diff options
Diffstat (limited to 'libs/plugins/modifier.escape.php')
| -rw-r--r-- | libs/plugins/modifier.escape.php | 189 |
1 files changed, 0 insertions, 189 deletions
diff --git a/libs/plugins/modifier.escape.php b/libs/plugins/modifier.escape.php deleted file mode 100644 index e168679c..00000000 --- a/libs/plugins/modifier.escape.php +++ /dev/null @@ -1,189 +0,0 @@ -<?php -/** - * Smarty plugin - * - * @package Smarty - * @subpackage PluginsModifier - */ -/** - * Smarty escape modifier plugin - * Type: modifier - * Name: escape - * Purpose: escape string for output - * - * @link https://www.smarty.net/docs/en/language.modifier.escape - * @author Monte Ohrt <monte at ohrt dot com> - * - * @param string $string input string - * @param string $esc_type escape type - * @param string $char_set character set, used for htmlspecialchars() or htmlentities() - * @param boolean $double_encode encode already encoded entitites again, used for htmlspecialchars() or htmlentities() - * - * @return string escaped input string - */ -function smarty_modifier_escape($string, $esc_type = 'html', $char_set = null, $double_encode = true) -{ - static $is_loaded_1 = false; - static $is_loaded_2 = false; - if (!$char_set) { - $char_set = Smarty::$_CHARSET; - } - - $string = (string)$string; - - switch ($esc_type) { - case 'html': - return htmlspecialchars($string, ENT_QUOTES, $char_set, $double_encode); - // no break - case 'htmlall': - if (Smarty::$_MBSTRING) { - $string = mb_convert_encoding($string, 'UTF-8', $char_set); - return htmlentities($string, ENT_QUOTES, 'UTF-8', $double_encode); - } - // no MBString fallback - return htmlentities($string, ENT_QUOTES, $char_set, $double_encode); - // no break - case 'url': - return rawurlencode($string); - case 'urlpathinfo': - return str_replace('%2F', '/', rawurlencode($string)); - case 'quotes': - // escape unescaped single quotes - return preg_replace("%(?<!\\\\)'%", "\\'", $string); - case 'hex': - // escape every byte into hex - // Note that the UTF-8 encoded character รค will be represented as %c3%a4 - $return = ''; - $_length = strlen($string); - for ($x = 0; $x < $_length; $x++) { - $return .= '%' . bin2hex($string[ $x ]); - } - return $return; - case 'hexentity': - $return = ''; - if (Smarty::$_MBSTRING) { - if (!$is_loaded_1) { - if (!is_callable('smarty_mb_to_unicode')) { - include_once SMARTY_PLUGINS_DIR . 'shared.mb_unicode.php'; - } - $is_loaded_1 = true; - } - $return = ''; - foreach (smarty_mb_to_unicode($string, Smarty::$_CHARSET) as $unicode) { - $return .= '&#x' . strtoupper(dechex($unicode)) . ';'; - } - return $return; - } - // no MBString fallback - $_length = strlen($string); - for ($x = 0; $x < $_length; $x++) { - $return .= '&#x' . bin2hex($string[ $x ]) . ';'; - } - return $return; - case 'decentity': - $return = ''; - if (Smarty::$_MBSTRING) { - if (!$is_loaded_1) { - if (!is_callable('smarty_mb_to_unicode')) { - include_once SMARTY_PLUGINS_DIR . 'shared.mb_unicode.php'; - } - $is_loaded_1 = true; - } - $return = ''; - foreach (smarty_mb_to_unicode($string, Smarty::$_CHARSET) as $unicode) { - $return .= '&#' . $unicode . ';'; - } - return $return; - } - // no MBString fallback - $_length = strlen($string); - for ($x = 0; $x < $_length; $x++) { - $return .= '&#' . ord($string[ $x ]) . ';'; - } - return $return; - case 'javascript': - // escape quotes and backslashes, newlines, etc. - return strtr( - $string, - array( - '\\' => '\\\\', - "'" => "\\'", - '"' => '\\"', - "\r" => '\\r', - "\n" => '\\n', - '</' => '<\/', - // see https://html.spec.whatwg.org/multipage/scripting.html#restrictions-for-contents-of-script-elements - '<!--' => '<\!--', - '<s' => '<\s', - '<S' => '<\S', - "`" => "\\\\`", - "\${" => "\\\\\\$\\{" - ) - ); - case 'mail': - if (Smarty::$_MBSTRING) { - if (!$is_loaded_2) { - if (!is_callable('smarty_mb_str_replace')) { - include_once SMARTY_PLUGINS_DIR . 'shared.mb_str_replace.php'; - } - $is_loaded_2 = true; - } - return smarty_mb_str_replace( - array( - '@', - '.' - ), - array( - ' [AT] ', - ' [DOT] ' - ), - $string - ); - } - // no MBString fallback - return str_replace( - array( - '@', - '.' - ), - array( - ' [AT] ', - ' [DOT] ' - ), - $string - ); - case 'nonstd': - // escape non-standard chars, such as ms document quotes - $return = ''; - if (Smarty::$_MBSTRING) { - if (!$is_loaded_1) { - if (!is_callable('smarty_mb_to_unicode')) { - include_once SMARTY_PLUGINS_DIR . 'shared.mb_unicode.php'; - } - $is_loaded_1 = true; - } - foreach (smarty_mb_to_unicode($string, Smarty::$_CHARSET) as $unicode) { - if ($unicode >= 126) { - $return .= '&#' . $unicode . ';'; - } else { - $return .= chr($unicode); - } - } - return $return; - } - $_length = strlen($string); - for ($_i = 0; $_i < $_length; $_i++) { - $_ord = ord(substr($string, $_i, 1)); - // non-standard char, escape it - if ($_ord >= 126) { - $return .= '&#' . $_ord . ';'; - } else { - $return .= substr($string, $_i, 1); - } - } - return $return; - default: - trigger_error("escape: unsupported type: $esc_type - returning unmodified string", E_USER_NOTICE); - return $string; - } -} |
