/**
* Set Escaper instance
*
* @param Escaper $escaper
* @return AbstractStandalone
*/
public function setEscaper(Escaper $escaper)
{
$encoding = $escaper->getEncoding();
$this->escapers[$encoding] = $escaper;
return $this;
}
public function setEscaper(Escaper\Escaper $escaper)
{
$this->escaper = $escaper;
$this->encoding = $escaper->getEncoding();
return $this;
}
/**
*
* Escapes values in an array and all its sub-arrays.
*
* @param array $data Array of data to be escaped. This array will be modifed during the escape operation.
*
* @param string $escape_encoding Encoding to be used for escaping data values in $data and $this->data.
* If this value is empty, the value of $this->escape_encoding will be used
* if it's not empty, else the default value of 'utf-8' will be finally used.
* See documentation for $this->escape_encoding for more info.
*
* @param array $data_vars_2_html_escape An array of keys in $data whose values (only strings) will be
* individually escaped using Zend\Escaper\Escaper::escapeHtml($string).
*
* @param array $data_vars_2_html_attr_escape An array of keys in $data whose values (only strings) will be
* individually escaped using Zend\Escaper\Escaper::escapeHtmlAttr($string).
*
* @param array $data_vars_2_css_escape An array of keys in $data whose values (only strings) will be
* individually escaped using Zend\Escaper\Escaper::escapeCss($string).
*
* @param array $data_vars_2_js_escape An array of keys in $data whose values (only strings) will be
* individually escaped using Zend\Escaper\Escaper::escapeJs($string).
*
* @param \Zend\Escaper\Escaper $escaper An optional escaper object that will be used for escaping.
*
* @return void
*
* @throws \Rotexsoft\FileRenderer\FileNotFoundException
*/
protected function escapeData(array &$data, $escape_encoding = 'utf-8', array $data_vars_2_html_escape = array(), array $data_vars_2_html_attr_escape = array(), array $data_vars_2_css_escape = array(), array $data_vars_2_js_escape = array(), \Zend\Escaper\Escaper $escaper = null)
{
if (count($data) <= 0) {
//no data supplied; nothing to do
return;
} else {
if (count($data_vars_2_html_escape) <= 0 && count($data_vars_2_html_attr_escape) <= 0 && count($data_vars_2_css_escape) <= 0 && count($data_vars_2_js_escape) <= 0) {
//no field has been specified for escaping; nothing to do
return;
}
}
$hash_of_data_array = spl_object_hash(json_decode(json_encode($data)));
if (array_key_exists($hash_of_data_array, $this->multi_escape_prevention_guard) && $this->multi_escape_prevention_guard[$hash_of_data_array]['escape_encoding'] === $escape_encoding && $this->multi_escape_prevention_guard[$hash_of_data_array]['data_vars_2_html_escape'] === $data_vars_2_html_escape && $this->multi_escape_prevention_guard[$hash_of_data_array]['data_vars_2_html_attr_escape'] === $data_vars_2_html_attr_escape && $this->multi_escape_prevention_guard[$hash_of_data_array]['data_vars_2_css_escape'] === $data_vars_2_css_escape && $this->multi_escape_prevention_guard[$hash_of_data_array]['data_vars_2_js_escape'] === $data_vars_2_js_escape) {
//the data array has already been escaped; don't wanna escape already escaped data
return;
}
$final_encoding = empty($escape_encoding) ? empty($this->escape_encoding) ? 'utf-8' : $this->escape_encoding : $escape_encoding;
if (is_null($escaper)) {
if ($this->escaper instanceof \Zend\Escaper\Escaper && $this->escaper->getEncoding() === $final_encoding) {
$escaper = $this->escaper;
//we can safely use the escaper associated with this class.
} else {
$escaper = new \Zend\Escaper\Escaper($final_encoding);
}
}
foreach ($data as $key => $value) {
$methods = array();
if (in_array($key, $data_vars_2_html_escape) || in_array('*', $data_vars_2_html_escape)) {
$methods[] = 'escapeHtml';
}
if (in_array($key, $data_vars_2_html_attr_escape) || in_array('*', $data_vars_2_html_attr_escape)) {
$methods[] = 'escapeHtmlAttr';
}
if (in_array($key, $data_vars_2_css_escape) || in_array('*', $data_vars_2_css_escape)) {
$methods[] = 'escapeCss';
}
if (in_array($key, $data_vars_2_js_escape) || in_array('*', $data_vars_2_js_escape)) {
$methods[] = 'escapeJs';
}
if (count($methods) > 0 || is_array($data[$key])) {
if (is_array($data[$key])) {
// recursively escape sub-array
$this->escapeData($data[$key], $final_encoding, $data_vars_2_html_escape, $data_vars_2_html_attr_escape, $data_vars_2_css_escape, $data_vars_2_js_escape, $escaper);
} else {
if (is_string($data[$key])) {
foreach ($methods as $method) {
// escape the value
$data[$key] = $escaper->{$method}($data[$key]);
}
}
}
//if( is_array($data[$key]) ) ... else if( is_string($data[$key]) )
}
// if( count($methods) > 0 || is_array($data[$key]) )
}
// foreach( $data as $key => $value )
//add the hash of the data array we have just escaped to the list of
//hashes of escaped data arrays
$hash_of_escaped_data_array = spl_object_hash(json_decode(json_encode($data)));
$this->multi_escape_prevention_guard[$hash_of_escaped_data_array] = array('escape_encoding' => $escape_encoding, 'data_vars_2_html_escape' => $data_vars_2_html_escape, 'data_vars_2_html_attr_escape' => $data_vars_2_html_attr_escape, 'data_vars_2_css_escape' => $data_vars_2_css_escape, 'data_vars_2_js_escape' => $data_vars_2_js_escape);
}
