mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-31 22:10:45 +02:00
Code Issues Releases Wiki Activity

[ticket/10388] Use TWIG escape JS filter instead of addslashes

Browse Source 
PHPBB3-10388
This commit is contained in:
Matt Friedman
2015-01-29 01:41:28 -08:00
parent fc412a97ca
commit a62adfc115
2 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
phpBB/phpbb/template/twig/extension.php
View File

@@ -71,7 +71,7 @@ class extension extends \Twig_Extension
{ {
return array( return array(
new \Twig_SimpleFilter('subset', array($this, 'loop_subset'), array('needs_environment' => true)), new \Twig_SimpleFilter('subset', array($this, 'loop_subset'), array('needs_environment' => true)),
new \Twig_SimpleFilter('addslashes', 'addslashes'), new \Twig_SimpleFilter('addslashes', 'addslashes'), // Deprecate addslashes in phpBB 3.1.4
); );
} }
@@ -177,7 +177,7 @@ class extension extends \Twig_Extension
return $context_vars['L_' . $key]; return $context_vars['L_' . $key];
} }
// LA_ is transformed into lang(\'$1\')|addslashes, so we should not // LA_ is transformed into lang(\'$1\')|escape('js'), so we should not
// need to check for it // need to check for it
return call_user_func_array(array($this->user, 'lang'), $args); return call_user_func_array(array($this->user, 'lang'), $args);

6
phpBB/phpbb/template/twig/lexer.php
View File

@@ -117,9 +117,9 @@ class lexer extends \Twig_Lexer
// Appends any filters after lang() // Appends any filters after lang()
$code = preg_replace('#{L_([a-zA-Z0-9_\.]+)(\|[^}]+?)?}#', '{{ lang(\'$1\')$2 }}', $code); $code = preg_replace('#{L_([a-zA-Z0-9_\.]+)(\|[^}]+?)?}#', '{{ lang(\'$1\')$2 }}', $code);
// Replace all of our escaped language variables, {LA_VARNAME}, with Twig style, {{ lang('NAME')|addslashes }} // Replace all of our escaped language variables, {LA_VARNAME}, with Twig style, {{ lang('NAME')|escape('js') }}
// Appends any filters after lang(), but before addslashes // Appends any filters after lang(), but before escape('js')
$code = preg_replace('#{LA_([a-zA-Z0-9_\.]+)(\|[^}]+?)?}#', '{{ lang(\'$1\')$2|addslashes }}', $code); $code = preg_replace('#{LA_([a-zA-Z0-9_\.]+)(\|[^}]+?)?}#', '{{ lang(\'$1\')$2|escape(\'js\') }}', $code);
// Replace all of our variables, {VARNAME}, with Twig style, {{ VARNAME }} // Replace all of our variables, {VARNAME}, with Twig style, {{ VARNAME }}
// Appends any filters // Appends any filters