/** * Number 'from-to' field filter HTML with selected value. * * @param Mage_Eav_Model_Entity_Attribute $attribute * @param mixed $value * @return string */ protected function _getNumberFromToHtmlWithValue(Mage_Eav_Model_Entity_Attribute $attribute, $value) { $fromValue = null; $toValue = null; $name = $this->getFilterElementName($attribute->getAttributeCode()); if (is_array($value) && count($value) == 2) { $fromValue = $this->_helper->escapeHtml(reset($value)); $toValue = $this->_helper->escapeHtml(next($value)); } return '<strong>' . $this->_helper->__('From') . ':</strong> ' . '<input type="text" name="' . $name . '[]" class="input-text"' . ' value="' . $fromValue . '" style="width:100px;"/> ' . '<strong>' . $this->_helper->__('To') . ':</strong> <input type="text" name="' . $name . '[]" class="input-text" style="width:100px;" value="' . $toValue . '" />'; }
/** * Escape string preserving links * * @param array|string $data * @param null|array $allowedTags * @return string */ public function escapeHtmlWithLinks($data, $allowedTags = null) { if (!empty($data) && is_array($allowedTags) && in_array('a', $allowedTags)) { $links = []; $i = 1; $data = str_replace('%', '%%', $data); $regexp = "/<a\\s[^>]*href\\s*?=\\s*?([\"\\']??)([^\" >]*?)\\1[^>]*>(.*)<\\/a>/siU"; while (preg_match($regexp, $data, $matches)) { //Revert the sprintf escaping $url = str_replace('%%', '%', $matches[2]); $text = str_replace('%%', '%', $matches[3]); //Check for an valid url if ($url) { $urlScheme = strtolower(parse_url($url, PHP_URL_SCHEME)); if ($urlScheme !== 'http' && $urlScheme !== 'https') { $url = null; } } //Use hash tag as fallback if (!$url) { $url = '#'; } //Recreate a minimalistic secure a tag $links[] = sprintf('<a href="%s">%s</a>', htmlspecialchars($url, ENT_QUOTES, 'UTF-8', false), parent::escapeHtml($text)); $data = str_replace($matches[0], '%' . $i . '$s', $data); ++$i; } $data = parent::escapeHtml($data, $allowedTags); return vsprintf($data, $links); } return parent::escapeHtml($data, $allowedTags); }
/** * @dataProvider escapeHtmlDataProvider */ public function testEscapeHtml($data, $expected) { $actual = $this->_helper->escapeHtml($data); $this->assertEquals($expected, $actual); }