public static function preProcessing(Dwoo_Compiler $compiler, array $params, $prepend, $append, $type)
{
$params = $compiler->getCompiledParams($params);
switch (strtolower(trim((string) $params['enabled'], '"\''))) {
case 'on':
case 'true':
case 'enabled':
case 'enable':
case '1':
$enable = true;
break;
case 'off':
case 'false':
case 'disabled':
case 'disable':
case '0':
$enable = false;
break;
default:
throw new Dwoo_Compilation_Exception($compiler, 'Auto_Escape : Invalid parameter (' . $params['enabled'] . '), valid parameters are "enable"/true or "disable"/false');
}
self::$stack[] = $compiler->getAutoEscape();
$compiler->setAutoEscape($enable);
return '';
}
/**
* utility function that converts an array of compiled parameters (or rest array) to a string of xml/html tag attributes
*
* this is to be used in preProcessing or postProcessing functions, example :
* $p = $compiler->getCompiledParams($params);
* // get only the rest array as attributes
* $attributes = Dwoo_Plugin::paramsToAttributes($p['*']);
* // get all the parameters as attributes (if there is a rest array, it will be included)
* $attributes = Dwoo_Plugin::paramsToAttributes($p);
*
* @param array $params an array of attributeName=>value items that will be compiled to be ready for inclusion in a php string
* @param string $delim the string delimiter you want to use (defaults to ')
* @param Dwoo_Compiler $compiler the compiler instance (optional for BC, but recommended to pass it for proper escaping behavior)
* @return string
*/
public static function paramsToAttributes(array $params, $delim = '\'', Dwoo_Compiler $compiler = null)
{
if (isset($params['*'])) {
$params = array_merge($params, $params['*']);
unset($params['*']);
}
$out = '';
foreach ($params as $attr => $val) {
$out .= ' ' . $attr . '=';
if (trim($val, '"\'') == '' || $val == 'null') {
$out .= str_replace($delim, '\\' . $delim, '""');
} elseif (substr($val, 0, 1) === $delim && substr($val, -1) === $delim) {
$out .= str_replace($delim, '\\' . $delim, '"' . substr($val, 1, -1) . '"');
} else {
if (!$compiler) {
// disable double encoding since it can not be determined if it was encoded
$escapedVal = '.(is_string($tmp2=' . $val . ') ? htmlspecialchars($tmp2, ENT_QUOTES, $this->charset, false) : $tmp2).';
} elseif (!$compiler->getAutoEscape() || false === strpos($val, 'isset($this->scope')) {
// escape if auto escaping is disabled, or there was no variable in the string
$escapedVal = '.(is_string($tmp2=' . $val . ') ? htmlspecialchars($tmp2, ENT_QUOTES, $this->charset) : $tmp2).';
} else {
// print as is
$escapedVal = '.' . $val . '.';
}
$out .= str_replace($delim, '\\' . $delim, '"') . $delim . $escapedVal . $delim . str_replace($delim, '\\' . $delim, '"');
}
}
return ltrim($out);
}
public function testAutoEscapeWithFunctionCall()
{
$cmp = new Dwoo_Compiler();
$cmp->setAutoEscape(true);
$this->assertEquals(true, $cmp->getAutoEscape());
$tpl = new Dwoo_Template_String('{upper $foo}{upper $foo|safe}');
$tpl->forceCompilation();
$this->assertEquals("A<B>CA<B>C", $this->dwoo->get($tpl, array('foo' => 'a<b>c'), $cmp));
}
public static function paramsToAttributes(array $params, $delim = '\'', Dwoo_Compiler $compiler = null)
{
if (isset($params['*'])) {
$params = array_merge($params, $params['*']);
unset($params['*']);
}
$out = '';
foreach ($params as $attr => $val) {
$out .= ' ' . $attr . '=';
if (trim($val, '"\'') == '' || $val == 'null') {
$out .= str_replace($delim, '\\' . $delim, '""');
} elseif (substr($val, 0, 1) === $delim && substr($val, -1) === $delim) {
$out .= str_replace($delim, '\\' . $delim, '"' . substr($val, 1, -1) . '"');
} else {
if (!$compiler) {
$escapedVal = '.(is_string($tmp2=' . $val . ') ? htmlspecialchars($tmp2, ENT_QUOTES, $this->charset, false) : $tmp2).';
} elseif (!$compiler->getAutoEscape() || false === strpos($val, 'isset($this->scope')) {
$escapedVal = '.(is_string($tmp2=' . $val . ') ? htmlspecialchars($tmp2, ENT_QUOTES, $this->charset) : $tmp2).';
} else {
$escapedVal = '.' . $val . '.';
}
$out .= str_replace($delim, '\\' . $delim, '"') . $delim . $escapedVal . $delim . str_replace($delim, '\\' . $delim, '"');
}
}
return ltrim($out);
}
