fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-05-10 04:24:14 +09:00
Code Issues Projects Releases Packages Wiki Activity

Add array_escape() function to escape all keys and values of an array or object

Browse source
This commit is contained in:
Kijin Sung 2017-01-26 14:41:03 +09:00
parent 60bc1e5637
commit 91ff3c6323
2 changed files with 41 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

34
common/functions.php
View file

@ -96,6 +96,35 @@ function array_last_key(array $array)
return key($array); return key($array);
} }
/**
* Escape all keys and values in a multi-dimensional array.
*
* @param array $array The array to escape
* @param bool $double_escape Set this to false to skip symbols that are already escaped (default: true)
* @return array
*/
function array_escape(array $array, $double_escape = true)
{
$flags = ENT_QUOTES | ENT_SUBSTITUTE;
$result = array();
foreach ($array as $key => $value)
{
if (is_array($value))
{
$result[htmlspecialchars($key, $flags, 'UTF-8', $double_escape)] = array_escape($value, $double_escape, $flags);
}
elseif (is_object($value))
{
$result[htmlspecialchars($key, $flags, 'UTF-8', $double_escape)] = (object)array_escape(get_object_vars($value), $double_escape, $flags);
}
else
{
$result[htmlspecialchars($key, $flags, 'UTF-8', $double_escape)] = htmlspecialchars($value, $flags, 'UTF-8', $double_escape);
}
}
return $result;
}
/** /**
* Flatten a multi-dimensional array into a one-dimensional array. * Flatten a multi-dimensional array into a one-dimensional array.
* Based on util.php <https://github.com/brandonwamboldt/utilphp> * Based on util.php <https://github.com/brandonwamboldt/utilphp>
@ -155,7 +184,7 @@ function clean_path($path)
*/ */
function escape($str, $double_escape = true) function escape($str, $double_escape = true)
{ {
$flags = defined('ENT_SUBSTITUTE') ? (ENT_QUOTES | ENT_SUBSTITUTE) : (ENT_QUOTES | ENT_IGNORE); $flags = ENT_QUOTES | ENT_SUBSTITUTE;
return htmlspecialchars($str, $flags, 'UTF-8', $double_escape); return htmlspecialchars($str, $flags, 'UTF-8', $double_escape);
} }
@ -178,8 +207,7 @@ function escape_css($str)
*/ */
function escape_js($str) function escape_js($str)
{ {
$flags = JSON_HEX_TAG | JSON_HEX_AMP | JSON_HEX_APOS | JSON_HEX_QUOT; $flags = JSON_HEX_TAG | JSON_HEX_AMP | JSON_HEX_APOS | JSON_HEX_QUOT | JSON_UNESCAPED_UNICODE;
if (defined('JSON_UNESCAPED_UNICODE')) $flags = $flags | JSON_UNESCAPED_UNICODE;
$str = json_encode((string)$str, $flags); $str = json_encode((string)$str, $flags);
return substr($str, 1, strlen($str) - 2); return substr($str, 1, strlen($str) - 2);
} }

10
tests/unit/functions/FunctionsTest.php
View file

@ -18,6 +18,14 @@ class FunctionsTest extends \Codeception\TestCase\Test
$this->assertEquals($flattened2, array_flatten($array, false)); $this->assertEquals($flattened2, array_flatten($array, false));
} }
public function testArrayEscape()
{
$this->assertEquals(array('foo&lt;' => 'bar&gt;', 'baz&quot;baz' => array('fuzz&amp;amp;bazz' => '&lt;rhymix&gt;')), array_escape(array('foo<' => 'bar>', 'baz"baz' => array('fuzz&amp;bazz' => '<rhymix>'))));
$this->assertEquals(array('invalid' => 'unicode' . "\xEF\xBF\xBD", 'other' => array('key&amp;key')), array_escape(array('invalid' => 'unicode' . "\xE4\xA8", 'other' => array('key&amp;key')), false));
$this->assertEquals(array('object' => (object)array('foo&gt;' => 'bar&lt;', 'baz&quot;' => '&amp;amp;')), array_escape(array('object' => (object)array('foo>' => 'bar<', 'baz"' => '&amp;'))));
$this->assertEquals(array('object' => (object)array('foo&gt;' => array('bar&lt;' => array('&amp;')))), array_escape(array('object' => (object)array('foo>' => array('bar<' => array('&amp;')))), false));
}
public function testClassBasename() public function testClassBasename()
{ {
$this->assertEquals('FunctionsTest', class_basename($this)); $this->assertEquals('FunctionsTest', class_basename($this));
@ -28,6 +36,8 @@ class FunctionsTest extends \Codeception\TestCase\Test
{ {
$this->assertEquals('&lt;foo&gt;&amp;amp;&lt;/foo&gt;', escape('<foo>&amp;</foo>')); $this->assertEquals('&lt;foo&gt;&amp;amp;&lt;/foo&gt;', escape('<foo>&amp;</foo>'));
$this->assertEquals('&lt;foo&gt;&amp;&lt;/foo&gt;', escape('<foo>&amp;</foo>', false)); $this->assertEquals('&lt;foo&gt;&amp;&lt;/foo&gt;', escape('<foo>&amp;</foo>', false));
$this->assertEquals('&lt;foo&gt;invalid'. "\xEF\xBF\xBD" . 'unicode&lt;/foo&gt;', escape('<foo>invalid' . "\xE4\xA8" . 'unicode</foo>'));
$this->assertEquals('&lt;foo&gt;invalid'. "\xEF\xBF\xBD" . 'unicode&lt;/foo&gt;', escape('<foo>invalid' . "\xE4\xA8" . 'unicode&lt;/foo&gt;', false));
$this->assertEquals('expressionalertXSS', escape_css('expression:alert("XSS")')); $this->assertEquals('expressionalertXSS', escape_css('expression:alert("XSS")'));
$this->assertEquals('#123456', escape_css('#123456')); $this->assertEquals('#123456', escape_css('#123456'));