Development

/branches/1.1/lib/view/escaper/sfOutputEscaper.class.php

You must first sign up to be able to contribute.

root/branches/1.1/lib/view/escaper/sfOutputEscaper.class.php

Revision 9158, 5.5 kB (checked in by FabianLange, 7 years ago)

fixed sfOutputEscaper* to return isset($var[index]) correctly. Fixes #3415

  • Property svn:mime-type set to text/x-php
  • Property svn:eol-style set to native
  • Property svn:keywords set to Id
Line 
1 <?php
2
3 /*
4  * This file is part of the symfony package.
5  * (c) 2004-2006 Fabien Potencier <fabien.potencier@symfony-project.com>
6  *
7  * For the full copyright and license information, please view the LICENSE
8  * file that was distributed with this source code.
9  */
10
11 /**
12  * Abstract class that provides an interface for escaping of output.
13  *
14  * @package    symfony
15  * @subpackage view
16  * @author     Mike Squire <mike@somosis.co.uk>
17  * @version    SVN: $Id$
18  */
19 abstract class sfOutputEscaper
20 {
21   /**
22    * The value that is to be escaped.
23    *
24    * @var mixed
25    */
26   protected $value;
27
28   /**
29    * The escaping method that is going to be applied to the value and its
30    * children. This is actually the name of a PHP callable.
31    *
32    * @var string
33    */
34   protected $escapingMethod;
35
36   static protected $safeClasses = array();
37
38   /**
39    * Constructor stores the escaping method and value.
40    *
41    * Since sfOutputEscaper is an abstract class, instances cannot be created
42    * directly but the constructor will be inherited by sub-classes.
43    *
44    * @param string $escapingMethod  Escaping method
45    * @param string $value           Escaping value
46    */
47   public function __construct($escapingMethod, $value)
48   {
49     $this->value          = $value;
50     $this->escapingMethod = $escapingMethod;
51   }
52
53   /**
54    * Decorates a PHP variable with something that will escape any data obtained
55    * from it.
56    *
57    * The following cases are dealt with:
58    *
59    *    - The value is null or false: null or false is returned.
60    *    - The value is scalar: the result of applying the escaping method is
61    *      returned.
62    *    - The value is an array or an object that implements the ArrayAccess
63    *      interface: the array is decorated such that accesses to elements yield
64    *      an escaped value.
65    *    - The value implements the Traversable interface (either an Iterator, an
66    *      IteratorAggregate or an internal PHP class that implements
67    *      Traversable): decorated much like the array.
68    *    - The value is another type of object: decorated such that the result of
69    *      method calls is escaped.
70    *
71    * The escaping method is actually the name of a PHP callable. There are a set
72    * of standard escaping methods listed in the escaping helper
73    * (EscapingHelper.php).
74    *
75    * @param  string $escapingMethod  The escaping method (a PHP callable) to apply to the value
76    * @param  mixed  $value           The value to escape
77    *
78    * @return mixed Escaping value
79    *
80    * @throws InvalidArgumentException If the escaping fails
81    */
82   public static function escape($escapingMethod, $value)
83   {
84     if (is_null($value))
85     {
86       return $value;
87     }
88
89     // Scalars are anything other than arrays, objects and resources.
90     if (is_scalar($value))
91     {
92       return call_user_func($escapingMethod, $value);
93     }
94
95     if (is_array($value))
96     {
97       return new sfOutputEscaperArrayDecorator($escapingMethod, $value);
98     }
99
100     if (is_object($value))
101     {
102       if ($value instanceof sfOutputEscaper)
103       {
104         // avoid double decoration
105         $copy = clone $value;
106
107         $copy->escapingMethod = $escapingMethod;
108
109         return $copy;
110       }
111       else if (self::isClassMarkedAsSafe(get_class($value)))
112       {
113         // the class or one of its children is marked as safe
114         // return the unescaped object
115         return $value;
116       }
117       else if ($value instanceof sfOutputEscaperSafe)
118       {
119         // do not escape objects marked as safe
120         // return the original object
121         return $value->getValue();
122       }
123       else if ($value instanceof Traversable)
124       {
125         return new sfOutputEscaperIteratorDecorator($escapingMethod, $value);
126       }
127       else
128       {
129         return new sfOutputEscaperObjectDecorator($escapingMethod, $value);
130       }
131     }
132
133     // it must be a resource; cannot escape that.
134     throw new InvalidArgumentException(sprintf('Unable to escape value "%s".', var_export($value, true)));
135   }
136
137   /**
138    * Returns true if the class if marked as safe.
139    *
140    * @param  string  $class  A class name
141    *
142    * @return bool true if the class if safe, false otherwise
143    */
144   static public function isClassMarkedAsSafe($class)
145   {
146     if (in_array($class, self::$safeClasses))
147     {
148       return true;
149     }
150
151     foreach (self::$safeClasses as $safeClass)
152     {
153       if (is_subclass_of($class, $safeClass))
154       {
155         return true;
156       }
157     }
158
159     return false;
160   }
161
162   /**
163    * Marks an array of classes (and all its children) as being safe for output.
164    *
165    * @param array $classes  An array of class names
166    */
167   static public function markClassesAsSafe(array $classes)
168   {
169     self::$safeClasses = array_unique(array_merge(self::$safeClasses, $classes));
170   }
171
172   /**
173    * Marks a class (and all its children) as being safe for output.
174    *
175    * @param string $class  A class name
176    */
177   static public function markClassAsSafe($class)
178   {
179     self::markClassesAsSafe(array($class));
180   }
181
182   /**
183    * Returns the raw value associated with this instance.
184    *
185    * Concrete instances of sfOutputEscaper classes decorate a value which is
186    * stored by the constructor. This returns that original, unescaped, value.
187    *
188    * @return mixed The original value used to construct the decorator
189    */
190   public function getRawValue()
191   {
192     return $this->value;
193   }
194
195   /**
196    * Gets a value from the escaper.
197    *
198    * @param  string $var  Value to get
199    *
200    * @return mixed Value
201    */
202   public function __get($var)
203   {
204     return $this->escape($this->escapingMethod, $this->value->$var);
205   }
206 }
207
Note: See TracBrowser for help on using the browser.