|
1 <?php |
|
2 /** |
|
3 * Smarty plugin |
|
4 * @package Smarty |
|
5 * @subpackage plugins |
|
6 */ |
|
7 |
|
8 |
|
9 /** |
|
10 * Smarty escape modifier plugin |
|
11 * |
|
12 * Type: modifier<br> |
|
13 * Name: escape<br> |
|
14 * Purpose: Escape the string according to escapement type |
|
15 * @link http://smarty.php.net/manual/en/language.modifier.escape.php |
|
16 * escape (Smarty online manual) |
|
17 * @author Monte Ohrt <monte at ohrt dot com> |
|
18 * @param string |
|
19 * @param html|htmlall|url|quotes|hex|hexentity|javascript |
|
20 * @return string |
|
21 */ |
|
22 function smarty_modifier_escape($string, $esc_type = 'html', $char_set = 'ISO-8859-1') |
|
23 { |
|
24 switch ($esc_type) { |
|
25 case 'html': |
|
26 return htmlspecialchars($string, ENT_QUOTES, $char_set); |
|
27 |
|
28 case 'htmlall': |
|
29 return htmlentities($string, ENT_QUOTES, $char_set); |
|
30 |
|
31 case 'url': |
|
32 return rawurlencode($string); |
|
33 |
|
34 case 'urlpathinfo': |
|
35 return str_replace('%2F','/',rawurlencode($string)); |
|
36 |
|
37 case 'quotes': |
|
38 // escape unescaped single quotes |
|
39 return preg_replace("%(?<!\\\\)'%", "\\'", $string); |
|
40 |
|
41 case 'hex': |
|
42 // escape every character into hex |
|
43 $return = ''; |
|
44 for ($x=0; $x < strlen($string); $x++) { |
|
45 $return .= '%' . bin2hex($string[$x]); |
|
46 } |
|
47 return $return; |
|
48 |
|
49 case 'hexentity': |
|
50 $return = ''; |
|
51 for ($x=0; $x < strlen($string); $x++) { |
|
52 $return .= '&#x' . bin2hex($string[$x]) . ';'; |
|
53 } |
|
54 return $return; |
|
55 |
|
56 case 'decentity': |
|
57 $return = ''; |
|
58 for ($x=0; $x < strlen($string); $x++) { |
|
59 $return .= '&#' . ord($string[$x]) . ';'; |
|
60 } |
|
61 return $return; |
|
62 |
|
63 case 'javascript': |
|
64 // escape quotes and backslashes, newlines, etc. |
|
65 return strtr($string, array('\\'=>'\\\\',"'"=>"\\'",'"'=>'\\"',"\r"=>'\\r',"\n"=>'\\n','</'=>'<\/')); |
|
66 |
|
67 case 'mail': |
|
68 // safe way to display e-mail address on a web page |
|
69 return str_replace(array('@', '.'),array(' [AT] ', ' [DOT] '), $string); |
|
70 |
|
71 case 'nonstd': |
|
72 // escape non-standard chars, such as ms document quotes |
|
73 $_res = ''; |
|
74 for($_i = 0, $_len = strlen($string); $_i < $_len; $_i++) { |
|
75 $_ord = ord(substr($string, $_i, 1)); |
|
76 // non-standard char, escape it |
|
77 if($_ord >= 126){ |
|
78 $_res .= '&#' . $_ord . ';'; |
|
79 } |
|
80 else { |
|
81 $_res .= substr($string, $_i, 1); |
|
82 } |
|
83 } |
|
84 return $_res; |
|
85 |
|
86 default: |
|
87 return $string; |
|
88 } |
|
89 } |
|
90 |
|
91 /* vim: set expandtab: */ |
|
92 |
|
93 ?> |