mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
ENHANCEMENT #5055 Convert unpredictability and replacing inconsistent conversion. Use htmlspecialchars() and html_entity_decode() wherever possible which are faster than str_replace()
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@115140 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
parent
ac2d6fa6d8
commit
c7a98407b1
@ -29,12 +29,17 @@ class Convert {
|
||||
* @return array|string
|
||||
*/
|
||||
static function raw2att($val) {
|
||||
if(is_array($val)) {
|
||||
foreach($val as $k => $v) $val[$k] = self::raw2att($v);
|
||||
return $val;
|
||||
} else {
|
||||
return str_replace(array('&','"',"'",'<','>'), array('&','"',''','<','>'), $val);
|
||||
}
|
||||
return self::raw2xml($val);
|
||||
}
|
||||
|
||||
/**
|
||||
* Convert a value to be suitable for an HTML attribute.
|
||||
*
|
||||
* @param string|array $val String to escape, or array of strings
|
||||
* @return array|string
|
||||
*/
|
||||
static function raw2htmlatt($val) {
|
||||
return self::raw2att($val);
|
||||
}
|
||||
|
||||
/**
|
||||
@ -48,14 +53,12 @@ class Convert {
|
||||
* @param array|string $val String to escape, or array of strings
|
||||
* @return array|string
|
||||
*/
|
||||
static function raw2htmlatt($val) {
|
||||
static function raw2htmlname($val) {
|
||||
if(is_array($val)) {
|
||||
foreach($val as $k => $v) $val[$k] = self::raw2htmlatt($v);
|
||||
foreach($val as $k => $v) $val[$k] = self::raw2htmlname($v);
|
||||
return $val;
|
||||
} else {
|
||||
$val = self::raw2att($val);
|
||||
$val = preg_replace('/[^a-zA-Z0-9\-_]*/', '', $val);
|
||||
return $val;
|
||||
return preg_replace('/[^a-zA-Z0-9\-_:.]+/','', $val);
|
||||
}
|
||||
}
|
||||
|
||||
@ -71,7 +74,7 @@ class Convert {
|
||||
foreach($val as $k => $v) $val[$k] = self::raw2xml($v);
|
||||
return $val;
|
||||
} else {
|
||||
return str_replace(array('&','<','>',"\n",'"',"'"), array('&','<','>','<br />','"','''), $val);
|
||||
return htmlspecialchars($val, ENT_QUOTES, 'UTF-8');
|
||||
}
|
||||
}
|
||||
|
||||
@ -132,10 +135,7 @@ class Convert {
|
||||
} else {
|
||||
// More complex text needs to use html2raw instead
|
||||
if(strpos($val,'<') !== false) return self::html2raw($val);
|
||||
|
||||
$converted = str_replace(array('&','<','>','"',''', '''), array('&','<','>','"',"'", "'"), $val);
|
||||
$converted = ereg_replace('&#[0-9]+;', '', $converted);
|
||||
return $converted;
|
||||
else return html_entity_decode($val, ENT_QUOTES, 'UTF-8');
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -22,10 +22,10 @@ class ConvertTest extends SapphireTest {
|
||||
*/
|
||||
function testRaw2HtmlAtt() {
|
||||
$val1 = '<input type="text">';
|
||||
$this->assertEquals('ltinputtypequottextquotgt', Convert::raw2htmlatt($val1), 'Special characters are escaped');
|
||||
$this->assertEquals('<input type="text">', Convert::raw2htmlatt($val1), 'Special characters are escaped');
|
||||
|
||||
$val2 = 'This is some normal text.';
|
||||
$this->assertEquals('Thisissomenormaltext', Convert::raw2htmlatt($val2), 'Normal text is not escaped');
|
||||
$this->assertEquals('This is some normal text.', Convert::raw2htmlatt($val2), 'Normal text is not escaped');
|
||||
}
|
||||
|
||||
function testHtml2raw() {
|
||||
@ -37,8 +37,6 @@ class ConvertTest extends SapphireTest {
|
||||
|
||||
$val2 = 'This has a <strong class="test" style="font-weight: bold">strong tag with attributes</STRONG>.';
|
||||
$this->assertEquals('This has a *strong tag with attributes*.', Convert::xml2raw($val2), 'Strong tags with attributes are replaced with asterisks');
|
||||
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
@ -50,6 +48,14 @@ class ConvertTest extends SapphireTest {
|
||||
|
||||
$val2 = 'This is some normal text.';
|
||||
$this->assertEquals('This is some normal text.', Convert::raw2xml($val2), 'Normal text is not escaped');
|
||||
|
||||
$val3 = "This is test\nNow on a new line.";
|
||||
$this->assertEquals("This is test\nNow on a new line.", Convert::raw2xml($val3), 'Newlines are retained. They should not be replaced with <br /> as it is not XML valid');
|
||||
}
|
||||
|
||||
function testRaw2HtmlName() {
|
||||
$val1 = 'test test 123';
|
||||
$this->assertEquals('testtest123', Convert::raw2htmlname($val1));
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -54,7 +54,7 @@ class TextTest extends SapphireTest {
|
||||
function testLimitWordCountXML() {
|
||||
$cases = array(
|
||||
'<p>Stuff & stuff</p>' => 'Stuff &...',
|
||||
"Stuff\nBlah Blah Blah" => "Stuff<br />Blah Blah...",
|
||||
"Stuff\nBlah Blah Blah" => "Stuff\nBlah Blah...",
|
||||
"Stuff<Blah Blah" => "Stuff<Blah Blah",
|
||||
"Stuff>Blah Blah" => "Stuff>Blah Blah"
|
||||
);
|
||||
|
Loading…
Reference in New Issue
Block a user