From 48a951a9677bc9a56aacad9a920bdaefa0d4c249 Mon Sep 17 00:00:00 2001 From: xue <> Date: Tue, 11 Apr 2006 13:48:08 +0000 Subject: THttpUtility::htmlEncode and htmlDecode now do not deal with & --- HISTORY | 1 + .../protected/pages/Configurations/Templates3.page | 2 +- framework/Web/THttpUtility.php | 18 +++++++----------- 3 files changed, 9 insertions(+), 12 deletions(-) diff --git a/HISTORY b/HISTORY index 477534d4..efc55bb4 100644 --- a/HISTORY +++ b/HISTORY @@ -4,6 +4,7 @@ BUG: Ticket#118 - Variables that may not have been initialized (Qiang) CHG: Moved localize() into PradoBase (Qiang) CHG: List controls now use array keys as list item values even if the array is integer-indexed (Qiang) +CHG: THttpUtility::htmlEncode and htmlDecode now do not deal with & (Qiang) ENH: Optimized the representation and evaluation of template expressions (Qiang) Version 3.0RC1 April 5, 2006 diff --git a/demos/quickstart/protected/pages/Configurations/Templates3.page b/demos/quickstart/protected/pages/Configurations/Templates3.page index b8d6addf..d08f8736 100644 --- a/demos/quickstart/protected/pages/Configurations/Templates3.page +++ b/demos/quickstart/protected/pages/Configurations/Templates3.page @@ -75,7 +75,7 @@ BE VERY CAUTIOUS when you are using asset tags as it may expose to end-users fil

Localization tags represent localized texts. They are in the following format, -<%[string]> +<%[string]%> where string will be translated to different languages according to the end-user's language preference. diff --git a/framework/Web/THttpUtility.php b/framework/Web/THttpUtility.php index 398b3cf3..4cd869b4 100644 --- a/framework/Web/THttpUtility.php +++ b/framework/Web/THttpUtility.php @@ -20,17 +20,20 @@ */ class THttpUtility { - private static $_entityTable=null; + private static $_encodeTable=array('<'=>'<','>'=>'>','"'=>'"e;'); + private static $_decodeTable=array('<'=>'<','>'=>'>','"e;'=>'"'); /** * HTML-encodes a string. - * It is equivalent to {@link htmlspeicalchars} PHP function. + * This method translates the following characters to their corresponding + * HTML entities: <, >, " + * Note, unlike {@link htmlspeicalchars}, & is not translated. * @param string string to be encoded * @return string encoded string */ public static function htmlEncode($s) { - return htmlspecialchars($s); + return strtr($s,self::$_encodeTable); } /** @@ -41,14 +44,7 @@ class THttpUtility */ public static function htmlDecode($s) { - if(!self::$_entityTable) - self::buildEntityTable(); - return strtr($s,self::$_entityTable); - } - - private static function buildEntityTable() - { - self::$_entityTable=array_flip(get_html_translation_table(HTML_ENTITIES,ENT_QUOTES)); + return strtr($s,self::$_decodeTable); } } -- cgit v1.2.3