From 3bcb292dd0b55177499600c226d5d2aa8a932ce7 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Roland=20H=C3=A4der?= Date: Fri, 6 Nov 2009 16:14:15 +0000 Subject: [PATCH 1/1] Possible fix for JavaScript templates #2 --- inc/filters.php | 2 +- inc/functions.php | 29 +++++++++++++++++++---------- inc/wrapper-functions.php | 4 ++-- js.php | 3 +++ 4 files changed, 25 insertions(+), 13 deletions(-) diff --git a/inc/filters.php b/inc/filters.php index 90478a949f..40fb713d99 100644 --- a/inc/filters.php +++ b/inc/filters.php @@ -850,7 +850,7 @@ function FILTER_FLUSH_TEMPLATE_CACHE () { // Now flush all foreach ($GLOBALS['template_eval'] as $template=>$eval) { // Flush the cache (if not yet found) - flushTemplateCache($template, $eval); + //flushTemplateCache($template, $eval); } // END - if } // END - if } diff --git a/inc/functions.php b/inc/functions.php index 7ef9f2e041..ee6f261cc1 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -184,7 +184,7 @@ function compileFinalOutput () { // Output the raw HTML code function outputRawCode ($htmlCode) { // Output stripped HTML code to avoid broken JavaScript code, etc. - print($htmlCode); + print(str_replace('{BACK}', "\\", $htmlCode)); // Flush the output if only getPhpCaching() is not 'on' if (getPhpCaching() != 'on') { @@ -288,20 +288,20 @@ function loadTemplate ($template, $return = false, $content = array()) { // Normal HTML output? if (getOutputMode() == '0') { // Add surrounding HTML comments to help finding bugs faster - $ret = "\n" . $GLOBALS['tpl_content'] . "\n"; + $ret = '\n" . $GLOBALS['tpl_content'] . '\n"; // Prepare eval() command $eval = '$ret = "' . compileCode(escapeQuotes($ret)) . '";'; } elseif (substr($template, 0, 3) == 'js_') { // JavaScripts don't like entities and timings - $eval = '$ret = decodeEntities("' . compileRawCode(addslashes($GLOBALS['tpl_content'])) . '");'; + $eval = '$ret = decodeEntities("' . compileRawCode(escapeJavaScriptQuotes($GLOBALS['tpl_content'])) . '");'; } else { - // Prepare eval() command - $eval = '$ret = "' . compileCode(escapeQuotes($GLOBALS['tpl_content'])) . '";'; + // Prepare eval() command, other output doesn't like entities, maybe + $eval = '$ret = decodeEntities("' . compileRawCode(escapeQuotes($GLOBALS['tpl_content'])) . '");'; } } else { // Add surrounding HTML comments to help finding bugs faster - $ret = "\n" . $GLOBALS['tpl_content'] . "\n"; + $ret = '\n" . $GLOBALS['tpl_content'] . '\n"; $eval = '$ret = "' . escapeQuotes($ret) . '";'; } // END - if @@ -1076,13 +1076,13 @@ function compileRawCode ($code, $simple = false, $constants = true, $full = true // Replace it in the code //* DEBUG: */ outputHtml(__FUNCTION__."(".__LINE__."):key={$key},match={$match}
"); $newMatch = str_replace('[', "['", str_replace(']', "']", $match)); - $code = str_replace($match, "\"." . $newMatch.".\"", $code); + $code = str_replace($match, '".' . $newMatch . '."', $code); $matchesFound[$key . '_' . $matches[4][$key]] = 1; $matchesFound[$match] = 1; } elseif (!isset($matchesFound[$match])) { // Not yet replaced! //* DEBUG: */ outputHtml(__FUNCTION__."(".__LINE__."):match={$match}
"); - $code = str_replace($match, "\"." . $match.".\"", $code); + $code = str_replace($match, '".' . $match . '."', $code); $matchesFound[$match] = 1; } } // END - foreach @@ -3692,6 +3692,15 @@ function escapeQuotes ($str, $single = false) { return $str; } +// Escapes the JavaScript code, prevents \r and \n becoming char 10/13 +function escapeJavaScriptQuotes ($str) { + // Replace all double-quotes and secure back-ticks + $str = str_replace('"', '\"', str_replace("\\", '{BACK}', $str)); + + // Return it + return $str; +} + ////////////////////////////////////////////////// // AUTOMATICALLY RE-GENERATED MISSING FUNCTIONS // ////////////////////////////////////////////////// @@ -3707,7 +3716,7 @@ if (!function_exists('html_entity_decode')) { if (!function_exists('http_build_query')) { // Taken from documentation on www.php.net, credits to Marco K. (Germany) - function http_build_query($data, $prefix='', $sep='', $key='') { + function http_build_query($data, $prefix = '', $sep = '', $key = '') { $ret = array(); foreach ((array)$data as $k => $v) { if (is_int($k) && $prefix != null) { @@ -3727,7 +3736,7 @@ if (!function_exists('http_build_query')) { return implode($sep, $ret); } -}// // END - if +} // END - if // [EOF] ?> diff --git a/inc/wrapper-functions.php b/inc/wrapper-functions.php index 64ac4a9660..13a0fce739 100644 --- a/inc/wrapper-functions.php +++ b/inc/wrapper-functions.php @@ -138,9 +138,9 @@ function decodeString ($str, $decompress = true) { } // Decode entities in a nicer way -function decodeEntities ($str) { +function decodeEntities ($str, $quote = ENT_NOQUOTES) { // Decode the entities to UTF-8 now - $decodedString = html_entity_decode($str, ENT_NOQUOTES, 'UTF-8'); + $decodedString = html_entity_decode($str, $quote, 'UTF-8'); // Return decoded string return $decodedString; diff --git a/js.php b/js.php index c4e57f9ae3..38548c2cd4 100644 --- a/js.php +++ b/js.php @@ -36,6 +36,9 @@ * MA 02110-1301 USA * ************************************************************************/ +// XDEBUG call +//* DEBUG: */ xdebug_start_trace(); + // Load security stuff here require('inc/libs/security_functions.php'); -- 2.30.2