From 47562d9863c63a70c03fabc17f799fc702472ee3 Mon Sep 17 00:00:00 2001 From: xue <> Date: Sun, 25 Dec 2005 03:26:35 +0000 Subject: Fixed HTML encoding problem. --- framework/Web/UI/THtmlWriter.php | 46 ++--------------------------------- framework/Web/UI/TTemplateManager.php | 23 ++++++++++-------- 2 files changed, 15 insertions(+), 54 deletions(-) (limited to 'framework/Web/UI') diff --git a/framework/Web/UI/THtmlWriter.php b/framework/Web/UI/THtmlWriter.php index 2b2bbd4f..d9c0732b 100644 --- a/framework/Web/UI/THtmlWriter.php +++ b/framework/Web/UI/THtmlWriter.php @@ -113,61 +113,22 @@ class THtmlWriter extends TComponent implements ITextWriter private static $_attrEncode=array( 'abbr'=>true, 'accesskey'=>true, - 'align'=>false, 'alt'=>true, - 'autocomplete'=>false, 'axis'=>true, 'background'=>true, - 'bgcolor'=>false, - 'border'=>false, - 'bordercolor'=>false, - 'cellpadding'=>false, - 'cellspacing'=>false, - 'checked'=>false, 'class'=>true, - 'cols'=>false, - 'colspan'=>false, 'content'=>true, - 'coords'=>false, - 'dir'=>false, - 'disabled'=>false, - 'for'=>false, 'headers'=>true, - 'height'=>false, 'href'=>true, - 'id'=>false, 'longdesc'=>true, - 'maxlength'=>false, - 'multiple'=>false, - 'name'=>false, - 'nowrap'=>false, 'onclick'=>true, 'onchange'=>true, - 'readonly'=>false, - 'rel'=>false, - 'rows'=>false, - 'rowspan'=>false, - 'rules'=>false, - 'scope'=>false, - 'selected'=>false, - 'shape'=>false, - 'size'=>false, 'src'=>true, - 'style'=>false, - 'tabindex'=>false, - 'target'=>false, 'title'=>true, - 'type'=>false, - 'usemap'=>false, - 'valign'=>false, - 'value'=>true, - 'vcard_name'=>false, - 'width'=>false, - 'wrap'=>false + 'value'=>true ); private static $_styleEncode=array( 'background-image'=>true, - 'font-family'=>false, 'list-style-image'=>true ); private $_attributes=array(); @@ -198,10 +159,7 @@ class THtmlWriter extends TComponent implements ITextWriter public function addStyleAttribute($name,$value) { - if(isset(self::$_styleEncode[$name])) - $this->_styles[$name]=THttpUtility::htmlEncode($value); - else - $this->_styles[$name]=$value; + $this->_styles[$name]=isset(self::$_styleEncode[$name])?THttpUtility::htmlEncode($value):$value; } public function flush() diff --git a/framework/Web/UI/TTemplateManager.php b/framework/Web/UI/TTemplateManager.php index 7aa6f3b0..21a01b25 100644 --- a/framework/Web/UI/TTemplateManager.php +++ b/framework/Web/UI/TTemplateManager.php @@ -317,6 +317,7 @@ class TTemplate extends TComponent implements ITemplate */ protected function configureEvent($component,$name,$value) { + $value=THttpUtility::htmlDecode($value); if(strpos($value,'.')===false) $component->attachEventHandler($name,array($component,'TemplateControl.'.$value)); else @@ -336,27 +337,28 @@ class TTemplate extends TComponent implements ITemplate $setter='set'.$name; if(is_array($value)) { + $v=THttpUtility::htmlDecode($value[1]); switch($value[0]) { case self::CONFIG_DATABIND: - $component->bindProperty($name,$value[1]); + $component->bindProperty($name,$v); break; case self::CONFIG_EXPRESSION: - $component->$setter($component->evaluateExpression($value[1])); + $component->$setter($component->evaluateExpression($v)); break; case self::CONFIG_ASSET: // asset URL - $url=$this->_assetManager->publishFilePath($this->_contextPath.'/'.$value[1]); + $url=$this->_assetManager->publishFilePath($this->_contextPath.'/'.$v); $component->$setter($url); break; case self::CONFIG_PARAMETER: // application parameter - $component->$setter(Prado::getApplication()->getParameters()->itemAt($value[1])); + $component->$setter(Prado::getApplication()->getParameters()->itemAt($v)); break; default: // an error if reaching here break; } } else - $component->$setter($value); + $component->$setter(THttpUtility::htmlDecode($value)); } else throw new TTemplateRuntimeException('template_property_readonly',get_class($component),$name); @@ -372,27 +374,28 @@ class TTemplate extends TComponent implements ITemplate { if(is_array($value)) { + $v=THttpUtility::htmlDecode($value[1]); switch($value[0]) { case self::CONFIG_DATABIND: // databinding - $component->bindProperty($name,$value[1]); + $component->bindProperty($name,$v); break; case self::CONFIG_EXPRESSION: // expression - $component->setSubProperty($name,$component->evaluateExpression($value[1])); + $component->setSubProperty($name,$component->evaluateExpression($v)); break; case self::CONFIG_ASSET: // asset URL - $url=$this->_assetManager->publishFilePath($this->_contextPath.'/'.$value[1]); + $url=$this->_assetManager->publishFilePath($this->_contextPath.'/'.$v); $component->setSubProperty($name,$url); break; case self::CONFIG_PARAMETER: // application parameter - $component->setSubProperty($name,Prado::getApplication()->getParameters()->itemAt($value[1])); + $component->setSubProperty($name,Prado::getApplication()->getParameters()->itemAt($v)); break; default: // an error if reaching here break; } } else - $component->setSubProperty($name,$value); + $component->setSubProperty($name,THttpUtility::htmlDecode($value)); } /** -- cgit v1.2.3