Exemplo n.º 1
0
 /**
  * Initializes the built-in escapers.
  *
  * Each function specifies a way for applying a transformation to a string
  * passed to it. The purpose is for the string to be "escaped" so it is
  * suitable for the format it is being displayed in.
  *
  * For example, the string: "It's required that you enter a username & password.\n"
  * If this were to be displayed as HTML it would be sensible to turn the
  * ampersand into '&' and the apostrophe into '&aps;'. However if it were
  * going to be used as a string in JavaScript to be displayed in an alert box
  * it would be right to leave the string as-is, but c-escape the apostrophe and
  * the new line.
  *
  * For each function there is a define to avoid problems with strings being
  * incorrectly specified.
  */
 static function initializeEscapers()
 {
     self::$escapers = array('htmlspecialchars' => function ($value) {
         // Numbers and boolean values get turned into strings which can cause problems
         // with type comparisons (e.g. === or is_int() etc).
         return is_string($value) ? htmlspecialchars($value, ENT_QUOTES, Escaper::getCharset()) : $value;
     }, 'entities' => function ($value) {
         // Numbers and boolean values get turned into strings which can cause problems
         // with type comparisons (e.g. === or is_int() etc).
         return is_string($value) ? htmlentities($value, ENT_QUOTES, Escaper::getCharset()) : $value;
     }, 'raw' => function ($value) {
         return $value;
     }, 'js' => function ($value) {
         return str_replace(array("\\", "\n", "\r", "\"", "'"), array("\\\\", "\\n", "\\r", "\\\"", "\\'"), is_string($value) ? htmlentities($value, ENT_QUOTES, Escaper::getCharset()) : $value);
     }, 'js_no_entities' => function ($value) {
         return str_replace(array("\\", "\n", "\r", "\"", "'"), array("\\\\", "\\n", "\\r", "\\\"", "\\'"), $value);
     });
 }
Exemplo n.º 2
0
 /**
  * Initializes the built-in escapers.
  *
  * Each function specifies a way for applying a transformation to a string
  * passed to it. The purpose is for the string to be "escaped" so it is
  * suitable for the format it is being displayed in.
  *
  * For example, the string: "It's required that you enter a username & password.\n"
  * If this were to be displayed as HTML it would be sensible to turn the
  * ampersand into '&' and the apostrophe into '&aps;'. However if it were
  * going to be used as a string in JavaScript to be displayed in an alert box
  * it would be right to leave the string as-is, but c-escape the apostrophe and
  * the new line.
  *
  * For each function there is a define to avoid problems with strings being
  * incorrectly specified.
  */
 static function initializeEscapers()
 {
     self::$escapers = array('htmlspecialchars' => function ($value) {
         // Numbers and boolean values get turned into strings which can cause problems
         // with type comparisons (e.g. === or is_int() etc).
         return is_string($value) ? htmlspecialchars($value, ENT_QUOTES, Escaper::getCharset(), false) : $value;
     }, 'entities' => function ($value) {
         // Numbers and boolean values get turned into strings which can cause problems
         // with type comparisons (e.g. === or is_int() etc).
         return is_string($value) ? htmlentities($value, ENT_QUOTES, Escaper::getCharset(), false) : $value;
     }, 'raw' => function ($value) {
         return $value;
     }, 'js' => function ($value) {
         if ('UTF-8' != Escaper::getCharset()) {
             $string = Escaper::convertEncoding($string, 'UTF-8', Escaper::getCharset());
         }
         $callback = function ($matches) {
             $char = $matches[0];
             // \xHH
             if (!isset($char[1])) {
                 return '\\x' . substr('00' . bin2hex($char), -2);
             }
             // \uHHHH
             $char = Escaper::convertEncoding($char, 'UTF-16BE', 'UTF-8');
             return '\\u' . substr('0000' . bin2hex($char), -4);
         };
         if (null === ($string = preg_replace_callback('#[^\\p{L}\\p{N} ]#u', $callback, $string))) {
             throw new InvalidArgumentException('The string to escape is not a valid UTF-8 string.');
         }
         if ('UTF-8' != Escaper::getCharset()) {
             $string = Escaper::convertEncoding($string, Escaper::getCharset(), 'UTF-8');
         }
         return $string;
     });
 }