BUGFIX Fixed usage of htmlentities() and html_entity_decode() to be UTF8 compatible by default

This commit is contained in:
Ingo Schommer 2010-12-08 12:53:42 +13:00
parent 2667fc6ef0
commit da909a0214
9 changed files with 27 additions and 14 deletions

View File

@ -571,7 +571,7 @@ class SSViewer {
echo "<h2>Template: $cacheFile</h2>"; echo "<h2>Template: $cacheFile</h2>";
echo "<pre>"; echo "<pre>";
foreach($lines as $num => $line) { foreach($lines as $num => $line) {
echo str_pad($num+1,5) . htmlentities($line); echo str_pad($num+1,5) . htmlentities($line, ENT_COMPAT, 'UTF-8');
} }
echo "</pre>"; echo "</pre>";
} }
@ -686,7 +686,7 @@ class SSViewer_FromString extends SSViewer {
echo "<h2>Template: $tmpFile</h2>"; echo "<h2>Template: $tmpFile</h2>";
echo "<pre>"; echo "<pre>";
foreach($lines as $num => $line) { foreach($lines as $num => $line) {
echo str_pad($num+1,5) . htmlentities($line); echo str_pad($num+1,5) . htmlentities($line, ENT_COMPAT, 'UTF-8');
} }
echo "</pre>"; echo "</pre>";
} }

View File

@ -753,7 +753,7 @@ class MySQLDatabase extends SS_Database {
public function searchEngine($classesToSearch, $keywords, $start, $pageLength, $sortBy = "Relevance DESC", $extraFilter = "", $booleanSearch = false, $alternativeFileFilter = "", $invertedMatch = false) { public function searchEngine($classesToSearch, $keywords, $start, $pageLength, $sortBy = "Relevance DESC", $extraFilter = "", $booleanSearch = false, $alternativeFileFilter = "", $invertedMatch = false) {
$fileFilter = ''; $fileFilter = '';
$keywords = Convert::raw2sql($keywords); $keywords = Convert::raw2sql($keywords);
$htmlEntityKeywords = htmlentities($keywords,ENT_NOQUOTES); $htmlEntityKeywords = htmlentities($keywords, ENT_NOQUOTES, 'UTF-8');
$extraFilters = array('SiteTree' => '', 'File' => ''); $extraFilters = array('SiteTree' => '', 'File' => '');
@ -889,7 +889,7 @@ class MySQLDatabase extends SS_Database {
$fieldNames = '"' . implode('", "', $fields) . '"'; $fieldNames = '"' . implode('", "', $fields) . '"';
$SQL_keywords = Convert::raw2sql($keywords); $SQL_keywords = Convert::raw2sql($keywords);
$SQL_htmlEntityKeywords = Convert::raw2sql(htmlentities($keywords)); $SQL_htmlEntityKeywords = Convert::raw2sql(htmlentities($keywords, ENT_NOQUOTES, 'UTF-8'));
return "(MATCH ($fieldNames) AGAINST ('$SQL_keywords' $boolean) + MATCH ($fieldNames) AGAINST ('$SQL_htmlEntityKeywords' $boolean))"; return "(MATCH ($fieldNames) AGAINST ('$SQL_keywords' $boolean) + MATCH ($fieldNames) AGAINST ('$SQL_htmlEntityKeywords' $boolean))";
} }

View File

@ -125,7 +125,7 @@ class SS_Backtrace {
} else { } else {
$name = self::full_func_name($item,true); $name = self::full_func_name($item,true);
} }
$result .= "<li><b>" . htmlentities($name) . "</b>\n<br />\n"; $result .= "<li><b>" . htmlentities($name, ENT_COMPAT, 'UTF-8') . "</b>\n<br />\n";
$result .= isset($item['line']) ? "Line $item[line] of " : ''; $result .= isset($item['line']) ? "Line $item[line] of " : '';
$result .= isset($item['file']) ? htmlentities(basename($item['file'])) : ''; $result .= isset($item['file']) ? htmlentities(basename($item['file'])) : '';
$result .= "</li>\n"; $result .= "</li>\n";

View File

@ -184,7 +184,7 @@ class CodeViewer extends Controller {
$comment = preg_replace('/^\/\*/','',$token[1]); $comment = preg_replace('/^\/\*/','',$token[1]);
$comment = preg_replace('/\*\/$/','',$comment); $comment = preg_replace('/\*\/$/','',$comment);
$comment = preg_replace('/(^|\n)[\t ]*\* */m',"\n",$comment); $comment = preg_replace('/(^|\n)[\t ]*\* */m',"\n",$comment);
$comment = htmlentities($comment); $comment = htmlentities($comment, ENT_COMPAT, 'UTF-8');
$comment = str_replace("\n\n", "</p><p>", $comment); $comment = str_replace("\n\n", "</p><p>", $comment);
return "<p>$comment</p>"; return "<p>$comment</p>";
} }
@ -203,7 +203,7 @@ class CodeViewer extends Controller {
} }
} }
$parsed['pretty'] = "<p>" . str_replace("\n\n", "</p><p>", htmlentities($comment)). "</p>"; $parsed['pretty'] = "<p>" . str_replace("\n\n", "</p><p>", htmlentities($comment, ENT_COMPAT, 'UTF-8')). "</p>";
return $parsed; return $parsed;
} }
@ -252,7 +252,11 @@ class CodeViewer extends Controller {
* Render the given token as HTML * Render the given token as HTML
*/ */
function renderToken($token) { function renderToken($token) {
$tokenContent = htmlentities(is_array($token) ? $token[1] : $token); $tokenContent = htmlentities(
is_array($token) ? $token[1] : $token,
ENT_COMPAT,
'UTF-8'
);
$tokenName = is_array($token) ? token_name($token[0]) : 'T_PUNCTUATION'; $tokenName = is_array($token) ? token_name($token[0]) : 'T_PUNCTUATION';
switch($tokenName) { switch($tokenName) {

View File

@ -426,7 +426,7 @@ class Debug {
echo '<pre>'; echo '<pre>';
$offset++; $offset++;
foreach($lines as $line) { foreach($lines as $line) {
$line = htmlentities($line); $line = htmlentities($line, ENT_COMPAT, 'UTF-8');
if ($offset == $errline) { if ($offset == $errline) {
echo "<span>$offset</span> <span class=\"error\">$line</span>"; echo "<span>$offset</span> <span class=\"error\">$line</span>";
} else { } else {

View File

@ -73,7 +73,12 @@ class DebugView extends Object {
* Render HTML header for development views * Render HTML header for development views
*/ */
public function writeHeader() { public function writeHeader() {
echo '<!DOCTYPE html><html><head><title>' . htmlentities($_SERVER['REQUEST_METHOD'] . ' ' . $_SERVER['REQUEST_URI']) . '</title>'; $url = htmlentities(
$_SERVER['REQUEST_METHOD'] . ' ' . $_SERVER['REQUEST_URI'],
ENT_COMPAT,
'UTF-8'
);
echo '<!DOCTYPE html><html><head><title>' . $url . '</title>';
echo '<style type="text/css">'; echo '<style type="text/css">';
echo 'body { background-color:#eee; margin:0; padding:0; font-family:Helvetica,Arial,sans-serif; }'; echo 'body { background-color:#eee; margin:0; padding:0; font-family:Helvetica,Arial,sans-serif; }';
echo '.info { border-bottom:1px dotted #333; background-color:#ccdef3; margin:0; padding:6px 12px; }'; echo '.info { border-bottom:1px dotted #333; background-color:#ccdef3; margin:0; padding:6px 12px; }';
@ -138,7 +143,7 @@ class DebugView extends Object {
echo '<div class="trace"><h3>Source</h3>'; echo '<div class="trace"><h3>Source</h3>';
echo '<pre>'; echo '<pre>';
foreach($lines as $offset => $line) { foreach($lines as $offset => $line) {
$line = htmlentities($line); $line = htmlentities($line, ENT_COMPAT, 'UTF-8');
if ($offset == $errline) { if ($offset == $errline) {
echo "<span>$offset</span> <span class=\"error\">$line</span>"; echo "<span>$offset</span> <span class=\"error\">$line</span>";
} else { } else {

View File

@ -282,7 +282,7 @@ class SapphireTestReporter implements PHPUnit_Framework_TestListener {
($test['status'] == 1) ? $passCount++ : $failCount++; ($test['status'] == 1) ? $passCount++ : $failCount++;
if ($test['status'] != 1) { if ($test['status'] != 1) {
echo "<div class=\"failure\"><span>&otimes; ". $this->testNameToPhrase($test['name']) ."</span><br>"; echo "<div class=\"failure\"><span>&otimes; ". $this->testNameToPhrase($test['name']) ."</span><br>";
echo "<pre>".htmlentities($test['message'])."</pre><br>"; echo "<pre>".htmlentities($test['message'], ENT_COMPAT, 'UTF-8')."</pre><br>";
echo SS_Backtrace::get_rendered_backtrace($test['trace']); echo SS_Backtrace::get_rendered_backtrace($test['trace']);
echo "</div>"; echo "</div>";
} }

View File

@ -145,7 +145,11 @@ class TestViewer extends Controller {
* Render the given token as HTML * Render the given token as HTML
*/ */
function renderToken($token) { function renderToken($token) {
$tokenContent = htmlentities(is_array($token) ? $token[1] : $token); $tokenContent = htmlentities(
is_array($token) ? $token[1] : $token,
ENT_COMPAT,
'UTF-8'
);
$tokenName = is_array($token) ? token_name($token[0]) : 'T_PUNCTUATION'; $tokenName = is_array($token) ? token_name($token[0]) : 'T_PUNCTUATION';
switch($tokenName) { switch($tokenName) {

View File

@ -182,7 +182,7 @@ class PermissionCheckboxSetField extends FormField {
$itemID = $this->id() . '_' . ereg_replace('[^a-zA-Z0-9]+', '', $code); $itemID = $this->id() . '_' . ereg_replace('[^a-zA-Z0-9]+', '', $code);
$checked = $disabled = $inheritMessage = ''; $checked = $disabled = $inheritMessage = '';
$checked = (isset($uninheritedCodes[$code]) || isset($inheritedCodes[$code])) ? ' checked="checked"' : ''; $checked = (isset($uninheritedCodes[$code]) || isset($inheritedCodes[$code])) ? ' checked="checked"' : '';
$title = $permission['help'] ? 'title="' . htmlentities($permission['help']) . '" ' : ''; $title = $permission['help'] ? 'title="' . htmlentities($permission['help'], ENT_COMPAT, 'UTF-8') . '" ' : '';
if (isset($inheritedCodes[$code])) { if (isset($inheritedCodes[$code])) {
// disable inherited codes, as any saving logic would be too complicate to express in this interface // disable inherited codes, as any saving logic would be too complicate to express in this interface