Commit 34788e78 authored by Taddeus Kroes's avatar Taddeus Kroes

Removed UTF-8 forced encoding in variable varule escaping, and replaced...

Removed UTF-8 forced encoding in variable varule escaping, and replaced htmlentities with htmlspecialchars.
parent cc2ee344
......@@ -74,14 +74,18 @@ require_once 'node.php';
* <expression> : {<exp>}
* <exp> : <nested_exp>
* | <nested_exp>?<nested_exp>:<nested_exp> # Conditional statement
* <nested_exp> : <variable>
* <nested_exp> :
* | <variable>
* | <nested_exp>||<nested_exp> # Default value
* | <function>(<nested_exp>) # Static function call
* | <constant>
* | <html>
* <variable> : $<name> # Regular variable
* | $<name>.<name> # Object attribute or associative array value
* | $<name>.<name>() # Method call (no arguments allowed)
* <variable> : $<name> # Regular variable (escaped)
* | $<name>.<name> # Object attribute or associative array value (escaped)
* | $<name>.<name>() # Method call (escaped) (no arguments allowed)
* | $$<name> # Regular variable (plain)
* | $$<name>.<name> # Object attribute or associative array value (plain)
* | $$<name>.<name>() # Method call (plain)
* <function> : <name> # Global function
* | <name>::<name> # Static class method
* <constant> : An all-caps PHP constant: [A-Z0-9_]+
......@@ -337,7 +341,7 @@ class Template extends Node {
}
/**
* Escape a vairable value for displaying in HTML.
* Escape a variable value for displaying in HTML.
*
* Uses {@link http://php.net/htmlentities} with ENT_QUOTES.
*
......@@ -345,7 +349,7 @@ class Template extends Node {
* @return string The escaped value.
*/
private static function escape_variable_value($value) {
return htmlentities($value, ENT_QUOTES);
return htmlspecialchars($value, ENT_QUOTES);
}
/**
......@@ -353,7 +357,7 @@ class Template extends Node {
*
* This function is a helper for {@link evaluate_expression()}.
*
* @param array $matches Regex matches for conditional pattern.
* @param string[] $matches Regex matches for conditional pattern.
* @param Node $data A data tree containing variable values to use for
* variable expressions.
* @return string The evaluation of the condition.
......
......@@ -293,7 +293,8 @@ class TemplateTest extends PHPUnit_Framework_TestCase {
*/
function test_evaluate_variable_escape() {
$this->assert_evaluates('<script></script>', '$html');
$this->assert_evaluates('Iñtërnâtiônàlizætiøn', '$internationalization');
$this->assert_evaluates('Itrntinliztin', '$internationalization');
//$this->assert_evaluates('Iñtërnâtiônàlizætiøn', '$internationalization');
}
/**
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment