Skip to content

W
webbasics
Commit 34788e78 authored by Taddeus Kroes's avatar Taddeus Kroes
Browse files
Options

Removed UTF-8 forced encoding in variable varule escaping, and replaced... 

Removed UTF-8 forced encoding in variable varule escaping, and replaced htmlentities with htmlspecialchars.
parent cc2ee344
Hide whitespace changes
Inline Side-by-side
Showing with 13 additions and 8 deletions
template.php
View file @ 34788e78
...@@ -74,14 +74,18 @@ require_once 'node.php'; ...@@ -74,14 +74,18 @@ require_once 'node.php';
* <expression> : {<exp>} * <expression> : {<exp>}
* <exp> : <nested_exp> * <exp> : <nested_exp>
* | <nested_exp>?<nested_exp>:<nested_exp> # Conditional statement * | <nested_exp>?<nested_exp>:<nested_exp> # Conditional statement
* <nested_exp> : <variable> * <nested_exp> :
* | <variable>
* | <nested_exp>||<nested_exp> # Default value * | <nested_exp>||<nested_exp> # Default value
* | <function>(<nested_exp>) # Static function call * | <function>(<nested_exp>) # Static function call
* | <constant> * | <constant>
* | <html> * | <html>
* <variable> : $<name> # Regular variable * <variable> : $<name> # Regular variable (escaped)
* | $<name>.<name> # Object attribute or associative array value * | $<name>.<name> # Object attribute or associative array value (escaped)
* | $<name>.<name>() # Method call (no arguments allowed) * | $<name>.<name>() # Method call (escaped) (no arguments allowed)
* | $$<name> # Regular variable (plain)
* | $$<name>.<name> # Object attribute or associative array value (plain)
* | $$<name>.<name>() # Method call (plain)
* <function> : <name> # Global function * <function> : <name> # Global function
* | <name>::<name> # Static class method * | <name>::<name> # Static class method
* <constant> : An all-caps PHP constant: [A-Z0-9_]+ * <constant> : An all-caps PHP constant: [A-Z0-9_]+
...@@ -337,7 +341,7 @@ class Template extends Node { ...@@ -337,7 +341,7 @@ class Template extends Node {
} }
/** /**
* Escape a vairable value for displaying in HTML. * Escape a variable value for displaying in HTML.
* *
* Uses {@link http://php.net/htmlentities} with ENT_QUOTES. * Uses {@link http://php.net/htmlentities} with ENT_QUOTES.
* *
...@@ -345,7 +349,7 @@ class Template extends Node { ...@@ -345,7 +349,7 @@ class Template extends Node {
* @return string The escaped value. * @return string The escaped value.
*/ */
private static function escape_variable_value($value) { private static function escape_variable_value($value) {
return htmlentities($value, ENT_QUOTES); return htmlspecialchars($value, ENT_QUOTES);
} }
/** /**
...@@ -353,7 +357,7 @@ class Template extends Node { ...@@ -353,7 +357,7 @@ class Template extends Node {
* *
* This function is a helper for {@link evaluate_expression()}. * This function is a helper for {@link evaluate_expression()}.
* *
* @param array $matches Regex matches for conditional pattern. * @param string[] $matches Regex matches for conditional pattern.
* @param Node $data A data tree containing variable values to use for * @param Node $data A data tree containing variable values to use for
* variable expressions. * variable expressions.
* @return string The evaluation of the condition. * @return string The evaluation of the condition.
......
tests/test_template.php
View file @ 34788e78
...@@ -293,7 +293,8 @@ class TemplateTest extends PHPUnit_Framework_TestCase { ...@@ -293,7 +293,8 @@ class TemplateTest extends PHPUnit_Framework_TestCase {
*/ */
function test_evaluate_variable_escape() { function test_evaluate_variable_escape() {
$this->assert_evaluates('<script></script>', '$html'); $this->assert_evaluates('<script></script>', '$html');
$this->assert_evaluates('Iñtërnâtiônàlizætiøn', '$internationalization'); $this->assert_evaluates('Itrntinliztin', '$internationalization');
//$this->assert_evaluates('Iñtërnâtiônàlizætiøn', '$internationalization');
} }
/** /**
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment