modifier.escape.php 2.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293
  1. <?php
  2. /**
  3. * Smarty plugin
  4. * @package Smarty
  5. * @subpackage plugins
  6. */
  7. /**
  8. * Smarty escape modifier plugin
  9. *
  10. * Type: modifier<br>
  11. * Name: escape<br>
  12. * Purpose: Escape the string according to escapement type
  13. * @link http://smarty.php.net/manual/en/language.modifier.escape.php
  14. * escape (Smarty online manual)
  15. * @author Monte Ohrt <monte at ohrt dot com>
  16. * @param string
  17. * @param html|htmlall|url|quotes|hex|hexentity|javascript
  18. * @return string
  19. */
  20. function smarty_modifier_escape($string, $esc_type = 'html', $char_set = 'ISO-8859-1')
  21. {
  22. switch ($esc_type) {
  23. case 'html':
  24. return htmlspecialchars($string, ENT_QUOTES, $char_set);
  25. case 'htmlall':
  26. return htmlentities($string, ENT_QUOTES, $char_set);
  27. case 'url':
  28. return rawurlencode($string);
  29. case 'urlpathinfo':
  30. return str_replace('%2F','/',rawurlencode($string));
  31. case 'quotes':
  32. // escape unescaped single quotes
  33. return preg_replace("%(?<!\\\\)'%", "\\'", $string);
  34. case 'hex':
  35. // escape every character into hex
  36. $return = '';
  37. for ($x=0; $x < strlen($string); $x++) {
  38. $return .= '%' . bin2hex($string[$x]);
  39. }
  40. return $return;
  41. case 'hexentity':
  42. $return = '';
  43. for ($x=0; $x < strlen($string); $x++) {
  44. $return .= '&#x' . bin2hex($string[$x]) . ';';
  45. }
  46. return $return;
  47. case 'decentity':
  48. $return = '';
  49. for ($x=0; $x < strlen($string); $x++) {
  50. $return .= '&#' . ord($string[$x]) . ';';
  51. }
  52. return $return;
  53. case 'javascript':
  54. // escape quotes and backslashes, newlines, etc.
  55. return strtr($string, array('\\'=>'\\\\',"'"=>"\\'",'"'=>'\\"',"\r"=>'\\r',"\n"=>'\\n','</'=>'<\/'));
  56. case 'mail':
  57. // safe way to display e-mail address on a web page
  58. return str_replace(array('@', '.'),array(' [AT] ', ' [DOT] '), $string);
  59. case 'nonstd':
  60. // escape non-standard chars, such as ms document quotes
  61. $_res = '';
  62. for($_i = 0, $_len = strlen($string); $_i < $_len; $_i++) {
  63. $_ord = ord(substr($string, $_i, 1));
  64. // non-standard char, escape it
  65. if($_ord >= 126){
  66. $_res .= '&#' . $_ord . ';';
  67. }
  68. else {
  69. $_res .= substr($string, $_i, 1);
  70. }
  71. }
  72. return $_res;
  73. default:
  74. return $string;
  75. }
  76. }
  77. /* vim: set expandtab: */
  78. ?>