Development

/branches/1.3/lib/helper/EscapingHelper.php

You must first sign up to be able to contribute.

root/branches/1.3/lib/helper/EscapingHelper.php

Revision 18907, 3.4 kB (checked in by FabianLange, 6 years ago)

[1.3] changed the way how esc_js_no_entities works, so that it will not kill utf-8 strings passed and is a bit more friendly in general to all non javascript special characters. (closes #6513)

  • Property svn:mime-type set to text/x-php
  • Property svn:eol-style set to native
  • Property svn:keywords set to Id
Line 
1 <?php
2
3 /*
4  * This file is part of the symfony package.
5  * (c) 2004-2006 Fabien Potencier <fabien.potencier@symfony-project.com>
6  *
7  * For the full copyright and license information, please view the LICENSE
8  * file that was distributed with this source code.
9  */
10
11 /**
12  * The functions are primarily used by the output escaping component.
13  *
14  * Each function specifies a way for applying a transformation to a string
15  * passed to it. The purpose is for the string to be "escaped" so it is
16  * suitable for the format it is being displayed in.
17  *
18  * For example, the string: "It's required that you enter a username & password.\n"
19  * If this were to be displayed as HTML it would be sensible to turn the
20  * ampersand into '&amp;' and the apostrophe into '&aps;'. However if it were
21  * going to be used as a string in JavaScript to be displayed in an alert box
22  * it would be right to leave the string as-is, but c-escape the apostrophe and
23  * the new line.
24  *
25  * For each function there is a define to avoid problems with strings being
26  * incorrectly specified.
27  *
28  * @package    symfony
29  * @subpackage helper
30  * @author     Mike Squire <mike@somosis.co.uk>
31  * @version    SVN: $Id$
32  */
33
34 /**
35  * Runs the PHP function htmlentities on the value passed.
36  *
37  * @param string $value the value to escape
38  * @return string the escaped value
39  */
40 function esc_entities($value)
41 {
42   // Numbers and boolean values get turned into strings which can cause problems
43   // with type comparisons (e.g. === or is_int() etc).
44   return is_string($value) ? htmlentities($value, ENT_QUOTES, sfConfig::get('sf_charset')) : $value;
45 }
46
47 define('ESC_ENTITIES', 'esc_entities');
48
49 /**
50  * Runs the PHP function htmlspecialchars on the value passed.
51  *
52  * @param string $value the value to escape
53  * @return string the escaped value
54  */
55 function esc_specialchars($value)
56 {
57   // Numbers and boolean values get turned into strings which can cause problems
58   // with type comparisons (e.g. === or is_int() etc).
59   return is_string($value) ? htmlspecialchars($value, ENT_QUOTES, sfConfig::get('sf_charset')) : $value;
60 }
61
62 define('ESC_SPECIALCHARS', 'esc_specialchars');
63
64 /**
65  * An identity function that merely returns that which it is given, the purpose
66  * being to be able to specify that the value is not to be escaped in any way.
67  *
68  * @param string $value the value to escape
69  * @return string the escaped value
70  */
71 function esc_raw($value)
72 {
73   return $value;
74 }
75
76 define('ESC_RAW', 'esc_raw');
77
78 /**
79  * A function that c-escapes a string after applying {@link esc_entities()}. The
80  * assumption is that the value will be used to generate dynamic HTML in some
81  * way and the safest way to prevent mishap is to assume the value should have
82  * HTML entities set properly.
83  *
84  * The {@link esc_js_no_entities()} method should be used to escape a string
85  * that is ultimately not going to end up as text in an HTML document.
86  *
87  * @param string $value the value to escape
88  * @return string the escaped value
89  */
90 function esc_js($value)
91 {
92   return esc_js_no_entities(esc_entities($value));
93 }
94
95 define('ESC_JS', 'esc_js');
96
97 /**
98  * A function the c-escapes a string, making it suitable to be placed in a
99  * JavaScript string.
100  *
101  * @param string $value the value to escape
102  * @return string the escaped value
103  */
104 function esc_js_no_entities($value)
105 {
106   return str_replace(array("\\"  , "\n"  , "\r" , "\""  , "'"  ),
107                      array("\\\\", "\\n" , "\\r", "\\\"", "\\'"),
108                      $value);
109 }
110
111 define('ESC_JS_NO_ENTITIES', 'esc_js_no_entities');
112
Note: See TracBrowser for help on using the browser.