From 967ab871b836f618107fe144978bd1453c3c6634 Mon Sep 17 00:00:00 2001 From: Thomas Willingham Date: Thu, 11 Dec 2014 20:15:27 +0000 Subject: Update Smarty --- library/Smarty/libs/plugins/modifier.escape.php | 40 +++++++++++++++---------- 1 file changed, 25 insertions(+), 15 deletions(-) (limited to 'library/Smarty/libs/plugins/modifier.escape.php') diff --git a/library/Smarty/libs/plugins/modifier.escape.php b/library/Smarty/libs/plugins/modifier.escape.php index 32d185fce..9fdb0702f 100644 --- a/library/Smarty/libs/plugins/modifier.escape.php +++ b/library/Smarty/libs/plugins/modifier.escape.php @@ -2,23 +2,24 @@ /** * Smarty plugin * - * @package Smarty + * @package Smarty * @subpackage PluginsModifier */ /** * Smarty escape modifier plugin - * * Type: modifier
* Name: escape
* Purpose: escape string for output * - * @link http://www.smarty.net/manual/en/language.modifier.count.characters.php count_characters (Smarty online manual) + * @link http://www.smarty.net/docs/en/language.modifier.escape * @author Monte Ohrt + * * @param string $string input string * @param string $esc_type escape type * @param string $char_set character set, used for htmlspecialchars() or htmlentities() * @param boolean $double_encode encode already encoded entitites again, used for htmlspecialchars() or htmlentities() + * * @return string escaped input string */ function smarty_modifier_escape($string, $esc_type = 'html', $char_set = null, $double_encode = true) @@ -27,7 +28,7 @@ function smarty_modifier_escape($string, $esc_type = 'html', $char_set = null, $ if ($_double_encode === null) { $_double_encode = version_compare(PHP_VERSION, '5.2.3', '>='); } - + if (!$char_set) { $char_set = Smarty::$_CHARSET; } @@ -39,13 +40,14 @@ function smarty_modifier_escape($string, $esc_type = 'html', $char_set = null, $ return htmlspecialchars($string, ENT_QUOTES, $char_set, $double_encode); } else { if ($double_encode) { - // php <5.3.2 - only handle double encoding + // php <5.2.3 - only handle double encoding return htmlspecialchars($string, ENT_QUOTES, $char_set); } else { - // php <5.3.2 - prevent double encoding + // php <5.2.3 - prevent double encoding $string = preg_replace('!&(#?\w+);!', '%%%SMARTY_START%%%\\1%%%SMARTY_END%%%', $string); $string = htmlspecialchars($string, ENT_QUOTES, $char_set); $string = str_replace(array('%%%SMARTY_START%%%', '%%%SMARTY_END%%%'), array('&', ';'), $string); + return $string; } } @@ -58,17 +60,18 @@ function smarty_modifier_escape($string, $esc_type = 'html', $char_set = null, $ $string = htmlspecialchars($string, ENT_QUOTES, $char_set, $double_encode); } else { if ($double_encode) { - // php <5.3.2 - only handle double encoding + // php <5.2.3 - only handle double encoding $string = htmlspecialchars($string, ENT_QUOTES, $char_set); } else { - // php <5.3.2 - prevent double encoding + // php <5.2.3 - prevent double encoding $string = preg_replace('!&(#?\w+);!', '%%%SMARTY_START%%%\\1%%%SMARTY_END%%%', $string); $string = htmlspecialchars($string, ENT_QUOTES, $char_set); $string = str_replace(array('%%%SMARTY_START%%%', '%%%SMARTY_END%%%'), array('&', ';'), $string); + return $string; } } - + // htmlentities() won't convert everything, so use mb_convert_encoding return mb_convert_encoding($string, 'HTML-ENTITIES', $char_set); } @@ -83,6 +86,7 @@ function smarty_modifier_escape($string, $esc_type = 'html', $char_set = null, $ $string = preg_replace('!&(#?\w+);!', '%%%SMARTY_START%%%\\1%%%SMARTY_END%%%', $string); $string = htmlentities($string, ENT_QUOTES, $char_set); $string = str_replace(array('%%%SMARTY_START%%%', '%%%SMARTY_END%%%'), array('&', ';'), $string); + return $string; } } @@ -102,9 +106,10 @@ function smarty_modifier_escape($string, $esc_type = 'html', $char_set = null, $ // Note that the UTF-8 encoded character รค will be represented as %c3%a4 $return = ''; $_length = strlen($string); - for ($x = 0; $x < $_length; $x++) { + for ($x = 0; $x < $_length; $x ++) { $return .= '%' . bin2hex($string[$x]); } + return $return; case 'hexentity': @@ -115,13 +120,15 @@ function smarty_modifier_escape($string, $esc_type = 'html', $char_set = null, $ foreach (smarty_mb_to_unicode($string, Smarty::$_CHARSET) as $unicode) { $return .= '&#x' . strtoupper(dechex($unicode)) . ';'; } + return $return; } // no MBString fallback $_length = strlen($string); - for ($x = 0; $x < $_length; $x++) { + for ($x = 0; $x < $_length; $x ++) { $return .= '&#x' . bin2hex($string[$x]) . ';'; } + return $return; case 'decentity': @@ -132,13 +139,15 @@ function smarty_modifier_escape($string, $esc_type = 'html', $char_set = null, $ foreach (smarty_mb_to_unicode($string, Smarty::$_CHARSET) as $unicode) { $return .= '&#' . $unicode . ';'; } + return $return; } // no MBString fallback $_length = strlen($string); - for ($x = 0; $x < $_length; $x++) { + for ($x = 0; $x < $_length; $x ++) { $return .= '&#' . ord($string[$x]) . ';'; } + return $return; case 'javascript': @@ -148,6 +157,7 @@ function smarty_modifier_escape($string, $esc_type = 'html', $char_set = null, $ case 'mail': if (Smarty::$_MBSTRING) { require_once(SMARTY_PLUGINS_DIR . 'shared.mb_str_replace.php'); + return smarty_mb_str_replace(array('@', '.'), array(' [AT] ', ' [DOT] '), $string); } // no MBString fallback @@ -165,11 +175,12 @@ function smarty_modifier_escape($string, $esc_type = 'html', $char_set = null, $ $return .= chr($unicode); } } + return $return; } $_length = strlen($string); - for ($_i = 0; $_i < $_length; $_i++) { + for ($_i = 0; $_i < $_length; $_i ++) { $_ord = ord(substr($string, $_i, 1)); // non-standard char, escape it if ($_ord >= 126) { @@ -178,11 +189,10 @@ function smarty_modifier_escape($string, $esc_type = 'html', $char_set = null, $ $return .= substr($string, $_i, 1); } } + return $return; default: return $string; } } - -?> \ No newline at end of file -- cgit v1.2.3