aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/includes
diff options
context:
space:
mode:
Diffstat (limited to 'phpBB/includes')
-rw-r--r--phpBB/includes/functions.php47
1 files changed, 47 insertions, 0 deletions
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index d7088ac129..5d8a92b63b 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -4894,6 +4894,53 @@ function phpbb_http_login($param)
}
/**
+* Escapes and quotes a string for use as an HTML/XML attribute value.
+*
+* This is a port of Python xml.sax.saxutils quoteattr.
+*
+* The function will attempt to choose a quote character in such a way as to
+* avoid escaping quotes in the string. If this is not possible the string will
+* be wrapped in double quotes and double quotes will be escaped.
+*
+* @param string $data The string to be escaped
+* @param array $entities Associative array of additional entities to be escaped
+* @return string Escaped and quoted string
+*/
+function phpbb_quoteattr($data, $entities = null)
+{
+ $data = str_replace('&', '&', $data);
+ $data = str_replace('>', '>', $data);
+ $data = str_replace('<', '&lt;', $data);
+
+ $data = str_replace("\n", '&#10;', $data);
+ $data = str_replace("\r", '&#13;', $data);
+ $data = str_replace("\t", '&#9;', $data);
+
+ if (!empty($entities))
+ {
+ $data = str_replace(array_keys($entities), array_values($entities), $data);
+ }
+
+ if (strpos($data, '"') !== false)
+ {
+ if (strpos($data, "'") !== false)
+ {
+ $data = '"' . str_replace('"', '&quot;', $data) . '"';
+ }
+ else
+ {
+ $data = "'" . $data . "'";
+ }
+ }
+ else
+ {
+ $data = '"' . $data . '"';
+ }
+
+ return $data;
+}
+
+/**
* Generate page header
*/
function page_header($page_title = '', $display_online_list = true, $item_id = 0, $item = 'forum')