本文整理匯總了PHP中Sanitizer::safeEncodeAttribute方法的典型用法代碼示例。如果您正苦於以下問題:PHP Sanitizer::safeEncodeAttribute方法的具體用法?PHP Sanitizer::safeEncodeAttribute怎麽用?PHP Sanitizer::safeEncodeAttribute使用的例子?那麽, 這裏精選的方法代碼示例或許可以為您提供幫助。您也可以進一步了解該方法所在類Sanitizer
的用法示例。
在下文中一共展示了Sanitizer::safeEncodeAttribute方法的6個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的PHP代碼示例。
示例1: safeEncodeTagAttributes
/**
* Build a partial tag string from an associative array of attribute
* names and values as returned by decodeTagAttributes.
*
* @param array $assoc_array
* @return string
*/
public static function safeEncodeTagAttributes($assoc_array)
{
$attribs = array();
foreach ($assoc_array as $attribute => $value) {
$encAttribute = htmlspecialchars($attribute);
$encValue = Sanitizer::safeEncodeAttribute($value);
$attribs[] = "{$encAttribute}=\"{$encValue}\"";
}
return count($attribs) ? ' ' . implode(' ', $attribs) : '';
}
示例2: fixTagAttributes
/**
* Take a tag soup fragment listing an HTML element's attributes
* and normalize it to well-formed XML, discarding unwanted attributes.
* Output is safe for further wikitext processing, with escaping of
* values that could trigger problems.
*
* - Normalizes attribute names to lowercase
* - Discards attributes not on a whitelist for the given element
* - Turns broken or invalid entities into plaintext
* - Double-quotes all attribute values
* - Attributes without values are given the name as attribute
* - Double attributes are discarded
* - Unsafe style attributes are discarded
* - Prepends space if there are attributes.
*
* @param $text String
* @param $element String
* @return String
*/
static function fixTagAttributes($text, $element)
{
if (trim($text) == '') {
return '';
}
$stripped = Sanitizer::validateTagAttributes(Sanitizer::decodeTagAttributes($text), $element);
$attribs = array();
foreach ($stripped as $attribute => $value) {
$encAttribute = htmlspecialchars($attribute);
$encValue = Sanitizer::safeEncodeAttribute($value);
$attribs[] = "{$encAttribute}=\"{$encValue}\"";
}
return count($attribs) ? ' ' . implode(' ', $attribs) : '';
}
示例3: fixTagAttributes
/**
* Take a tag soup fragment listing an HTML element's attributes
* and normalize it to well-formed XML, discarding unwanted attributes.
* Output is safe for further wikitext processing, with escaping of
* values that could trigger problems.
*
* - Normalizes attribute names to lowercase
* - Discards attributes not on a whitelist for the given element
* - Turns broken or invalid entities into plaintext
* - Double-quotes all attribute values
* - Attributes without values are given the name as attribute
* - Double attributes are discarded
* - Unsafe style attributes are discarded
* - Prepends space if there are attributes.
*
* @param $text String
* @param $element String
* @return String
*/
static function fixTagAttributes($text, $element)
{
if (trim($text) == '') {
return '';
}
$decoded = Sanitizer::decodeTagAttributes($text);
$decoded = Sanitizer::fixDeprecatedAttributes($decoded, $element);
$stripped = Sanitizer::validateTagAttributes($decoded, $element);
$attribs = array();
foreach ($stripped as $attribute => $value) {
$encAttribute = htmlspecialchars($attribute);
$encValue = Sanitizer::safeEncodeAttribute($value);
# RTE (Rich Text Editor) - begin
# @author: Inez Korczyński, macbre
global $wgRTEParserEnabled;
if (!empty($wgRTEParserEnabled) && $encAttribute == 'style') {
// BugId:2462 - remove apostrophes from style attribute
$encValue = str_replace(''', '', $encValue);
$attribs[] = "data-rte-style=\"{$encValue}\"";
}
# RTE - end
$attribs[] = "{$encAttribute}=\"{$encValue}\"";
}
# RTE (Rich Text Editor) - begin
# @author: Inez Korczyński
global $wgRTEParserEnabled;
if (!empty($wgRTEParserEnabled)) {
if (strpos($text, "") !== false) {
RTE::$edgeCases[] = 'COMPLEX.08';
}
$attribs[] = RTEParser::encodeAttributesStr($text);
}
# RTE - end
return count($attribs) ? ' ' . implode(' ', $attribs) : '';
}
示例4: formHTML
//.........這裏部分代碼省略.........
$free_text = trim( $existing_page_content );
// or get it from a form submission
} elseif ( $wgRequest->getCheck( 'free_text' ) ) {
$free_text = $wgRequest->getVal( 'free_text' );
if ( ! $free_text_was_included ) {
$data_text .= "!free_text!";
}
// or get it from the form definition
} elseif ( $free_text_preload_page != null ) {
$free_text = SFFormUtils::getPreloadedText( $free_text_preload_page );
} else {
$free_text = null;
}
if ( $onlyinclude_free_text ) {
// modify free text and data text to insert <onlyinclude> tags
$free_text = str_replace( "<onlyinclude>", '', $free_text );
$free_text = str_replace( "</onlyinclude>", '', $free_text );
$free_text = trim( $free_text );
$data_text = str_replace( '!free_text!', '<onlyinclude>!free_text!</onlyinclude>', $data_text );
}
wfRunHooks( 'sfModifyFreeTextField', array( &$free_text, $existing_page_content ) );
// if the FCKeditor extension is installed, use that for the free text input
global $wgFCKEditorDir;
if ( $wgFCKEditorDir && strpos( $existing_page_content, '__NORICHEDITOR__' ) === false ) {
$showFCKEditor = SFFormUtils::getShowFCKEditor();
if ( !$form_submitted && ( $showFCKEditor & RTE_VISIBLE ) ) {
$free_text = SFFormUtils::prepareTextForFCK( $free_text );
}
} else {
$showFCKEditor = 0;
}
// now that we have it, substitute free text into the form and page
$escaped_free_text = Sanitizer::safeEncodeAttribute( $free_text );
$form_text = str_replace( '!free_text!', $escaped_free_text, $form_text );
$data_text = str_replace( '!free_text!', $free_text, $data_text );
// Add a warning in, if we're editing an existing page and that
// page appears to not have been created with this form.
if ( !$is_query && $this->mPageTitle->exists() && ( $existing_page_content !== '' ) && ! $source_page_matches_this_form ) {
$form_text = "\t" . '<div class="warningbox">' . wfMsg( 'sf_formedit_formwarning', $this->mPageTitle->getFullURL() ) . "</div>\n<br clear=\"both\" />\n" . $form_text;
}
// add form bottom, if no custom "standard inputs" have been defined
if ( !$this->standardInputsIncluded ) {
if ( $is_query )
$form_text .= SFFormUtils::queryFormBottom( $form_is_disabled );
else
$form_text .= SFFormUtils::formBottom( $form_is_disabled );
}
$page_article = new Article( $this->mPageTitle, 0 );
if ( !$is_query ) {
$form_text .= SFFormUtils::hiddenFieldHTML( 'wpStarttime', wfTimestampNow() );
$form_text .= SFFormUtils::hiddenFieldHTML( 'wpEdittime', $page_article->getTimestamp() );
}
$form_text .= "\t</form>\n";
// Add general Javascript code.
wfRunHooks( 'sfAddJavascriptToForm', array( &$javascript_text ) );
// @TODO The FCKeditor Javascript should be handled within
// the FCKeditor extension itself, using the hook.
$javascript_text = "";
示例5: formHTML
//.........這裏部分代碼省略.........
}
// If it wasn't included in the form definition, add the
// 'free text' input as a hidden field at the bottom.
if (!$free_text_was_included) {
$form_text .= Html::hidden('sf_free_text', '!free_text!');
}
// Get free text, and add to page data, as well as retroactively
// inserting it into the form.
// If $form_is_partial is true then either:
// (a) we're processing a replacement (param 'partial' == 1)
// (b) we're sending out something to be replaced (param 'partial' is missing)
if ($form_is_partial) {
if (!$wgRequest->getCheck('partial')) {
$free_text = $original_page_content;
} else {
$free_text = null;
$existing_page_content = preg_replace(array('/�\\{/m', '/\\}�/m'), array('{{', '}}'), $existing_page_content);
$existing_page_content = str_replace('{{{insertionpoint}}}', '', $existing_page_content);
}
$form_text .= Html::hidden('partial', 1);
} elseif ($source_is_page) {
// If the page is the source, free_text will just be
// whatever in the page hasn't already been inserted
// into the form.
$free_text = trim($existing_page_content);
// or get it from a form submission
} elseif ($wgRequest->getCheck('sf_free_text')) {
$free_text = $wgRequest->getVal('sf_free_text');
if (!$free_text_was_included) {
$wiki_page->addFreeTextSection();
}
} else {
$free_text = null;
}
if ($wiki_page->freeTextOnlyInclude()) {
$free_text = str_replace("<onlyinclude>", '', $free_text);
$free_text = str_replace("</onlyinclude>", '', $free_text);
$free_text = trim($free_text);
}
$page_text = '';
// The first hook here is deprecated. Use the second.
// Note: Hooks::run can take a third argument which indicates
// a deprecated hook, but it expects a MediaWiki version, not
// an extension version.
Hooks::run('sfModifyFreeTextField', array(&$free_text, $existing_page_content));
Hooks::run('sfBeforeFreeTextSubstitution', array(&$free_text, $existing_page_content, &$page_text));
// Now that we have it, add free text to the page, and
// substitute it into the form.
if ($form_submitted) {
$wiki_page->setFreeText($free_text);
$page_text = $wiki_page->createPageText();
}
$escaped_free_text = Sanitizer::safeEncodeAttribute($free_text);
$form_text = str_replace('!free_text!', $escaped_free_text, $form_text);
// Add a warning in, if we're editing an existing page and that
// page appears to not have been created with this form.
if (!$is_query && is_null($page_name_formula) && $this->mPageTitle->exists() && $existing_page_content !== '' && !$source_page_matches_this_form) {
$form_text = "\t" . '<div class="warningbox">' . wfMessage('sf_formedit_formwarning', $this->mPageTitle->getFullURL())->text() . "</div>\n<br clear=\"both\" />\n" . $form_text;
}
// Add form bottom, if no custom "standard inputs" have been defined.
if (!$this->standardInputsIncluded) {
if ($is_query) {
$form_text .= SFFormUtils::queryFormBottom($form_is_disabled);
} else {
$form_text .= SFFormUtils::formBottom($form_submitted, $form_is_disabled);
}
}
if (!$is_query) {
$form_text .= Html::hidden('wpStarttime', wfTimestampNow());
$article = new Article($this->mPageTitle, 0);
$form_text .= Html::hidden('wpEdittime', $article->getTimestamp());
$form_text .= Html::hidden('wpEditToken', $wgUser->getEditToken());
}
$form_text .= "\t</form>\n";
$wgParser->replaceLinkHolders($form_text);
Hooks::run('sfRenderingEnd', array(&$form_text));
// Add general Javascript code.
$javascript_text = "";
Hooks::run('sfAddJavascriptToForm', array(&$javascript_text));
// Send the autocomplete values to the browser, along with the
// mappings of which values should apply to which fields.
// If doing a replace, the page text is actually the modified
// original page.
if ($wgRequest->getCheck('partial')) {
$page_text = $existing_page_content;
}
if (!$is_embedded) {
$form_page_title = $wgParser->recursiveTagParse(str_replace("{{!}}", "|", $form_page_title));
} else {
$form_page_title = null;
}
// If the form has already been submitted, i.e. this is just
// the redirect page, get rid of all the Javascript, to avoid
// JS errors.
if ($form_submitted) {
$javascript_text = '';
}
// $wgParser = $oldParser;
return array($form_text, $javascript_text, $page_text, $form_page_title, $generated_page_name);
}
示例6: formSerialize
//.........這裏部分代碼省略.........
$cur_value_in_template .= " {$hour}:{$minute}:{$second}";
} else {
$ampm = date("A", $cur_time);
$cur_value_in_template .= " {$hour}:{$minute}:{$second} {$ampm}";
}
}
if ($input_type == 'datetime with timezone') {
$timezone = date("T", $cur_time);
$cur_value_in_template .= " {$timezone}";
}
}
}
// if the field is a text field, and its default value was set
// to 'current user', and it has no current value, set $cur_value
// to be the current user
if ($default_value == 'current user' && ($cur_value == '' || $cur_value == 'current user')) {
if ($input_type == 'text' || $input_type == '') {
$cur_value_in_template = $wgUser->getName();
$cur_value = $cur_value_in_template;
}
}
# field + field value
$form_field->cur_value = $cur_value;
# possible_values hack
$__tmpValues = $form_field->template_field->possible_values;
$form_field->template_field->possible_values = array();
if ($__tmpValues != NULL) {
foreach ($__tmpValues as $key => $value) {
$form_field->template_field->possible_values["value" . $key] = $value;
}
}
$field["field" . count($field)] = $this->toArrayForSerialize($form_field);
$new_text = "dummy";
// set only in order to break
if ($new_text) {
$section = substr_replace($section, $new_text, $brackets_loc, $brackets_end_loc + 3 - $brackets_loc);
} else {
$start_position = $brackets_end_loc;
}
}
} else {
// tag is not one of the three allowed values
// ignore tag
$start_position = $brackets_end_loc;
}
// end if
}
// end while
}
// end for
// get free text, and add to page data, as well as retroactively
// inserting it into the form
// If $form_is_partial is true then either:
// (a) we're processing a replacement (param 'partial' == 1)
// (b) we're sending out something to be replaced (param 'partial' is missing)
if ($form_is_partial) {
if (!$wgRequest->getCheck('partial')) {
$free_text = $original_page_content;
$form_text .= SFFormUtils::hiddenFieldHTML('partial', 1);
} else {
$free_text = null;
$existing_page_content = preg_replace('/²\\{(.*?)\\}²/s', '{{\\1}}', $existing_page_content);
$existing_page_content = preg_replace('/\\{\\{\\{insertionpoint\\}\\}\\}/', '', $existing_page_content);
$existing_page_content = Sanitizer::safeEncodeAttribute($existing_page_content);
}
} elseif ($source_is_page) {
// if the page is the source, free_text will just be whatever in the
// page hasn't already been inserted into the form
$free_text = trim($existing_page_content);
// or get it from a form submission
} elseif ($wgRequest->getCheck('free_text')) {
$free_text = $wgRequest->getVal('free_text');
if (!$free_text_was_included) {
$data_text .= "<free_text>";
}
// or get it from the form definition
} elseif ($free_text_preload_page != null) {
$free_text = SFFormUtils::getPreloadedText($free_text_preload_page);
} else {
$free_text = null;
}
# the free text is set here
// if the FCKeditor extension is installed, use that for the free text input
global $wgFCKEditorDir;
if ($wgFCKEditorDir) {
$showFCKEditor = SFFormUtils::getShowFCKEditor();
$free_text = htmlspecialchars($free_text);
if ($showFCKEditor & RTE_VISIBLE) {
$free_text = SFFormUtils::prepareTextForFCK($free_text);
}
} else {
$showFCKEditor = 0;
$free_text = Sanitizer::safeEncodeAttribute($free_text);
}
// now that we have it, substitute free text into the form and page
$form_text = str_replace('<free_text>', $free_text, $form_text);
$data_text = str_replace('<free_text>', $free_text, $data_text);
# return the fields
return $__fields;
}