
     - implemented several optimizations, speeding up Smarty significantly in
-      most cases. (Andrei)
+      most cases. (Andrei,Monte)
     - implemented plugin architecture. (Andrei)
     - added modifiers wordwrap and indent. (Monte)
     - added support for 'If-Modified-Since' headers for cached content. (Monte)
diff --git a/docs.sgml b/docs.sgml
index 1df63c3e..800e7ed7 100644
--- a/docs.sgml
+++ b/docs.sgml
@@ -5513,8 +5513,11 @@ no title
                 </tgroup>
             </informaltable>
 			<para>
-			This is used to html escape, url escape, or escape single quotes on
-			a variable not already escaped. By default, the variable is html
+			This is used to html escape, url escape, escape single quotes on a
+			variable not already escaped, hex escape or hexentity escape. hex
+			and hexentity escape can be used in conjunction to hide "mailto:"
+			links on a page from web spiders (spam collectors) and yet keep
+			them readable and linkable. By default, the variable is html
 			escaped.
 			</para>
 <example>
@@ -5526,6 +5529,7 @@ no title
 {$articleTitle|escape:"html"}
 {$articleTitle|escape:"url"}
 {$articleTitle|escape:"quotes"}
+<a href="mailto:{$EmailAddress|escape:"hex"}">{$EmailAddress|escape:"hexentity"}</a>
 
 OUTPUT:
 
@@ -5534,6 +5538,7 @@ OUTPUT:
 'Stiff%20Opposition%20Expected%20to%20Casketless%20Funeral%20Plan'
 'Stiff+Opposition+Expected+to+Casketless+Funeral+Plan'
 \'Stiff Opposition Expected to Casketless Funeral Plan\'
+<a href="mailto:%62%6f%62%40%6d%65%2e%6e%65%74">&#x62;&#x6f;&#x62;&#x40;&#x6d;&#x65;&#x2e;&#x6e;&#x65;&#x74;</a>
 
 </programlisting>
 </example>
diff --git a/libs/plugins/modifier.escape.php b/libs/plugins/modifier.escape.php
index 00bf92f2..de90ada5 100644
--- a/libs/plugins/modifier.escape.php
+++ b/libs/plugins/modifier.escape.php
@@ -21,6 +21,17 @@ function smarty_modifier_escape($string, $esc_type = 'html')
             // escape unescaped single quotes
             return preg_replace("%(?<!\\\\)'%", "\\'", $string);
 
+		case 'hex':
+			// escape every character into hex
+			for ($x=0; $x<strlen($string); $x++) {
+				$return .= '%'.bin2hex($string[$x]);
+			}
+			return $return;
+		case 'hexentity':
+			for ($x=0; $x<strlen($string); $x++) {
+				$return .= '&#x'.bin2hex($string[$x]).';';
+			}
+			return $return;
         default:
             return $string;
     }
diff --git a/plugins/modifier.escape.php b/plugins/modifier.escape.php
index 00bf92f2..de90ada5 100644
--- a/plugins/modifier.escape.php
+++ b/plugins/modifier.escape.php
@@ -21,6 +21,17 @@ function smarty_modifier_escape($string, $esc_type = 'html')
             // escape unescaped single quotes
             return preg_replace("%(?<!\\\\)'%", "\\'", $string);
 
+		case 'hex':
+			// escape every character into hex
+			for ($x=0; $x<strlen($string); $x++) {
+				$return .= '%'.bin2hex($string[$x]);
+			}
+			return $return;
+		case 'hexentity':
+			for ($x=0; $x<strlen($string); $x++) {
+				$return .= '&#x'.bin2hex($string[$x]).';';
+			}
+			return $return;
         default:
             return $string;
     }