1 | <?php
|
---|
2 | /**
|
---|
3 | * Smarty plugin
|
---|
4 | * @package Smarty
|
---|
5 | * @subpackage plugins
|
---|
6 | */
|
---|
7 |
|
---|
8 |
|
---|
9 | /**
|
---|
10 | * Smarty escape modifier plugin
|
---|
11 | *
|
---|
12 | * Type: modifier<br>
|
---|
13 | * Name: escape<br>
|
---|
14 | * Purpose: Escape the string according to escapement type
|
---|
15 | * @link http://smarty.php.net/manual/en/language.modifier.escape.php
|
---|
16 | * escape (Smarty online manual)
|
---|
17 | * @author Monte Ohrt <monte at ohrt dot com>
|
---|
18 | * @param string
|
---|
19 | * @param html|htmlall|url|quotes|hex|hexentity|javascript
|
---|
20 | * @return string
|
---|
21 | */
|
---|
22 | function smarty_modifier_escape($string, $esc_type = 'html', $char_set = 'ISO-8859-1')
|
---|
23 | {
|
---|
24 | switch ($esc_type) {
|
---|
25 | case 'html':
|
---|
26 | return htmlspecialchars($string, ENT_QUOTES, $char_set);
|
---|
27 |
|
---|
28 | case 'htmlall':
|
---|
29 | return htmlentities($string, ENT_QUOTES, $char_set);
|
---|
30 |
|
---|
31 | case 'url':
|
---|
32 | return rawurlencode($string);
|
---|
33 |
|
---|
34 | case 'urlpathinfo':
|
---|
35 | return str_replace('%2F','/',rawurlencode($string));
|
---|
36 |
|
---|
37 | case 'quotes':
|
---|
38 | // escape unescaped single quotes
|
---|
39 | return preg_replace("%(?<!\\\\)'%", "\\'", $string);
|
---|
40 |
|
---|
41 | case 'hex':
|
---|
42 | // escape every character into hex
|
---|
43 | $return = '';
|
---|
44 | for ($x=0; $x < strlen($string); $x++) {
|
---|
45 | $return .= '%' . bin2hex($string[$x]);
|
---|
46 | }
|
---|
47 | return $return;
|
---|
48 |
|
---|
49 | case 'hexentity':
|
---|
50 | $return = '';
|
---|
51 | for ($x=0; $x < strlen($string); $x++) {
|
---|
52 | $return .= '&#x' . bin2hex($string[$x]) . ';';
|
---|
53 | }
|
---|
54 | return $return;
|
---|
55 |
|
---|
56 | case 'decentity':
|
---|
57 | $return = '';
|
---|
58 | for ($x=0; $x < strlen($string); $x++) {
|
---|
59 | $return .= '&#' . ord($string[$x]) . ';';
|
---|
60 | }
|
---|
61 | return $return;
|
---|
62 |
|
---|
63 | case 'javascript':
|
---|
64 | // escape quotes and backslashes, newlines, etc.
|
---|
65 | return strtr($string, array('\\'=>'\\\\',"'"=>"\\'",'"'=>'\\"',"\r"=>'\\r',"\n"=>'\\n','</'=>'<\/'));
|
---|
66 |
|
---|
67 | case 'mail':
|
---|
68 | // safe way to display e-mail address on a web page
|
---|
69 | return str_replace(array('@', '.'),array(' [AT] ', ' [DOT] '), $string);
|
---|
70 |
|
---|
71 | case 'nonstd':
|
---|
72 | // escape non-standard chars, such as ms document quotes
|
---|
73 | $_res = '';
|
---|
74 | for($_i = 0, $_len = strlen($string); $_i < $_len; $_i++) {
|
---|
75 | $_ord = ord(substr($string, $_i, 1));
|
---|
76 | // non-standard char, escape it
|
---|
77 | if($_ord >= 126){
|
---|
78 | $_res .= '&#' . $_ord . ';';
|
---|
79 | }
|
---|
80 | else {
|
---|
81 | $_res .= substr($string, $_i, 1);
|
---|
82 | }
|
---|
83 | }
|
---|
84 | return $_res;
|
---|
85 |
|
---|
86 | default:
|
---|
87 | return $string;
|
---|
88 | }
|
---|
89 | }
|
---|
90 |
|
---|
91 | /* vim: set expandtab: */
|
---|
92 |
|
---|
93 | ?>
|
---|