lib/smarty/plugins/modifier.escape.php

   1 <?php
   2 /**
   3  * Smarty plugin
   4  * @package Smarty
   5  * @subpackage plugins
   6  */
   7
   8
   9 /**
  10  * Smarty escape modifier plugin
  11  *
  12  * Type:     modifier<br>
  13  * Name:     escape<br>
  14  * Purpose:  Escape the string according to escapement type
  15  * @link http://smarty.php.net/manual/en/language.modifier.escape.php
  16  *          escape (Smarty online manual)
  17  * @param string
  18  * @param html|htmlall|url|quotes|hex|hexentity|javascript
  19  * @return string
  20  */
  21 function smarty_modifier_escape($string, $esc_type = 'html')
  22 {
  23     switch ($esc_type) {
  24         case 'html':
  25             return htmlspecialchars($string, ENT_QUOTES);
  26
  27         case 'htmlall':
  28             return htmlentities($string, ENT_QUOTES);
  29
  30         case 'url':
  31             return rawurlencode($string);
  32
  33         case 'quotes':
  34             // escape unescaped single quotes
  35             return preg_replace("%(?<!\\\\)'%", "\\'", $string);
  36
  37         case 'hex':
  38             // escape every character into hex
  39             $return = '';
  40             for ($x=0; $x < strlen($string); $x++) {
  41                 $return .= '%' . bin2hex($string[$x]);
  42             }
  43             return $return;
  44
  45         case 'hexentity':
  46             $return = '';
  47             for ($x=0; $x < strlen($string); $x++) {
  48                 $return .= '&#x' . bin2hex($string[$x]) . ';';
  49             }
  50             return $return;
  51
  52         case 'decentity':
  53             $return = '';
  54             for ($x=0; $x < strlen($string); $x++) {
  55                 $return .= '&#' . ord($string[$x]) . ';';
  56             }
  57             return $return;
  58
  59         case 'javascript':
  60             // escape quotes and backslashes, newlines, etc.
  61             return strtr($string, array('\\'=>'\\\\',"'"=>"\\'",'"'=>'\\"',"\r"=>'\\r',"\n"=>'\\n','</'=>'<\/'));
  62
  63         case 'mail':
  64             // safe way to display e-mail address on a web page
  65             return str_replace(array('@', '.'),array(' [AT] ', ' [DOT] '), $string);
  66
  67         case 'nonstd':
  68            // escape non-standard chars, such as ms document quotes
  69            $_res = '';
  70            for($_i = 0, $_len = strlen($string); $_i < $_len; $_i++) {
  71                $_ord = ord($string{$_i});
  72                // non-standard char, escape it
  73                if($_ord >= 126){
  74                    $_res .= '&#' . $_ord . ';';
  75                }
  76                else {
  77                    $_res .= $string{$_i};
  78                }
  79            }
  80            return $_res;
  81
  82         default:
  83             return $string;
  84     }
  85 }
  86
  87 /* vim: set expandtab: */
  88
  89 ?>