diff options
| author | Urban Müller | 2024-02-16 16:00:45 +0100 |
|---|---|---|
| committer | Urban Müller | 2024-02-16 16:00:45 +0100 |
| commit | 19a29ba848ac66fedbbb7059df09f93675e48a26 (patch) | |
| tree | ca69bfe2e3e1548e28b96ef5abed86ecfa687175 | |
| parent | 9fd68c13a7cbd26c3eacbba42d7e5418d88ff40a (diff) | |
| download | itools-19a29ba848ac66fedbbb7059df09f93675e48a26.tar.gz itools-19a29ba848ac66fedbbb7059df09f93675e48a26.tar.bz2 itools-19a29ba848ac66fedbbb7059df09f93675e48a26.zip | |
with EDC(text), no need to mark using html the values in T(), they are guaranteed safe. fixes validation when values inserted into non-html places like href=
| -rw-r--r-- | auto_prepend.php | 2 | ||||
| -rw-r--r-- | it_text.class | 10 |
2 files changed, 7 insertions, 5 deletions
diff --git a/auto_prepend.php b/auto_prepend.php index d961a7b..2becb66 100644 --- a/auto_prepend.php +++ b/auto_prepend.php @@ -74,7 +74,7 @@ function T($label, $language = null, $values = null) if (is_array($language)) # Need to swap params? list($language, $values) = array($values, $language); - return $GLOBALS['it_text']->etext($label, array_map(array("it_html", "Q"), (array)$values), $language); + return $GLOBALS['it_text']->etext($label, array_map(array("it_html", "Q"), (array)$values), $language, false); } /** diff --git a/it_text.class b/it_text.class index 04291df..e08fff0 100644 --- a/it_text.class +++ b/it_text.class @@ -162,9 +162,9 @@ function text($label, $language = null) /** * INTERNAL function for ET(): Return translated text with values replaced */ -function etext($label, $values = null, $language = null) +function etext($label, $values = null, $language = null, $allowmarking = true) { - return self::transmogrify($this->text($label, $language), $values, $label, $this->allowedfuncs); + return self::transmogrify($this->text($label, $language), $values, $label, $this->allowedfuncs, $allowmarking); } @@ -223,8 +223,10 @@ function set($label, $text = null, $language = null) * Replaces variables of the form {obj.var} with value from $values, e.g. {user.name}, or result of a func, e.g. {LU(//www/terms)} * NOTE: Invalid object names or non-existing variables are simply deleted. */ -static function transmogrify($text, $values = null, $label = null, $allowedfuncs = null) +static function transmogrify($text, $values = null, $label = null, $allowedfuncs = null, $allowmarking = true) { +# EDC('u', $allowmarking, $text); + foreach (preg_split('#{([^}]*)}#', $text, -1, PREG_SPLIT_DELIM_CAPTURE) as $i => $part) { if ($i % 2) # odd offsets are delimiters, i.e. braces to be replaced @@ -242,7 +244,7 @@ static function transmogrify($text, $values = null, $label = null, $allowedfuncs else $value = (list($func, $arg) = it::match('^([\w:]+)\((.*)\)$', $part)) && isset($allowedfuncs[$func]) ? $func($arg) : "{" . $part . "}"; - $result .= $GLOBALS['debug_texts'] ? "</span>$value<span style='background:#8F8'>" : $value; + $result .= $GLOBALS['debug_texts'] && $allowmarking ? "</span>$value<span style='background:#8F8'>" : $value; } else $result .= $part; |