* Name: escape
* Purpose: Escape the string according to escapement type * @link http://smarty.php.net/manual/en/language.modifier.escape.php * escape (Smarty online manual) * @author Monte Ohrt * @param html|htmlall|url|quotes|hex|hexentity|javascript * @param string $esc_type * @param string $char_set * @param bool $double_encode * @return string */ function smarty_modifier_escape($string, $esc_type = 'html', $char_set = 'UTF-8', $double_encode = true) { switch ($esc_type) { case 'html': if (is_array($string)) { $string = implode(',', $string); } $return = htmlspecialchars($string ?? '', ENT_QUOTES, $char_set, $double_encode); // Convert back sanitization tags into real tags to avoid them to be displayed $return = str_replace('<x>', '', $return); // Convert back sanitization tags into real tags for no wrap space $return = str_replace('&nbsp;', ' ', $return); return $return; case 'htmlall': $return = htmlentities($string ?? '', ENT_QUOTES, $char_set); if (! strlen($return) && strlen($string)) { // Bug php when there is non utf8 characters in the string(http://bugs.php.net/bug.php?id=43549, http://bugs.php.net/bug.php?id=43294) $return = htmlentities($string, ENT_QUOTES); } // Convert back sanitization tags into real tags to avoid them to be displayed $return = str_replace('<x>', '', $return); return $return; case 'url': return rawurlencode($string); case 'urlpathinfo': return str_replace('%2F', '/', rawurlencode($string)); case 'quotes': // escape unescaped single quotes return preg_replace("%(? '\\\\', "'" => "\\'", '"' => '\\"', "\r" => '\\r', "\n" => '\\n', ' '<\/']); case 'mail': // safe way to display e-mail address on a web page return str_replace(['@', '.'], [' [AT] ', ' [DOT] '], $string); case 'nonstd': // escape non-standard chars, such as ms document quotes $_res = ''; for ($_i = 0, $_len = strlen($string); $_i < $_len; $_i++) { $_ord = ord(substr($string, $_i, 1)); // non-standard char, escape it if ($_ord >= 126) { $_res .= '&#' . $_ord . ';'; } else { $_res .= substr($string, $_i, 1); } } return $_res; case 'unescape': return rawurldecode($string); case 'attr': $esc = new Laminas\Escaper\Escaper(); return $esc->escapeHtmlAttr((string) $string); default: return $string; } }