#38: AutoEscape and $this->charset
Issue revisions
- closed by Laurynas Pečiūra at 2009-A-17 19:59
| Type |  bug |
|---|---|
| State |  closed |
| Priority |  normal |
| Resolution |  fixed |
| Assigned to | Jordi Boggiano |
| Scheduled for | 1.1.1 |
| Affected versions | |
| Affected components | Plugins |
| Last change | Monday 17 August 2009 19:59:58 UTC by Laurynas Pečiūra |
/dwoo/Dwoo/dwooCompiler.php, lines 1454-1456:
<pre>
if ($this->autoEscape) {
$out = preg_replace('#\(is_string\(\$tmp=(.+?)\) \? htmlspecialchars\(\$tmp, ENT_QUOTES, \$this->charset\) : \$tmp\)#', '$1', $out);
}
</pre>
@$this->charset@ on line 1455 is *protected*, supposedly that should be @$this->getCharset()@
Laurynas Pečiūra at Monday 17 August 2009 20:13:37 UTC
I'm sorry, i think i've hastily posted this. This is not actually cause of my issue, i'll update whenever i've located the source of the problem.
Laurynas Pečiūra at Tuesday 18 August 2009 07:27:40 UTC
I'm using Dwoo with Zend Framework, AutoEscape enabled.
{$variable}
{/template} {test 'hello world!'} </pre>
Results in @Fatal error: Cannot access protected property Dwoo::$charset in ...@
The code generated line looks like this: <pre><?php echo (is_string($tmp=$dwoo->scope["variable"]) ? htmlspecialchars($tmp, ENT_QUOTES, $dwoo->charset) : $tmp);?> </pre>
A quick and dirty solution for me was to change line 2136 of /dwoo/Dwoo/Compiler.php: <pre>$output = '(is_string($tmp='.$output.') ? htmlspecialchars($tmp, ENT_QUOTES, $this->charset) : $tmp)';</pre> to <pre>$output = '(is_string($tmp='.$output.') ? htmlspecialchars($tmp, ENT_QUOTES, $this->getCharset()) : $tmp)';</pre>
Jordi Boggiano at Monday 12 October 2009 19:58:28 UTC
Heya, thanks for the report and fix, sorry for the response time but we live in busy times..
A fix is coming shortly, I just did it in the template plugin itself for performance reasons, no need to call getCharset() all the time for nothing.
Jordi Boggiano at Monday 12 October 2009 20:00:31 UTC
Applied in changeset r288.