diff options
| author | JoshyPHP <s9e.dev@gmail.com> | 2015-05-19 23:10:35 +0200 |
|---|---|---|
| committer | JoshyPHP <s9e.dev@gmail.com> | 2015-05-25 21:33:17 +0200 |
| commit | e50d9186ce15367e8f6e2aab5c04481ca0046ec6 (patch) | |
| tree | 74517e839b1073df794de1e1b9434c13428b6f59 /phpBB/phpbb | |
| parent | 8a077e0e943d87ee1d26b0501f0b9bcc472ab904 (diff) | |
| download | forums-e50d9186ce15367e8f6e2aab5c04481ca0046ec6.tar forums-e50d9186ce15367e8f6e2aab5c04481ca0046ec6.tar.gz forums-e50d9186ce15367e8f6e2aab5c04481ca0046ec6.tar.bz2 forums-e50d9186ce15367e8f6e2aab5c04481ca0046ec6.tar.xz forums-e50d9186ce15367e8f6e2aab5c04481ca0046ec6.zip | |
[ticket/13847] Changed enquote() logic to use whichever is the shortest
Will enclose attribute values in single- or double- quotes depending on
whichever requires the least escaping. Characters that need to be escaped
are always escaped regardless.
PHPBB3-13847
Diffstat (limited to 'phpBB/phpbb')
| -rw-r--r-- | phpBB/phpbb/textformatter/s9e/utils.php | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/phpBB/phpbb/textformatter/s9e/utils.php b/phpBB/phpbb/textformatter/s9e/utils.php index fe33c04da3..04df589930 100644 --- a/phpBB/phpbb/textformatter/s9e/utils.php +++ b/phpBB/phpbb/textformatter/s9e/utils.php @@ -37,7 +37,7 @@ class utils implements \phpbb\textformatter\utils_interface /** * Return given string between quotes * - * Will use either single- or double- quotes depending on whichever requires to be escaped. + * Will use either single- or double- quotes depending on whichever requires less escaping. * Quotes and backslashes are escaped with backslashes where necessary * * @param string $str Original string @@ -45,9 +45,10 @@ class utils implements \phpbb\textformatter\utils_interface */ protected function enquote($str) { - $quote = (strpos($str, '"') === false || strpos($str, "'") !== false) ? '"' : "'"; + $singleQuoted = "'" . addcslashes($str, "\\'") . "'"; + $doubleQuoted = '"' . addcslashes($str, '\\"') . '"'; - return $quote . addcslashes($str, '\\' . $quote) . $quote; + return (strlen($singleQuoted) < strlen($doubleQuoted)) ? $singleQuoted : $doubleQuoted; } /** |