1
|
|
|
<?php |
2
|
|
|
/** |
3
|
|
|
* Copyright (c) 2013-2017 |
4
|
|
|
* |
5
|
|
|
* @category Library |
6
|
|
|
* @package Dwoo\Plugins\Functions |
7
|
|
|
* @author Jordi Boggiano <[email protected]> |
8
|
|
|
* @author David Sanchez <[email protected]> |
9
|
|
|
* @copyright 2008-2013 Jordi Boggiano |
10
|
|
|
* @copyright 2013-2017 David Sanchez |
11
|
|
|
* @license http://dwoo.org/LICENSE Modified BSD License |
12
|
|
|
* @version 1.3.2 |
13
|
|
|
* @date 2017-01-06 |
14
|
|
|
* @link http://dwoo.org/ |
15
|
|
|
*/ |
16
|
|
|
|
17
|
|
|
namespace Dwoo\Plugins\Functions; |
18
|
|
|
|
19
|
|
|
use Dwoo\Plugin; |
20
|
|
|
|
21
|
|
|
/** |
22
|
|
|
* Applies various escaping schemes on the given string |
23
|
|
|
* <pre> |
24
|
|
|
* * value : the string to process |
25
|
|
|
* * format : escaping format to use, valid formats are : html, htmlall, url, urlpathinfo, quotes, hex, hexentity, |
26
|
|
|
* javascript and mail |
27
|
|
|
* * charset : character set to use for the conversion (applies to some formats only), defaults to the current Dwoo |
28
|
|
|
* charset |
29
|
|
|
* </pre> |
30
|
|
|
* This software is provided 'as-is', without any express or implied warranty. |
31
|
|
|
* In no event will the authors be held liable for any damages arising from the use of this software. |
32
|
|
|
* |
33
|
|
|
* @return mixed|string |
34
|
|
|
*/ |
35
|
|
|
class PluginEscape extends Plugin |
36
|
|
|
{ |
37
|
|
|
/** |
38
|
|
|
* @param string $value |
39
|
|
|
* @param string $format |
40
|
|
|
* @param null $charset |
41
|
|
|
* |
42
|
|
|
* @return mixed|string |
43
|
|
|
*/ |
44
|
|
|
public function process($value = '', $format = 'html', $charset = null) |
45
|
|
|
{ |
46
|
|
|
if ($charset === null) { |
47
|
|
|
$charset = $this->core->getCharset(); |
48
|
|
|
} |
49
|
|
|
|
50
|
|
|
switch ($format) { |
51
|
|
|
case 'html': |
52
|
|
|
return htmlspecialchars((string)$value, ENT_QUOTES, $charset); |
53
|
|
|
case 'htmlall': |
54
|
|
|
return htmlentities((string)$value, ENT_QUOTES, $charset); |
55
|
|
|
case 'url': |
56
|
|
|
return rawurlencode((string)$value); |
57
|
|
|
case 'urlpathinfo': |
58
|
|
|
return str_replace('%2F', '/', rawurlencode((string)$value)); |
59
|
|
|
case 'quotes': |
60
|
|
|
return preg_replace("#(?<!\\\\)'#", "\\'", (string)$value); |
61
|
|
View Code Duplication |
case 'hex': |
|
|
|
|
62
|
|
|
$out = ''; |
63
|
|
|
$cnt = strlen((string)$value); |
64
|
|
|
for ($i = 0; $i < $cnt; ++ $i) { |
65
|
|
|
$out .= '%' . bin2hex((string)$value[$i]); |
66
|
|
|
} |
67
|
|
|
|
68
|
|
|
return $out; |
69
|
|
View Code Duplication |
case 'hexentity': |
|
|
|
|
70
|
|
|
$out = ''; |
71
|
|
|
$cnt = strlen((string)$value); |
72
|
|
|
for ($i = 0; $i < $cnt; ++ $i) { |
73
|
|
|
$out .= '&#x' . bin2hex((string)$value[$i]) . ';'; |
74
|
|
|
} |
75
|
|
|
|
76
|
|
|
return $out; |
77
|
|
|
case 'javascript': |
78
|
|
|
case 'js': |
79
|
|
|
return strtr((string)$value, |
80
|
|
|
array( |
81
|
|
|
'\\' => '\\\\', |
82
|
|
|
"'" => "\\'", |
83
|
|
|
'"' => '\\"', |
84
|
|
|
"\r" => '\\r', |
85
|
|
|
"\n" => '\\n', |
86
|
|
|
'</' => '<\/' |
87
|
|
|
)); |
88
|
|
|
case 'mail': |
89
|
|
|
return str_replace(array( |
90
|
|
|
'@', |
91
|
|
|
'.' |
92
|
|
|
), |
93
|
|
|
array( |
94
|
|
|
' (AT) ', |
95
|
|
|
' (DOT) ' |
96
|
|
|
), |
97
|
|
|
(string)$value); |
98
|
|
|
default: |
99
|
|
|
$this->core->triggerError('Escape\'s format argument must be one of : html, htmlall, url, urlpathinfo, hex, hexentity, javascript, js or mail, "' . $format . '" given.', |
100
|
|
|
E_USER_WARNING); |
101
|
|
|
} |
102
|
|
|
} |
103
|
|
|
} |
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.
You can also find more detailed suggestions in the “Code” section of your repository.