/**
* Returns the Response content for a given controller or URI.
*
* Available options:
*
* * path: An array of path parameters (only when the first argument is a controller)
* * query: An array of query parameters (only when the first argument is a controller)
* * ignore_errors: true to return an empty string in case of an error
* * alt: an alternative controller to execute in case of an error (can be a controller, a URI, or an array with the controller, the path arguments, and the query arguments)
*
* @param string $controller A controller name to execute (a string like BlogBundle:Post:index), or a relative URI
* @param array $options An array of options
*/
public function render($controller, array $options = array())
{
$options = array_merge(array('path' => array(), 'query' => array(), 'ignore_errors' => true, 'alt' => array()), $options);
if (!is_array($options['alt'])) {
$options['alt'] = array($options['alt']);
}
$options['path'] = Escaper::unescape($options['path']);
$options['query'] = Escaper::unescape($options['query']);
return $this->doRender($controller, $options);
}
/**
* Returns the Response content for a given controller or URI.
*
* @param string $controller A controller name to execute (a string like BlogBundle:Post:index), or a relative URI
* @param array $options An array of options
*
* @see Symfony\Bundle\FrameworkBundle\Controller\ControllerManager::render()
*/
public function render($controller, array $options = array())
{
if (isset($options['path'])) {
$options['path'] = Escaper::unescape($options['path']);
}
if (isset($options['query'])) {
$options['query'] = Escaper::unescape($options['query']);
}
return $this->manager->render($controller, $options);
}
protected function escapeParameters(array $parameters)
{
if (false !== $this->escaper) {
Escaper::setCharset($this->getCharset());
$parameters['_data'] = Escaper::escape($this->escaper, $parameters);
foreach ($parameters['_data'] as $key => $value) {
$parameters[$key] = $value;
}
} else {
$parameters['_data'] = Escaper::escape('raw', $parameters);
}
return $parameters;
}
class OutputEscaperTest
{
public function __toString()
{
return $this->getTitle();
}
public function getTitle()
{
return '<strong>escaped!</strong>';
}
public function getTitles()
{
return array(1, 2, '<strong>escaped!</strong>');
}
}
$object = new OutputEscaperTest();
$escaped = Escaper::escape('entities', $object);
$t->is($escaped->getTitle(), '<strong>escaped!</strong>', 'The escaped object behaves like the real object');
$array = $escaped->getTitles();
$t->is($array[2], '<strong>escaped!</strong>', 'The escaped object behaves like the real object');
// __toString()
$t->diag('__toString()');
$t->is($escaped->__toString(), '<strong>escaped!</strong>', 'The escaped object behaves like the real object');
$t->is(Escaper::unescape('<strong>escaped!</strong>'), '<strong>escaped!</strong>', '::unescape() returns an unescaped string if the value to unescape is a string');
$t->is(Escaper::unescape('<strong>échappé</strong>'), '<strong>échappé</strong>', '::unescape() returns an unescaped string if the value to unescape is a string');
$t->diag('::unescape() unescapes arrays');
$input = Escaper::escape('esc_entities', array('foo' => '<strong>escaped!</strong>', 'bar' => array('foo' => '<strong>escaped!</strong>')));
$output = Escaper::unescape($input);
$t->ok(is_array($output), '::unescape() returns an array if the input is a ArrayDecorator object');
$t->is($output['foo'], '<strong>escaped!</strong>', '::unescape() unescapes all elements of the original array');
$t->is($output['bar']['foo'], '<strong>escaped!</strong>', '::unescape() is recursive');
$t->diag('::unescape() unescapes objects');
$object = new OutputEscaperTestClass();
$input = Escaper::escape('esc_entities', $object);
$output = Escaper::unescape($input);
$t->ok($output instanceof OutputEscaperTestClass, '::unescape() returns the original object when a ObjectDecorator object is passed');
$t->is($output->getTitle(), '<strong>escaped!</strong>', '::unescape() unescapes all methods of the original object');
$t->is($output->title, '<strong>escaped!</strong>', '::unescape() unescapes all properties of the original object');
$t->is($output->getTitleTitle(), '<strong>escaped!</strong>', '::unescape() is recursive');
$t->ok(IteratorDecorator::unescape(Escaper::escape('esc_entities', new DirectoryIterator('.'))) instanceof DirectoryIterator, '::unescape() unescapes IteratorDecorator objects');
$t->diag('::unescape() does not unescape object marked as being safe');
$t->ok(Escaper::unescape(Escaper::escape('esc_entities', new Safe(new OutputEscaperTestClass()))) instanceof OutputEscaperTestClass, '::unescape() returns the original value if it is marked as being safe');
Escaper::markClassAsSafe('OutputEscaperTestClass');
$t->ok(Escaper::unescape(Escaper::escape('esc_entities', new OutputEscaperTestClass())) instanceof OutputEscaperTestClass, '::unescape() returns the original value if the object class is marked as being safe');
$t->ok(Escaper::unescape(Escaper::escape('esc_entities', new OutputEscaperTestClassChild())) instanceof OutputEscaperTestClassChild, '::unescape() returns the original value if one of the object parent class is marked as being safe');
$t->diag('::unescape() do nothing to resources');
$fh = fopen(__FILE__, 'r');
$t->is(Escaper::unescape($fh), $fh, '::unescape() do nothing to resources');
$t->diag('::unescape() unescapes mixed arrays');
$object = new OutputEscaperTestClass();
$input = array('foo' => 'bar', 'bar' => Escaper::escape('esc_entities', '<strong>bar</strong>'), 'foobar' => Escaper::escape('esc_entities', $object));
$output = array('foo' => 'bar', 'bar' => '<strong>bar</strong>', 'foobar' => $object);
$t->is(Escaper::unescape($input), $output, '::unescape() unescapes values with some escaped and unescaped values');
public function render($controller, array $parameters = array())
{
return $this->container->getControllerLoaderService()->run($controller, Escaper::unescape($parameters))->getContent();
}
public function testUnescapeUnescapesMixedArrays()
{
$object = new OutputEscaperTestClass();
$input = array('foo' => 'bar', 'bar' => Escaper::escape('entities', '<strong>bar</strong>'), 'foobar' => Escaper::escape('entities', $object));
$output = array('foo' => 'bar', 'bar' => '<strong>bar</strong>', 'foobar' => $object);
$this->assertEquals(Escaper::unescape($input), $output, '::unescape() unescapes values with some escaped and unescaped values');
}
public static function setUpBeforeClass()
{
$object = new OutputEscaperTest();
self::$escaped = Escaper::escape('entities', $object);
}
public static function setUpBeforeClass()
{
$a = array('<strong>escaped!</strong>', 1, null, array(2, '<strong>escaped!</strong>'));
self::$escaped = Escaper::escape('entities', $a);
}
public function boot(ContainerInterface $container)
{
Escaper::markClassAsSafe('Bundle\\sfFormBundle\\Form');
}
<?php
/*
* This file is part of the symfony package.
*
* (c) Fabien Potencier <*****@*****.**>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
require_once __DIR__ . '/../../../bootstrap.php';
use Symfony\Components\OutputEscaper\Escaper;
$t = new LimeTest(11);
$a = array('<strong>escaped!</strong>', 1, null, array(2, '<strong>escaped!</strong>'));
$escaped = Escaper::escape('esc_entities', $a);
// ->getRaw()
$t->diag('->getRaw()');
$t->is($escaped->getRaw(0), '<strong>escaped!</strong>', '->getRaw() returns the raw value');
// ArrayAccess interface
$t->diag('ArrayAccess interface');
$t->is($escaped[0], '<strong>escaped!</strong>', 'The escaped object behaves like an array');
$t->is($escaped[2], null, 'The escaped object behaves like an array');
$t->is($escaped[3][1], '<strong>escaped!</strong>', 'The escaped object behaves like an array');
$t->ok(isset($escaped[1]), 'The escaped object behaves like an array (isset)');
$t->diag('ArrayAccess interface is read only');
try {
unset($escaped[0]);
$t->fail('The escaped object is read only (unset)');
} catch (\LogicException $e) {
$t->pass('The escaped object is read only (unset)');
}