Редакция 2 | К новейшей редакции | Только различия | Учитывать пробелы | Содержимое файла | Авторство | Последнее изменение | Открыть журнал | RSS
Редакция 2 | Редакция 3 | ||
---|---|---|---|
1 | <?php
|
1 | <?php
|
2 | /**
|
2 | /**
|
3 | * Smarty plugin
|
3 | * Smarty plugin
|
4 | * @package Smarty
|
4 | * @package Smarty
|
5 | * @subpackage plugins
|
5 | * @subpackage plugins
|
6 | */
|
6 | */
|
7 | 7 | ||
8 | 8 | ||
9 | /**
|
9 | /**
|
10 | * Smarty escape modifier plugin
|
10 | * Smarty escape modifier plugin
|
11 | *
|
11 | *
|
12 | * Type: modifier<br>
|
12 | * Type: modifier<br>
|
13 | * Name: escape<br>
|
13 | * Name: escape<br>
|
14 | * Purpose: Escape the string according to escapement type
|
14 | * Purpose: Escape the string according to escapement type
|
15 | * @link http://smarty.php.net/manual/en/language.modifier.escape.php
|
15 | * @link http://smarty.php.net/manual/en/language.modifier.escape.php
|
16 | * escape (Smarty online manual)
|
16 | * escape (Smarty online manual)
|
17 | * @author Monte Ohrt <monte at ohrt dot com>
|
17 | * @author Monte Ohrt <monte at ohrt dot com>
|
18 | * @param string
|
18 | * @param string
|
19 | * @param html|htmlall|url|quotes|hex|hexentity|javascript
|
19 | * @param html|htmlall|url|quotes|hex|hexentity|javascript
|
20 | * @return string
|
20 | * @return string
|
21 | */
|
21 | */
|
22 | function smarty_modifier_escape($string, $esc_type = 'html', $char_set = 'ISO-8859-1') |
22 | function smarty_modifier_escape($string, $esc_type = 'html', $char_set = 'ISO-8859-1') |
23 | {
|
23 | {
|
24 | switch ($esc_type) { |
24 | switch ($esc_type) { |
25 | case 'html': |
25 | case 'html': |
26 | return htmlspecialchars($string, ENT_QUOTES, $char_set); |
26 | return htmlspecialchars($string, ENT_QUOTES, $char_set); |
27 | 27 | ||
28 | case 'htmlall': |
28 | case 'htmlall': |
29 | return htmlentities($string, ENT_QUOTES, $char_set); |
29 | return htmlentities($string, ENT_QUOTES, $char_set); |
30 | 30 | ||
31 | case 'url': |
31 | case 'url': |
32 | return rawurlencode($string); |
32 | return rawurlencode($string); |
33 | 33 | ||
34 | case 'urlpathinfo': |
34 | case 'urlpathinfo': |
35 | return str_replace('%2F','/',rawurlencode($string)); |
35 | return str_replace('%2F','/',rawurlencode($string)); |
36 | 36 | ||
37 | case 'quotes': |
37 | case 'quotes': |
38 | // escape unescaped single quotes
|
38 | // escape unescaped single quotes
|
39 | return preg_replace("%(?<!\\\\)'%", "\\'", $string); |
39 | return preg_replace("%(?<!\\\\)'%", "\\'", $string); |
40 | 40 | ||
41 | case 'hex': |
41 | case 'hex': |
42 | // escape every character into hex
|
42 | // escape every character into hex
|
43 | $return = ''; |
43 | $return = ''; |
44 | for ($x=0; $x < strlen($string); $x++) { |
44 | for ($x=0; $x < strlen($string); $x++) { |
45 | $return .= '%' . bin2hex($string[$x]); |
45 | $return .= '%' . bin2hex($string[$x]); |
46 | }
|
46 | }
|
47 | return $return; |
47 | return $return; |
48 | 48 | ||
49 | case 'hexentity': |
49 | case 'hexentity': |
50 | $return = ''; |
50 | $return = ''; |
51 | for ($x=0; $x < strlen($string); $x++) { |
51 | for ($x=0; $x < strlen($string); $x++) { |
52 | $return .= '&#x' . bin2hex($string[$x]) . ';'; |
52 | $return .= '&#x' . bin2hex($string[$x]) . ';'; |
53 | }
|
53 | }
|
54 | return $return; |
54 | return $return; |
55 | 55 | ||
56 | case 'decentity': |
56 | case 'decentity': |
57 | $return = ''; |
57 | $return = ''; |
58 | for ($x=0; $x < strlen($string); $x++) { |
58 | for ($x=0; $x < strlen($string); $x++) { |
59 | $return .= '&#' . ord($string[$x]) . ';'; |
59 | $return .= '&#' . ord($string[$x]) . ';'; |
60 | }
|
60 | }
|
61 | return $return; |
61 | return $return; |
62 | 62 | ||
63 | case 'javascript': |
63 | case 'javascript': |
64 | // escape quotes and backslashes, newlines, etc.
|
64 | // escape quotes and backslashes, newlines, etc.
|
65 | return strtr($string, array('\\'=>'\\\\',"'"=>"\\'",'"'=>'\\"',"\r"=>'\\r',"\n"=>'\\n','</'=>'<\/')); |
65 | return strtr($string, array('\\'=>'\\\\',"'"=>"\\'",'"'=>'\\"',"\r"=>'\\r',"\n"=>'\\n','</'=>'<\/')); |
66 | 66 | ||
67 | case 'mail': |
67 | case 'mail': |
68 | // safe way to display e-mail address on a web page
|
68 | // safe way to display e-mail address on a web page
|
69 | return str_replace(array('@', '.'),array(' [AT] ', ' [DOT] '), $string); |
69 | return str_replace(array('@', '.'),array(' [AT] ', ' [DOT] '), $string); |
70 | 70 | ||
71 | case 'nonstd': |
71 | case 'nonstd': |
72 | // escape non-standard chars, such as ms document quotes
|
72 | // escape non-standard chars, such as ms document quotes
|
73 | $_res = ''; |
73 | $_res = ''; |
74 | for($_i = 0, $_len = strlen($string); $_i < $_len; $_i++) { |
74 | for($_i = 0, $_len = strlen($string); $_i < $_len; $_i++) { |
75 | $_ord = ord(substr($string, $_i, 1)); |
75 | $_ord = ord(substr($string, $_i, 1)); |
76 | // non-standard char, escape it
|
76 | // non-standard char, escape it
|
77 | if($_ord >= 126){ |
77 | if($_ord >= 126){ |
78 | $_res .= '&#' . $_ord . ';'; |
78 | $_res .= '&#' . $_ord . ';'; |
79 | }
|
79 | }
|
80 | else { |
80 | else { |
81 | $_res .= substr($string, $_i, 1); |
81 | $_res .= substr($string, $_i, 1); |
82 | }
|
82 | }
|
83 | }
|
83 | }
|
84 | return $_res; |
84 | return $_res; |
85 | 85 | ||
86 | default: |
86 | default: |
87 | return $string; |
87 | return $string; |
88 | }
|
88 | }
|
89 | }
|
89 | }
|
90 | 90 | ||
91 | /* vim: set expandtab: */
|
91 | /* vim: set expandtab: */
|
92 | 92 | ||
93 | ?>
|
93 | ?>
|
94 | 94 |