|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
namespace Box\Spout\Common\Helper\Escaper; |
|
4
|
|
|
|
|
5
|
|
|
/** |
|
6
|
|
|
* Class ODS |
|
7
|
|
|
* Provides functions to escape and unescape data for ODS files |
|
8
|
|
|
*/ |
|
9
|
|
|
class ODS implements EscaperInterface |
|
10
|
|
|
{ |
|
11
|
|
|
/** |
|
12
|
|
|
* Escapes the given string to make it compatible with XLSX |
|
13
|
|
|
* |
|
14
|
|
|
* @param string $string The string to escape |
|
15
|
|
|
* @return string The escaped string |
|
16
|
|
|
*/ |
|
17
|
43 |
|
public function escape($string) |
|
18
|
|
|
{ |
|
19
|
|
|
// @NOTE: Using ENT_QUOTES as XML entities ('<', '>', '&') as well as |
|
20
|
|
|
// single/double quotes (for XML attributes) need to be encoded. |
|
21
|
43 |
|
if (\defined('ENT_DISALLOWED')) { |
|
22
|
|
|
// 'ENT_DISALLOWED' ensures that invalid characters in the given document type are replaced. |
|
23
|
|
|
// Otherwise control characters like a vertical tab "\v" will make the XML document unreadable by the XML processor |
|
24
|
|
|
// @link https://github.com/box/spout/issues/329 |
|
25
|
43 |
|
$replacedString = \htmlspecialchars($string, ENT_QUOTES | ENT_DISALLOWED, 'UTF-8'); |
|
26
|
|
|
} else { |
|
27
|
|
|
// We are on hhvm or any other engine that does not support ENT_DISALLOWED. |
|
28
|
|
|
$escapedString = \htmlspecialchars($string, ENT_QUOTES, 'UTF-8'); |
|
29
|
|
|
|
|
30
|
|
|
// control characters values are from 0 to 1F (hex values) in the ASCII table |
|
31
|
|
|
// some characters should not be escaped though: "\t", "\r" and "\n". |
|
32
|
|
|
$regexPattern = '[\x00-\x08' . |
|
33
|
|
|
// skipping "\t" (0x9) and "\n" (0xA) |
|
34
|
|
|
'\x0B-\x0C' . |
|
35
|
|
|
// skipping "\r" (0xD) |
|
36
|
|
|
'\x0E-\x1F]'; |
|
37
|
|
|
$replacedString = \preg_replace("/$regexPattern/", '�', $escapedString); |
|
38
|
|
|
} |
|
39
|
|
|
|
|
40
|
43 |
|
return $replacedString; |
|
41
|
|
|
} |
|
42
|
|
|
|
|
43
|
|
|
/** |
|
44
|
|
|
* Unescapes the given string to make it compatible with XLSX |
|
45
|
|
|
* |
|
46
|
|
|
* @param string $string The string to unescape |
|
47
|
|
|
* @return string The unescaped string |
|
48
|
|
|
*/ |
|
49
|
29 |
|
public function unescape($string) |
|
50
|
|
|
{ |
|
51
|
|
|
// ============== |
|
52
|
|
|
// = WARNING = |
|
53
|
|
|
// ============== |
|
54
|
|
|
// It is assumed that the given string has already had its XML entities decoded. |
|
55
|
|
|
// This is true if the string is coming from a DOMNode (as DOMNode already decode XML entities on creation). |
|
56
|
|
|
// Therefore there is no need to call "htmlspecialchars_decode()". |
|
57
|
29 |
|
return $string; |
|
58
|
|
|
} |
|
59
|
|
|
} |
|
60
|
|
|
|
box /
spout
