fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-04-23 04:12:18 +09:00
Code Issues Projects Releases Packages Wiki Activity

Change behavior of 'autoescape' filter to always escape (but not double-escape)

Browse source
This commit is contained in:
Kijin Sung 2017-02-22 21:29:15 +09:00
parent 7fd0f5df7b
commit 5638207fb0
2 changed files with 12 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

5
classes/template/TemplateHandler.class.php
View file

@ -561,7 +561,7 @@ class TemplateHandler
}
else
{
$escape_option = $this->config->autoescape !== null ? 'autoescape' : 'noescape';
$escape_option = $this->config->autoescape !== null ? 'auto' : 'noescape';
}
// Separate filters from variable.
@ -890,8 +890,9 @@ class TemplateHandler
return "htmlspecialchars({$str}, ENT_COMPAT, 'UTF-8', true)";
case 'noescape':
return "{$str}";
case 'auto':
case 'autoescape':
return "htmlspecialchars({$str}, ENT_COMPAT, 'UTF-8', false)";
case 'auto':
default:
return "(\$this->config->autoescape === 'on' ? htmlspecialchars({$str}, ENT_COMPAT, 'UTF-8', false) : {$str})";
}

10
tests/unit/classes/TemplateHandlerTest.php
View file

@ -315,9 +315,17 @@ class TemplateHandlerTest extends \Codeception\TestCase\Test
PHP_EOL . '$this->config->autoescape = \'on\';' . "\n" . 'echo ($this->config->autoescape === \'on\' ? htmlspecialchars($__Context->foo, ENT_COMPAT, \'UTF-8\', false) : $__Context->foo) ?>'
),
array(
'<config autoescape="off" />{$foo|autoescape}',
'<config autoescape="off" />{$foo|auto}',
PHP_EOL . '$this->config->autoescape = \'off\';' . "\n" . 'echo ($this->config->autoescape === \'on\' ? htmlspecialchars($__Context->foo, ENT_COMPAT, \'UTF-8\', false) : $__Context->foo) ?>'
),
array(
'<config autoescape="on" />{$foo|autoescape}',
PHP_EOL . '$this->config->autoescape = \'on\';' . "\n" . 'echo htmlspecialchars($__Context->foo, ENT_COMPAT, \'UTF-8\', false) ?>'
),
array(
'<config autoescape="off" />{$foo|autoescape}',
PHP_EOL . '$this->config->autoescape = \'off\';' . "\n" . 'echo htmlspecialchars($__Context->foo, ENT_COMPAT, \'UTF-8\', false) ?>'
),
array(
'<config autoescape="on" />{$foo|escape}',
PHP_EOL . '$this->config->autoescape = \'on\';' . "\n" . 'echo htmlspecialchars($__Context->foo, ENT_COMPAT, \'UTF-8\', true) ?>'