added better support for encoding problems when escaping a string (available as of...

From the PHP CHANGELOG:

The flag ENT_SUBSTITUTE makes invalid multibyte sequences be replaced by
U+FFFD (UTF-8) or &#FFFD; by htmlspecialchars and htmlentities. It is an
alternative to the default behavior, which just returns an empty string and to
ENT_IGNORE, which is a security risk. The behavior follows the recommendations
of Unicode Technical Report #36.

diff --git a/CHANGELOG b/CHANGELOG
index 1162cfa..829d765 100644 (file)
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,5 +1,6 @@
 * 1.2.0
 
+ * added better support for encoding problems when escaping a string (available as of PHP 5.4)
  * added a way to ignore a missing template when using the "include" tag ({% include "foo" ignore missing %})
  * added support for an array of templates to the "include" and "extends" tags ({% include ['foo', 'bar'] %})
  * added support for bitwise operators in expressions

diff --git a/lib/Twig/Extension/Core.php b/lib/Twig/Extension/Core.php
index e5ec316..f41e860 100644 (file)
--- a/lib/Twig/Extension/Core.php
+++ b/lib/Twig/Extension/Core.php
@@ -1,5 +1,9 @@
 <?php
 
+if (!defined('ENT_SUBSTITUTE')) {
+    define('ENT_SUBSTITUTE', 8);
+}
+
 /*
  * This file is part of Twig.
  *
@@ -504,7 +508,7 @@ function twig_escape_filter(Twig_Environment $env, $string, $type = 'html', $cha
             return $string;
 
         case 'html':
-            return htmlspecialchars($string, ENT_QUOTES, $charset);
+            return htmlspecialchars($string, ENT_QUOTES | ENT_SUBSTITUTE, $charset);
 
         default:
             throw new Twig_Error_Runtime(sprintf('Invalid escape type "%s".', $type));