PageRenderTime 44ms CodeModel.GetById 20ms RepoModel.GetById 0ms app.codeStats 0ms

/library/htmlspecialchars.inc.php

https://bitbucket.org/DenizYldrm/openemr
PHP | 101 lines | 40 code | 9 blank | 52 comment | 3 complexity | 78d1389e4c7e248948fbc7eac04acb7e MD5 | raw file
Possible License(s): AGPL-1.0, GPL-2.0, MPL-2.0, LGPL-2.1
  1. <?php
  2. /*
  3. Copyright © 2011 Boyd Stephen Smith Jr.
  4. Copyright license terms appear at the end of this file.
  5. */
  6. /*
  7. This function uses htmlspecialchars() to escape a PHP string for use as
  8. (part of) an HTML / XML text node (in DOM terms).
  9. It only escapes a few special chars: the ampersand (&) and both the left-
  10. pointing angle bracket (<) and the right-pointing angle bracket (>), since
  11. these are the only characters that are special in a text node. Minimal quoting
  12. is preferred because it produces smaller and more easily human-readable output.
  13. Some characters simply cannot appear in valid XML documents, even
  14. as entities but, this function does not attempt to handle them.
  15. NOTE: Attribute values are NOT text nodes, and require additional escaping.
  16. */
  17. function text($text) {
  18. return htmlspecialchars($text, ENT_NOQUOTES);
  19. }
  20. /*
  21. This function uses htmlspecialchars() to escape a PHP string for use as
  22. part of an HTML / XML attribute value. It does not surround the string in
  23. single- or double-quote characters as is required for XML.
  24. This does the maximal quoting handled by htmlspecialchars()
  25. Some characters simply cannot appear in valid XML documents, even
  26. as entities but, this function does not attempt to handle them.
  27. NOTE: This can be used as a "generic" HTML escape since it does maximal
  28. quoting. However, some HTML and XML contexts (CDATA) don't provide escape
  29. mechanisms. Also, further pre- or post-escaping might need to be done when
  30. embdedded other languages (like JavaScript) inside HTML / XML documents.
  31. */
  32. function attr($text) {
  33. return htmlspecialchars($text, ENT_QUOTES);
  34. }
  35. /*
  36. This function is a compatibility replacement for the out function removed from
  37. the CDR Admin framework.
  38. */
  39. function out($text) {
  40. return attr($text);
  41. }
  42. /*
  43. Don't call this function. You don't see this function. This function doesn't
  44. exist.
  45. TODO: Hide this function so it can be called from this file but not from PHP
  46. that includes / requires this file. Either that, or write reasonable
  47. documentation and clean up the name.
  48. */
  49. function hsc_private_xl_or_warn($key) {
  50. if (function_exists('xl')) {
  51. return xl($key);
  52. } else {
  53. trigger_error(
  54. 'Translation via xl() was requested, but the xl()'
  55. . ' function is not defined, yet.',
  56. E_USER_WARNING
  57. );
  58. return $key;
  59. }
  60. }
  61. /*
  62. Translate via xl() and then escape via text().
  63. */
  64. function xlt($key) {
  65. return text(hsc_private_xl_or_warn($key));
  66. }
  67. /*
  68. Translate via xl() and then escape via attr().
  69. */
  70. function xla($key) {
  71. return attr(hsc_private_xl_or_warn($key));
  72. }
  73. return; // Stop include / require from going any further (non-PHP)
  74. ?>
  75. This file is free software: you can redistribute it and/or modify
  76. it under the terms of the GNU General Public License as published by
  77. the Free Software Foundation, either version 3 of the License, or
  78. (at your option) any later version.
  79. This file is distributed in the hope that it will be useful,
  80. but WITHOUT ANY WARRANTY; without even the implied warranty of
  81. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  82. GNU General Public License for more details.
  83. You should have received a copy of the GNU General Public License
  84. along with this program. If not, see <http://www.gnu.org/licenses/>.