/usr/share/php/PHP/Compat/Function/htmlspecialchars.php is in php-compat 1.6.0a3-2.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 | <?php
/**
* Replace function htmlspecialchars()
*
* @category PHP
* @package PHP_Compat
* @license LGPL - http://www.gnu.org/licenses/lgpl.html
* @copyright 2004-2007 Aidan Lister <aidan@php.net>, Arpad Ray <arpad@php.net>
* @link http://php.net/function.htmlspecialchars
* @author Aidan Lister <aidan@php.net>
* @version $Revision: 274499 $
* @since PHP 4.0.0
* @require PHP 4.0.0 (user_error)
*/
function php_compat_htmlspecialchars($string, $quote_style = ENT_COMPAT, $charset = 'ISO-8859-1', $double_encode = true)
{
if (version_compare(PHP_VERSION, '5.2.3', 'ge')) {
return htmlspecialchars($string, $quote_style, $charset, $double_encode);
}
// Sanity check
if (!is_scalar($string)) {
user_error('htmlspecialchars() expects parameter 1 to be string, ' .
gettype($string) . ' given', E_USER_WARNING);
return;
}
if (!is_int($quote_style) && $quote_style !== null) {
user_error('htmlspecialchars() expects parameter 2 to be integer, ' .
gettype($quote_style) . ' given', E_USER_WARNING);
return;
}
if (!is_scalar($charset)) {
user_error('htmlspecialchars() expects parameter 3 to be string, ' .
gettype($charset) . ' given', E_USER_WARNING);
return;
}
if (!is_bool($double_encode)) {
user_error('htmlspecialchars() expects parameter 4 to be bool, ' .
gettype($double_encode) . ' given', E_USER_WARNING);
return;
}
// mb support
if ($charset != 'ISO-8859-1') {
if (!function_exists('mb_substr')) {
user_error('php_compat_htmlspecialchars requires PHP >= 4.0.6 and '
. 'the mbstring extension to support the $charset argument.',
E_USER_WARNING);
return;
}
$len = mb_strlen($string, $charset);
$ret = '';
for ($i = 0; $i < $len; $i++) {
$char = mb_substr($string, $i, 1, $charset);
switch ($char) {
case '&':
if (!$double_encode && $i < $len - 2) {
// look ahead to see if we have an existing entity
$foundEntity = false;
$type = mb_substr($string, $i + 1, 1, $charset);
if ($type == '#') {
// numeric entities
$type2 = mb_substr($string, $i + 2, 1, $charset);
if ($type2 == 'x') {
$validator = 'ctype_xdigit';
} else if (ctype_digit($type2)) {
$validator = 'ctype_digit';
$foundEntity = true;
} else {
// invalid entity
$ret .= '&';
break;
}
} else if (ctype_alnum($type)) {
$validator = 'ctype_alnum';
$foundEntity = true;
} else {
$ret .= '&';
break;
}
for ($j = $i + ($type == '#' ? 3 : 2); $j < $len; $j++) {
$tempChar = mb_substr($string, $j, 1, $charset);
if ($foundEntity && $tempChar == ';') {
$ret .= mb_substr($string, $i, $j - $i + 1, $charset);
$i = $j;
break 2;
}
if ($validator($tempChar)) {
$foundEntity = true;
} else {
// invalid entity
$ret .= '&';
break;
}
}
}
$ret .= '&';
break;
case '"':
$ret .= $quote_style & ENT_NOQUOTES ? '"' : '"';
break;
case "'":
$ret .= $quote_style & ENT_COMPAT || $quote_style & ENT_NOQUOTES ? "'" : ''';
break;
case '<':
$ret .= '<';
break;
case '>':
$ret .= '>';
break;
default:
$ret .= $char;
break;
}
}
return $ret;
}
if (!$double_encode) {
return preg_replace('/[^&]|&(?!(?:#(?:x[a-f\d]+|\d+)|\w+);)/e', 'htmlspecialchars("$0", $quote_style)', $string);
}
return htmlspecialchars($string, $quote_style);
}
|