This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | /** |
||
3 | * PHPTAL templating engine |
||
4 | * |
||
5 | * PHP Version 5 |
||
6 | * |
||
7 | * @category HTML |
||
8 | * @package PHPTAL |
||
9 | * @author Laurent Bedubourg <[email protected]> |
||
10 | * @author Kornel Lesiński <[email protected]> |
||
11 | * @license http://www.gnu.org/licenses/lgpl.html GNU Lesser General Public License |
||
12 | * @version SVN: $Id$ |
||
13 | * @link http://phptal.org/ |
||
14 | */ |
||
15 | |||
16 | /** |
||
17 | * node that represents element's attribute |
||
18 | * |
||
19 | * @package PHPTAL |
||
20 | * @subpackage Dom |
||
21 | */ |
||
22 | class PHPTAL_Dom_Attr |
||
23 | { |
||
24 | private $value_escaped, $qualified_name, $namespace_uri, $encoding; |
||
25 | /** |
||
26 | * attribute's value can be overriden with a variable |
||
27 | */ |
||
28 | private $phpVariable; |
||
29 | const HIDDEN = -1; |
||
30 | const NOT_REPLACED = 0; |
||
31 | const VALUE_REPLACED = 1; |
||
32 | const FULLY_REPLACED = 2; |
||
33 | private $replacedState = 0; |
||
34 | |||
35 | /** |
||
36 | * @param string $qualified_name attribute name with prefix |
||
37 | * @param string $namespace_uri full namespace URI or empty string |
||
38 | * @param string $value_escaped value with HTML-escaping |
||
39 | * @param string $encoding character encoding used by the value |
||
40 | */ |
||
41 | function __construct($qualified_name, $namespace_uri, $value_escaped, $encoding) |
||
0 ignored issues
–
show
|
|||
42 | { |
||
43 | $this->value_escaped = $value_escaped; |
||
44 | $this->qualified_name = $qualified_name; |
||
45 | $this->namespace_uri = $namespace_uri; |
||
46 | $this->encoding = $encoding; |
||
47 | } |
||
48 | |||
49 | /** |
||
50 | * get character encoding used by this attribute. |
||
51 | */ |
||
52 | public function getEncoding() |
||
53 | { |
||
54 | return $this->encoding; |
||
55 | } |
||
56 | |||
57 | /** |
||
58 | * get full namespace URI. "" for default namespace. |
||
59 | */ |
||
60 | function getNamespaceURI() |
||
0 ignored issues
–
show
|
|||
61 | { |
||
62 | return $this->namespace_uri; |
||
63 | } |
||
64 | |||
65 | /** |
||
66 | * get attribute name including namespace prefix, if any |
||
67 | */ |
||
68 | function getQualifiedName() |
||
0 ignored issues
–
show
|
|||
69 | { |
||
70 | return $this->qualified_name; |
||
71 | } |
||
72 | |||
73 | /** |
||
74 | * get "foo" of "ns:foo" attribute name |
||
75 | */ |
||
76 | function getLocalName() |
||
0 ignored issues
–
show
|
|||
77 | { |
||
78 | $n = explode(':', $this->qualified_name, 2); |
||
79 | return end($n); |
||
80 | } |
||
81 | |||
82 | /** |
||
83 | * Returns true if this attribute is ns declaration (xmlns="...") |
||
84 | * |
||
85 | * @return bool |
||
86 | */ |
||
87 | function isNamespaceDeclaration() |
||
0 ignored issues
–
show
|
|||
88 | { |
||
89 | return preg_match('/^xmlns(?:$|:)/', $this->qualified_name); |
||
90 | } |
||
91 | |||
92 | |||
93 | /** |
||
94 | * get value as plain text |
||
95 | * |
||
96 | * @return string |
||
97 | */ |
||
98 | function getValue() |
||
0 ignored issues
–
show
|
|||
99 | { |
||
100 | return html_entity_decode($this->value_escaped, ENT_QUOTES, $this->encoding); |
||
101 | } |
||
102 | |||
103 | /** |
||
104 | * set plain text as value |
||
105 | */ |
||
106 | function setValue($val) |
||
0 ignored issues
–
show
|
|||
107 | { |
||
108 | $this->value_escaped = htmlspecialchars($val, ENT_QUOTES, $this->encoding); |
||
109 | } |
||
110 | |||
111 | /** |
||
112 | * Depends on replaced state. |
||
113 | * If value is not replaced, it will return it with HTML escapes. |
||
114 | * |
||
115 | * @see getReplacedState() |
||
116 | * @see overwriteValueWithVariable() |
||
117 | */ |
||
118 | function getValueEscaped() |
||
0 ignored issues
–
show
|
|||
119 | { |
||
120 | return $this->value_escaped; |
||
121 | } |
||
122 | |||
123 | /** |
||
124 | * Set value of the attribute to this exact string. |
||
125 | * String must be HTML-escaped and use attribute's encoding. |
||
126 | * |
||
127 | * @param string $value_escaped new content |
||
128 | */ |
||
129 | function setValueEscaped($value_escaped) |
||
0 ignored issues
–
show
|
|||
130 | { |
||
131 | $this->replacedState = self::NOT_REPLACED; |
||
132 | $this->value_escaped = $value_escaped; |
||
133 | } |
||
134 | |||
135 | /** |
||
136 | * set PHP code as value of this attribute. Code is expected to echo the value. |
||
137 | */ |
||
138 | private function setPHPCode($code) |
||
139 | { |
||
140 | $this->value_escaped = '<?php '.$code." ?>\n"; |
||
141 | } |
||
142 | |||
143 | /** |
||
144 | * hide this attribute. It won't be generated. |
||
145 | */ |
||
146 | function hide() |
||
0 ignored issues
–
show
|
|||
147 | { |
||
148 | $this->replacedState = self::HIDDEN; |
||
149 | } |
||
150 | |||
151 | /** |
||
152 | * generate value of this attribute from variable |
||
153 | */ |
||
154 | function overwriteValueWithVariable($phpVariable) |
||
0 ignored issues
–
show
|
|||
155 | { |
||
156 | $this->replacedState = self::VALUE_REPLACED; |
||
157 | $this->phpVariable = $phpVariable; |
||
158 | $this->setPHPCode('echo '.$phpVariable); |
||
159 | } |
||
160 | |||
161 | /** |
||
162 | * generate complete syntax of this attribute using variable |
||
163 | */ |
||
164 | function overwriteFullWithVariable($phpVariable) |
||
0 ignored issues
–
show
|
|||
165 | { |
||
166 | $this->replacedState = self::FULLY_REPLACED; |
||
167 | $this->phpVariable = $phpVariable; |
||
168 | $this->setPHPCode('echo '.$phpVariable); |
||
169 | } |
||
170 | |||
171 | /** |
||
172 | * use any PHP code to generate this attribute's value |
||
173 | */ |
||
174 | function overwriteValueWithCode($code) |
||
0 ignored issues
–
show
|
|||
175 | { |
||
176 | $this->replacedState = self::VALUE_REPLACED; |
||
177 | $this->phpVariable = null; |
||
178 | $this->setPHPCode($code); |
||
179 | } |
||
180 | |||
181 | /** |
||
182 | * if value was overwritten with variable, get its name |
||
183 | */ |
||
184 | function getOverwrittenVariableName() |
||
0 ignored issues
–
show
|
|||
185 | { |
||
186 | return $this->phpVariable; |
||
187 | } |
||
188 | |||
189 | /** |
||
190 | * whether getValueEscaped() returns real value or PHP code |
||
191 | */ |
||
192 | function getReplacedState() |
||
0 ignored issues
–
show
|
|||
193 | { |
||
194 | return $this->replacedState; |
||
195 | } |
||
196 | } |
||
197 |
Adding explicit visibility (
private
,protected
, orpublic
) is generally recommend to communicate to other developers how, and from where this method is intended to be used.