| 1 | <?php |
| 2 | /** |
| 3 | * Smarty plugin |
| 4 | * @package Smarty |
| 5 | * @subpackage plugins |
| 6 | */ |
| 7 | |
| 8 | |
| 9 | /** |
| 10 | * Smarty escape modifier plugin |
| 11 | * |
| 12 | * Type: modifier<br> |
| 13 | * Name: escape<br> |
| 14 | * Purpose: Escape the string according to escapement type |
| 15 | * @link http://smarty.php.net/manual/en/language.modifier.escape.php |
| 16 | * escape (Smarty online manual) |
| 17 | * @param string |
| 18 | * @param html|htmlall|url|quotes|hex|hexentity|javascript |
| 19 | * @return string |
| 20 | */ |
| 21 | function smarty_modifier_escape($string, $esc_type = 'html') |
| 22 | { |
| 23 | switch ($esc_type) { |
| 24 | case 'html': |
| 25 | return htmlspecialchars($string, ENT_QUOTES); |
| 26 | |
| 27 | case 'htmlall': |
| 28 | return htmlentities($string, ENT_QUOTES); |
| 29 | |
| 30 | case 'url': |
| 31 | return rawurlencode($string); |
| 32 | |
| 33 | case 'quotes': |
| 34 | // escape unescaped single quotes |
| 35 | return preg_replace("%(?<!\\\\)'%", "\\'", $string); |
| 36 | |
| 37 | case 'hex': |
| 38 | // escape every character into hex |
| 39 | $return = ''; |
| 40 | for ($x=0; $x < strlen($string); $x++) { |
| 41 | $return .= '%' . bin2hex($string[$x]); |
| 42 | } |
| 43 | return $return; |
| 44 | |
| 45 | case 'hexentity': |
| 46 | $return = ''; |
| 47 | for ($x=0; $x < strlen($string); $x++) { |
| 48 | $return .= '&#x' . bin2hex($string[$x]) . ';'; |
| 49 | } |
| 50 | return $return; |
| 51 | |
| 52 | case 'decentity': |
| 53 | $return = ''; |
| 54 | for ($x=0; $x < strlen($string); $x++) { |
| 55 | $return .= '&#' . ord($string[$x]) . ';'; |
| 56 | } |
| 57 | return $return; |
| 58 | |
| 59 | case 'javascript': |
| 60 | // escape quotes and backslashes, newlines, etc. |
| 61 | return strtr($string, array('\\'=>'\\\\',"'"=>"\\'",'"'=>'\\"',"\r"=>'\\r',"\n"=>'\\n','</'=>'<\/')); |
| 62 | |
| 63 | case 'mail': |
| 64 | // safe way to display e-mail address on a web page |
| 65 | return str_replace(array('@', '.'),array(' [AT] ', ' [DOT] '), $string); |
| 66 | |
| 67 | case 'nonstd': |
| 68 | // escape non-standard chars, such as ms document quotes |
| 69 | $_res = ''; |
| 70 | for($_i = 0, $_len = strlen($string); $_i < $_len; $_i++) { |
| 71 | $_ord = ord($string{$_i}); |
| 72 | // non-standard char, escape it |
| 73 | if($_ord >= 126){ |
| 74 | $_res .= '&#' . $_ord . ';'; |
| 75 | } |
| 76 | else { |
| 77 | $_res .= $string{$_i}; |
| 78 | } |
| 79 | } |
| 80 | return $_res; |
| 81 | |
| 82 | default: |
| 83 | return $string; |
| 84 | } |
| 85 | } |
| 86 | |
| 87 | /* vim: set expandtab: */ |
| 88 | |
| 89 | ?> |