diff options
| author | xue <> | 2006-04-11 13:48:08 +0000 | 
|---|---|---|
| committer | xue <> | 2006-04-11 13:48:08 +0000 | 
| commit | 48a951a9677bc9a56aacad9a920bdaefa0d4c249 (patch) | |
| tree | 085aded8741393dcd4e58793df68fae1d5091b59 | |
| parent | fe93efeb847a756effd28c6bab97e8a0b21f8646 (diff) | |
THttpUtility::htmlEncode and htmlDecode now do not deal with &
| -rw-r--r-- | HISTORY | 1 | ||||
| -rw-r--r-- | demos/quickstart/protected/pages/Configurations/Templates3.page | 2 | ||||
| -rw-r--r-- | framework/Web/THttpUtility.php | 18 | 
3 files changed, 9 insertions, 12 deletions
| @@ -4,6 +4,7 @@ BUG: Ticket#118 - Variables that may not have been initialized (Qiang)  CHG: Moved localize() into PradoBase (Qiang)
  CHG: List controls now use array keys as list item values even if
       the array is integer-indexed (Qiang)
 +CHG: THttpUtility::htmlEncode and htmlDecode now do not deal with & (Qiang)
  ENH: Optimized the representation and evaluation of template expressions (Qiang)
  Version 3.0RC1 April 5, 2006
 diff --git a/demos/quickstart/protected/pages/Configurations/Templates3.page b/demos/quickstart/protected/pages/Configurations/Templates3.page index b8d6addf..d08f8736 100644 --- a/demos/quickstart/protected/pages/Configurations/Templates3.page +++ b/demos/quickstart/protected/pages/Configurations/Templates3.page @@ -75,7 +75,7 @@ BE VERY CAUTIOUS when you are using asset tags as it may expose to end-users fil  <p>
  Localization tags represent localized texts. They are in the following format,
  <com:TTextHighlighter Language="prado" CssClass="source">
 -<%[string]>
 +<%[string]%>
  </com:TTextHighlighter>
  where <tt>string</tt> will be translated to different languages according to the end-user's language preference.
 diff --git a/framework/Web/THttpUtility.php b/framework/Web/THttpUtility.php index 398b3cf3..4cd869b4 100644 --- a/framework/Web/THttpUtility.php +++ b/framework/Web/THttpUtility.php @@ -20,17 +20,20 @@   */
  class THttpUtility
  {
 -	private static $_entityTable=null;
 +	private static $_encodeTable=array('<'=>'<','>'=>'>','"'=>'"e;');
 +	private static $_decodeTable=array('<'=>'<','>'=>'>','"e;'=>'"');
  	/**
  	 * HTML-encodes a string.
 -	 * It is equivalent to {@link htmlspeicalchars} PHP function.
 +	 * This method translates the following characters to their corresponding
 +	 * HTML entities: <, >, "
 +	 * Note, unlike {@link htmlspeicalchars}, & is not translated.
  	 * @param string string to be encoded
  	 * @return string encoded string
  	 */
  	public static function htmlEncode($s)
  	{
 -		return htmlspecialchars($s);
 +		return strtr($s,self::$_encodeTable);
  	}
  	/**
 @@ -41,14 +44,7 @@ class THttpUtility  	 */
  	public static function htmlDecode($s)
  	{
 -		if(!self::$_entityTable)
 -			self::buildEntityTable();
 -		return strtr($s,self::$_entityTable);
 -	}
 -
 -	private static function buildEntityTable()
 -	{
 -		self::$_entityTable=array_flip(get_html_translation_table(HTML_ENTITIES,ENT_QUOTES));
 +		return strtr($s,self::$_decodeTable);
  	}
  }
 | 
