Improved Code Sniffing (#928)
[openemr.git] / library / htmlspecialchars.inc.php
blob5b33766743bb54ba19065015d387894b2bf61655
1 <?php
2 /**
3 * library/htmlspecialchars.inc.php Escaping Functions
5 * Copyright © 2011 Boyd Stephen Smith Jr.
6 * This file is free software: you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation, either version 3 of the License, or
9 * (at your option) any later version.
11 * This file is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program. If not, see <http://www.gnu.org/licenses/>.
19 * @package OpenEMR
20 * @author Boyd Stephen Smith Jr.
23 /**
24 * Escape a PHP string for use as (part of) an HTML / XML text node.
26 * It only escapes a few special chars: the ampersand (&) and both the left-
27 * pointing angle bracket (<) and the right-pointing angle bracket (>), since
28 * these are the only characters that are special in a text node. Minimal
29 * quoting is preferred because it produces smaller and more easily human-
30 * readable output.
32 * Some characters simply cannot appear in valid XML documents, even
33 * as entities but, this function does not attempt to handle them.
35 * NOTE: Attribute values are NOT text nodes, and require additional escaping.
37 * @param string $text The string to escape, possibly including "&", "<",
38 * or ">".
39 * @return string The string, with "&", "<", and ">" escaped.
41 function text($text)
43 return htmlspecialchars($text, ENT_NOQUOTES);
46 /**
47 * Escape a PHP string for use as (part of) an HTML / XML attribute value.
49 * It escapes several special chars: the ampersand (&), the double quote
50 * ("), the singlequote ('), and both the left-pointing angle bracket (<)
51 * and the right-pointing angle bracket (>), since these are the characters
52 * that are special in an attribute value.
54 * Some characters simply cannot appear in valid XML documents, even
55 * as entities but, this function does not attempt to handle them.
57 * NOTE: This can be used as a "generic" HTML escape since it does maximal
58 * quoting. However, some HTML and XML contexts (CDATA) don't provide
59 * escape mechanisms. Also, further pre- or post-escaping might need to
60 * be done when embdedded other languages (like JavaScript) inside HTML /
61 * XML documents.
63 * @param string $text The string to escape, possibly including (&), (<),
64 * (>), ('), and (").
65 * @return string The string, with (&), (<), (>), ("), and (') escaped.
67 function attr($text)
69 return htmlspecialchars($text, ENT_QUOTES);
72 /**
73 * This function is a compatibility replacement for the out function removed
74 * from the CDR Admin framework.
76 * @param string $text The string to escape, possibly including (&), (<),
77 * (>), ('), and (").
78 * @return string The string, with (&), (<), (>), ("), and (') escaped.
80 function out($text)
82 return attr($text);
85 /**
86 * Don't call this function. You don't see this function. This function
87 * doesn't exist.
89 * TODO: Hide this function so it can be called from this file but not from
90 * PHP that includes / requires this file. Either that, or write reasonable
91 * documentation and clean up the name.
93 function hsc_private_xl_or_warn($key)
95 if (function_exists('xl')) {
96 return xl($key);
97 } else {
98 trigger_error(
99 'Translation via xl() was requested, but the xl()'
100 . ' function is not defined, yet.',
101 E_USER_WARNING
103 return $key;
108 * Translate via xl() and then escape via text().
110 * @param string $key The string to escape, possibly including "&", "<",
111 * or ">".
112 * @return string The string, with "&", "<", and ">" escaped.
114 function xlt($key)
116 return text(hsc_private_xl_or_warn($key));
120 * Translate via xl() and then escape via attr().
122 * @param string $key The string to escape, possibly including (&), (<),
123 * (>), ('), and (").
124 * @return string The string, with (&), (<), (>), ("), and (') escaped.
126 function xla($key)
128 return attr(hsc_private_xl_or_warn($key));
132 Translate via xl() and then escape via addslashes for use with javascript literals
134 function xls($key)
136 return addslashes(hsc_private_xl_or_warn($key));
138 return; // Stop include / require from going any further (non-PHP)