diff --git a/change_log.txt b/change_log.txt index 71d78516..dc1bf275 100644 --- a/change_log.txt +++ b/change_log.txt @@ -1,4 +1,8 @@ ===== trunk ===== +24.06.2012 +- bugfix escape modifier support for PHP < 5.2.3 (Forum Topic 21176) + +11.06.2012 - bugfix the patch for Topic 21856 did break tabs between tag attributes (Forum Topic 22124) ===== Smarty-3.1.10 ===== diff --git a/libs/plugins/modifier.escape.php b/libs/plugins/modifier.escape.php index 523d0653..32d185fc 100644 --- a/libs/plugins/modifier.escape.php +++ b/libs/plugins/modifier.escape.php @@ -23,24 +23,69 @@ */ function smarty_modifier_escape($string, $esc_type = 'html', $char_set = null, $double_encode = true) { + static $_double_encode = null; + if ($_double_encode === null) { + $_double_encode = version_compare(PHP_VERSION, '5.2.3', '>='); + } + if (!$char_set) { $char_set = Smarty::$_CHARSET; } switch ($esc_type) { case 'html': - return htmlspecialchars($string, ENT_QUOTES, $char_set, $double_encode); + if ($_double_encode) { + // php >=5.3.2 - go native + return htmlspecialchars($string, ENT_QUOTES, $char_set, $double_encode); + } else { + if ($double_encode) { + // php <5.3.2 - only handle double encoding + return htmlspecialchars($string, ENT_QUOTES, $char_set); + } else { + // php <5.3.2 - prevent double encoding + $string = preg_replace('!&(#?\w+);!', '%%%SMARTY_START%%%\\1%%%SMARTY_END%%%', $string); + $string = htmlspecialchars($string, ENT_QUOTES, $char_set); + $string = str_replace(array('%%%SMARTY_START%%%', '%%%SMARTY_END%%%'), array('&', ';'), $string); + return $string; + } + } case 'htmlall': if (Smarty::$_MBSTRING) { // mb_convert_encoding ignores htmlspecialchars() - $string = htmlspecialchars($string, ENT_QUOTES, $char_set, $double_encode); + if ($_double_encode) { + // php >=5.3.2 - go native + $string = htmlspecialchars($string, ENT_QUOTES, $char_set, $double_encode); + } else { + if ($double_encode) { + // php <5.3.2 - only handle double encoding + $string = htmlspecialchars($string, ENT_QUOTES, $char_set); + } else { + // php <5.3.2 - prevent double encoding + $string = preg_replace('!&(#?\w+);!', '%%%SMARTY_START%%%\\1%%%SMARTY_END%%%', $string); + $string = htmlspecialchars($string, ENT_QUOTES, $char_set); + $string = str_replace(array('%%%SMARTY_START%%%', '%%%SMARTY_END%%%'), array('&', ';'), $string); + return $string; + } + } + // htmlentities() won't convert everything, so use mb_convert_encoding return mb_convert_encoding($string, 'HTML-ENTITIES', $char_set); } // no MBString fallback - return htmlentities($string, ENT_QUOTES, $char_set, $double_encode); + if ($_double_encode) { + return htmlentities($string, ENT_QUOTES, $char_set, $double_encode); + } else { + if ($double_encode) { + return htmlentities($string, ENT_QUOTES, $char_set); + } else { + $string = preg_replace('!&(#?\w+);!', '%%%SMARTY_START%%%\\1%%%SMARTY_END%%%', $string); + $string = htmlentities($string, ENT_QUOTES, $char_set); + $string = str_replace(array('%%%SMARTY_START%%%', '%%%SMARTY_END%%%'), array('&', ';'), $string); + return $string; + } + } case 'url': return rawurlencode($string); diff --git a/libs/plugins/modifiercompiler.escape.php b/libs/plugins/modifiercompiler.escape.php index b4cd3c88..48b74d14 100644 --- a/libs/plugins/modifiercompiler.escape.php +++ b/libs/plugins/modifiercompiler.escape.php @@ -25,6 +25,11 @@ require_once( SMARTY_PLUGINS_DIR .'shared.literal_compiler_param.php' ); */ function smarty_modifiercompiler_escape($params, $compiler) { + static $_double_encode = null; + if ($_double_encode === null) { + $_double_encode = version_compare(PHP_VERSION, '5.2.3', '>='); + } + try { $esc_type = smarty_literal_compiler_param($params, 1, 'html'); $char_set = smarty_literal_compiler_param($params, 2, Smarty::$_CHARSET); @@ -36,26 +41,56 @@ function smarty_modifiercompiler_escape($params, $compiler) switch ($esc_type) { case 'html': - return 'htmlspecialchars(' - . $params[0] .', ENT_QUOTES, ' - . var_export($char_set, true) . ', ' - . var_export($double_encode, true) . ')'; + if ($_double_encode) { + return 'htmlspecialchars(' + . $params[0] .', ENT_QUOTES, ' + . var_export($char_set, true) . ', ' + . var_export($double_encode, true) . ')'; + } else if ($double_encode) { + return 'htmlspecialchars(' + . $params[0] .', ENT_QUOTES, ' + . var_export($char_set, true) . ')'; + } else { + // fall back to modifier.escape.php + } case 'htmlall': if (Smarty::$_MBSTRING) { - return 'mb_convert_encoding(htmlspecialchars(' - . $params[0] .', ENT_QUOTES, ' - . var_export($char_set, true) . ', ' - . var_export($double_encode, true) - . '), "HTML-ENTITIES", ' - . var_export($char_set, true) . ')'; + if ($_double_encode) { + // php >=5.3.2 - go native + return 'mb_convert_encoding(htmlspecialchars(' + . $params[0] .', ENT_QUOTES, ' + . var_export($char_set, true) . ', ' + . var_export($double_encode, true) + . '), "HTML-ENTITIES", ' + . var_export($char_set, true) . ')'; + } else if ($double_encode) { + // php <5.3.2 - only handle double encoding + return 'mb_convert_encoding(htmlspecialchars(' + . $params[0] .', ENT_QUOTES, ' + . var_export($char_set, true) + . '), "HTML-ENTITIES", ' + . var_export($char_set, true) . ')'; + } else { + // fall back to modifier.escape.php + } } // no MBString fallback - return 'htmlentities(' - . $params[0] .', ENT_QUOTES, ' - . var_export($char_set, true) . ', ' - . var_export($double_encode, true) . ')'; + if ($_double_encode) { + // php >=5.3.2 - go native + return 'htmlentities(' + . $params[0] .', ENT_QUOTES, ' + . var_export($char_set, true) . ', ' + . var_export($double_encode, true) . ')'; + } else if ($double_encode) { + // php <5.3.2 - only handle double encoding + return 'htmlentities(' + . $params[0] .', ENT_QUOTES, ' + . var_export($char_set, true) . ')'; + } else { + // fall back to modifier.escape.php + } case 'url': return 'rawurlencode(' . $params[0] . ')';