dwoo-project /
dwoo
@@ -29,7 +29,7 @@ |
||
| 29 | 29 | /** |
| 30 | 30 | * @param string $input |
| 31 | 31 | * |
| 32 | - * @return mixed |
|
| 32 | + * @return string |
|
| 33 | 33 | */ |
| 34 | 34 | public function process($input) |
| 35 | 35 | { |
@@ -48,56 +48,56 @@ |
||
| 48 | 48 | } |
| 49 | 49 | |
| 50 | 50 | switch ($format) { |
| 51 | - case 'html': |
|
| 52 | - return htmlspecialchars((string)$value, ENT_QUOTES, $charset); |
|
| 53 | - case 'htmlall': |
|
| 54 | - return htmlentities((string)$value, ENT_QUOTES, $charset); |
|
| 55 | - case 'url': |
|
| 56 | - return rawurlencode((string)$value); |
|
| 57 | - case 'urlpathinfo': |
|
| 58 | - return str_replace('%2F', '/', rawurlencode((string)$value)); |
|
| 59 | - case 'quotes': |
|
| 60 | - return preg_replace("#(?<!\\\\)'#", "\\'", (string)$value); |
|
| 61 | - case 'hex': |
|
| 62 | - $out = ''; |
|
| 63 | - $cnt = strlen((string)$value); |
|
| 64 | - for ($i = 0; $i < $cnt; ++ $i) { |
|
| 65 | - $out .= '%' . bin2hex((string)$value[$i]); |
|
| 66 | - } |
|
| 51 | + case 'html': |
|
| 52 | + return htmlspecialchars((string)$value, ENT_QUOTES, $charset); |
|
| 53 | + case 'htmlall': |
|
| 54 | + return htmlentities((string)$value, ENT_QUOTES, $charset); |
|
| 55 | + case 'url': |
|
| 56 | + return rawurlencode((string)$value); |
|
| 57 | + case 'urlpathinfo': |
|
| 58 | + return str_replace('%2F', '/', rawurlencode((string)$value)); |
|
| 59 | + case 'quotes': |
|
| 60 | + return preg_replace("#(?<!\\\\)'#", "\\'", (string)$value); |
|
| 61 | + case 'hex': |
|
| 62 | + $out = ''; |
|
| 63 | + $cnt = strlen((string)$value); |
|
| 64 | + for ($i = 0; $i < $cnt; ++ $i) { |
|
| 65 | + $out .= '%' . bin2hex((string)$value[$i]); |
|
| 66 | + } |
|
| 67 | 67 | |
| 68 | - return $out; |
|
| 69 | - case 'hexentity': |
|
| 70 | - $out = ''; |
|
| 71 | - $cnt = strlen((string)$value); |
|
| 72 | - for ($i = 0; $i < $cnt; ++ $i) { |
|
| 73 | - $out .= '&#x' . bin2hex((string)$value[$i]) . ';'; |
|
| 74 | - } |
|
| 68 | + return $out; |
|
| 69 | + case 'hexentity': |
|
| 70 | + $out = ''; |
|
| 71 | + $cnt = strlen((string)$value); |
|
| 72 | + for ($i = 0; $i < $cnt; ++ $i) { |
|
| 73 | + $out .= '&#x' . bin2hex((string)$value[$i]) . ';'; |
|
| 74 | + } |
|
| 75 | 75 | |
| 76 | - return $out; |
|
| 77 | - case 'javascript': |
|
| 78 | - case 'js': |
|
| 79 | - return strtr((string)$value, |
|
| 80 | - array( |
|
| 81 | - '\\' => '\\\\', |
|
| 82 | - "'" => "\\'", |
|
| 83 | - '"' => '\\"', |
|
| 84 | - "\r" => '\\r', |
|
| 85 | - "\n" => '\\n', |
|
| 86 | - '</' => '<\/' |
|
| 87 | - )); |
|
| 88 | - case 'mail': |
|
| 89 | - return str_replace(array( |
|
| 90 | - '@', |
|
| 91 | - '.' |
|
| 76 | + return $out; |
|
| 77 | + case 'javascript': |
|
| 78 | + case 'js': |
|
| 79 | + return strtr((string)$value, |
|
| 80 | + array( |
|
| 81 | + '\\' => '\\\\', |
|
| 82 | + "'" => "\\'", |
|
| 83 | + '"' => '\\"', |
|
| 84 | + "\r" => '\\r', |
|
| 85 | + "\n" => '\\n', |
|
| 86 | + '</' => '<\/' |
|
| 87 | + )); |
|
| 88 | + case 'mail': |
|
| 89 | + return str_replace(array( |
|
| 90 | + '@', |
|
| 91 | + '.' |
|
| 92 | + ), |
|
| 93 | + array( |
|
| 94 | + ' (AT) ', |
|
| 95 | + ' (DOT) ' |
|
| 92 | 96 | ), |
| 93 | - array( |
|
| 94 | - ' (AT) ', |
|
| 95 | - ' (DOT) ' |
|
| 96 | - ), |
|
| 97 | - (string)$value); |
|
| 98 | - default: |
|
| 99 | - $this->core->triggerError('Escape\'s format argument must be one of : html, htmlall, url, urlpathinfo, hex, hexentity, javascript, js or mail, "' . $format . '" given.', |
|
| 100 | - E_USER_WARNING); |
|
| 97 | + (string)$value); |
|
| 98 | + default: |
|
| 99 | + $this->core->triggerError('Escape\'s format argument must be one of : html, htmlall, url, urlpathinfo, hex, hexentity, javascript, js or mail, "' . $format . '" given.', |
|
| 100 | + E_USER_WARNING); |
|
| 101 | 101 | } |
| 102 | 102 | } |
| 103 | 103 | } |
| 104 | 104 | \ No newline at end of file |
@@ -82,63 +82,63 @@ |
||
| 82 | 82 | // output |
| 83 | 83 | switch ($encode) { |
| 84 | 84 | |
| 85 | - case 'none': |
|
| 86 | - case null: |
|
| 87 | - return '<a href="mailto:' . $address . '" ' . $extra . '>' . $text . '</a>'; |
|
| 88 | - |
|
| 89 | - case 'js': |
|
| 90 | - case 'javascript': |
|
| 91 | - $str = 'document.write(\'<a href="mailto:' . $address . '" ' . $extra . '>' . $text . '</a>\');'; |
|
| 92 | - $len = strlen($str); |
|
| 93 | - |
|
| 94 | - $out = ''; |
|
| 95 | - for ($i = 0; $i < $len; ++ $i) { |
|
| 96 | - $out .= '%' . bin2hex($str[$i]); |
|
| 85 | + case 'none': |
|
| 86 | + case null: |
|
| 87 | + return '<a href="mailto:' . $address . '" ' . $extra . '>' . $text . '</a>'; |
|
| 88 | + |
|
| 89 | + case 'js': |
|
| 90 | + case 'javascript': |
|
| 91 | + $str = 'document.write(\'<a href="mailto:' . $address . '" ' . $extra . '>' . $text . '</a>\');'; |
|
| 92 | + $len = strlen($str); |
|
| 93 | + |
|
| 94 | + $out = ''; |
|
| 95 | + for ($i = 0; $i < $len; ++ $i) { |
|
| 96 | + $out .= '%' . bin2hex($str[$i]); |
|
| 97 | + } |
|
| 98 | + |
|
| 99 | + return '<script type="text/javascript">eval(unescape(\'' . $out . '\'));</script>'; |
|
| 100 | + |
|
| 101 | + break; |
|
| 102 | + case 'javascript_charcode': |
|
| 103 | + case 'js_charcode': |
|
| 104 | + case 'jscharcode': |
|
| 105 | + case 'jschar': |
|
| 106 | + $str = '<a href="mailto:' . $address . '" ' . $extra . '>' . $text . '</a>'; |
|
| 107 | + $len = strlen($str); |
|
| 108 | + |
|
| 109 | + $out = '<script type="text/javascript">' . "\n<!--\ndocument.write(Str.fromCharCode("; |
|
| 110 | + for ($i = 0; $i < $len; ++ $i) { |
|
| 111 | + $out .= ord($str[$i]) . ','; |
|
| 112 | + } |
|
| 113 | + |
|
| 114 | + return rtrim($out, ',') . "));\n-->\n</script>\n"; |
|
| 115 | + |
|
| 116 | + break; |
|
| 117 | + |
|
| 118 | + case 'hex': |
|
| 119 | + if (strpos($address, '?') !== false) { |
|
| 120 | + $this->core->triggerError('Mailto: Hex encoding is not possible with extra attributes, use one of : <em>js, jscharcode or none</em>.', E_USER_WARNING); |
|
| 121 | + } |
|
| 122 | + |
|
| 123 | + $out = '<a href="mailto:'; |
|
| 124 | + $len = strlen($address); |
|
| 125 | + for ($i = 0; $i < $len; ++ $i) { |
|
| 126 | + if (preg_match('#\w#', $address[$i])) { |
|
| 127 | + $out .= '%' . bin2hex($address[$i]); |
|
| 128 | + } else { |
|
| 129 | + $out .= $address[$i]; |
|
| 97 | 130 | } |
| 131 | + } |
|
| 132 | + $out .= '" ' . $extra . '>'; |
|
| 133 | + $len = strlen($text); |
|
| 134 | + for ($i = 0; $i < $len; ++ $i) { |
|
| 135 | + $out .= '&#x' . bin2hex($text[$i]); |
|
| 136 | + } |
|
| 98 | 137 | |
| 99 | - return '<script type="text/javascript">eval(unescape(\'' . $out . '\'));</script>'; |
|
| 138 | + return $out . '</a>'; |
|
| 100 | 139 | |
| 101 | - break; |
|
| 102 | - case 'javascript_charcode': |
|
| 103 | - case 'js_charcode': |
|
| 104 | - case 'jscharcode': |
|
| 105 | - case 'jschar': |
|
| 106 | - $str = '<a href="mailto:' . $address . '" ' . $extra . '>' . $text . '</a>'; |
|
| 107 | - $len = strlen($str); |
|
| 108 | - |
|
| 109 | - $out = '<script type="text/javascript">' . "\n<!--\ndocument.write(Str.fromCharCode("; |
|
| 110 | - for ($i = 0; $i < $len; ++ $i) { |
|
| 111 | - $out .= ord($str[$i]) . ','; |
|
| 112 | - } |
|
| 113 | - |
|
| 114 | - return rtrim($out, ',') . "));\n-->\n</script>\n"; |
|
| 115 | - |
|
| 116 | - break; |
|
| 117 | - |
|
| 118 | - case 'hex': |
|
| 119 | - if (strpos($address, '?') !== false) { |
|
| 120 | - $this->core->triggerError('Mailto: Hex encoding is not possible with extra attributes, use one of : <em>js, jscharcode or none</em>.', E_USER_WARNING); |
|
| 121 | - } |
|
| 122 | - |
|
| 123 | - $out = '<a href="mailto:'; |
|
| 124 | - $len = strlen($address); |
|
| 125 | - for ($i = 0; $i < $len; ++ $i) { |
|
| 126 | - if (preg_match('#\w#', $address[$i])) { |
|
| 127 | - $out .= '%' . bin2hex($address[$i]); |
|
| 128 | - } else { |
|
| 129 | - $out .= $address[$i]; |
|
| 130 | - } |
|
| 131 | - } |
|
| 132 | - $out .= '" ' . $extra . '>'; |
|
| 133 | - $len = strlen($text); |
|
| 134 | - for ($i = 0; $i < $len; ++ $i) { |
|
| 135 | - $out .= '&#x' . bin2hex($text[$i]); |
|
| 136 | - } |
|
| 137 | - |
|
| 138 | - return $out . '</a>'; |
|
| 139 | - |
|
| 140 | - default: |
|
| 141 | - $this->core->triggerError('Mailto: <em>encode</em> argument is invalid, it must be one of : <em>none (= no value), js, js_charcode or hex</em>', E_USER_WARNING); |
|
| 140 | + default: |
|
| 141 | + $this->core->triggerError('Mailto: <em>encode</em> argument is invalid, it must be one of : <em>none (= no value), js, js_charcode or hex</em>', E_USER_WARNING); |
|
| 142 | 142 | } |
| 143 | 143 | } |
| 144 | 144 | } |
| 145 | 145 | \ No newline at end of file |
@@ -769,13 +769,13 @@ discard block |
||
| 769 | 769 | $search = array('{<\?.*?\?>}', '{<%.*?%>}'); |
| 770 | 770 | } |
| 771 | 771 | switch ($this->securityPolicy->getPhpHandling()) { |
| 772 | - case SecurityPolicy::PHP_ALLOW: |
|
| 773 | - break; |
|
| 774 | - case SecurityPolicy::PHP_ENCODE: |
|
| 775 | - $tpl = preg_replace_callback($search, array($this, 'phpTagEncodingHelper'), $tpl); |
|
| 776 | - break; |
|
| 777 | - case SecurityPolicy::PHP_REMOVE: |
|
| 778 | - $tpl = preg_replace($search, '', $tpl); |
|
| 772 | + case SecurityPolicy::PHP_ALLOW: |
|
| 773 | + break; |
|
| 774 | + case SecurityPolicy::PHP_ENCODE: |
|
| 775 | + $tpl = preg_replace_callback($search, array($this, 'phpTagEncodingHelper'), $tpl); |
|
| 776 | + break; |
|
| 777 | + case SecurityPolicy::PHP_REMOVE: |
|
| 778 | + $tpl = preg_replace($search, '', $tpl); |
|
| 779 | 779 | } |
| 780 | 780 | } |
| 781 | 781 | } |
@@ -875,51 +875,51 @@ discard block |
||
| 875 | 875 | } |
| 876 | 876 | |
| 877 | 877 | switch ($type) { |
| 878 | - case Core::CLASS_PLUGIN: |
|
| 879 | - case Core::CLASS_PLUGIN + Core::BLOCK_PLUGIN: |
|
| 880 | - if (class_exists('Plugin' . $plugin) !== false) { |
|
| 881 | - $output .= "if (class_exists('" . "Plugin" . $plugin . "')===false)". |
|
| 882 | - "\n\t\$this->getLoader()->loadPlugin('Plugin$plugin');\n"; |
|
| 883 | - } else { |
|
| 884 | - $output .= "if (class_exists('" . Core::NAMESPACE_PLUGINS_BLOCKS . "Plugin" . $plugin . "')===false)". |
|
| 885 | - "\n\t\$this->getLoader()->loadPlugin('Plugin$plugin');\n"; |
|
| 886 | - } |
|
| 887 | - break; |
|
| 888 | - case Core::CLASS_PLUGIN + Core::FUNC_PLUGIN: |
|
| 889 | - if (class_exists('Plugin' . $plugin) !== false) { |
|
| 890 | - $output .= "if (class_exists('" . "Plugin" . $plugin . "')===false)". |
|
| 891 | - "\n\t\$this->getLoader()->loadPlugin('Plugin$plugin');\n"; |
|
| 892 | - } else { |
|
| 893 | - $output .= "if (class_exists('" . Core::NAMESPACE_PLUGINS_FUNCTIONS . "Plugin" . $plugin . "')===false)". |
|
| 894 | - "\n\t\$this->getLoader()->loadPlugin('Plugin$plugin');\n"; |
|
| 895 | - } |
|
| 896 | - break; |
|
| 897 | - case Core::FUNC_PLUGIN: |
|
| 898 | - if (function_exists('Plugin' . $plugin) !== false) { |
|
| 899 | - $output .= "if (function_exists('" . "Plugin" . $plugin . "')===false)". |
|
| 878 | + case Core::CLASS_PLUGIN: |
|
| 879 | + case Core::CLASS_PLUGIN + Core::BLOCK_PLUGIN: |
|
| 880 | + if (class_exists('Plugin' . $plugin) !== false) { |
|
| 881 | + $output .= "if (class_exists('" . "Plugin" . $plugin . "')===false)". |
|
| 882 | + "\n\t\$this->getLoader()->loadPlugin('Plugin$plugin');\n"; |
|
| 883 | + } else { |
|
| 884 | + $output .= "if (class_exists('" . Core::NAMESPACE_PLUGINS_BLOCKS . "Plugin" . $plugin . "')===false)". |
|
| 885 | + "\n\t\$this->getLoader()->loadPlugin('Plugin$plugin');\n"; |
|
| 886 | + } |
|
| 887 | + break; |
|
| 888 | + case Core::CLASS_PLUGIN + Core::FUNC_PLUGIN: |
|
| 889 | + if (class_exists('Plugin' . $plugin) !== false) { |
|
| 890 | + $output .= "if (class_exists('" . "Plugin" . $plugin . "')===false)". |
|
| 900 | 891 | "\n\t\$this->getLoader()->loadPlugin('Plugin$plugin');\n"; |
| 901 | - } else { |
|
| 902 | - $output .= "if (function_exists('" . Core::NAMESPACE_PLUGINS_FUNCTIONS . "Plugin" . $plugin . "')===false)". |
|
| 892 | + } else { |
|
| 893 | + $output .= "if (class_exists('" . Core::NAMESPACE_PLUGINS_FUNCTIONS . "Plugin" . $plugin . "')===false)". |
|
| 903 | 894 | "\n\t\$this->getLoader()->loadPlugin('Plugin$plugin');\n"; |
| 904 | - } |
|
| 905 | - break; |
|
| 906 | - case Core::SMARTY_MODIFIER: |
|
| 907 | - $output .= "if (function_exists('smarty_modifier_$plugin')===false)". |
|
| 908 | - "\n\t\$this->getLoader()->loadPlugin('$plugin');\n"; |
|
| 909 | - break; |
|
| 910 | - case Core::SMARTY_FUNCTION: |
|
| 911 | - $output .= "if (function_exists('smarty_function_$plugin')===false)". |
|
| 912 | - "\n\t\$this->getLoader()->loadPlugin('$plugin');\n"; |
|
| 913 | - break; |
|
| 914 | - case Core::SMARTY_BLOCK: |
|
| 915 | - $output .= "if (function_exists('smarty_block_$plugin')===false)". |
|
| 916 | - "\n\t\$this->getLoader()->loadPlugin('$plugin');\n"; |
|
| 917 | - break; |
|
| 918 | - case Core::PROXY_PLUGIN: |
|
| 919 | - $output .= $this->getDwoo()->getPluginProxy()->getLoader($plugin); |
|
| 920 | - break; |
|
| 921 | - default: |
|
| 922 | - throw new CompilationException($this, 'Type error for ' . $plugin . ' with type' . $type); |
|
| 895 | + } |
|
| 896 | + break; |
|
| 897 | + case Core::FUNC_PLUGIN: |
|
| 898 | + if (function_exists('Plugin' . $plugin) !== false) { |
|
| 899 | + $output .= "if (function_exists('" . "Plugin" . $plugin . "')===false)". |
|
| 900 | + "\n\t\$this->getLoader()->loadPlugin('Plugin$plugin');\n"; |
|
| 901 | + } else { |
|
| 902 | + $output .= "if (function_exists('" . Core::NAMESPACE_PLUGINS_FUNCTIONS . "Plugin" . $plugin . "')===false)". |
|
| 903 | + "\n\t\$this->getLoader()->loadPlugin('Plugin$plugin');\n"; |
|
| 904 | + } |
|
| 905 | + break; |
|
| 906 | + case Core::SMARTY_MODIFIER: |
|
| 907 | + $output .= "if (function_exists('smarty_modifier_$plugin')===false)". |
|
| 908 | + "\n\t\$this->getLoader()->loadPlugin('$plugin');\n"; |
|
| 909 | + break; |
|
| 910 | + case Core::SMARTY_FUNCTION: |
|
| 911 | + $output .= "if (function_exists('smarty_function_$plugin')===false)". |
|
| 912 | + "\n\t\$this->getLoader()->loadPlugin('$plugin');\n"; |
|
| 913 | + break; |
|
| 914 | + case Core::SMARTY_BLOCK: |
|
| 915 | + $output .= "if (function_exists('smarty_block_$plugin')===false)". |
|
| 916 | + "\n\t\$this->getLoader()->loadPlugin('$plugin');\n"; |
|
| 917 | + break; |
|
| 918 | + case Core::PROXY_PLUGIN: |
|
| 919 | + $output .= $this->getDwoo()->getPluginProxy()->getLoader($plugin); |
|
| 920 | + break; |
|
| 921 | + default: |
|
| 922 | + throw new CompilationException($this, 'Type error for ' . $plugin . ' with type' . $type); |
|
| 923 | 923 | } |
| 924 | 924 | } |
| 925 | 925 | |
