lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Implement the noescapetags into dol_escape_htmltag

Browse Source
This commit is contained in:
Laurent Destailleur 2021-08-21 13:27:25 +02:00
parent 17213ae65d
commit 04a922b5f4
1 changed files with 29 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
htdocs/core/lib/functions.lib.php
View File

@ -1283,19 +1283,18 @@ function dol_escape_json($stringtoescape)
* Returns text escaped for inclusion in HTML alt or title tags, or into values of HTML input fields.
*
* @param string $stringtoescape String to escape
* @param int $keepb 1=Keep b tags and escape them, 0=remove them
* @param int $keepb 1=Keep b tags, 0=remove them completeley
* @param int $keepn 1=Preserve \r\n strings (otherwise, replace them with escaped value). Set to 1 when escaping for a <textarea>.
* @param string $keepmoretags '' or 'common' or list of tags
* @param string $noescapetags '' or 'common' or list of tags to not escape
* @param int $escapeonlyhtmltags 1=Escape only html tags, not the special chars like accents.
* @return string Escaped string
* @see dol_string_nohtmltag(), dol_string_nospecial(), dol_string_unaccent()
*/
function dol_escape_htmltag($stringtoescape, $keepb = 0, $keepn = 0, $keepmoretags = '', $escapeonlyhtmltags = 0)
function dol_escape_htmltag($stringtoescape, $keepb = 0, $keepn = 0, $noescapetags = '', $escapeonlyhtmltags = 0)
{
if ($keepmoretags == 'common') {
$keepmoretags = 'html,body,a,b,em,i,u,ul,li,br,div,img,font,p,span,strong,table,tr,td,th,tbody';
if ($noescapetags == 'common') {
$noescapetags = 'html,body,a,b,em,i,u,ul,li,br,div,img,font,p,span,strong,table,tr,td,th,tbody';
}
// TODO Implement $keepmoretags
// escape quotes and backslashes, newlines, etc.
if ($escapeonlyhtmltags) {
@ -1309,10 +1308,33 @@ function dol_escape_htmltag($stringtoescape, $keepb = 0, $keepn = 0, $keepmoreta
if (!$keepn) {
$tmp = strtr($tmp, array("\r"=>'\\r', "\n"=>'\\n'));
}
if ($escapeonlyhtmltags) {
return htmlspecialchars($tmp, ENT_COMPAT, 'UTF-8');
} else {
return htmlentities($tmp, ENT_COMPAT, 'UTF-8');
// Escape tags to keep
$tmparrayoftags = array();
if ($noescapetags) {
$tmparrayoftags = explode(',', $noescapetags);
}
if (count($tmparrayoftags)) {
foreach ($tmparrayoftags as $tagtoreplace) {
$tmp = str_replace('<'.$tagtoreplace.'>', '__BEGINTAGTOREPLACE'.$tagtoreplace.'__', $tmp);
$tmp = str_replace('</'.$tagtoreplace.'>', '__ENDTAGTOREPLACE'.$tagtoreplace.'__', $tmp);
}
}
$result = htmlentities($tmp, ENT_COMPAT, 'UTF-8');
if (count($tmparrayoftags)) {
foreach ($tmparrayoftags as $tagtoreplace) {
$result = str_replace('__BEGINTAGTOREPLACE'.$tagtoreplace.'__', '<'.$tagtoreplace.'>', $result);
$result = str_replace('__ENDTAGTOREPLACE'.$tagtoreplace.'__', '</'.$tagtoreplace.'>', $result);
}
}
return $result;
}
}