From 0c259682f65eaaf23ea4ccb56a706d6baf3007e4 Mon Sep 17 00:00:00 2001
From: alecpl <alec@alec.pl>
Date: Fri, 13 Apr 2012 04:52:02 -0400
Subject: [PATCH] - Merge devel-framework branch, resolved conflicts
---
program/include/html.php | 66 +++++++++++++++++++++++++++------
1 files changed, 54 insertions(+), 12 deletions(-)
diff --git a/program/include/html.php b/program/include/html.php
index 0e89d77..305a397 100644
--- a/program/include/html.php
+++ b/program/include/html.php
@@ -277,7 +277,7 @@
$attrib_arr = array();
foreach ($attrib as $key => $value) {
// skip size if not numeric
- if (($key=='size' && !is_numeric($value))) {
+ if ($key == 'size' && !is_numeric($value)) {
continue;
}
@@ -297,16 +297,56 @@
$attrib_arr[] = $key . '="' . $key . '"';
}
}
- else if ($key=='value') {
- $attrib_arr[] = $key . '="' . Q($value, 'strict', false) . '"';
- }
else {
- $attrib_arr[] = $key . '="' . Q($value) . '"';
+ $attrib_arr[] = $key . '="' . self::quote($value) . '"';
}
}
+
return count($attrib_arr) ? ' '.implode(' ', $attrib_arr) : '';
}
+
+ /**
+ * Convert a HTML attribute string attributes to an associative array (name => value)
+ *
+ * @param string Input string
+ * @return array Key-value pairs of parsed attributes
+ */
+ public static function parse_attrib_string($str)
+ {
+ $attrib = array();
+ $regexp = '/\s*([-_a-z]+)=(["\'])??(?(2)([^\2]*)\2|(\S+?))/Ui';
+
+ preg_match_all($regexp, stripslashes($str), $regs, PREG_SET_ORDER);
+
+ // convert attributes to an associative array (name => value)
+ if ($regs) {
+ foreach ($regs as $attr) {
+ $attrib[strtolower($attr[1])] = html_entity_decode($attr[3] . $attr[4]);
+ }
+ }
+
+ return $attrib;
+ }
+
+ /**
+ * Replacing specials characters in html attribute value
+ *
+ * @param string $str Input string
+ *
+ * @return string The quoted string
+ */
+ public static function quote($str)
+ {
+ $str = htmlspecialchars($str, ENT_COMPAT, RCMAIL_CHARSET);
+
+ // avoid douple quotation of &
+ // @TODO: get rid of it?
+ $str = preg_replace('/&([A-Za-z]{2,6}|#[0-9]{2,4});/', '&\\1;', $str);
+
+ return $str;
+ }
}
+
/**
* Class to create an HTML input field
@@ -317,9 +357,11 @@
{
protected $tagname = 'input';
protected $type = 'text';
- protected $allowed = array('type','name','value','size','tabindex',
+ protected $allowed = array(
+ 'type','name','value','size','tabindex',
'autocomplete','checked','onchange','onclick','disabled','readonly',
- 'spellcheck','results','maxlength','src','multiple','placeholder');
+ 'spellcheck','results','maxlength','src','multiple','placeholder',
+ );
/**
* Object constructor
@@ -517,11 +559,11 @@
}
if (!empty($value) && !preg_match('/mce_editor/', $this->attrib['class'])) {
- $value = Q($value, 'strict', false);
+ $value = self::quote($value);
}
return self::tag($this->tagname, $this->attrib, $value,
- array_merge(self::$common_attrib, $this->allowed));
+ array_merge(self::$common_attrib, $this->allowed));
}
}
@@ -550,7 +592,7 @@
protected $options = array();
protected $allowed = array('name','size','tabindex','autocomplete',
'multiple','onchange','disabled','rel');
-
+
/**
* Add a new option to this drop-down
*
@@ -591,8 +633,9 @@
'selected' => (in_array($option['value'], $select, true) ||
in_array($option['text'], $select, true)) ? 1 : null);
- $this->content .= self::tag('option', $attr, Q($option['text']));
+ $this->content .= self::tag('option', $attr, self::quote($option['text']));
}
+
return parent::show();
}
}
@@ -803,4 +846,3 @@
}
}
-
--
Gitblit v1.9.1