Skip to content

Commit

Permalink
[phalcon#16108] - changed attributes to expect an array also
Browse files Browse the repository at this point in the history
  • Loading branch information
@niden
niden committed Sep 20, 2022
1 parent 8f4a158 commit 2cf9d85
Show file tree
Hide file tree
Showing 2 changed files with 74 additions and 17 deletions.
70 changes: 61 additions & 9 deletions phalcon/Html/Escaper.zep
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,20 +49,55 @@ class Escaper implements EscaperInterface
protected flags = 11;

/**
* Escapes a HTML attribute string
* Escapes a HTML attribute string or array
*
* @param string $input
* If the input is an array, the keys are the attribute names and the
* values are attribute values. If a value is boolean (true/false) then
* the attribute will have no value:
* `['disabled' => true]` -> `'disabled``
*
* The resulting string will have attribute pairs separated by a space.
*
* @param array|string $input
*
* @return string
*/
public function attributes(string input) -> string
public function attributes(var input) -> string
{
return htmlspecialchars(
input,
ENT_QUOTES,
this->encoding,
this->doubleEncode
);
var key, result, value;

if (typeof input !== "string" && typeof input !== "array") {
throw new Exception("Input must be an array or a string");
}

if (typeof input === "string") {
return this->phpHtmlSpecialChars(input);
}

let result = "";
for key, value in input {
if (null === value || false === value) {
continue;
}

let key = trim(key);

if (typeof value === "array") {
let value = implode(" ", value);
}

let result .= this->phpHtmlSpecialChars(key);

if (true !== value) {
let result .= "=\""
. this->phpHtmlSpecialChars(value)
. "\"";
}

let result .= " ";
}

return rtrim(result);
}

/**
Expand Down Expand Up @@ -342,6 +377,23 @@ class Escaper implements EscaperInterface
return rawurlencode(input);
}

/**
* Proxy method for testing
*
* @param string $input
*
* @return string
*/
protected function phpHtmlSpecialChars(string input) -> string
{
return htmlspecialchars(
input,
ENT_QUOTES,
this->encoding,
this->doubleEncode
);
}

/**
* @param string $input
*
Expand Down
21 changes: 13 additions & 8 deletions tests/unit/Html/Escaper/AttributesCest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@
class AttributesCest
{
/**
* Tests Phalcon\Escaper :: escapeHtmlAttr()
* Tests Phalcon\Escaper :: attributes()
*
* @dataProvider escaperEscapeHtmlAttrProvider
*
Expand All @@ -44,14 +44,11 @@ public function escaperAttributes(UnitTester $I, Example $example)
$text = $example['text'];
$flags = $example['htmlQuoteType'];

$escaper->setHtmlQuoteType($flags);
$escaper->setFlags($flags);

$expected = $example['expected'];
$actual = $escaper->attributes($text);
$I->assertSame($expected, $actual);

$actual = $escaper->escapeHtmlAttr($text);
$I->assertSame($expected, $actual);
}

/**
Expand All @@ -65,24 +62,32 @@ private function escaperEscapeHtmlAttrProvider(): array
'expected' => 'That's right',
'text' => "That's right",
],

[
'htmlQuoteType' => ENT_XML1,
'expected' => 'That's right',
'text' => "That's right",
],

[
'htmlQuoteType' => ENT_XHTML,
'expected' => 'That's right',
'text' => "That's right",
],

[
'htmlQuoteType' => ENT_HTML5,
'expected' => 'That's right',
'text' => "That's right",
],
[
'htmlQuoteType' => ENT_HTML5,
'expected' => 'text="Ferrari Ford Dodge"',
'text' => [
'text' => [
'Ferrari',
'Ford',
'Dodge',
],
],
],
];
}
}

0 comments on commit 2cf9d85

Please sign in to comment.