Strona główna Odkrywaj Pomoc
Zaloguj się
taddeus
/
webbasics
1
0
Forkuj 0
Pliki Problemy 0 Oczekujące zmiany 0 Wiki
Przeglądaj źródła

Removed UTF-8 forced encoding in variable varule escaping, and replaced htmlentities with htmlspecialchars.

Taddeus Kroes 13 lat temu
rodzic
cc2ee3449a
commit
34788e784c
2 zmienionych plików z 13 dodań i 8 usunięć
Widok podzielony Pokaż statystyki zmian
  1. 11 7
      template.php
  2. 2 1
      tests/test_template.php

+ 11 - 7
template.php
Wyświetl plik 

@@ -74,14 +74,18 @@ require_once 'node.php';
 
  * <expression> : {<exp>}
 
  * <exp> : <nested_exp>
 
  *       | <nested_exp>?<nested_exp>:<nested_exp>  # Conditional statement
 
- * <nested_exp> : <variable>
 
+ * <nested_exp> : 
+ *              | <variable>
 
  *              | <nested_exp>||<nested_exp>  # Default value
 
  *              | <function>(<nested_exp>)    # Static function call
 
  *              | <constant>
 
  *              | <html>
 
- * <variable> : $<name>             # Regular variable
 
- *            | $<name>.<name>      # Object attribute or associative array value
 
- *            | $<name>.<name>()    # Method call (no arguments allowed)
 
+ * <variable> : $<name>            # Regular variable (escaped)
 
+ *            | $<name>.<name>     # Object attribute or associative array value (escaped)
 
+ *            | $<name>.<name>()   # Method call (escaped) (no arguments allowed)
 
+ *            | $$<name>           # Regular variable (plain)
 
+ *            | $$<name>.<name>    # Object attribute or associative array value (plain)
 
+ *            | $$<name>.<name>()  # Method call (plain)
 
  * <function> : <name>          # Global function
 
  *            | <name>::<name>  # Static class method
 
  * <constant> : An all-caps PHP constant: [A-Z0-9_]+
 
@@ -337,7 +341,7 @@ class Template extends Node {
 
 	}
 
 	
 	/**
 
-	 * Escape a vairable value for displaying in HTML.
 
+	 * Escape a variable value for displaying in HTML.
 
 	 * 
 	 * Uses {@link http://php.net/htmlentities} with ENT_QUOTES.
 
 	 * 
@@ -345,7 +349,7 @@ class Template extends Node {
 
 	 * @return string The escaped value.
 
 	 */
 
 	private static function escape_variable_value($value) {
 
-		return htmlentities($value, ENT_QUOTES);
 
+		return htmlspecialchars($value, ENT_QUOTES);
 
 	}
 
 	
 	/**
 
@@ -353,7 +357,7 @@ class Template extends Node {
 
 	 * 
 	 * This function is a helper for {@link evaluate_expression()}.
 
 	 * 
-	 * @param array $matches Regex matches for conditional pattern.
 
+	 * @param string[] $matches Regex matches for conditional pattern.
 
 	 * @param Node $data A data tree containing variable values to use for
 
 	 *                   variable expressions.
 
 	 * @return string The evaluation of the condition.

+ 2 - 1
tests/test_template.php
Wyświetl plik 

@@ -293,7 +293,8 @@ class TemplateTest extends PHPUnit_Framework_TestCase {
 
 	 */
 
 	function test_evaluate_variable_escape() {
 
 		$this->assert_evaluates('<script></script>', '$html');
 
-		$this->assert_evaluates('Iñtërnâtiônàlizætiøn', '$internationalization');
 
+		$this->assert_evaluates('Iñtërnâtiônàlizætiøn', '$internationalization');
 
+		//$this->assert_evaluates('Iñtërnâtiônàlizætiøn', '$internationalization');
 
 	}
 
 	
 	/**