Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
<?php
// vim: set expandtab tabstop=4 shiftwidth=4 softtabstop=4:
/**
* Wikilink rule end renderer for Xhtml
*
* PHP versions 4 and 5
*
* @category Text
* @package Text_Wiki
* @author Paul M. Jones <pmjones@php.net>
* @license http://www.gnu.org/copyleft/lesser.html LGPL License 2.1
* @version CVS: $Id: Wikilink.php,v 1.17 2006/02/28 03:15:09 justinpatrin Exp $
* @link http://pear.php.net/package/Text_Wiki
*/
/**
* This class renders wiki links in XHTML.
*
* @category Text
* @package Text_Wiki
* @author Paul M. Jones <pmjones@php.net>
* @license http://www.gnu.org/copyleft/lesser.html LGPL License 2.1
* @version Release: @package_version@
* @link http://pear.php.net/package/Text_Wiki
*/
class Text_Wiki_Render_Xhtml_Wikilink extends Text_Wiki_Render {
var $conf;
function Text_Wiki_Render_Xhtml_Wikilink() {
$_utemp = contentPath.'%s';
$this->conf = array(
'pages' => array(), // set to null or false to turn off page checks
'view_url' => $_utemp,
'new_url' => $_utemp,
'new_text' => ' [x]',
'new_text_pos' => false, // 'before', 'after', or null/false
'css' => null,
'css_new' => null,
'exists_callback' => 'isPage' // call_user_func() callback
);
}
/**
*
* Renders a token into XHTML.
*
* @access public
*
* @param array $options The "options" portion of the token (second
* element).
*
* @return string The text rendered from the token options.
*
*/
function token($options)
{
global $session;
if ( $session->sid_super )
{
$as = htmlspecialchars(urlSeparator) . 'auth='.$session->sid_super;
}
else
{
$as = '';
}
// make nice variable names (page, anchor, text)
extract($options);
// is there a "page existence" callback?
// we need to access it directly instead of through
// getConf() because we'll need a reference (for
// object instance method callbacks).
if (isset($this->conf['exists_callback'])) {
$callback =& $this->conf['exists_callback'];
} else {
$callback = false;
}
$page = sanitize_page_id( $page );
if ($callback) {
// use the callback function
$exists = call_user_func($callback, $page);
} else {
// no callback, go to the naive page array.
$list = $this->getConf('pages');
if (is_array($list)) {
// yes, check against the page list
$exists = in_array($page, $list);
} else {
// no, assume it exists
$exists = true;
}
}
// convert *after* checking against page names so as not to mess
// up what the user typed and what we're checking.
//$page = $this->urlEncode($page);
$anchor = $this->urlEncode($anchor);
// $text = $this->textEncode($text);
// hackish fix for the "external" image in Oxygen [added for Enano]
if ( preg_match('/<(.+?)>/is', $text) )
{
$nobg = ' style="background-image: none; padding-right: 0;"';
}
else
{
$nobg = '';
}
// does the page exist?
if ($exists) {
// PAGE EXISTS.
// link to the page view, but we have to build
// the HREF. we support both the old form where
// the page always comes at the end, and the new
// form that uses %s for sprintf()
$href = $this->getConf('view_url');
if (strpos($href, '%s') === false) {
// use the old form (page-at-end)
$href = $href . $page . $anchor;
} else {
// use the new form (sprintf format string)
$href = sprintf($href, $page . $anchor);
}
// get the CSS class and generate output
$css = $this->formatConf(' class="%s"', 'css');
$start = '<a'.$css.' href="'.$href.$as.'"'.$nobg.'>';
$end = '</a>';
} else {
// PAGE DOES NOT EXIST.
// link to the page view, but we have to build
// the HREF. we support both the old form where
// the page always comes at the end, and the new
// form that uses %s for sprintf()
$href = $this->getConf('view_url');
if (strpos($href, '%s') === false) {
// use the old form (page-at-end)
$href = $href . $page . $anchor;
} else {
// use the new form (sprintf format string)
$href = sprintf($href, $page . $anchor);
}
// get the CSS class and generate output
$css = $this->formatConf(' class="%s"', 'css');
$start = '<a'.$css.' href="'.$href.$as.'"'.$nobg.' class="wikilink-nonexistent">';
$end = '</a>';
}
if (!strlen($text)) {
$start .= $this->textEncode($options['page']);
}
if (isset($type)) {
switch ($type) {
case 'start':
$output = $start;
break;
case 'end':
$output = $end;
break;
}
} else {
$output = $start.$text.$end;
}
return $output;
}
}
?>