Skip to content

Commit 2cf9d85

Browse files
nidenniden
committed
[#16108] - changed attributes to expect an array also
1 parent 8f4a158 commit 2cf9d85

File tree

2 files changed

+74
-17
lines changed

2 files changed

+74
-17
lines changed

phalcon/Html/Escaper.zep

Lines changed: 61 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -49,20 +49,55 @@ class Escaper implements EscaperInterface
4949
protected flags = 11;
5050

5151
/**
52-
* Escapes a HTML attribute string
52+
* Escapes a HTML attribute string or array
5353
*
54-
* @param string $input
54+
* If the input is an array, the keys are the attribute names and the
55+
* values are attribute values. If a value is boolean (true/false) then
56+
* the attribute will have no value:
57+
* `['disabled' => true]` -> `'disabled``
58+
*
59+
* The resulting string will have attribute pairs separated by a space.
60+
*
61+
* @param array|string $input
5562
*
5663
* @return string
5764
*/
58-
public function attributes(string input) -> string
65+
public function attributes(var input) -> string
5966
{
60-
return htmlspecialchars(
61-
input,
62-
ENT_QUOTES,
63-
this->encoding,
64-
this->doubleEncode
65-
);
67+
var key, result, value;
68+
69+
if (typeof input !== "string" && typeof input !== "array") {
70+
throw new Exception("Input must be an array or a string");
71+
}
72+
73+
if (typeof input === "string") {
74+
return this->phpHtmlSpecialChars(input);
75+
}
76+
77+
let result = "";
78+
for key, value in input {
79+
if (null === value || false === value) {
80+
continue;
81+
}
82+
83+
let key = trim(key);
84+
85+
if (typeof value === "array") {
86+
let value = implode(" ", value);
87+
}
88+
89+
let result .= this->phpHtmlSpecialChars(key);
90+
91+
if (true !== value) {
92+
let result .= "=\""
93+
. this->phpHtmlSpecialChars(value)
94+
. "\"";
95+
}
96+
97+
let result .= " ";
98+
}
99+
100+
return rtrim(result);
66101
}
67102

68103
/**
@@ -342,6 +377,23 @@ class Escaper implements EscaperInterface
342377
return rawurlencode(input);
343378
}
344379

380+
/**
381+
* Proxy method for testing
382+
*
383+
* @param string $input
384+
*
385+
* @return string
386+
*/
387+
protected function phpHtmlSpecialChars(string input) -> string
388+
{
389+
return htmlspecialchars(
390+
input,
391+
ENT_QUOTES,
392+
this->encoding,
393+
this->doubleEncode
394+
);
395+
}
396+
345397
/**
346398
* @param string $input
347399
*

tests/unit/Html/Escaper/AttributesCest.php

Lines changed: 13 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -25,7 +25,7 @@
2525
class AttributesCest
2626
{
2727
/**
28-
* Tests Phalcon\Escaper :: escapeHtmlAttr()
28+
* Tests Phalcon\Escaper :: attributes()
2929
*
3030
* @dataProvider escaperEscapeHtmlAttrProvider
3131
*
@@ -44,14 +44,11 @@ public function escaperAttributes(UnitTester $I, Example $example)
4444
$text = $example['text'];
4545
$flags = $example['htmlQuoteType'];
4646

47-
$escaper->setHtmlQuoteType($flags);
47+
$escaper->setFlags($flags);
4848

4949
$expected = $example['expected'];
5050
$actual = $escaper->attributes($text);
5151
$I->assertSame($expected, $actual);
52-
53-
$actual = $escaper->escapeHtmlAttr($text);
54-
$I->assertSame($expected, $actual);
5552
}
5653

5754
/**
@@ -65,24 +62,32 @@ private function escaperEscapeHtmlAttrProvider(): array
6562
'expected' => 'That's right',
6663
'text' => "That's right",
6764
],
68-
6965
[
7066
'htmlQuoteType' => ENT_XML1,
7167
'expected' => 'That's right',
7268
'text' => "That's right",
7369
],
74-
7570
[
7671
'htmlQuoteType' => ENT_XHTML,
7772
'expected' => 'That's right',
7873
'text' => "That's right",
7974
],
80-
8175
[
8276
'htmlQuoteType' => ENT_HTML5,
8377
'expected' => 'That's right',
8478
'text' => "That's right",
8579
],
80+
[
81+
'htmlQuoteType' => ENT_HTML5,
82+
'expected' => 'text="Ferrari Ford Dodge"',
83+
'text' => [
84+
'text' => [
85+
'Ferrari',
86+
'Ford',
87+
'Dodge',
88+
],
89+
],
90+
],
8691
];
8792
}
8893
}

0 commit comments

Comments
 (0)