[Summary view] [Print] [Text view]

   1  <?php
   2  /**
   3   * Smarty plugin
   4   *
   5   * @package Smarty
   6   * @subpackage PluginsModifier
   7   */
   8  
   9  /**
  10   * Smarty escape modifier plugin
  11   *
  12   * Type:     modifier<br>
  13   * Name:     escape<br>
  14   * Purpose:  escape string for output
  15   *
  16   * @link http://www.smarty.net/manual/en/language.modifier.count.characters.php count_characters (Smarty online manual)
  17   * @author Monte Ohrt <monte at ohrt dot com>
  18   * @param string  $string        input string
  19   * @param string  $esc_type      escape type
  20   * @param string  $char_set      character set, used for htmlspecialchars() or htmlentities()
  21   * @param boolean $double_encode encode already encoded entitites again, used for htmlspecialchars() or htmlentities()
  22   * @return string escaped input string
  23   */
  24  function smarty_modifier_escape($string, $esc_type = 'html', $char_set = null, $double_encode = true)
  25  {
  26      if (!$char_set) {
  27          $char_set = Smarty::$_CHARSET;
  28      }
  29  
  30      switch ($esc_type) {
  31          case 'html':
  32              return htmlspecialchars($string, ENT_QUOTES, $char_set, $double_encode);
  33  
  34          case 'htmlall':
  35              if (Smarty::$_MBSTRING) {
  36                  // mb_convert_encoding ignores htmlspecialchars()
  37                  $string = htmlspecialchars($string, ENT_QUOTES, $char_set, $double_encode);
  38                  // htmlentities() won't convert everything, so use mb_convert_encoding
  39                  return mb_convert_encoding($string, 'HTML-ENTITIES', $char_set);
  40              }
  41  
  42              // no MBString fallback
  43              return htmlentities($string, ENT_QUOTES, $char_set, $double_encode);
  44  
  45          case 'url':
  46              return rawurlencode($string);
  47  
  48          case 'urlpathinfo':
  49              return str_replace('%2F', '/', rawurlencode($string));
  50  
  51          case 'quotes':
  52              // escape unescaped single quotes
  53              return preg_replace("%(?<!\\\\)'%", "\\'", $string);
  54  
  55          case 'hex':
  56              // escape every byte into hex
  57              // Note that the UTF-8 encoded character ä will be represented as %c3%a4
  58              $return = '';
  59              $_length = strlen($string);
  60              for ($x = 0; $x < $_length; $x++) {
  61                  $return .= '%' . bin2hex($string[$x]);
  62              }
  63              return $return;
  64  
  65          case 'hexentity':
  66              $return = '';
  67              if (Smarty::$_MBSTRING) {
  68                  require_once (SMARTY_PLUGINS_DIR . 'shared.mb_unicode.php');
  69                  $return = '';
  70                  foreach (smarty_mb_to_unicode($string, Smarty::$_CHARSET) as $unicode) {
  71                      $return .= '&#x' . strtoupper(dechex($unicode)) . ';';
  72                  }
  73                  return $return;
  74              }
  75              // no MBString fallback
  76              $_length = strlen($string);
  77              for ($x = 0; $x < $_length; $x++) {
  78                  $return .= '&#x' . bin2hex($string[$x]) . ';';
  79              }
  80              return $return;
  81  
  82          case 'decentity':
  83              $return = '';
  84              if (Smarty::$_MBSTRING) {
  85                  require_once (SMARTY_PLUGINS_DIR . 'shared.mb_unicode.php');
  86                  $return = '';
  87                  foreach (smarty_mb_to_unicode($string, Smarty::$_CHARSET) as $unicode) {
  88                      $return .= '&#' . $unicode . ';';
  89                  }
  90                  return $return;
  91              }
  92              // no MBString fallback
  93              $_length = strlen($string);
  94              for ($x = 0; $x < $_length; $x++) {
  95                  $return .= '&#' . ord($string[$x]) . ';';
  96              }
  97              return $return;
  98  
  99          case 'javascript':
 100              // escape quotes and backslashes, newlines, etc.
 101              return strtr($string, array('\\' => '\\\\', "'" => "\\'", '"' => '\\"', "\r" => '\\r', "\n" => '\\n', '</' => '<\/'));
 102  
 103          case 'mail':
 104              if (Smarty::$_MBSTRING) {
 105                  require_once (SMARTY_PLUGINS_DIR . 'shared.mb_str_replace.php');
 106                  return smarty_mb_str_replace(array('@', '.'), array(' [AT] ', ' [DOT] '), $string);
 107              }
 108              // no MBString fallback
 109              return str_replace(array('@', '.'), array(' [AT] ', ' [DOT] '), $string);
 110  
 111          case 'nonstd':
 112              // escape non-standard chars, such as ms document quotes
 113              $return = '';
 114              if (Smarty::$_MBSTRING) {
 115                  require_once (SMARTY_PLUGINS_DIR . 'shared.mb_unicode.php');
 116                  foreach (smarty_mb_to_unicode($string, Smarty::$_CHARSET) as $unicode) {
 117                      if ($unicode >= 126) {
 118                          $return .= '&#' . $unicode . ';';
 119                      } else {
 120                          $return .= chr($unicode);
 121                      }
 122                  }
 123                  return $return;
 124              }
 125  
 126              $_length = strlen($string);
 127              for ($_i = 0; $_i < $_length; $_i++) {
 128                  $_ord = ord(substr($string, $_i, 1));
 129                  // non-standard char, escape it
 130                  if ($_ord >= 126) {
 131                      $return .= '&#' . $_ord . ';';
 132                  } else {
 133                      $return .= substr($string, $_i, 1);
 134                  }
 135              }
 136              return $return;
 137  
 138          default:
 139              return $string;
 140      }
 141  }
 142  
 143  ?>