public function testEscaping() { $input = "one <>&' two"; $expected = "one <>&' two"; $escaped = View::escape($input); $unescaped = View::unescape($escaped); $this->assertEquals($escaped, $expected); $this->assertEquals($unescaped, $input); }
/** * @param string $fieldname The name of the person field * @param Person $person The currently selected Person object * @return string */ public function personChooser($fieldname, Person $person = null) { $this->template->addToAsset('scripts', JQUERY . '/jquery.min.js'); $this->template->addToAsset('scripts', BASE_URI . '/js/people/personChooser.js'); $id = ''; $name = ''; if ($person) { $id = $person->getId(); $name = View::escape($person->getFullname()); } $return_url = new Url($_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI']); $personChooser = BASE_URI . '/people?return_url=' . $return_url; $html = "\n\t\t<input type=\"hidden\" name=\"{$fieldname}_id\" id=\"{$fieldname}_id\" value=\"{$id}\" />\n\t\t<span id=\"{$fieldname}-name\">{$name}</span>\n\t\t<a class=\"btn\"\n\t\t\thref=\"{$personChooser}\"\n\t\t\tonclick=\"PERSON_CHOOSER.open('{$fieldname}');return false;\">\n\t\t\t<span class=\"fa fa-user\"></span>\n\t\t\tChange Person\n\t\t</a>\n\t\t"; return $html; }
/** * Converts an array into hidden inputs for a form * * Used for preserving all $_REQUEST information in subsequent form posts * * @param array $array Usually the $_REQUEST array * @param string $base A key used for naming inputs as an array * @param array $filterKeys Keys in $array to be ignored */ public function renderInputs($array, $base = null, $filterKeys = null) { $html = ''; foreach ($array as $k => $v) { if (!$filterKeys || !in_array($k, $filterKeys)) { $k = View::escape($k); $name = $base ? "{$base}[{$k}]" : $k; if (!is_array($v)) { $v = View::escape($v); $html .= "<input name=\"{$name}\" value=\"{$v}\" type=\"hidden\" />"; } else { $this->renderInputs($v, $k, $filterKeys); } } } return $html; }