-
Notifications
You must be signed in to change notification settings - Fork 276
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Re-add qlink helper unless we find a better name
* I stumbled over too many places where we didn't care about quoting or escaping output, attributes etc * Helpers help here
- Loading branch information
1 parent
d648bba
commit 65da772
Showing
1 changed file
with
89 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,89 @@ | ||
<?php | ||
|
||
// TODO: Search for the best and safest quoting | ||
// TODO: Check whether attributes are safe. Script, title in combination with | ||
// Hover-Tips etc. Eventually create a whitelist for a few options only. | ||
use Icinga\Web\Url; | ||
|
||
class Zend_View_Helper_Qlink extends Zend_View_Helper_Abstract | ||
{ | ||
|
||
public function qlink($htmlContent, $urlFormat, array $uriParams = array(), | ||
array $properties = array()) | ||
{ | ||
$quote = true; | ||
$attributes = array(); | ||
$baseUrl = null; | ||
foreach ($properties as $key => $val) { | ||
if ($key === 'baseUrl' ) { | ||
// $baseUrl = filter_var($val, FILTER_SANITIZE_URL) . '/'; | ||
$baseUrl = $val; //rawurlencode($val) . '/'; | ||
continue; | ||
} | ||
if ($key === 'quote') { | ||
$quote = $val; | ||
continue; | ||
} | ||
if ($key === 'style' && is_array($val)) { | ||
if (empty($val)) { | ||
continue; | ||
} | ||
$parts = array(); | ||
foreach ($val as $k => $v) { | ||
$parts[] = "$k: $v"; | ||
} | ||
$attributes[] = 'style="' . implode('; ', $parts) . '"'; | ||
continue; | ||
} | ||
$attributes[] = sprintf( | ||
'%s="%s"', | ||
//filter_var($key, FILTER_SANITIZE_URL), | ||
rawurlencode($key), | ||
//filter_var($val, FILTER_SANITIZE_FULL_SPECIAL_CHARS) | ||
rawurlencode($val) | ||
); | ||
|
||
} | ||
if ($urlFormat instanceof Url) { | ||
$url = $urlFormat; | ||
$uriParams = $url->getParams() + $uriParams; | ||
} else { | ||
$url = Url::fromPath($urlFormat); | ||
} | ||
$url->setParams($uriParams)->setBaseUrl($baseUrl); | ||
return sprintf( | ||
'<a href="%s"%s>%s</a>', | ||
// $this->getFormattedUrl($urlFormat, $uriParams, $baseUrl), | ||
$url, | ||
!empty($attributes) ? ' ' . implode(' ', $attributes) : '', | ||
$quote | ||
? filter_var( | ||
$htmlContent, | ||
FILTER_SANITIZE_FULL_SPECIAL_CHARS, | ||
FILTER_FLAG_NO_ENCODE_QUOTES | ||
) | ||
// Alternativ: htmlentities($htmlContent) | ||
: $htmlContent | ||
); | ||
} | ||
/* | ||
public function getFormattedUrl($urlFormat, $uriParams, $baseUrl = null) | ||
{ | ||
$params = $args = array(); | ||
foreach ($uriParams as $name => $value) { | ||
if (is_int($name)) { | ||
$params[] = rawurlencode($value); | ||
} else { | ||
$args[] = rawurlencode($name) . '=' . rawurlencode($value); | ||
} | ||
} | ||
$url = $urlFormat; | ||
$url = vsprintf($url, $params); | ||
if (! empty($args)) { | ||
$url .= '?' . implode('&', $args); | ||
} | ||
return is_null($baseUrl) ? $this->view->baseUrl($url) : $baseUrl.$url; | ||
} | ||
*/ | ||
} | ||
|