diff options
| author | Tristan Darricau <tristan.darricau@sensiolabs.com> | 2015-07-07 09:46:36 +0200 |
|---|---|---|
| committer | Tristan Darricau <tristan.darricau@sensiolabs.com> | 2015-07-07 09:46:36 +0200 |
| commit | d54aa190f1f955fe33342c939520c0155a860010 (patch) | |
| tree | e256042bbfb5f6d21080044331d50507d34bab2f /phpBB/phpbb/textformatter/s9e/utils.php | |
| parent | ca5d4fd31031a47cc3a485457473b82660b84ed1 (diff) | |
| parent | 9d364aee4a739d0a8c8b745449940a37d81c9abf (diff) | |
| download | forums-d54aa190f1f955fe33342c939520c0155a860010.tar forums-d54aa190f1f955fe33342c939520c0155a860010.tar.gz forums-d54aa190f1f955fe33342c939520c0155a860010.tar.bz2 forums-d54aa190f1f955fe33342c939520c0155a860010.tar.xz forums-d54aa190f1f955fe33342c939520c0155a860010.zip | |
Merge pull request #3623 from s9e/ticket/10620
[ticket/10620] Quote improvements
Diffstat (limited to 'phpBB/phpbb/textformatter/s9e/utils.php')
| -rw-r--r-- | phpBB/phpbb/textformatter/s9e/utils.php | 19 |
1 files changed, 13 insertions, 6 deletions
diff --git a/phpBB/phpbb/textformatter/s9e/utils.php b/phpBB/phpbb/textformatter/s9e/utils.php index 803c71a5a2..40479b3423 100644 --- a/phpBB/phpbb/textformatter/s9e/utils.php +++ b/phpBB/phpbb/textformatter/s9e/utils.php @@ -35,16 +35,22 @@ class utils implements \phpbb\textformatter\utils_interface } /** - * Return given string between quotes + * Format given string to be used as an attribute value * - * Will use either single- or double- quotes depending on whichever requires less escaping. + * Will return the string as-is if it can be used in a BBCode without quotes. Otherwise, + * it will use either single- or double- quotes depending on whichever requires less escaping. * Quotes and backslashes are escaped with backslashes where necessary * * @param string $str Original string - * @return string Escaped string within quotes + * @return string Same string if possible, escaped string within quotes otherwise */ - protected function enquote($str) + protected function format_attribute_value($str) { + if (!preg_match('/[ "\'\\\\\\]]/', $str)) + { + // Return as-is if it contains none of: space, ' " \ or ] + return $str; + } $singleQuoted = "'" . addcslashes($str, "\\'") . "'"; $doubleQuoted = '"' . addcslashes($str, '\\"') . '"'; @@ -61,12 +67,13 @@ class utils implements \phpbb\textformatter\utils_interface if (isset($attributes['author'])) { // Add the author as the BBCode's default attribute - $quote .= '=' . $this->enquote($attributes['author']); + $quote .= '=' . $this->format_attribute_value($attributes['author']); unset($attributes['author']); } + ksort($attributes); foreach ($attributes as $name => $value) { - $quote .= ' ' . $name . '=' . $this->enquote($value); + $quote .= ' ' . $name . '=' . $this->format_attribute_value($value); } $quote .= ']'; $newline = (strlen($quote . $text . '[/quote]') > 80 || strpos($text, "\n") !== false) ? "\n" : ''; |