public function test_htmlchars() { $this->assertEquals('test', _htmlchars('test')); $this->assertEquals('test' . PHP_EOL . 'test', _htmlchars('test' . PHP_EOL . 'test')); $this->assertEquals('{', _htmlchars('{')); $this->assertEquals('}', _htmlchars('}')); $this->assertEquals("\\\\", _htmlchars("\\\\")); $this->assertEquals('(', _htmlchars('(')); $this->assertEquals(')', _htmlchars(')')); $this->assertEquals('?', _htmlchars('?')); $this->assertEquals(''', _htmlchars('\'')); $this->assertEquals('"', _htmlchars('"')); $this->assertEquals('<', _htmlchars('<')); $this->assertEquals('>', _htmlchars('>')); $this->assertEquals('<script>', _htmlchars('<script>')); $this->assertEquals(['test'], _htmlchars(['test'])); $this->assertEquals(['k1' => '<', 'k2' => '>'], _htmlchars(['k1' => '<', 'k2' => '>'])); $this->assertEquals(['k1' => [['<']], 'k2' => '>'], _htmlchars(['k1' => [['<']], 'k2' => '>'])); $this->assertEquals('>', _htmlchars('>')); $this->assertEquals(''', _htmlchars(''')); }
function _attrs($extra, $names) { $body = []; $a = []; foreach ((array) $names as $name) { if (strlen($name) && isset($extra[$name])) { $a[$name] = $extra[$name]; } } // Try to find and allow all data-* and ng-* attributes automatically foreach ((array) $extra as $name => $val) { if (strpos($name, 'data-') === 0 || strpos($name, 'ng-') === 0) { $a[$name] = $val; } } // Custom html attributes forced with sub-array "attr" if (is_array($extra['attr'])) { foreach ($extra['attr'] as $name => $val) { if (strlen($name)) { $a[$name] = $val; } } } // Make sure that class attribute contains unique names and also cleanup extra spaces if (isset($a['class']) && strpos($a['class'], ' ') !== false) { $a['class'] = _attr_class_clean($a['class']); } foreach ($a as $name => $val) { if (is_array($val)) { $body[$name] = _htmlchars($name) . '="' . http_build_query(_htmlchars($val)) . '"'; } else { if (!strlen($val)) { continue; } if ($name == 'id') { $val = fix_html_attr_id($val); } $body[$name] = _htmlchars($name) . '="' . _htmlchars($val) . '"'; } } return $body ? ' ' . implode(' ', $body) : ''; }
/** * Simple textarea form control */ function textarea($name = '', $value = '', $extra = []) { if (is_array($name)) { $extra = (array) $extra + $name; $name = $extra['name']; } if (!is_array($extra)) { $extra = []; } $extra['name'] = $extra['name'] ?: ($name ?: 'text'); $extra['value'] = $extra['value'] ?: $value; $extra['id'] = $extra['id'] ?: __FUNCTION__ . '_' . ++$this->_ids[__FUNCTION__]; $extra['desc'] = $extra['desc'] ?: ucfirst(str_replace('_', '', $extra['name'])); $extra['type'] = $extra['type'] ?: 'text'; $extra['placeholder'] = $extra['placeholder'] ? t($extra['placeholder']) : $extra['desc']; $extra['contenteditable'] = !isset($extra['contenteditable']) || $extra['contenteditable'] ? 'true' : false; $attrs_names = ['id', 'name', 'placeholder', 'contenteditable', 'class', 'style', 'cols', 'rows', 'title', 'required', 'size', 'disabled', 'readonly', 'autocomplete', 'autofocus']; return '<textarea' . _attrs($extra, $attrs_names) . '>' . (!isset($extra['no_escape']) ? _htmlchars($extra['value']) : $extra['value']) . '</textarea>'; }
/** */ function info($name, $desc = '', $extra = [], $replace = []) { if (is_array($desc)) { $extra = (array) $extra + $desc; $desc = ''; } if (!is_array($extra)) { $extra = []; } $extra['name'] = $extra['name'] ?: $name; $extra['desc'] = $this->_prepare_desc($extra, $desc); $func = function ($extra, $r, $form) { $form->_prepare_inline_error($extra); $extra['desc'] = !$extra['no_label'] && !$form->_params['no_label'] ? $extra['desc'] : ''; $value = $r[$extra['name']] ?: $extra['value']; if (is_array($extra['data'])) { if (isset($extra['data'][$value])) { $value = $extra['data'][$value]; } elseif (isset($extra['data'][$extra['name']])) { $value = $extra['data'][$extra['name']]; } } $value = !isset($extra['no_escape']) ? _htmlchars($value) : $value; if (!$extra['no_translate']) { $extra['desc'] = t($extra['desc']); $value = t($value); } if ($extra['no_text']) { $value = ''; } if ($extra['link']) { if (MAIN_TYPE_ADMIN && main()->ADMIN_GROUP != 1 && !_class('admin_methods')->_admin_link_is_allowed($extra['link'])) { $extra['link'] = ''; } } $icon = $extra['icon'] ? '<i class="' . $extra['icon'] . '"></i> ' : ''; $content = ''; if ($extra['link']) { if ($extra['rewrite']) { $extra['link'] = url($extra['link']); } $extra['class'] = $extra['class'] ?: $form->CLASS_BTN_MINI; $extra['class'] = $form->_prepare_css_class($extra['class'], $r[$extra['name']], $extra); $extra['href'] = $extra['link']; $extra['title'] = $extra['title'] ?: $extra['desc'] ?: $extra['name']; $attrs_names = ['href', 'name', 'class', 'style', 'disabled', 'target', 'alt', 'title']; $content = '<a' . _attrs($extra, $attrs_names) . '>' . $icon . $value . '</a>'; } else { $extra['class'] = $extra['class'] ?: $form->CLASS_LABEL_INFO; $content = '<span class="' . $form->_prepare_css_class($extra['class'], $r[$extra['name']], $extra) . '">' . $icon . $value . '</span>'; } return $form->_row_html($content, $extra, $r); }; if ($this->_chained_mode) { $this->_body[] = ['func' => $func, 'extra' => $extra, 'replace' => $replace, 'name' => __FUNCTION__]; return $this; } return $func((array) $extra + (array) $this->_extra, (array) $replace + (array) $this->_replace, $this); }