From a62adfc1157d6b071f013f9a5f34ccc86ea39220 Mon Sep 17 00:00:00 2001 From: Matt Friedman Date: Thu, 29 Jan 2015 01:41:28 -0800 Subject: [ticket/10388] Use TWIG escape JS filter instead of addslashes PHPBB3-10388 --- phpBB/phpbb/template/twig/extension.php | 4 ++-- phpBB/phpbb/template/twig/lexer.php | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) (limited to 'phpBB/phpbb/template') diff --git a/phpBB/phpbb/template/twig/extension.php b/phpBB/phpbb/template/twig/extension.php index 3a983491b9..2eb5370b59 100644 --- a/phpBB/phpbb/template/twig/extension.php +++ b/phpBB/phpbb/template/twig/extension.php @@ -71,7 +71,7 @@ class extension extends \Twig_Extension { return array( new \Twig_SimpleFilter('subset', array($this, 'loop_subset'), array('needs_environment' => true)), - new \Twig_SimpleFilter('addslashes', 'addslashes'), + new \Twig_SimpleFilter('addslashes', 'addslashes'), // Deprecate addslashes in phpBB 3.1.4 ); } @@ -177,7 +177,7 @@ class extension extends \Twig_Extension return $context_vars['L_' . $key]; } - // LA_ is transformed into lang(\'$1\')|addslashes, so we should not + // LA_ is transformed into lang(\'$1\')|escape('js'), so we should not // need to check for it return call_user_func_array(array($this->user, 'lang'), $args); diff --git a/phpBB/phpbb/template/twig/lexer.php b/phpBB/phpbb/template/twig/lexer.php index a7848738bb..f1542109a4 100644 --- a/phpBB/phpbb/template/twig/lexer.php +++ b/phpBB/phpbb/template/twig/lexer.php @@ -117,9 +117,9 @@ class lexer extends \Twig_Lexer // Appends any filters after lang() $code = preg_replace('#{L_([a-zA-Z0-9_\.]+)(\|[^}]+?)?}#', '{{ lang(\'$1\')$2 }}', $code); - // Replace all of our escaped language variables, {LA_VARNAME}, with Twig style, {{ lang('NAME')|addslashes }} - // Appends any filters after lang(), but before addslashes - $code = preg_replace('#{LA_([a-zA-Z0-9_\.]+)(\|[^}]+?)?}#', '{{ lang(\'$1\')$2|addslashes }}', $code); + // Replace all of our escaped language variables, {LA_VARNAME}, with Twig style, {{ lang('NAME')|escape('js') }} + // Appends any filters after lang(), but before escape('js') + $code = preg_replace('#{LA_([a-zA-Z0-9_\.]+)(\|[^}]+?)?}#', '{{ lang(\'$1\')$2|escape(\'js\') }}', $code); // Replace all of our variables, {VARNAME}, with Twig style, {{ VARNAME }} // Appends any filters -- cgit v1.2.1 From 5b7d1f1b437a166b893413e1196a2a3da3b334fb Mon Sep 17 00:00:00 2001 From: Matt Friedman Date: Thu, 29 Jan 2015 01:44:45 -0800 Subject: [ticket/10388] Update deprecation date for addslashes PHPBB3-10388 --- phpBB/phpbb/template/twig/extension.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/phpbb/template') diff --git a/phpBB/phpbb/template/twig/extension.php b/phpBB/phpbb/template/twig/extension.php index 2eb5370b59..c8c8be5142 100644 --- a/phpBB/phpbb/template/twig/extension.php +++ b/phpBB/phpbb/template/twig/extension.php @@ -71,7 +71,7 @@ class extension extends \Twig_Extension { return array( new \Twig_SimpleFilter('subset', array($this, 'loop_subset'), array('needs_environment' => true)), - new \Twig_SimpleFilter('addslashes', 'addslashes'), // Deprecate addslashes in phpBB 3.1.4 + new \Twig_SimpleFilter('addslashes', 'addslashes'), // Deprecated 3.2.0 ); } -- cgit v1.2.1 From 9f4c2effe9a9b8a497a3f00dc8a6d71e745c7ea9 Mon Sep 17 00:00:00 2001 From: Matt Friedman Date: Sat, 31 Jan 2015 01:11:28 -0800 Subject: [ticket/10388] Update deprecation comment PHPBB3-10388 --- phpBB/phpbb/template/twig/extension.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'phpBB/phpbb/template') diff --git a/phpBB/phpbb/template/twig/extension.php b/phpBB/phpbb/template/twig/extension.php index c8c8be5142..14d1258c09 100644 --- a/phpBB/phpbb/template/twig/extension.php +++ b/phpBB/phpbb/template/twig/extension.php @@ -71,7 +71,8 @@ class extension extends \Twig_Extension { return array( new \Twig_SimpleFilter('subset', array($this, 'loop_subset'), array('needs_environment' => true)), - new \Twig_SimpleFilter('addslashes', 'addslashes'), // Deprecated 3.2.0 + // @deprecated 3.2.0 Uses twig's JS escape method instead of addslashes + new \Twig_SimpleFilter('addslashes', 'addslashes'), ); } -- cgit v1.2.1