|
From: <no...@so...> - 2001-11-11 22:03:35
|
Patches item #480713, was opened at 2001-11-11 13:55 You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403613&aid=480713&group_id=31885 Category: None Group: None Status: Open Resolution: None Priority: 5 Submitted By: Julian Ladisch (jula) Assigned to: Nobody/Anonymous (nobody) >Summary: template.inc: Backslashes disappear Initial Comment: Backslashes used in value strings of set_var() disappear. Example: $t = new Template(); $t->set_var("field", "\\\\"); // four escaped backslashes $t->set_var("area", "{field}"); $t->set_var("test", "{out}"); echo "field = " . $t->get_var("field"); echo ", area = " . $t->parse("out", "area"); echo ", test = " . $t->parse("out", "test"); Result is field = \\, area = \, test = \ It should be field = \\, area = \\, test = \\ Reason is preg_replace (pattern, replacement, subject). It needs preg_quote() for parameter pattern, which is already done, but also escaping of any backslash in parameter replacement, which is done for special cases (\[0-9], \[0-9]) only. The attached diff provides a patch for this. It is even faster because of using str_replace() instead of preg_replace(). This also fixes the following error: $t = new Template(); $t->set_var("foo", "\1 \1"); echo htmlspecialchars($t->get("foo")); Result is "\1 \1", it should be "\1 \1". ---------------------------------------------------------------------- You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403613&aid=480713&group_id=31885 |
|
From: <no...@so...> - 2002-04-25 08:53:42
|
Patches item #480713, was opened at 2001-11-12 08:55 You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403613&aid=480713&group_id=31885 Category: None Group: None Status: Open Resolution: None Priority: 5 Submitted By: Julian Ladisch (jula) >Assigned to: Richard Archer (richardarcher) Summary: template.inc: Backslashes disappear Initial Comment: Backslashes used in value strings of set_var() disappear. Example: $t = new Template(); $t->set_var("field", "\\\\"); // four escaped backslashes $t->set_var("area", "{field}"); $t->set_var("test", "{out}"); echo "field = " . $t->get_var("field"); echo ", area = " . $t->parse("out", "area"); echo ", test = " . $t->parse("out", "test"); Result is field = \\, area = \, test = \ It should be field = \\, area = \\, test = \\ Reason is preg_replace (pattern, replacement, subject). It needs preg_quote() for parameter pattern, which is already done, but also escaping of any backslash in parameter replacement, which is done for special cases (\[0-9], \[0-9]) only. The attached diff provides a patch for this. It is even faster because of using str_replace() instead of preg_replace(). This also fixes the following error: $t = new Template(); $t->set_var("foo", "\1 \1"); echo htmlspecialchars($t->get("foo")); Result is "\1 \1", it should be "\1 \1". ---------------------------------------------------------------------- >Comment By: Richard Archer (richardarcher) Date: 2002-04-25 18:53 Message: Logged In: YES user_id=279311 This patch does not work well for me. I can't think of a better method than the one currently in use. Except perhaps adding a third expression in the preg_replace: '/\\\\/' -> '\\' Try this code: <?php include("template.inc"); $t = new Template(".","comment"); $t->debug=7; $t->set_file("page", "testspecialchars.tmpl"); $t->set_var("dollarone", "\"); $t->set_var("ampdollarone", "$1"); $t->set_var("sone", "\1"); $t->set_var("ssone", "\\1"); $t->set_var("sssone", "\\\1"); $t->set_var("ssssone", "\\\\1"); $t->set_var("ampslashone", "\1"); $t->get_vars(); $t->parse("output", "page"); $t->p("output"); ?> on this template: <html> <body> <pre> dollar one: $1 = {dollarone} amp dollar one: $1 = {ampdollarone} slash one: \1 = {sone} ss one: \1 = {ssone} sss one: \\1 = {sssone} ssss one: \\1 = {ssssone} amp slash one: \1 = {ampslashone} </pre> </body> </html> ---------------------------------------------------------------------- You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403613&aid=480713&group_id=31885 |
|
From: <no...@so...> - 2002-04-28 05:08:02
|
Patches item #480713, was opened at 2001-11-12 08:55 You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403613&aid=480713&group_id=31885 Category: None Group: None >Status: Closed >Resolution: Fixed Priority: 5 Submitted By: Julian Ladisch (jula) Assigned to: Richard Archer (richardarcher) Summary: template.inc: Backslashes disappear Initial Comment: Backslashes used in value strings of set_var() disappear. Example: $t = new Template(); $t->set_var("field", "\\\\"); // four escaped backslashes $t->set_var("area", "{field}"); $t->set_var("test", "{out}"); echo "field = " . $t->get_var("field"); echo ", area = " . $t->parse("out", "area"); echo ", test = " . $t->parse("out", "test"); Result is field = \\, area = \, test = \ It should be field = \\, area = \\, test = \\ Reason is preg_replace (pattern, replacement, subject). It needs preg_quote() for parameter pattern, which is already done, but also escaping of any backslash in parameter replacement, which is done for special cases (\[0-9], \[0-9]) only. The attached diff provides a patch for this. It is even faster because of using str_replace() instead of preg_replace(). This also fixes the following error: $t = new Template(); $t->set_var("foo", "\1 \1"); echo htmlspecialchars($t->get("foo")); Result is "\1 \1", it should be "\1 \1". ---------------------------------------------------------------------- >Comment By: Richard Archer (richardarcher) Date: 2002-04-28 15:07 Message: Logged In: YES user_id=279311 I have made some changes to template.inc so that both slashes and dollars are handled correctly now. I have a feeling the new code is somewhat slower, but it is definitely more robust. The new method is to escape the strings in subst() just before they are passed to preg_replace(). No need to convert characters an more. All variables now contain their expected values all the time (making get_var more useful). ---------------------------------------------------------------------- Comment By: Richard Archer (richardarcher) Date: 2002-04-25 18:53 Message: Logged In: YES user_id=279311 This patch does not work well for me. I can't think of a better method than the one currently in use. Except perhaps adding a third expression in the preg_replace: '/\\\\/' -> '\\' Try this code: <?php include("template.inc"); $t = new Template(".","comment"); $t->debug=7; $t->set_file("page", "testspecialchars.tmpl"); $t->set_var("dollarone", "\"); $t->set_var("ampdollarone", "$1"); $t->set_var("sone", "\1"); $t->set_var("ssone", "\\1"); $t->set_var("sssone", "\\\1"); $t->set_var("ssssone", "\\\\1"); $t->set_var("ampslashone", "\1"); $t->get_vars(); $t->parse("output", "page"); $t->p("output"); ?> on this template: <html> <body> <pre> dollar one: $1 = {dollarone} amp dollar one: $1 = {ampdollarone} slash one: \1 = {sone} ss one: \1 = {ssone} sss one: \\1 = {sssone} ssss one: \\1 = {ssssone} amp slash one: \1 = {ampslashone} </pre> </body> </html> ---------------------------------------------------------------------- You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403613&aid=480713&group_id=31885 |
