/** * Set Escaper instance * * @param Escaper $escaper * @return AbstractStandalone */ public function setEscaper(Escaper $escaper) { $encoding = $escaper->getEncoding(); $this->escapers[$encoding] = $escaper; return $this; }
public function setEscaper(Escaper\Escaper $escaper) { $this->escaper = $escaper; $this->encoding = $escaper->getEncoding(); return $this; }
/** * * Escapes values in an array and all its sub-arrays. * * @param array $data Array of data to be escaped. This array will be modifed during the escape operation. * * @param string $escape_encoding Encoding to be used for escaping data values in $data and $this->data. * If this value is empty, the value of $this->escape_encoding will be used * if it's not empty, else the default value of 'utf-8' will be finally used. * See documentation for $this->escape_encoding for more info. * * @param array $data_vars_2_html_escape An array of keys in $data whose values (only strings) will be * individually escaped using Zend\Escaper\Escaper::escapeHtml($string). * * @param array $data_vars_2_html_attr_escape An array of keys in $data whose values (only strings) will be * individually escaped using Zend\Escaper\Escaper::escapeHtmlAttr($string). * * @param array $data_vars_2_css_escape An array of keys in $data whose values (only strings) will be * individually escaped using Zend\Escaper\Escaper::escapeCss($string). * * @param array $data_vars_2_js_escape An array of keys in $data whose values (only strings) will be * individually escaped using Zend\Escaper\Escaper::escapeJs($string). * * @param \Zend\Escaper\Escaper $escaper An optional escaper object that will be used for escaping. * * @return void * * @throws \Rotexsoft\FileRenderer\FileNotFoundException */ protected function escapeData(array &$data, $escape_encoding = 'utf-8', array $data_vars_2_html_escape = array(), array $data_vars_2_html_attr_escape = array(), array $data_vars_2_css_escape = array(), array $data_vars_2_js_escape = array(), \Zend\Escaper\Escaper $escaper = null) { if (count($data) <= 0) { //no data supplied; nothing to do return; } else { if (count($data_vars_2_html_escape) <= 0 && count($data_vars_2_html_attr_escape) <= 0 && count($data_vars_2_css_escape) <= 0 && count($data_vars_2_js_escape) <= 0) { //no field has been specified for escaping; nothing to do return; } } $hash_of_data_array = spl_object_hash(json_decode(json_encode($data))); if (array_key_exists($hash_of_data_array, $this->multi_escape_prevention_guard) && $this->multi_escape_prevention_guard[$hash_of_data_array]['escape_encoding'] === $escape_encoding && $this->multi_escape_prevention_guard[$hash_of_data_array]['data_vars_2_html_escape'] === $data_vars_2_html_escape && $this->multi_escape_prevention_guard[$hash_of_data_array]['data_vars_2_html_attr_escape'] === $data_vars_2_html_attr_escape && $this->multi_escape_prevention_guard[$hash_of_data_array]['data_vars_2_css_escape'] === $data_vars_2_css_escape && $this->multi_escape_prevention_guard[$hash_of_data_array]['data_vars_2_js_escape'] === $data_vars_2_js_escape) { //the data array has already been escaped; don't wanna escape already escaped data return; } $final_encoding = empty($escape_encoding) ? empty($this->escape_encoding) ? 'utf-8' : $this->escape_encoding : $escape_encoding; if (is_null($escaper)) { if ($this->escaper instanceof \Zend\Escaper\Escaper && $this->escaper->getEncoding() === $final_encoding) { $escaper = $this->escaper; //we can safely use the escaper associated with this class. } else { $escaper = new \Zend\Escaper\Escaper($final_encoding); } } foreach ($data as $key => $value) { $methods = array(); if (in_array($key, $data_vars_2_html_escape) || in_array('*', $data_vars_2_html_escape)) { $methods[] = 'escapeHtml'; } if (in_array($key, $data_vars_2_html_attr_escape) || in_array('*', $data_vars_2_html_attr_escape)) { $methods[] = 'escapeHtmlAttr'; } if (in_array($key, $data_vars_2_css_escape) || in_array('*', $data_vars_2_css_escape)) { $methods[] = 'escapeCss'; } if (in_array($key, $data_vars_2_js_escape) || in_array('*', $data_vars_2_js_escape)) { $methods[] = 'escapeJs'; } if (count($methods) > 0 || is_array($data[$key])) { if (is_array($data[$key])) { // recursively escape sub-array $this->escapeData($data[$key], $final_encoding, $data_vars_2_html_escape, $data_vars_2_html_attr_escape, $data_vars_2_css_escape, $data_vars_2_js_escape, $escaper); } else { if (is_string($data[$key])) { foreach ($methods as $method) { // escape the value $data[$key] = $escaper->{$method}($data[$key]); } } } //if( is_array($data[$key]) ) ... else if( is_string($data[$key]) ) } // if( count($methods) > 0 || is_array($data[$key]) ) } // foreach( $data as $key => $value ) //add the hash of the data array we have just escaped to the list of //hashes of escaped data arrays $hash_of_escaped_data_array = spl_object_hash(json_decode(json_encode($data))); $this->multi_escape_prevention_guard[$hash_of_escaped_data_array] = array('escape_encoding' => $escape_encoding, 'data_vars_2_html_escape' => $data_vars_2_html_escape, 'data_vars_2_html_attr_escape' => $data_vars_2_html_attr_escape, 'data_vars_2_css_escape' => $data_vars_2_css_escape, 'data_vars_2_js_escape' => $data_vars_2_js_escape); }