Commit | Line | Data |
---|---|---|
51ff3226 | 1 | <?php |
2 | /** | |
3 | * Smarty plugin | |
4 | * @package Smarty | |
5 | * @subpackage plugins | |
6 | */ | |
7 | ||
8 | ||
9 | /** | |
10 | * Smarty escape modifier plugin | |
11 | * | |
12 | * Type: modifier<br> | |
13 | * Name: escape<br> | |
14 | * Purpose: Escape the string according to escapement type | |
15 | * @link http://smarty.php.net/manual/en/language.modifier.escape.php | |
16 | * escape (Smarty online manual) | |
9b7c11be | 17 | * @author Monte Ohrt <monte at ohrt dot com> |
51ff3226 | 18 | * @param string |
19 | * @param html|htmlall|url|quotes|hex|hexentity|javascript | |
20 | * @return string | |
21 | */ | |
9b7c11be | 22 | function smarty_modifier_escape($string, $esc_type = 'html', $char_set = 'ISO-8859-1') |
51ff3226 | 23 | { |
24 | switch ($esc_type) { | |
25 | case 'html': | |
9b7c11be | 26 | return htmlspecialchars($string, ENT_QUOTES, $char_set); |
51ff3226 | 27 | |
28 | case 'htmlall': | |
9b7c11be | 29 | return htmlentities($string, ENT_QUOTES, $char_set); |
51ff3226 | 30 | |
31 | case 'url': | |
32 | return rawurlencode($string); | |
33 | ||
9b7c11be H |
34 | case 'urlpathinfo': |
35 | return str_replace('%2F','/',rawurlencode($string)); | |
36 | ||
51ff3226 | 37 | case 'quotes': |
38 | // escape unescaped single quotes | |
39 | return preg_replace("%(?<!\\\\)'%", "\\'", $string); | |
40 | ||
41 | case 'hex': | |
42 | // escape every character into hex | |
43 | $return = ''; | |
44 | for ($x=0; $x < strlen($string); $x++) { | |
45 | $return .= '%' . bin2hex($string[$x]); | |
46 | } | |
47 | return $return; | |
9b7c11be | 48 | |
51ff3226 | 49 | case 'hexentity': |
50 | $return = ''; | |
51 | for ($x=0; $x < strlen($string); $x++) { | |
52 | $return .= '&#x' . bin2hex($string[$x]) . ';'; | |
53 | } | |
54 | return $return; | |
55 | ||
56 | case 'decentity': | |
57 | $return = ''; | |
58 | for ($x=0; $x < strlen($string); $x++) { | |
59 | $return .= '&#' . ord($string[$x]) . ';'; | |
60 | } | |
61 | return $return; | |
62 | ||
63 | case 'javascript': | |
64 | // escape quotes and backslashes, newlines, etc. | |
65 | return strtr($string, array('\\'=>'\\\\',"'"=>"\\'",'"'=>'\\"',"\r"=>'\\r',"\n"=>'\\n','</'=>'<\/')); | |
9b7c11be | 66 | |
51ff3226 | 67 | case 'mail': |
68 | // safe way to display e-mail address on a web page | |
69 | return str_replace(array('@', '.'),array(' [AT] ', ' [DOT] '), $string); | |
9b7c11be | 70 | |
51ff3226 | 71 | case 'nonstd': |
72 | // escape non-standard chars, such as ms document quotes | |
73 | $_res = ''; | |
74 | for($_i = 0, $_len = strlen($string); $_i < $_len; $_i++) { | |
9b7c11be | 75 | $_ord = ord(substr($string, $_i, 1)); |
51ff3226 | 76 | // non-standard char, escape it |
77 | if($_ord >= 126){ | |
78 | $_res .= '&#' . $_ord . ';'; | |
79 | } | |
80 | else { | |
9b7c11be | 81 | $_res .= substr($string, $_i, 1); |
51ff3226 | 82 | } |
83 | } | |
84 | return $_res; | |
85 | ||
86 | default: | |
87 | return $string; | |
88 | } | |
89 | } | |
90 | ||
91 | /* vim: set expandtab: */ | |
92 | ||
93 | ?> |