mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-03 04:55:36 +02:00
Code Issues Releases Wiki Activity

another expression for grabbing php code in templates provided by david

Browse Source 
also included "the ultimate solution" provided by ludovic (only added a check for T_OPEN_TAG_WITH_ECHO


git-svn-id: file:///svn/phpbb/trunk@6194 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Meik Sievertsen 2006-07-20 17:57:56 +00:00
parent b4d834ed09
commit 13bf07d275
1 changed files with 55 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
phpBB/includes/functions_template.php
View File

@ -68,6 +68,56 @@ class template_compile
$this->compile_write($handle, $this->template->compiled_code[$handle]);
}
/**
* Straight-forward strategy: use PHP's tokenizer to escape everything that
* looks like a PHP tag.
*
* We open/close PHP tags at the beginning of the template to clearly indicate
* that we are in HTML mode. If we find a PHP tag, we escape it then we reiterate
* over the whole file. That can become quite slow if the file is stuffed with
* <?php tags, but there's only so much we can do.
*
* Known issue: templates need to be rechecked everytime the value of the php.ini
* settings asp_tags or short_tags are changed
*/
function remove_php_tags(&$code)
{
do
{
$tokens = token_get_all('<?php ?>' . $code);
$code = '';
$php_found = false;
foreach ($tokens as $i => $token)
{
if (!is_array($token))
{
$code .= $token;
}
else if ($token[0] == T_OPEN_TAG || $token[0] == T_OPEN_TAG_WITH_ECHO || $token[0] == T_CLOSE_TAG)
{
if ($i > 1)
{
$code .= htmlspecialchars($token[1]);
$php_found = true;
}
}
else
{
$code .= $token[1];
}
}
unset($tokens);
// Fix for a tokenizer oddity
if (!strncmp($code, '<?php ?&gt;', 11))
{
$code = substr($code, 11);
}
}
while ($php_found);
}
/**
* The all seeing all doing compile method. Parts are inspired by or directly from Smarty
* @access: private
@ -86,9 +136,13 @@ class template_compile
// php is a no-no. There is a potential issue here in that non-php
// content may be removed ... however designers should use entities
// if they wish to display < and >
$match_php_tags = array('#\<\?php .*?\?\>#is', '#\<script language="php"\>.*?\<\/script\>#is', '#\<\?.*?\?\>#s', '#\<%.*?%\>#s');
$match_php_tags = array('#\<\?php.*?\?\>#is', '#<[^\w<]*(script)(((?:"[^"]*"|\'[^\']*\'|[^<>\'"])+)?(language[^<>\'"]+("[^"]*php[^"]*"|\'[^\']*php[^\']*\'))((?:"[^"]*"|\'[^\']*\'|[^<>\'"])+)?)?>.*?</script>#is', '#\<\?.*?\?\>#s', '#\<%.*?%\>#s');
$code = preg_replace($match_php_tags, '', $code);
// An alternative to the above would be calling this function which would be the ultimate solution but also has it's drawbacks.
// At the moment it is commented out until we decide which method to use.
// $this->remove_php_tags($code);
// Pull out all block/statement level elements and seperate plain text
preg_match_all('#<!-- PHP -->(.*?)<!-- ENDPHP -->#s', $code, $matches);
$php_blocks = $matches[1];