Permalink
Browse files

Auto escaping

  • Loading branch information...
1 parent c9af1d7 commit 520ba9f6b1b3e1428ba230a4d6041bc470c73eb0 @k1LoW k1LoW committed Jan 21, 2011
Showing with 46 additions and 13 deletions.
  1. +0 −4 README.md
  2. +46 −9 controllers/components/escape.php
View
@@ -9,10 +9,6 @@ Second, add the following code in app_controller.php
<?php
class AppController extends Controller {
var $components = array('Escape.Escape');
-
- public function beforeRender() {
- $this->Escape->automate(); // escape all valiables
- }
}
## raw() ##
@@ -25,13 +25,13 @@ function raw($text, $charset = null) {
}
}
- /**
- * EscapeComponent code license:
- *
- * @copyright Copyright (C) 2011 by 101000code/101000LAB
- * @since CakePHP(tm) v 1.3
- * @license http://www.opensource.org/licenses/mit-license.php The MIT License
- */
+/**
+ * EscapeComponent code license:
+ *
+ * @copyright Copyright (C) 2011 by 101000code/101000LAB
+ * @since CakePHP(tm) v 1.3
+ * @license http://www.opensource.org/licenses/mit-license.php The MIT License
+ */
class EscapeComponent extends Object {
/**
@@ -44,14 +44,51 @@ function initialize(&$controller, $settings) {
}
/**
+ * beforeRender
+ *
+ * @return
+ */
+ function beforeRender(&$controller) {
+ $this->automate();
+ }
+
+ /**
* automate
* wrap value through h()
*
* @return
*/
function automate(){
- $this->controller->viewVars = h($this->controller->viewVars);
- $this->controller->data = h($this->controller->data);
+ $this->controller->viewVars = $this->_h($this->controller->viewVars);
+ $this->controller->data = $this->_h($this->controller->data);
+ }
+
+ /**
+ * _h
+ *
+ * @param string $text Text to escape
+ * @param string $charset Character set to use when escape. Defaults to config value in 'App.encoding' or 'UTF-8'
+ * @return string decoded text
+ */
+ function _h($text, $charset = null) {
+ if (is_array($text)) {
+ return array_map(array($this, '_h'), $text);
+ }
+ static $defaultCharset = false;
+ if ($defaultCharset === false) {
+ $defaultCharset = Configure::read('App.encoding');
+ if ($defaultCharset === null) {
+ $defaultCharset = 'UTF-8';
+ }
+ }
+ if (is_object($text)) {
+ return $text;
+ }
+ if ($charset) {
+ return htmlspecialchars($text, ENT_QUOTES, $charset);
+ } else {
+ return htmlspecialchars($text, ENT_QUOTES, $defaultCharset);
+ }
}
}

0 comments on commit 520ba9f

Please sign in to comment.