Skip to:
Content

bbPress.org

Changeset 1890


Ignore:
Timestamp:
12/31/2008 11:02:40 AM (17 years ago)
Author:
sambauers
Message:

Validate UTF8 via wp_check_invalid_utf8() when running attribute_escape(), introduce wp_entities()

Location:
branches/0.9/bb-includes
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • branches/0.9/bb-includes/compat.php

    r1078 r1890  
    2828}
    2929endif;
     30
     31if ( !function_exists( 'htmlspecialchars_decode' ) ) {
     32    // Added in PHP 5.1.0
     33    // from php.net (modified by Sam Bauers to deal with some quirks in HTML_SPECIALCHARS constant)
     34    function htmlspecialchars_decode( $str, $quote_style = ENT_COMPAT ) {
     35        $table = array_flip( get_html_translation_table( HTML_SPECIALCHARS, $quote_style ) );
     36        $table = array_merge( array( ''' => "'" ), $table, array( '&' => "&", '&' => "&" ) );
     37        return strtr( $str, $table );
     38    }
     39}
    3040?>

  • branches/0.9/bb-includes/wp-functions.php

    r1078 r1890  
    7676endif;
    7777
     78if ( !function_exists( 'wp_entities' ) ) :
     79/**
     80 * Converts all special characters into their HTML entities.
     81 *
     82 * $quote_style can be set to ENT_COMPAT to encode " to
     83 * ", or ENT_QUOTES to do both. Default is ENT_NOQUOTES where no quotes are encoded.
     84 *
     85 * @since 2.8
     86 *
     87 * @param string $string The text which is to be encoded.
     88 * @param mixed $quote_style Optional. Converts double quotes if set to ENT_COMPAT, both single and double if set to ENT_QUOTES or none if set to ENT_NOQUOTES. Default is ENT_NOQUOTES.
     89 * @param string $charset Optional. The character encoding of the string. Default is false.
     90 * @param boolean $double_encode Optional. Whether or not to encode existing html entities. Default is false.
     91 * @return string The encoded text with HTML entities.
     92 */
     93function wp_entities( $string, $quote_style = ENT_NOQUOTES, $charset = false, $double_encode = false )
     94{
     95    if ( 0 === strlen( $string ) ) {
     96        return '';
     97    }
     98
     99    if ( !$charset ) {
     100        $charset = bb_get_option( 'charset' );
     101    }
     102    if ( in_array( $charset, array( 'utf8', 'utf-8', 'UTF8' ) ) ) {
     103        $charset = 'UTF-8';
     104    }
     105
     106    if ( version_compare( PHP_VERSION, '5.2.3', '>=' ) ) {
     107        $string = htmlentities( $string, $quote_style, $charset, $double_encode );
     108    } else {
     109        // Handle double encoding for PHP versions that don't support it in htmlentities()
     110        if ( !$double_encode ) {
     111            // Multi-byte charsets are not supported below PHP 5.0.0
     112            // 'cp866', 'cp1251', 'KOI8-R' charsets are not supported below PHP 4.3.2
     113            $string = html_entity_decode( $string, $quote_style, $charset );
     114        }
     115        // 'cp866', 'cp1251', 'KOI8-R' charsets are not supported below PHP 4.3.2
     116        $string = htmlentities( $string, $quote_style, $charset );
     117    }
     118
     119    return $string;
     120}
     121endif;
     122
     123if ( !function_exists( 'wp_check_invalid_utf8' ) ) :
     124/**
     125 * Checks for invalid UTF8 in a string.
     126 *
     127 * @since 2.8
     128 *
     129 * @param string $string The text which is to be checked.
     130 * @param boolean $strip Optional. Whether to attempt to strip out invalid UTF8. Default is false.
     131 * @return string The checked text.
     132 */
     133function wp_check_invalid_utf8( $string, $strip = false )
     134{
     135    if ( 0 === strlen( $string ) ) {
     136        return '';
     137    }
     138
     139    if ( !in_array( bb_get_option( 'charset' ), array( 'utf8', 'utf-8', 'UTF8', 'UTF-8' ) ) ) {
     140        return $string;
     141    }
     142
     143    // preg_match fails when it encounters invalid UTF8 in $str
     144    if ( 1 === @preg_match( '@^.@us', $string ) ) {
     145        return $string;
     146    }
     147
     148    if ( $strip && function_exists( 'iconv' ) ) {
     149        return iconv( 'utf-8', 'utf-8', $string );
     150    } else {
     151        return '';
     152    }
     153}
     154endif;
     155
    78156if ( !function_exists('utf8_uri_encode') ) : // [WP6314]
    79157function utf8_uri_encode( $utf8_string, $length = 0 ) {
     
    147225// Escaping for HTML attributes
    148226if ( !function_exists('attribute_escape') ) :
    149 function attribute_escape($text) { // [WP4660]
    150     $safe_text = wp_specialchars($text, true);
     227function attribute_escape($text) { // Not like WordPress - uses wp_check_invalid_utf8() and wp_entities()
     228    $safe_text = wp_check_invalid_utf8( $text );
     229    $safe_text = wp_entities( $safe_text, ENT_QUOTES );
    151230    return apply_filters('attribute_escape', $safe_text, $text);
    152231}
Note: See TracChangeset for help on using the changeset viewer.