From: Fabien Potencier Date: Thu, 22 Sep 2011 19:57:09 +0000 (+0200) Subject: added the possibility to force the escaping of a string already marked as safe X-Git-Url: http://git.silmor.de/gitweb/?a=commitdiff_plain;h=46080c90ea9f06e21ceb88b4d1b62d22374e32af;p=web%2Fkonrad%2Ftwig.git added the possibility to force the escaping of a string already marked as safe --- diff --git a/CHANGELOG b/CHANGELOG index 963698a..2d3a209 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,5 +1,6 @@ * 1.3.0 + * added the possibility to force the escaping of a string already marked as safe (instance of Twig_Markup) * allowed empty templates to be used as traits * added traits support for the "parent" function diff --git a/lib/Twig/Extension/Core.php b/lib/Twig/Extension/Core.php index a415324..8265394 100644 --- a/lib/Twig/Extension/Core.php +++ b/lib/Twig/Extension/Core.php @@ -470,14 +470,15 @@ function twig_strtr($pattern, $replacements) /** * Escapes a string. * - * @param Twig_Environment $env A Twig_Environment instance - * @param string $string The value to be escaped - * @param string $type The escaping strategy - * @param string $charset The charset + * @param Twig_Environment $env A Twig_Environment instance + * @param string $string The value to be escaped + * @param string $type The escaping strategy + * @param string $charset The charset + * @param Boolean $autoescape Whether the function is called by the auto-escaping feature (true) or by the developer (false) */ -function twig_escape_filter(Twig_Environment $env, $string, $type = 'html', $charset = null) +function twig_escape_filter(Twig_Environment $env, $string, $type = 'html', $charset = null, $autoescape = false) { - if (is_object($string) && $string instanceof Twig_Markup) { + if ($autoescape && is_object($string) && $string instanceof Twig_Markup) { return $string; } diff --git a/lib/Twig/NodeVisitor/Escaper.php b/lib/Twig/NodeVisitor/Escaper.php index 049ce96..d848f80 100644 --- a/lib/Twig/NodeVisitor/Escaper.php +++ b/lib/Twig/NodeVisitor/Escaper.php @@ -147,7 +147,7 @@ class Twig_NodeVisitor_Escaper implements Twig_NodeVisitorInterface { $line = $node->getLine(); $name = new Twig_Node_Expression_Constant('escape', $line); - $args = new Twig_Node(array(new Twig_Node_Expression_Constant((string) $type, $line))); + $args = new Twig_Node(array(new Twig_Node_Expression_Constant((string) $type, $line), new Twig_Node_Expression_Constant(null, $line), new Twig_Node_Expression_Constant(true, $line))); return new Twig_Node_Expression_Filter($node, $name, $args, $line); } diff --git a/test/Twig/Tests/Fixtures/filters/force_escape.test b/test/Twig/Tests/Fixtures/filters/force_escape.test new file mode 100644 index 0000000..3690e71 --- /dev/null +++ b/test/Twig/Tests/Fixtures/filters/force_escape.test @@ -0,0 +1,18 @@ +--TEST-- +"escape" filter +--TEMPLATE-- +{% set foo %} + foo
+{% endset %} + +{{ foo|e('html') -}} +{{ foo|e('js') }} +{% autoescape true %} + {{ foo }} +{% endautoescape %} +--DATA-- +return array() +--EXPECT-- + foo<br /> + foo\x3cbr \x2f\x3e\x0a + foo