From 46080c90ea9f06e21ceb88b4d1b62d22374e32af Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Thu, 22 Sep 2011 21:57:09 +0200 Subject: [PATCH] added the possibility to force the escaping of a string already marked as safe --- CHANGELOG | 1 + lib/Twig/Extension/Core.php | 13 +++++++------ lib/Twig/NodeVisitor/Escaper.php | 2 +- test/Twig/Tests/Fixtures/filters/force_escape.test | 18 ++++++++++++++++++ 4 files changed, 27 insertions(+), 7 deletions(-) create mode 100644 test/Twig/Tests/Fixtures/filters/force_escape.test diff --git a/CHANGELOG b/CHANGELOG index 963698a..2d3a209 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,5 +1,6 @@ * 1.3.0 + * added the possibility to force the escaping of a string already marked as safe (instance of Twig_Markup) * allowed empty templates to be used as traits * added traits support for the "parent" function diff --git a/lib/Twig/Extension/Core.php b/lib/Twig/Extension/Core.php index a415324..8265394 100644 --- a/lib/Twig/Extension/Core.php +++ b/lib/Twig/Extension/Core.php @@ -470,14 +470,15 @@ function twig_strtr($pattern, $replacements) /** * Escapes a string. * - * @param Twig_Environment $env A Twig_Environment instance - * @param string $string The value to be escaped - * @param string $type The escaping strategy - * @param string $charset The charset + * @param Twig_Environment $env A Twig_Environment instance + * @param string $string The value to be escaped + * @param string $type The escaping strategy + * @param string $charset The charset + * @param Boolean $autoescape Whether the function is called by the auto-escaping feature (true) or by the developer (false) */ -function twig_escape_filter(Twig_Environment $env, $string, $type = 'html', $charset = null) +function twig_escape_filter(Twig_Environment $env, $string, $type = 'html', $charset = null, $autoescape = false) { - if (is_object($string) && $string instanceof Twig_Markup) { + if ($autoescape && is_object($string) && $string instanceof Twig_Markup) { return $string; } diff --git a/lib/Twig/NodeVisitor/Escaper.php b/lib/Twig/NodeVisitor/Escaper.php index 049ce96..d848f80 100644 --- a/lib/Twig/NodeVisitor/Escaper.php +++ b/lib/Twig/NodeVisitor/Escaper.php @@ -147,7 +147,7 @@ class Twig_NodeVisitor_Escaper implements Twig_NodeVisitorInterface { $line = $node->getLine(); $name = new Twig_Node_Expression_Constant('escape', $line); - $args = new Twig_Node(array(new Twig_Node_Expression_Constant((string) $type, $line))); + $args = new Twig_Node(array(new Twig_Node_Expression_Constant((string) $type, $line), new Twig_Node_Expression_Constant(null, $line), new Twig_Node_Expression_Constant(true, $line))); return new Twig_Node_Expression_Filter($node, $name, $args, $line); } diff --git a/test/Twig/Tests/Fixtures/filters/force_escape.test b/test/Twig/Tests/Fixtures/filters/force_escape.test new file mode 100644 index 0000000..3690e71 --- /dev/null +++ b/test/Twig/Tests/Fixtures/filters/force_escape.test @@ -0,0 +1,18 @@ +--TEST-- +"escape" filter +--TEMPLATE-- +{% set foo %} + foo
+{% endset %} + +{{ foo|e('html') -}} +{{ foo|e('js') }} +{% autoescape true %} + {{ foo }} +{% endautoescape %} +--DATA-- +return array() +--EXPECT-- + foo<br /> + foo\x3cbr \x2f\x3e\x0a + foo
-- 1.7.2.5