commit 263b703c4b379260fa7002e4e8b575af418e542a
parent e770cf81555252cf0fc04d9b523454c1c9670de0
Author: dankert <devnull@localhost>
Date: Tue, 30 Mar 2010 11:32:51 +0200
Escapen aller Nicht-ASCII-Zeichen in HTML-Entities, aktivierbar über Konfigurationssschalter, Fix für Bug #5.
Diffstat:
4 files changed, 29 insertions(+), 6 deletions(-)
diff --git a/actionClasses/Action.class.php b/actionClasses/Action.class.php
@@ -674,12 +674,7 @@ class Action
*/
function getCharset()
{
- $db = db_connection();
-
- if ( isset($db->conf['charset']) )
- return $db->conf['charset'];
- else
- return lang('CHARSET');
+ return charset();
}
diff --git a/config/publish.ini.php b/config/publish.ini.php
@@ -57,6 +57,9 @@ enable_php_in_page_content=false
; 'auto' : interpreted, if file extension = '.php'
; 'true' : always interpret PHP in file content
enable_php_in_file_content=false
+
+; Escape all non-ascii characters to HTML entities (e.g. "&entity;")
+escape_8bit_characters=true
diff --git a/functions/common.inc.php b/functions/common.inc.php
@@ -122,4 +122,20 @@ function istrue( $val )
return false;
}
+/**
+ * Liefert den für die Ausgabe zu verwendenden Zeichensatz.
+ * Falls konfiguriert, wird das Charset aus der DB-Konfiguration
+ * genommen. Sonst das Charset aus der Sprachdatei.
+ *
+ * @return Zeichensatz, z.B. "UTF-8", "ISO-8859-1".
+ */
+function charset()
+{
+ $db = db_connection();
+
+ if ( isset($db->conf['charset']) )
+ return $db->conf['charset'];
+ else
+ return lang('CHARSET');
+}
?>
\ No newline at end of file
diff --git a/objectClasses/Page.class.php b/objectClasses/Page.class.php
@@ -728,6 +728,15 @@ class Page extends Object
$src = str_replace( '{{->'.$id.'}}','',$src );
}
+ if ( config('publish','escape_8bit_characters') )
+ if ( substr($this->mimeType(),-4) == 'html' )
+ {
+ $src = htmlentities($src,ENT_NOQUOTES,charset());
+ $src = str_replace('<' , '<', $src);
+ $src = str_replace('>' , '>', $src);
+ $src = str_replace('&', '&', $src);
+ }
+
$this->value = &$src;
// Store in cache.