protected function escapeParameters(array $parameters) { if (false !== $this->escaper) { Escaper::setCharset($this->getCharset()); $parameters['_data'] = Escaper::escape($this->escaper, $parameters); foreach ($parameters['_data'] as $key => $value) { $parameters[$key] = $value; } } else { $parameters['_data'] = Escaper::escape('raw', $parameters); } return $parameters; }
class OutputEscaperTest { public function __toString() { return $this->getTitle(); } public function getTitle() { return '<strong>escaped!</strong>'; } public function getTitles() { return array(1, 2, '<strong>escaped!</strong>'); } } $object = new OutputEscaperTest(); $escaped = Escaper::escape('entities', $object); $t->is($escaped->getTitle(), '<strong>escaped!</strong>', 'The escaped object behaves like the real object'); $array = $escaped->getTitles(); $t->is($array[2], '<strong>escaped!</strong>', 'The escaped object behaves like the real object'); // __toString() $t->diag('__toString()'); $t->is($escaped->__toString(), '<strong>escaped!</strong>', 'The escaped object behaves like the real object');
$t->diag('::unescape() unescapes strings'); $t->is(Escaper::unescape('<strong>escaped!</strong>'), '<strong>escaped!</strong>', '::unescape() returns an unescaped string if the value to unescape is a string'); $t->is(Escaper::unescape('<strong>échappé</strong>'), '<strong>échappé</strong>', '::unescape() returns an unescaped string if the value to unescape is a string'); $t->diag('::unescape() unescapes arrays'); $input = Escaper::escape('esc_entities', array('foo' => '<strong>escaped!</strong>', 'bar' => array('foo' => '<strong>escaped!</strong>'))); $output = Escaper::unescape($input); $t->ok(is_array($output), '::unescape() returns an array if the input is a ArrayDecorator object'); $t->is($output['foo'], '<strong>escaped!</strong>', '::unescape() unescapes all elements of the original array'); $t->is($output['bar']['foo'], '<strong>escaped!</strong>', '::unescape() is recursive'); $t->diag('::unescape() unescapes objects'); $object = new OutputEscaperTestClass(); $input = Escaper::escape('esc_entities', $object); $output = Escaper::unescape($input); $t->ok($output instanceof OutputEscaperTestClass, '::unescape() returns the original object when a ObjectDecorator object is passed'); $t->is($output->getTitle(), '<strong>escaped!</strong>', '::unescape() unescapes all methods of the original object'); $t->is($output->title, '<strong>escaped!</strong>', '::unescape() unescapes all properties of the original object'); $t->is($output->getTitleTitle(), '<strong>escaped!</strong>', '::unescape() is recursive'); $t->ok(IteratorDecorator::unescape(Escaper::escape('esc_entities', new DirectoryIterator('.'))) instanceof DirectoryIterator, '::unescape() unescapes IteratorDecorator objects'); $t->diag('::unescape() does not unescape object marked as being safe'); $t->ok(Escaper::unescape(Escaper::escape('esc_entities', new Safe(new OutputEscaperTestClass()))) instanceof OutputEscaperTestClass, '::unescape() returns the original value if it is marked as being safe'); Escaper::markClassAsSafe('OutputEscaperTestClass'); $t->ok(Escaper::unescape(Escaper::escape('esc_entities', new OutputEscaperTestClass())) instanceof OutputEscaperTestClass, '::unescape() returns the original value if the object class is marked as being safe'); $t->ok(Escaper::unescape(Escaper::escape('esc_entities', new OutputEscaperTestClassChild())) instanceof OutputEscaperTestClassChild, '::unescape() returns the original value if one of the object parent class is marked as being safe'); $t->diag('::unescape() do nothing to resources'); $fh = fopen(__FILE__, 'r'); $t->is(Escaper::unescape($fh), $fh, '::unescape() do nothing to resources'); $t->diag('::unescape() unescapes mixed arrays'); $object = new OutputEscaperTestClass(); $input = array('foo' => 'bar', 'bar' => Escaper::escape('esc_entities', '<strong>bar</strong>'), 'foobar' => Escaper::escape('esc_entities', $object)); $output = array('foo' => 'bar', 'bar' => '<strong>bar</strong>', 'foobar' => $object); $t->is(Escaper::unescape($input), $output, '::unescape() unescapes values with some escaped and unescaped values');
public function testUnescapeUnescapesMixedArrays() { $object = new OutputEscaperTestClass(); $input = array('foo' => 'bar', 'bar' => Escaper::escape('entities', '<strong>bar</strong>'), 'foobar' => Escaper::escape('entities', $object)); $output = array('foo' => 'bar', 'bar' => '<strong>bar</strong>', 'foobar' => $object); $this->assertEquals(Escaper::unescape($input), $output, '::unescape() unescapes values with some escaped and unescaped values'); }
$t->is($output->getTitle(), '<strong>escaped!</strong>', '::unescape() unescapes all methods of the original object'); $t->is($output->title, '<strong>escaped!</strong>', '::unescape() unescapes all properties of the original object'); $t->is($output->getTitleTitle(), '<strong>escaped!</strong>', '::unescape() is recursive'); $t->ok(IteratorDecorator::unescape(Escaper::escape('entities', new DirectoryIterator('.'))) instanceof DirectoryIterator, '::unescape() unescapes IteratorDecorator objects'); $t->diag('::unescape() does not unescape object marked as being safe'); $t->ok(Escaper::unescape(Escaper::escape('entities', new Safe(new OutputEscaperTestClass()))) instanceof OutputEscaperTestClass, '::unescape() returns the original value if it is marked as being safe'); Escaper::markClassAsSafe('OutputEscaperTestClass'); $t->ok(Escaper::unescape(Escaper::escape('entities', new OutputEscaperTestClass())) instanceof OutputEscaperTestClass, '::unescape() returns the original value if the object class is marked as being safe'); $t->ok(Escaper::unescape(Escaper::escape('entities', new OutputEscaperTestClassChild())) instanceof OutputEscaperTestClassChild, '::unescape() returns the original value if one of the object parent class is marked as being safe'); $t->diag('::unescape() do nothing to resources'); $fh = fopen(__FILE__, 'r'); $t->is(Escaper::unescape($fh), $fh, '::unescape() do nothing to resources'); $t->diag('::unescape() unescapes mixed arrays'); $object = new OutputEscaperTestClass(); $input = array( 'foo' => 'bar', 'bar' => Escaper::escape('entities', '<strong>bar</strong>'), 'foobar' => Escaper::escape('entities', $object), ); $output = array( 'foo' => 'bar', 'bar' => '<strong>bar</strong>', 'foobar' => $object, ); $t->is(Escaper::unescape($input), $output, '::unescape() unescapes values with some escaped and unescaped values');
public static function setUpBeforeClass() { $object = new OutputEscaperTest(); self::$escaped = Escaper::escape('entities', $object); }
public static function setUpBeforeClass() { $a = array('<strong>escaped!</strong>', 1, null, array(2, '<strong>escaped!</strong>')); self::$escaped = Escaper::escape('entities', $a); }
<?php /* * This file is part of the symfony package. * * (c) Fabien Potencier <*****@*****.**> * * For the full copyright and license information, please view the LICENSE * file that was distributed with this source code. */ require_once __DIR__ . '/../../../bootstrap.php'; use Symfony\Components\OutputEscaper\Escaper; $t = new LimeTest(11); $a = array('<strong>escaped!</strong>', 1, null, array(2, '<strong>escaped!</strong>')); $escaped = Escaper::escape('esc_entities', $a); // ->getRaw() $t->diag('->getRaw()'); $t->is($escaped->getRaw(0), '<strong>escaped!</strong>', '->getRaw() returns the raw value'); // ArrayAccess interface $t->diag('ArrayAccess interface'); $t->is($escaped[0], '<strong>escaped!</strong>', 'The escaped object behaves like an array'); $t->is($escaped[2], null, 'The escaped object behaves like an array'); $t->is($escaped[3][1], '<strong>escaped!</strong>', 'The escaped object behaves like an array'); $t->ok(isset($escaped[1]), 'The escaped object behaves like an array (isset)'); $t->diag('ArrayAccess interface is read only'); try { unset($escaped[0]); $t->fail('The escaped object is read only (unset)'); } catch (\LogicException $e) { $t->pass('The escaped object is read only (unset)'); }