Perforce Chronicle 2012.2/486814
API Documentation
Protected Member Functions | Protected Attributes

P4Cms_View_Helper_EscapeAbstract Class Reference

Abstract view helper for escaping untrusted data before inserting them in the view. More...

Inheritance diagram for P4Cms_View_Helper_EscapeAbstract:
P4Cms_View_Helper_EscapeAttr P4Cms_View_Helper_EscapeJs

List of all members.

Protected Member Functions

 _encode ($value)
 Encodes given value.
 _encodeChar ($char)
 Encode single character into a value that can be safely inserted into the view.
 _format ($ordinalValue)
 Formats character represented by its ordinal value into a string that can be safely to inserted in the view.
 _isAlnum ($ordinalValue)
 Help function to detect if given ordinal value represents alphanumeric character.

Protected Attributes

 $_illegalOrd = array()
 $_safeChars = array()

Detailed Description

Abstract view helper for escaping untrusted data before inserting them in the view.

Copyright:
2011-2012 Perforce Software. All rights reserved
License:
Please see LICENSE.txt in top-level folder of this distribution.
Version:
2012.2/486814

Member Function Documentation

P4Cms_View_Helper_EscapeAbstract::_encode ( value) [protected]

Encodes given value.

See _encodeChar() method for details how single characters are encoded.

Parameters:
string$valueValue to encode.
Returns:
string Encoded value. 
    {
        $output  = '';
        $charset = $this->view->getEncoding();
        for ($i = 0; $i < iconv_strlen($value, $charset); $i++) {
            $char = iconv_substr($value, $i, 1, $charset);
            $output .= $this->_encodeChar($char);
        }

        return $output;
    }
P4Cms_View_Helper_EscapeAbstract::_encodeChar ( char) [protected]

Encode single character into a value that can be safely inserted into the view.

Parameters:
string$charCharacter to encode.
Returns:
string Encoded character. 
    {
        // if char is safe, return it
        if (in_array($char, $this->_safeChars)) {
            return $char;
        }

        // convert char to 4-byte
        $char4Byte = iconv($this->view->getEncoding(), "UTF-32LE", $char);

        // get the ordinal value of the character
        list(, $ordinalValue) = unpack("V", $char4Byte);

        // encode char
        if ($this->_isAlnum($ordinalValue)) {
            return $char;
        } else if (in_array($ordinalValue, $this->_illegalOrd)) {
            return " ";
        } else {
            return $this->_format($ordinalValue);
        }
    }
P4Cms_View_Helper_EscapeAbstract::_format ( ordinalValue) [abstract, protected]

Formats character represented by its ordinal value into a string that can be safely to inserted in the view.

Implemented by concrete class as it depends on the context (html attrib, js, css etc.).

Parameters:
int$ordinalValueOrdinal value to format.

Reimplemented in P4Cms_View_Helper_EscapeAttr, and P4Cms_View_Helper_EscapeJs.

P4Cms_View_Helper_EscapeAbstract::_isAlnum ( ordinalValue) [protected]

Help function to detect if given ordinal value represents alphanumeric character.

Parameters:
int$ordinalValueOrdinal value to check.
Returns:
bool True if ordinal value represents alphanum char, false otherwise. 
    {
        return ($ordinalValue >= 48 && $ordinalValue <= 57)
            || ($ordinalValue >= 65 && $ordinalValue <= 90)
            || ($ordinalValue >= 97 && $ordinalValue <= 122);
    }

Member Data Documentation

P4Cms_View_Helper_EscapeAbstract::$_illegalOrd = array() [protected]
P4Cms_View_Helper_EscapeAbstract::$_safeChars = array() [protected]

Reimplemented in P4Cms_View_Helper_EscapeAttr, and P4Cms_View_Helper_EscapeJs.

The documentation for this class was generated from the following file: