fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-04 01:01:41 +09:00
Code Issues Projects Releases Packages Wiki Activity

Allow true/false/yes/no values for autoescape

Browse source 
템플릿의 <config autoescape="on" /> 문법이 on, off만 지원하기 때문에
흔히 사용하는 true, false, yes, no, Y, N 등의 불리언 값을 입력하면
안전하지 않은 off로 인식하게 됨. 이 경우에도 적절히 처리하도록 변경.
This commit is contained in:
Kijin Sung 2022-10-30 22:28:39 +09:00
parent a398c7548d
commit 2a026a6c86
2 changed files with 23 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

7
classes/template/TemplateHandler.class.php
View file

@ -263,7 +263,7 @@ class TemplateHandler
$this->config = new stdClass();
// detect existence of autoescape config
$this->config->autoescape = (strpos($buff, ' autoescape="') === FALSE) ? NULL : 'off';
$this->config->autoescape = (strpos($buff, ' autoescape="') === false) ? null : false;
// replace comments
$buff = preg_replace('@<!--//.*?-->@s', '', $buff);
@ -970,7 +970,8 @@ class TemplateHandler
{
foreach($config_matches as $config_match)
{
$result .= "\$this->config->{$config_match[1]} = '" . trim(strtolower($config_match[2])) . "';";
$config_value = toBool(trim(strtolower($config_match[2]))) ? 'true' : 'false';
$result .= "\$this->config->{$config_match[1]} = $config_value;";
}
}
return "<?php {$result} ?>";
@ -1042,7 +1043,7 @@ class TemplateHandler
return "(preg_match('/^\\$(?:user_)?lang->[a-zA-Z0-9\_]+$/', {$str}) ? ({$str}) : htmlspecialchars({$str}, ENT_QUOTES, 'UTF-8', false))";
case 'auto':
default:
return "(\$this->config->autoescape === 'on' ? htmlspecialchars({$str}, ENT_QUOTES, 'UTF-8', false) : ({$str}))";
return "(\$this->config->autoescape ? htmlspecialchars({$str}, ENT_QUOTES, 'UTF-8', false) : ({$str}))";
}
}