* Name: escape
* Purpose: Escape the string according to escapement type * @link http://smarty.php.net/manual/en/language.modifier.escape.php * escape (Smarty online manual) * @author Monte Ohrt * @param string * @param html|htmlall|url|quotes|hex|hexentity|javascript * @return string */ function tpl_modifier_escape($string, $esc_type = 'html', $char_set = 'ISO-8859-1', $double_encode = true) { switch ($esc_type) { case 'html': if (version_compare(PHP_VERSION, '5.2.3') === 1) return htmlspecialchars($string, ENT_QUOTES, $char_set, $double_encode); else return htmlspecialchars($string, ENT_QUOTES, $char_set); case 'htmlall': if (version_compare(PHP_VERSION, '5.2.3') === 1) return htmlentities($string, ENT_QUOTES, $char_set, $double_encode); else return htmlentities($string, ENT_QUOTES, $char_set); case 'url': return rawurlencode($string); case 'urlpathinfo': return str_replace('%2F','/',rawurlencode($string)); case 'quotes': // escape unescaped single quotes return preg_replace("%(?'\\\\',"'"=>"\\'",'"'=>'\\"',"\r"=>'\\r',"\n"=>'\\n',''<\/')); case 'mail': // safe way to display e-mail address on a web page return str_replace(array('@', '.'),array(' [AT] ', ' [DOT] '), $string); case 'nonstd': // escape non-standard chars, such as ms document quotes $_res = ''; for($_i = 0, $_len = strlen($string); $_i < $_len; $_i++) { $_ord = ord(substr($string, $_i, 1)); // non-standard char, escape it if($_ord >= 126) { $_res .= '&#' . $_ord . ';'; } else { $_res .= substr($string, $_i, 1); } } return $_res; default: return $string; } } ?>