Changeset 7899
- Timestamp:
- 03/15/08 13:34:21 (1 year ago)
- Files:
-
- branches/1.1/lib/config/config/settings.yml (modified) (1 diff)
- branches/1.1/lib/config/sfViewConfigHandler.class.php (modified) (1 diff)
- branches/1.1/lib/controller/sfWebController.class.php (modified) (1 diff)
- branches/1.1/lib/debug/sfWebDebug.class.php (modified) (3 diffs)
- branches/1.1/lib/exception/data/exception.php (modified) (1 diff)
- branches/1.1/lib/helper/EscapingHelper.php (modified) (2 diffs)
- branches/1.1/lib/helper/TagHelper.php (modified) (1 diff)
- branches/1.1/lib/plugins/sfPropelPlugin/lib/propel/sfPropelDatabaseSchema.class.php (modified) (3 diffs)
- branches/1.1/lib/response/sfWebResponse.class.php (modified) (1 diff)
- branches/1.1/lib/task/generator/skeleton/app/app/config/settings.yml (modified) (1 diff)
- branches/1.1/lib/view/sfEscapedViewParameterHolder.class.php (modified) (2 diffs)
- branches/1.1/test/unit/helper/TagHelperTest.php (modified) (1 diff)
- branches/1.1/test/unit/view/sfEscapedViewParameterHolderTest.php (modified) (1 diff)
- branches/1.1/test/unit/widget/sfWidgetTest.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
branches/1.1/lib/config/config/settings.yml
r7632 r7899 23 23 # Output escaping settings 24 24 escaping_strategy: bc # Determines how variables are made available to templates. Accepted values: bc, both, on, off. The value off deactivates escaping completely and gives a slight boost. 25 escaping_method: ESC_ENTITIES # Function or helper used for escaping. Accepted values: ESC_RAW, ESC_ENTITIES, ESC_JS, ESC_JS_NO_ENTITIES.25 escaping_method: ESC_SPECIALCHARS # Function or helper used for escaping. Accepted values: ESC_RAW, ESC_ENTITIES, ESC_JS, ESC_JS_NO_ENTITIES, and ESC_SPECIALCHARS. 26 26 27 27 # Routing settings branches/1.1/lib/config/sfViewConfigHandler.class.php
r7811 r7899 197 197 foreach ($this->mergeConfigValue('metas', $viewName) as $name => $content) 198 198 { 199 $data[] = sprintf(" \$response->addMeta('%s', '%s', false, false);", $name, str_replace('\'', '\\\'', preg_replace('/&(?=\w+;)/', '&', html entities($content, ENT_QUOTES, sfConfig::get('sf_charset')))));199 $data[] = sprintf(" \$response->addMeta('%s', '%s', false, false);", $name, str_replace('\'', '\\\'', preg_replace('/&(?=\w+;)/', '&', htmlspecialchars($content, ENT_QUOTES, sfConfig::get('sf_charset'))))); 200 200 } 201 201 branches/1.1/lib/controller/sfWebController.class.php
r7792 r7899 194 194 $response->setStatusCode($statusCode); 195 195 $response->setHttpHeader('Location', $url); 196 $response->setContent(sprintf('<html><head><meta http-equiv="refresh" content="%d;url=%s"/></head></html>', $delay, html entities($url, ENT_QUOTES, sfConfig::get('sf_charset'))));196 $response->setContent(sprintf('<html><head><meta http-equiv="refresh" content="%d;url=%s"/></head></html>', $delay, htmlspecialchars($url, ENT_QUOTES, sfConfig::get('sf_charset')))); 197 197 $response->send(); 198 198 } branches/1.1/lib/debug/sfWebDebug.class.php
r7870 r7899 89 89 90 90 // escape HTML 91 $logLine = html entities($logLine, ENT_QUOTES, sfConfig::get('sf_charset'));91 $logLine = htmlspecialchars($logLine, ENT_QUOTES, sfConfig::get('sf_charset')); 92 92 93 93 // replace constants value with constant name … … 345 345 $content = ' 346 346 <h2>'.$id.' <a href="#" onclick="sfWebDebugToggle(\'sfWebDebug'.$id.'\'); return false;">'.image_tag(sfConfig::get('sf_web_debug_web_dir').'/images/toggle.gif').'</a></h2> 347 <div id="sfWebDebug'.$id.'" style="display: none"><pre>'.html entities(@sfYaml::dump($values), ENT_QUOTES, sfConfig::get('sf_charset')).'</pre></div>347 <div id="sfWebDebug'.$id.'" style="display: none"><pre>'.htmlspecialchars(@sfYaml::dump($values), ENT_QUOTES, sfConfig::get('sf_charset')).'</pre></div> 348 348 '; 349 349 … … 382 382 <div style="height: 16px; padding: 2px"><a href="#" onclick="sfWebDebugToggle(\''.$id.'\'); return false;"><strong>cache information</strong></a> <a href="#" onclick="sfWebDebugToggle(\'sub_main_'.$id.'\'); document.getElementById(\'main_'.$id.'\').style.border = \'none\'; return false;">'.image_tag(sfConfig::get('sf_web_debug_web_dir').'/images/close.png').'</a> </div> 383 383 <div style="padding: 2px; display: none" id="sub_main_info_'.$id.'"> 384 [uri] '.html entities($internalUri, ENT_QUOTES, sfConfig::get('sf_charset')).'<br />384 [uri] '.htmlspecialchars($internalUri, ENT_QUOTES, sfConfig::get('sf_charset')).'<br /> 385 385 [life time] '.$cache->getLifeTime($internalUri).' seconds<br /> 386 386 [last modified] '.(time() - $lastModified).' seconds<br /> branches/1.1/lib/exception/data/exception.php
r7370 r7899 34 34 <div style="float: right"><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABwAAAAZCAYAAAAiwE4nAAAABmJLR0QA/wD/AP+gvaeTAAAACXBIWXMAAAsTAAALEwEAmpwYAAAEfklEQVRIx7VUa0wUVxT+Znd2FxZk0YKACAtaGwEDUhUTBTEIItmKYk3UNqalD7StMSQ1JKatP5omTYyx0VRrjPERX7XWAG2t9GVi3drU2h+gi4BCWV67lOe6O/uYmXtPf0BRrMBK6UlObmbON9935p6HQEQI1o7uXeSy1dsjHn2Xlpr0oKzililoEiIKymvOr9q+pzyZZN894moHcbWDZN892lOeTN9fKHgrWB5NsInZ7joOrtv4JgR2F4r0AxTpRwisEes2bsNtW+eBYHmCEqw8kVsp6oy6jMUFYIoTxFUQqWBqNzIWr4aoC9NVnlxZNSWC1mqLsa6ubd36zbug+m3gXBlypoCYAuavx4Ytu1Fbay+2VluME/GJEwHsnT3WpLlzhbi4Z6D46gBosP/gVQDA669kIzJSRWxcApLnPie0dw3cALBw0k1z5dyKrIqyWHL1/Eye7n3kcX5MH75fRAAIAJUUZ5Cnez9JPYfI1XuDKsriqOZcbtakm6alte/yqsIi6LVt4KobxAIAqSPxwUEJxAPgqgcG0YH8NS+gxT5wZVI1/PrU0q1O54OoFfmvQZZsIBYA5zIy0maOYFZmJ4GYAuIyZG8jcvLfgMPhmnHlbG7pUws2NfUeWVvyMpj3d3DVB84C4MyPxNkP+8I0TQRn/qGY6gP316J4w6uob3AceirBzw9nnBD1RmN65nLIUhOIBUBcBjEZ5viQEZx5thFcdQ+50o+A5w7SM5dBFHWhFz5bdOpJ3MLjq63mdHrIr7f6PaXbPtBGht4DUwYAQXikyVTkb/gKtbYBNFpzYYoY3egarR6D7jCcPmtly5ZEh6/ZWucfdyycPep3ycmJ2phoAzx9ziERLoMzN4hJAICI8KEkp4VxcCaP+p4zGdHTw2FOiNB2OTzfAMgf80qrjmem1zf256zf9B6kvmvgqgeqrw2qvx1cGQRxBcQV5GRFIGepaeT5cfdJXbAUPY+79z15l47MWzDmH7a3P/g2Ly9X4O6LkKUWEPeOMbwMpnANiClPDkOBXteL3OXxQnNL72UA5n/V8NLR9Bdrb/ddLN+5VvD23wTA8d9MgNH0LD759DrS5oeUbN7RWjXqSu//OXi8sCBFkN11IFJAxMZ0e4cP12+6xsUQqZC9nShclYTWtsDJUTU8cyDlsE7URqTMC4Eiu8fN+/JVF7I3NuGlna2wlDaPi1VkN1LnR0GvF00n95kPAICm+tgcQ9N9V5ll9Tz4JSem2vySE5bCFDS3+t+uPjbHIA64dF/MioU2aoYGXndgQgJLngnWL0PR1iUje0n4hHimBhA1XYA5IVz8q1eu0oSGqCc6HV4ihAIQgso6MV4flNhDUR/iYqbBI1GqZtM7zVUzZ4p3rl5rQIgxesqvVCsa0O8y4Lc/nGp8rLhcBIA7Df7C7hlKe2ZGojYmZsGUCsqygvOnf6FZsbrtm3bY+wUigiAIC/funlXR0RXYgv/BzAmGn979qGvXyOALghAJQAtAB0A/fIrDY6MNurj/LBqADW8OFYACQB4+2d80or7Ra0ZtxAAAAABJRU5ErkJggg==" /></div> 35 35 <h1>[<?php echo $name ?>]</h1> 36 <h2 id="message"><?php echo html entities($message, ENT_QUOTES, sfConfig::get('sf_charset', 'UTF-8')) ?></h2>36 <h2 id="message"><?php echo htmlspecialchars($message, ENT_QUOTES, sfConfig::get('sf_charset', 'UTF-8')) ?></h2> 37 37 <h2>stack trace</h2> 38 38 <ul><li><?php echo implode('</li><li>', $traces) ?></li></ul> branches/1.1/lib/helper/EscapingHelper.php
r7757 r7899 53 53 * @return string the escaped value 54 54 */ 55 function esc_ htmlspecialchars($value)55 function esc_specialchars($value) 56 56 { 57 57 // Numbers and boolean values get turned into strings which can cause problems … … 60 60 } 61 61 62 define('ESC_ HTMLSPECIALCHARS', 'esc_htmlspecialchars');62 define('ESC_SPECIALCHARS', 'esc_specialchars'); 63 63 64 64 /** branches/1.1/lib/helper/TagHelper.php
r7757 r7899 72 72 function escape_once($html) 73 73 { 74 return fix_double_escape(htmlspecialchars($html ));74 return fix_double_escape(htmlspecialchars($html, ENT_QUOTES, sfConfig::get('sf_charset'))); 75 75 } 76 76 branches/1.1/lib/plugins/sfPropelPlugin/lib/propel/sfPropelDatabaseSchema.class.php
r7892 r7899 241 241 if (isset($table['_behaviors'])) 242 242 { 243 $xml .= sprintf(" behaviors=\"%s\"", htmlspecialchars(serialize($table['_behaviors']) ));243 $xml .= sprintf(" behaviors=\"%s\"", htmlspecialchars(serialize($table['_behaviors']), ENT_QUOTES, sfConfig::get('sf_charset'))); 244 244 } 245 245 $xml .= ">\n"; … … 526 526 if (!in_array($key, array('foreignClass', 'foreignTable', 'foreignReference', 'onDelete', 'onUpdate', 'index', 'unique', 'sequence'))) 527 527 { 528 $attributes_string .= " $key=\"".htmlspecialchars($this->getCorrectValueFor($key, $value) )."\"";528 $attributes_string .= " $key=\"".htmlspecialchars($this->getCorrectValueFor($key, $value), ENT_QUOTES, sfConfig::get('sf_charset'))."\""; 529 529 } 530 530 } … … 606 606 foreach ($attributes as $key => $value) 607 607 { 608 $attributes_string .= ' '.$key.'="'.htmlspecialchars($this->getCorrectValueFor($key, $value) ).'"';608 $attributes_string .= ' '.$key.'="'.htmlspecialchars($this->getCorrectValueFor($key, $value), ENT_QUOTES, sfConfig::get('sf_charset')).'"'; 609 609 } 610 610 branches/1.1/lib/response/sfWebResponse.class.php
r7776 r7899 516 516 if ($escape) 517 517 { 518 $value = html entities($value, ENT_QUOTES, $this->options['charset']);518 $value = htmlspecialchars($value, ENT_QUOTES, $this->options['charset']); 519 519 } 520 520 branches/1.1/lib/task/generator/skeleton/app/app/config/settings.yml
r7632 r7899 44 44 # # Output escaping settings 45 45 # escaping_strategy: bc # Determines how variables are made available to templates. Accepted values: bc, both, on, off. The value off deactivates escaping completely and gives a slight boost. 46 # escaping_method: ESC_ENTITIES # Function or helper used for escaping. Accepted values: ESC_RAW, ESC_ENTITIES, ESC_JS, ESC_JS_NO_ENTITIES.46 # escaping_method: ESC_SPECIALCHARS # Function or helper used for escaping. Accepted values: ESC_RAW, ESC_ENTITIES, ESC_JS, ESC_JS_NO_ENTITIES, and ESC_SPECIALCHARS. 47 47 # 48 48 # # Routing settings branches/1.1/lib/view/sfEscapedViewParameterHolder.class.php
r7107 r7899 34 34 * <b>Options:</b> 35 35 * 36 * # <b>escaping_strategy</b> - [bc] - The escaping strategy (bc, both, on or off)37 * # <b>escaping_method</b> - [ESC_ ENTITIES] - The escaping method (ESC_RAW, ESC_ENTITIES, ESC_JS or ESC_JS_NO_ENTITIES)36 * # <b>escaping_strategy</b> - [bc] - The escaping strategy (bc, both, on or off) 37 * # <b>escaping_method</b> - [ESC_SPECIALCHARS] - The escaping method (ESC_RAW, ESC_ENTITIES, ESC_JS, ESC_JS_NO_ENTITIES, or ESC_SPECIALCHARS) 38 38 * 39 39 * @return Boolean true, if initialization completes successfully, otherwise false. … … 46 46 47 47 $this->setEscaping(isset($options['escaping_strategy']) ? $options['escaping_strategy'] : 'bc'); 48 $this->setEscapingMethod(isset($options['escaping_method']) ? $options['escaping_method'] : 'ESC_ ENTITIES');48 $this->setEscapingMethod(isset($options['escaping_method']) ? $options['escaping_method'] : 'ESC_SPECIALCHARS'); 49 49 } 50 50 branches/1.1/test/unit/helper/TagHelperTest.php
r7757 r7899 62 62 // fix_double_escape() 63 63 $t->diag('fix_double_escape()'); 64 $t->is(fix_double_escape(htmlspecialchars(htmlspecialchars('This a > text to "escape"') )), 'This a > text to "escape"', 'fix_double_escape() fixes double escaped strings');64 $t->is(fix_double_escape(htmlspecialchars(htmlspecialchars('This a > text to "escape"'), ENT_QUOTES, 'UTF-8'), ENT_QUOTES, 'UTF-8'), 'This a > text to "escape"', 'fix_double_escape() fixes double escaped strings'); branches/1.1/test/unit/view/sfEscapedViewParameterHolderTest.php
r7107 r7899 14 14 $t = new lime_test(27, new lime_output_color()); 15 15 16 define('ESC_ ENTITIES', 'esc_entities');17 function esc_ entities($value)16 define('ESC_SPECIALCHARS', 'esc_specialchars'); 17 function esc_specialchars($value) 18 18 { 19 19 return "-ESCAPED-$value-ESCAPED-"; branches/1.1/test/unit/widget/sfWidgetTest.php
r6197 r7899 146 146 // ::fixDoubleEscape() 147 147 $t->diag('::fixDoubleEscape()'); 148 $t->is(sfWidget::fixDoubleEscape(htmlspecialchars(htmlspecialchars('This a > text to "escape"') )), 'This a > text to "escape"', '::fixDoubleEscape() fixes double escaped strings');148 $t->is(sfWidget::fixDoubleEscape(htmlspecialchars(htmlspecialchars('This a > text to "escape"'), ENT_QUOTES, sfWidget::getCharset()), ENT_QUOTES, sfWidget::getCharset()), 'This a > text to "escape"', '::fixDoubleEscape() fixes double escaped strings'); 149 149 150 150 // ::getCharset() ::setCharset()
