mirror of
https://github.com/smarty-php/smarty.git
synced 2025-08-05 10:54:27 +02:00
bugfix escape modifier support for PHP < 5.2.3 (Forum Topic 21176)
This commit is contained in:
rodneyrehm
@@ -1,4 +1,8 @@
|
|||||||
===== trunk =====
|
===== trunk =====
|
||||||
|
24.06.2012
|
||||||
|
- bugfix escape modifier support for PHP < 5.2.3 (Forum Topic 21176)
|
||||||
|
|
||||||
|
11.06.2012
|
||||||
- bugfix the patch for Topic 21856 did break tabs between tag attributes (Forum Topic 22124)
|
- bugfix the patch for Topic 21856 did break tabs between tag attributes (Forum Topic 22124)
|
||||||
|
|
||||||
===== Smarty-3.1.10 =====
|
===== Smarty-3.1.10 =====
|
||||||
|
|||||||
@@ -23,24 +23,69 @@
|
|||||||
*/
|
*/
|
||||||
function smarty_modifier_escape($string, $esc_type = 'html', $char_set = null, $double_encode = true)
|
function smarty_modifier_escape($string, $esc_type = 'html', $char_set = null, $double_encode = true)
|
||||||
{
|
{
|
||||||
|
static $_double_encode = null;
|
||||||
|
if ($_double_encode === null) {
|
||||||
|
$_double_encode = version_compare(PHP_VERSION, '5.2.3', '>=');
|
||||||
|
}
|
||||||
|
|
||||||
if (!$char_set) {
|
if (!$char_set) {
|
||||||
$char_set = Smarty::$_CHARSET;
|
$char_set = Smarty::$_CHARSET;
|
||||||
}
|
}
|
||||||
|
|
||||||
switch ($esc_type) {
|
switch ($esc_type) {
|
||||||
case 'html':
|
case 'html':
|
||||||
|
if ($_double_encode) {
|
||||||
|
// php >=5.3.2 - go native
|
||||||
return htmlspecialchars($string, ENT_QUOTES, $char_set, $double_encode);
|
return htmlspecialchars($string, ENT_QUOTES, $char_set, $double_encode);
|
||||||
|
} else {
|
||||||
|
if ($double_encode) {
|
||||||
|
// php <5.3.2 - only handle double encoding
|
||||||
|
return htmlspecialchars($string, ENT_QUOTES, $char_set);
|
||||||
|
} else {
|
||||||
|
// php <5.3.2 - prevent double encoding
|
||||||
|
$string = preg_replace('!&(#?\w+);!', '%%%SMARTY_START%%%\\1%%%SMARTY_END%%%', $string);
|
||||||
|
$string = htmlspecialchars($string, ENT_QUOTES, $char_set);
|
||||||
|
$string = str_replace(array('%%%SMARTY_START%%%', '%%%SMARTY_END%%%'), array('&', ';'), $string);
|
||||||
|
return $string;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
case 'htmlall':
|
case 'htmlall':
|
||||||
if (Smarty::$_MBSTRING) {
|
if (Smarty::$_MBSTRING) {
|
||||||
// mb_convert_encoding ignores htmlspecialchars()
|
// mb_convert_encoding ignores htmlspecialchars()
|
||||||
|
if ($_double_encode) {
|
||||||
|
// php >=5.3.2 - go native
|
||||||
$string = htmlspecialchars($string, ENT_QUOTES, $char_set, $double_encode);
|
$string = htmlspecialchars($string, ENT_QUOTES, $char_set, $double_encode);
|
||||||
|
} else {
|
||||||
|
if ($double_encode) {
|
||||||
|
// php <5.3.2 - only handle double encoding
|
||||||
|
$string = htmlspecialchars($string, ENT_QUOTES, $char_set);
|
||||||
|
} else {
|
||||||
|
// php <5.3.2 - prevent double encoding
|
||||||
|
$string = preg_replace('!&(#?\w+);!', '%%%SMARTY_START%%%\\1%%%SMARTY_END%%%', $string);
|
||||||
|
$string = htmlspecialchars($string, ENT_QUOTES, $char_set);
|
||||||
|
$string = str_replace(array('%%%SMARTY_START%%%', '%%%SMARTY_END%%%'), array('&', ';'), $string);
|
||||||
|
return $string;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// htmlentities() won't convert everything, so use mb_convert_encoding
|
// htmlentities() won't convert everything, so use mb_convert_encoding
|
||||||
return mb_convert_encoding($string, 'HTML-ENTITIES', $char_set);
|
return mb_convert_encoding($string, 'HTML-ENTITIES', $char_set);
|
||||||
}
|
}
|
||||||
|
|
||||||
// no MBString fallback
|
// no MBString fallback
|
||||||
|
if ($_double_encode) {
|
||||||
return htmlentities($string, ENT_QUOTES, $char_set, $double_encode);
|
return htmlentities($string, ENT_QUOTES, $char_set, $double_encode);
|
||||||
|
} else {
|
||||||
|
if ($double_encode) {
|
||||||
|
return htmlentities($string, ENT_QUOTES, $char_set);
|
||||||
|
} else {
|
||||||
|
$string = preg_replace('!&(#?\w+);!', '%%%SMARTY_START%%%\\1%%%SMARTY_END%%%', $string);
|
||||||
|
$string = htmlentities($string, ENT_QUOTES, $char_set);
|
||||||
|
$string = str_replace(array('%%%SMARTY_START%%%', '%%%SMARTY_END%%%'), array('&', ';'), $string);
|
||||||
|
return $string;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
case 'url':
|
case 'url':
|
||||||
return rawurlencode($string);
|
return rawurlencode($string);
|
||||||
|
|||||||
@@ -25,6 +25,11 @@ require_once( SMARTY_PLUGINS_DIR .'shared.literal_compiler_param.php' );
|
|||||||
*/
|
*/
|
||||||
function smarty_modifiercompiler_escape($params, $compiler)
|
function smarty_modifiercompiler_escape($params, $compiler)
|
||||||
{
|
{
|
||||||
|
static $_double_encode = null;
|
||||||
|
if ($_double_encode === null) {
|
||||||
|
$_double_encode = version_compare(PHP_VERSION, '5.2.3', '>=');
|
||||||
|
}
|
||||||
|
|
||||||
try {
|
try {
|
||||||
$esc_type = smarty_literal_compiler_param($params, 1, 'html');
|
$esc_type = smarty_literal_compiler_param($params, 1, 'html');
|
||||||
$char_set = smarty_literal_compiler_param($params, 2, Smarty::$_CHARSET);
|
$char_set = smarty_literal_compiler_param($params, 2, Smarty::$_CHARSET);
|
||||||
@@ -36,26 +41,56 @@ function smarty_modifiercompiler_escape($params, $compiler)
|
|||||||
|
|
||||||
switch ($esc_type) {
|
switch ($esc_type) {
|
||||||
case 'html':
|
case 'html':
|
||||||
|
if ($_double_encode) {
|
||||||
return 'htmlspecialchars('
|
return 'htmlspecialchars('
|
||||||
. $params[0] .', ENT_QUOTES, '
|
. $params[0] .', ENT_QUOTES, '
|
||||||
. var_export($char_set, true) . ', '
|
. var_export($char_set, true) . ', '
|
||||||
. var_export($double_encode, true) . ')';
|
. var_export($double_encode, true) . ')';
|
||||||
|
} else if ($double_encode) {
|
||||||
|
return 'htmlspecialchars('
|
||||||
|
. $params[0] .', ENT_QUOTES, '
|
||||||
|
. var_export($char_set, true) . ')';
|
||||||
|
} else {
|
||||||
|
// fall back to modifier.escape.php
|
||||||
|
}
|
||||||
|
|
||||||
case 'htmlall':
|
case 'htmlall':
|
||||||
if (Smarty::$_MBSTRING) {
|
if (Smarty::$_MBSTRING) {
|
||||||
|
if ($_double_encode) {
|
||||||
|
// php >=5.3.2 - go native
|
||||||
return 'mb_convert_encoding(htmlspecialchars('
|
return 'mb_convert_encoding(htmlspecialchars('
|
||||||
. $params[0] .', ENT_QUOTES, '
|
. $params[0] .', ENT_QUOTES, '
|
||||||
. var_export($char_set, true) . ', '
|
. var_export($char_set, true) . ', '
|
||||||
. var_export($double_encode, true)
|
. var_export($double_encode, true)
|
||||||
. '), "HTML-ENTITIES", '
|
. '), "HTML-ENTITIES", '
|
||||||
. var_export($char_set, true) . ')';
|
. var_export($char_set, true) . ')';
|
||||||
|
} else if ($double_encode) {
|
||||||
|
// php <5.3.2 - only handle double encoding
|
||||||
|
return 'mb_convert_encoding(htmlspecialchars('
|
||||||
|
. $params[0] .', ENT_QUOTES, '
|
||||||
|
. var_export($char_set, true)
|
||||||
|
. '), "HTML-ENTITIES", '
|
||||||
|
. var_export($char_set, true) . ')';
|
||||||
|
} else {
|
||||||
|
// fall back to modifier.escape.php
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// no MBString fallback
|
// no MBString fallback
|
||||||
|
if ($_double_encode) {
|
||||||
|
// php >=5.3.2 - go native
|
||||||
return 'htmlentities('
|
return 'htmlentities('
|
||||||
. $params[0] .', ENT_QUOTES, '
|
. $params[0] .', ENT_QUOTES, '
|
||||||
. var_export($char_set, true) . ', '
|
. var_export($char_set, true) . ', '
|
||||||
. var_export($double_encode, true) . ')';
|
. var_export($double_encode, true) . ')';
|
||||||
|
} else if ($double_encode) {
|
||||||
|
// php <5.3.2 - only handle double encoding
|
||||||
|
return 'htmlentities('
|
||||||
|
. $params[0] .', ENT_QUOTES, '
|
||||||
|
. var_export($char_set, true) . ')';
|
||||||
|
} else {
|
||||||
|
// fall back to modifier.escape.php
|
||||||
|
}
|
||||||
|
|
||||||
case 'url':
|
case 'url':
|
||||||
return 'rawurlencode(' . $params[0] . ')';
|
return 'rawurlencode(' . $params[0] . ')';
|
||||||
|
|||||||
Reference in New Issue
Block a user