/** * Processes an HTML attribute value and strips dangerous protocols from URLs. * * @param string $string * The string with the attribute value. * * @return string * Cleaned up and HTML-escaped version of $string. */ public static function filterBadProtocol($string) { // Get the plain text representation of the attribute value (i.e. its // meaning). $string = Html::decodeEntities($string); return SafeMarkup::checkPlain(static::stripDangerousProtocols($string)); }
/** * Encodes special characters in a plain-text string for display as HTML. * * @param string $text * The text to be checked or processed. * * @return string * An HTML safe version of $text, or an empty string if $text is not * valid UTF-8. * * @deprecated in Drupal 8.x-dev, will be removed before Drupal 8.0. * Use \Drupal\Component\Utility\SafeMarkup::checkPlain() instead. */ public static function checkPlain($text) { return SafeMarkup::checkPlain($text); }
/** * {@inheritdoc} */ public function orderView(OrderInterface $order) { $build = array(); // Add the hidden span for the CC details if possible. $account = \Drupal::currentUser(); if ($account->hasPermission('view cc details')) { $rows = array(); if (!empty($order->payment_details['cc_type'])) { $rows[] = t('Card type') . ': ' . SafeMarkup::checkPlain($order->payment_details['cc_type']); } if (!empty($order->payment_details['cc_owner'])) { $rows[] = t('Card owner') . ': ' . SafeMarkup::checkPlain($order->payment_details['cc_owner']); } if (!empty($order->payment_details['cc_number'])) { $rows[] = t('Card number') . ': ' . uc_credit_display_number($order->payment_details['cc_number']); } if (!empty($order->payment_details['cc_start_month']) && !empty($order->payment_details['cc_start_year'])) { $rows[] = t('Start date') . ': ' . $order->payment_details['cc_start_month'] . '/' . $order->payment_details['cc_start_year']; } if (!empty($order->payment_details['cc_exp_month']) && !empty($order->payment_details['cc_exp_year'])) { $rows[] = t('Expiration') . ': ' . $order->payment_details['cc_exp_month'] . '/' . $order->payment_details['cc_exp_year']; } if (!empty($order->payment_details['cc_issue'])) { $rows[] = t('Issue number') . ': ' . SafeMarkup::checkPlain($order->payment_details['cc_issue']); } if (!empty($order->payment_details['cc_bank'])) { $rows[] = t('Issuing bank') . ': ' . SafeMarkup::checkPlain($order->payment_details['cc_bank']); } $build['cc_info'] = array('#prefix' => '<a href="#" onclick="jQuery(this).hide().next().show();">' . t('Show card details') . '</a><div style="display: none;">', '#markup' => implode('<br />', $rows), '#suffix' => '</div>'); // Add the form to process the card if applicable. if ($account->hasPermission('process credit cards')) { $build['terminal'] = \Drupal::formBuilder()->getForm('uc_credit_order_view_form', $order->id()); } } return $build; }
/** * Formats the address for display based on the country's address format. * * @return * A formatted string containing the address. */ public function __toString() { $variables = array('!company' => $this->company, '!first_name' => $this->first_name, '!last_name' => $this->last_name, '!street1' => $this->street1, '!street2' => $this->street2, '!city' => $this->city, '!postal_code' => $this->postal_code); $country = \Drupal::service('country_manager')->getCountry($this->country); if ($country) { $variables += array('!zone_code' => $this->zone ?: t('N/A'), '!zone_name' => isset($country->getZones()[$this->zone]) ? $country->getZones()[$this->zone] : t('Unknown'), '!country_name' => t($country->getName()), '!country_code2' => $country->id(), '!country_code3' => $country->getAlpha3()); $format = implode("\r\n", $country->getAddressFormat()); } else { $variables += array('!zone_code' => t('N/A'), '!zone_name' => t('Unknown'), '!country_name' => t('Unknown'), '!country_code2' => t('N/A'), '!country_code3' => t('N/A')); $format = "!company\r\n!first_name !last_name\r\n!street1\r\n!street2\r\n!city, !zone_code !postal_code\r\n!country_name_if"; } if (uc_store_default_country() != $this->country) { $variables['!country_name_if'] = $variables['!country_name']; $variables['!country_code2_if'] = $variables['!country_code2']; $variables['!country_code3_if'] = $variables['!country_code3']; } else { $variables['!country_name_if'] = ''; $variables['!country_code2_if'] = ''; $variables['!country_code3_if'] = ''; } $address = SafeMarkup::checkPlain(strtr($format, $variables)); $address = preg_replace("/\r/", '', $address); $address = preg_replace("/\n +\n/", "\n", $address); $address = trim($address, "\n"); if (\Drupal::config('uc_store.settings')->get('capitalize_address')) { $address = Unicode::strtoupper($address); } // <br> instead of <br />, because Twig will change it to <br> anyway and it's nice // to be able to test the Raw output. return nl2br($address, FALSE); }