Development

/branches/1.0/lib/helper/TagHelper.php

You must first sign up to be able to contribute.

root/branches/1.0/lib/helper/TagHelper.php

Revision 8176, 2.4 kB (checked in by nicolas, 6 years ago)

Fixes #3026 - Simple quotes are no more escaped by Tag helper escaping function

  • Property svn:mime-type set to text/x-php
  • Property svn:eol-style set to native
  • Property svn:keywords set to Id Rev Date
Line 
1 <?php
2
3 /*
4  * This file is part of the symfony package.
5  * (c) 2004-2006 Fabien Potencier <fabien.potencier@symfony-project.com>
6  * (c) 2004 David Heinemeier Hansson
7  *
8  * For the full copyright and license information, please view the LICENSE
9  * file that was distributed with this source code.
10  */
11
12 /**
13  * TagHelper defines some base helpers to construct html tags.
14  *
15  * @package    symfony
16  * @subpackage helper
17  * @author     Fabien Potencier <fabien.potencier@symfony-project.com>
18  * @author     David Heinemeier Hansson
19  * @version    SVN: $Id$
20  */
21
22 /**
23  * Constructs an html tag.
24  *
25  * @param  $name    string  tag name
26  * @param  $options array   tag options
27  * @param  $open    boolean true to leave tag open
28  * @return string
29  */
30 function tag($name, $options = array(), $open = false)
31 {
32   if (!$name)
33   {
34     return '';
35   }
36
37   return '<'.$name._tag_options($options).(($open) ? '>' : ' />');
38 }
39
40 function content_tag($name, $content = '', $options = array())
41 {
42   if (!$name)
43   {
44     return '';
45   }
46
47   return '<'.$name._tag_options($options).'>'.$content.'</'.$name.'>';
48 }
49
50 function cdata_section($content)
51 {
52   return "<![CDATA[$content]]>";
53 }
54
55 /**
56  * Escape carrier returns and single and double quotes for Javascript segments.
57  */
58 function escape_javascript($javascript = '')
59 {
60   $javascript = preg_replace('/\r\n|\n|\r/', "\\n", $javascript);
61   $javascript = preg_replace('/(["\'])/', '\\\\\1', $javascript);
62
63   return $javascript;
64 }
65
66 /**
67  * Escapes an HTML string.
68  *
69  * @param  string HTML string to escape
70  * @return string escaped string
71  */
72 function escape_once($html)
73 {
74   return fix_double_escape(htmlspecialchars($html, ENT_COMPAT, sfConfig::get('sf_charset')));
75 }
76
77 /**
78  * Fixes double escaped strings.
79  *
80  * @param  string HTML string to fix
81  * @return string escaped string
82  */
83 function fix_double_escape($escaped)
84 {
85   return preg_replace('/&amp;([a-z]+|(#\d+)|(#x[\da-f]+));/i', '&$1;', $escaped);
86 }
87
88 function _tag_options($options = array())
89 {
90   $options = _parse_attributes($options);
91
92   $html = '';
93   foreach ($options as $key => $value)
94   {
95     $html .= ' '.$key.'="'.escape_once($value).'"';
96   }
97
98   return $html;
99 }
100
101 function _parse_attributes($string)
102 {
103   return is_array($string) ? $string : sfToolkit::stringToArray($string);
104 }
105
106 function _get_option(&$options, $name, $default = null)
107 {
108   if (array_key_exists($name, $options))
109   {
110     $value = $options[$name];
111     unset($options[$name]);
112   }
113   else
114   {
115     $value = $default;
116   }
117
118   return $value;
119 }
120
Note: See TracBrowser for help on using the browser.