$v) {
$val[$k] = self::raw2htmlname($v);
}
return $val;
}
return self::raw2att($val);
}
/**
* Convert a value to be suitable for an HTML ID attribute. Replaces non
* supported characters with an underscore.
*
* @see http://www.w3.org/TR/REC-html40/types.html#type-cdata
*
* @param array|string $val String to escape, or array of strings
*
* @return array|string
*/
public static function raw2htmlid($val)
{
if (is_array($val)) {
foreach ($val as $k => $v) {
$val[$k] = self::raw2htmlid($v);
}
return $val;
}
return trim(
preg_replace(
'/_+/',
'_',
preg_replace('/[^a-zA-Z0-9\-_:.]+/', '_', $val)
),
'_'
);
}
/**
* Ensure that text is properly escaped for XML.
*
* @see http://www.w3.org/TR/REC-xml/#dt-escape
* @param array|string $val String to escape, or array of strings
* @return array|string
*/
public static function raw2xml($val)
{
if (is_array($val)) {
foreach ($val as $k => $v) {
$val[$k] = self::raw2xml($v);
}
return $val;
}
return htmlspecialchars($val, ENT_QUOTES, 'UTF-8');
}
/**
* Ensure that text is properly escaped for Javascript.
*
* @param array|string $val String to escape, or array of strings
* @return array|string
*/
public static function raw2js($val)
{
if (is_array($val)) {
foreach ($val as $k => $v) {
$val[$k] = self::raw2js($v);
}
return $val;
}
return str_replace(
// Intercepts some characters such as <, >, and & which can interfere
array("\\", '"', "\n", "\r", "'", '<', '>', '&'),
array("\\\\", '\"', '\n', '\r', "\\'", "\\x3c", "\\x3e", "\\x26"),
$val
);
}
/**
* Encode a value as a JSON encoded string. You can optionally pass a bitmask of
* JSON constants as options through to the encode function.
*
* @deprecated 4.4.0:5.0.0 Use json_encode() instead
* @param mixed $val Value to be encoded
* @param int $options Optional bitmask of JSON constants
* @return string JSON encoded string
*/
public static function raw2json($val, $options = 0)
{
Deprecation::notice('4.4', 'Please use json_encode() instead.');
return json_encode($val, $options);
}
/**
* Encode an array as a JSON encoded string.
*
* @deprecated 4.4.0:5.0.0 Use json_encode() instead
* @param array $val Array to convert
* @param int $options Optional bitmask of JSON constants
* @return string JSON encoded string
*/
public static function array2json($val, $options = 0)
{
Deprecation::notice('4.4', 'Please use json_encode() instead.');
return json_encode($val, $options);
}
/**
* Safely encodes a value (or list of values) using the current database's
* safe string encoding method
*
* @param mixed|array $val Input value, or list of values as an array
* @param boolean $quoted Flag indicating whether the value should be safely
* quoted, instead of only being escaped. By default this function will
* only escape the string (false).
* @return string|array Safely encoded value in the same format as the input
*/
public static function raw2sql($val, $quoted = false)
{
if (is_array($val)) {
foreach ($val as $k => $v) {
$val[$k] = self::raw2sql($v, $quoted);
}
return $val;
}
if ($quoted) {
return DB::get_conn()->quoteString($val);
}
return DB::get_conn()->escapeString($val);
}
/**
* Safely encodes a SQL symbolic identifier (or list of identifiers), such as a database,
* table, or column name. Supports encoding of multi identfiers separated by
* a delimiter (e.g. ".")
*
* @param string|array $identifier The identifier to escape. E.g. 'SiteTree.Title' or list of identifiers
* to be joined via the separator.
* @param string $separator The string that delimits subsequent identifiers
* @return string The escaped identifier. E.g. '"SiteTree"."Title"'
*/
public static function symbol2sql($identifier, $separator = '.')
{
return DB::get_conn()->escapeIdentifier($identifier, $separator);
}
/**
* Convert XML to raw text.
* @uses html2raw()
* @todo Currently xx; entries are stripped; they should be converted
* @param mixed $val
* @return array|string
*/
public static function xml2raw($val)
{
if (is_array($val)) {
foreach ($val as $k => $v) {
$val[$k] = self::xml2raw($v);
}
return $val;
}
// More complex text needs to use html2raw instead
if (strpos($val, '<') !== false) {
return self::html2raw($val);
}
return html_entity_decode($val, ENT_QUOTES, 'UTF-8');
}
/**
* Convert a JSON encoded string into an object.
*
* @deprecated 4.4.0:5.0.0 Use json_decode() instead
* @param string $val
* @return object|boolean
*/
public static function json2obj($val)
{
Deprecation::notice('4.4', 'Please use json_decode() instead.');
return json_decode($val);
}
/**
* Convert a JSON string into an array.
*
* @deprecated 4.4.0:5.0.0 Use json_decode() instead
* @param string $val JSON string to convert
* @return array|boolean
*/
public static function json2array($val)
{
Deprecation::notice('4.4', 'Please use json_decode() instead.');
return json_decode($val, true);
}
/**
* Converts an XML string to a PHP array
* See http://phpsecurity.readthedocs.org/en/latest/Injection-Attacks.html#xml-external-entity-injection
*
* @uses recursiveXMLToArray()
* @param string $val
* @param boolean $disableDoctypes Disables the use of DOCTYPE, and will trigger an error if encountered.
* false by default.
* @param boolean $disableExternals Disables the loading of external entities. false by default.
* @return array
* @throws Exception
*/
public static function xml2array($val, $disableDoctypes = false, $disableExternals = false)
{
// Check doctype
if ($disableDoctypes && preg_match('/\<\!DOCTYPE.+]\>/', $val)) {
throw new InvalidArgumentException('XML Doctype parsing disabled');
}
// Disable external entity loading
$oldVal = null;
if ($disableExternals) {
$oldVal = libxml_disable_entity_loader($disableExternals);
}
try {
$xml = new SimpleXMLElement($val);
$result = self::recursiveXMLToArray($xml);
} catch (Exception $ex) {
if ($disableExternals) {
libxml_disable_entity_loader($oldVal);
}
throw $ex;
}
if ($disableExternals) {
libxml_disable_entity_loader($oldVal);
}
return $result;
}
/**
* Convert a XML string to a PHP array recursively. Do not
* call this function directly, Please use {@link Convert::xml2array()}
*
* @param SimpleXMLElement
*
* @return mixed
*/
protected static function recursiveXMLToArray($xml)
{
$x = null;
if ($xml instanceof SimpleXMLElement) {
$attributes = $xml->attributes();
foreach ($attributes as $k => $v) {
if ($v) {
$a[$k] = (string) $v;
}
}
$x = $xml;
$xml = get_object_vars($xml);
}
if (is_array($xml)) {
if (count($xml) === 0) {
return (string)$x;
} // for CDATA
$r = [];
foreach ($xml as $key => $value) {
$r[$key] = self::recursiveXMLToArray($value);
}
// Attributes
if (isset($a)) {
$r['@'] = $a;
}
return $r;
}
return (string) $xml;
}
/**
* Create a link if the string is a valid URL
*
* @param string $string The string to linkify
* @return string A link to the URL if string is a URL
*/
public static function linkIfMatch($string)
{
if (preg_match('/^[a-z+]+\:\/\/[a-zA-Z0-9$-_.+?&=!*\'()%]+$/', $string)) {
return "$string";
}
return $string;
}
/**
* Simple conversion of HTML to plaintext.
*
* @param string $data Input data
* @param bool $preserveLinks
* @param int $wordWrap
* @param array $config
* @return string
*/
public static function html2raw($data, $preserveLinks = false, $wordWrap = 0, $config = null)
{
$defaultConfig = array(
'PreserveLinks' => false,
'ReplaceBoldAsterisk' => true,
'CompressWhitespace' => true,
'ReplaceImagesWithAlt' => true,
);
if (isset($config)) {
$config = array_merge($defaultConfig, $config);
} else {
$config = $defaultConfig;
}
$data = preg_replace("/