diogo
/
symfony
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[OutputEscaping] refactor the component to take advantage of new PHP 5.3 features

This commit is contained in:
Fabien Potencier 2010-01-29 09:06:14 +01:00
parent 5c20bfec92
commit 26f1434b14
10 changed files with 185 additions and 188 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/Symfony/Components/OutputEscaper/ArrayDecorator.php
View File

@ -59,7 +59,7 @@ class ArrayDecorator extends GetterDecorator implements \Iterator, \ArrayAccess,
*/
public function current()
{
return Escaper::escape($this->escapingMethod, current($this->value));
return Escaper::escape($this->escaper, current($this->value));
}
/**
@ -107,7 +107,7 @@ class ArrayDecorator extends GetterDecorator implements \Iterator, \ArrayAccess,
*/
public function offsetGet($offset)
{
return Escaper::escape($this->escapingMethod, $this->value[$offset]);
return Escaper::escape($this->escaper, $this->value[$offset]);
}
/**

164
src/Symfony/Components/OutputEscaper/Escaper.php
View File

@ -2,8 +2,6 @@
namespace Symfony\Components\OutputEscaper;
require_once __DIR__.'/escaping_helpers.php';
/*
* This file is part of the symfony package.
*
@ -31,32 +29,35 @@ abstract class Escaper
protected $value;
/**
* The escaping method that is going to be applied to the value and its
* children. This is actually a PHP callable.
* The escaper (a PHP callable) that is going to be applied to the value and its
* children.
*
* @var string
*/
protected $escapingMethod;
protected $escaper;
static protected $charset = 'UTF-8';
static protected $safeClasses = array();
static protected $strategies = array();
static protected $escapers;
/**
* Constructor stores the escaping method and value.
* Constructor.
*
* Since Escaper is an abstract class, instances cannot be created
* directly but the constructor will be inherited by sub-classes.
*
* @param string $escapingMethod Escaping method
* @param string $value Escaping value
* @param string $callable A PHP callable
* @param string $value Escaping value
*/
public function __construct($escapingMethod, $value)
public function __construct($escaper, $value)
{
$this->value = $value;
$this->escapingMethod = $escapingMethod;
if (null === self::$escapers)
{
self::initializeEscapers();
}
$this->escaper = is_string($escaper) && isset(self::$escapers[$escaper]) ? self::$escapers[$escaper] : $escaper;
$this->value = $value;
}
/**
@ -78,31 +79,41 @@ abstract class Escaper
* method calls is escaped.
*
* The escaping method is actually a PHP callable. This class hosts a set
* of standard escaping methods.
* of standard escaping strategies.
*
* @param string $escapingMethod The escaping method (a PHP callable) to apply to the value
* @param mixed $value The value to escape
* @param string $escaper The escaping method (a PHP callable) to apply to the value
* @param mixed $value The value to escape
*
* @return mixed Escaping value
* @return mixed Escaped value
*
* @throws \InvalidArgumentException If the escaping fails
*/
static public function escape($escapingMethod, $value)
static public function escape($escaper, $value)
{
if (null === $value)
{
return $value;
}
if (null === self::$escapers)
{
self::initializeEscapers();
}
if (is_string($escaper) && isset(self::$escapers[$escaper]))
{
$escaper = self::$escapers[$escaper];
}
// Scalars are anything other than arrays, objects and resources.
if (is_scalar($value))
{
return call_user_func($escapingMethod, $value);
return call_user_func($escaper, $value);
}
if (is_array($value))
{
return new ArrayDecorator($escapingMethod, $value);
return new ArrayDecorator($escaper, $value);
}
if (is_object($value))
@ -112,29 +123,29 @@ abstract class Escaper
// avoid double decoration
$copy = clone $value;
$copy->escapingMethod = $escapingMethod;
$copy->escaper = $escaper;
return $copy;
}
else if (self::isClassMarkedAsSafe(get_class($value)))
elseif (self::isClassMarkedAsSafe(get_class($value)))
{
// the class or one of its children is marked as safe
// return the unescaped object
return $value;
}
else if ($value instanceof Safe)
elseif ($value instanceof Safe)
{
// do not escape objects marked as safe
// return the original object
return $value->getValue();
}
else if ($value instanceof \Traversable)
elseif ($value instanceof \Traversable)
{
return new IteratorDecorator($escapingMethod, $value);
return new IteratorDecorator($escaper, $value);
}
else
{
return new ObjectDecorator($escapingMethod, $value);
return new ObjectDecorator($escaper, $value);
}
}
@ -246,7 +257,7 @@ abstract class Escaper
*/
public function __get($var)
{
return $this->escape($this->escapingMethod, $this->value->$var);
return $this->escape($this->escaper, $this->value->$var);
}
/**
@ -268,4 +279,101 @@ abstract class Escaper
{
return self::$charset;
}
/**
* Adds a named escaper.
*
* @param string $name The escaper name
* @param mixed $escaper A PHP callable
*/
static public function setEscaper($name, $escaper)
{
self::$escapers[$name] = $escaper;
}
/**
* Initializes the built-in escapers.
*
* Each function specifies a way for applying a transformation to a string
* passed to it. The purpose is for the string to be "escaped" so it is
* suitable for the format it is being displayed in.
*
* For example, the string: "It's required that you enter a username & password.\n"
* If this were to be displayed as HTML it would be sensible to turn the
* ampersand into '&' and the apostrophe into '&aps;'. However if it were
* going to be used as a string in JavaScript to be displayed in an alert box
* it would be right to leave the string as-is, but c-escape the apostrophe and
* the new line.
*
* For each function there is a define to avoid problems with strings being
* incorrectly specified.
*/
static function initializeEscapers()
{
self::$escapers = array(
'htmlspecialchars' =>
/**
* Runs the PHP function htmlspecialchars on the value passed.
*
* @param string $value the value to escape
*
* @return string the escaped value
*/
function ($value)
{
// Numbers and boolean values get turned into strings which can cause problems
// with type comparisons (e.g. === or is_int() etc).
return is_string($value) ? htmlspecialchars($value, ENT_QUOTES, Escaper::getCharset()) : $value;
},
'entities' =>
/**
* Runs the PHP function htmlentities on the value passed.
*
* @param string $value the value to escape
* @return string the escaped value
*/
function ($value)
{
// Numbers and boolean values get turned into strings which can cause problems
// with type comparisons (e.g. === or is_int() etc).
return is_string($value) ? htmlentities($value, ENT_QUOTES, Escaper::getCharset()) : $value;
},
'raw' =>
/**
* An identity function that merely returns that which it is given, the purpose
* being to be able to specify that the value is not to be escaped in any way.
*
* @param string $value the value to escape
* @return string the escaped value
*/
function ($value) { return $value; },
'js' =>
/**
* A function that c-escapes a string after applying (cf. entities). The
* assumption is that the value will be used to generate dynamic HTML in some
* way and the safest way to prevent mishap is to assume the value should have
* HTML entities set properly.
*
* The (cf. js_no_entities) method should be used to escape a string
* that is ultimately not going to end up as text in an HTML document.
*
* @param string $value the value to escape
* @return string the escaped value
*/
function ($value) { return str_replace(array("\\" , "\n" , "\r" , "\"" , "'" ), array("\\\\", "\\n" , "\\r", "\\\"", "\\'"), (is_string($value) ? htmlentities($value, ENT_QUOTES, Escaper::getCharset()) : $value)); },
'js_no_entities' =>
/**
* A function the c-escapes a string, making it suitable to be placed in a
* JavaScript string.
*
* @param string $value the value to escape
* @return string the escaped value
*/
function ($value) { return str_replace(array("\\" , "\n" , "\r" , "\"" , "'" ), array("\\\\", "\\n" , "\\r", "\\\"", "\\'"), $value); },
);
}
}

10
src/Symfony/Components/OutputEscaper/GetterDecorator.php
View File

@ -41,17 +41,17 @@ abstract class GetterDecorator extends Escaper
* {@link getRaw()} method, escaped and the result returned.
*
* @param string $key The key to retieve
* @param string $escapingMethod The escaping method (a PHP function) to use
* @param string $escaper The escaping method (a PHP function) to use
*
* @return mixed The escaped value
*/
public function get($key, $escapingMethod = null)
public function get($key, $escaper = null)
{
if (!$escapingMethod)
if (!$escaper)
{
$escapingMethod = $this->escapingMethod;
$escaper = $this->escaper;
}
return Escaper::escape($escapingMethod, $this->getRaw($key));
return Escaper::escape($escaper, $this->getRaw($key));
}
}

10
src/Symfony/Components/OutputEscaper/IteratorDecorator.php
View File

@ -35,15 +35,15 @@ class IteratorDecorator extends ObjectDecorator implements \Iterator, \Countable
/**
* Constructs a new escaping iteratoror using the escaping method and value supplied.
*
* @param string $escapingMethod The escaping method to use
* @param string $escaper The escaping method to use
* @param \Traversable $value The iterator to escape
*/
public function __construct($escapingMethod, \Traversable $value)
public function __construct($escaper, \Traversable $value)
{
// Set the original value for __call(). Set our own iterator because passing
// it to IteratorIterator will lose any other method calls.
parent::__construct($escapingMethod, $value);
parent::__construct($escaper, $value);
$this->iterator = new \IteratorIterator($value);
}
@ -65,7 +65,7 @@ class IteratorDecorator extends ObjectDecorator implements \Iterator, \Countable
*/
public function current()
{
return Escaper::escape($this->escapingMethod, $this->iterator->current());
return Escaper::escape($this->escaper, $this->iterator->current());
}
/**
@ -118,7 +118,7 @@ class IteratorDecorator extends ObjectDecorator implements \Iterator, \Countable
*/
public function offsetGet($offset)
{
return Escaper::escape($this->escapingMethod, $this->value[$offset]);
return Escaper::escape($this->escaper, $this->value[$offset]);
}
/**

21
src/Symfony/Components/OutputEscaper/ObjectDecorator.php
View File

@ -30,15 +30,14 @@ class ObjectDecorator extends GetterDecorator
* The calling of the method is changed slightly to accommodate passing a
* specific escaping strategy. An additional parameter is appended to the
* argument list which is the escaping strategy. The decorator will remove
* and use this parameter as the escaping strategy if it begins with 'esc_'
* (the prefix all escaping helper functions have).
* and use this parameter as the escaping strategy if it begins with 'esc_'.
*
* For example if an object, $o, implements methods a() and b($arg):
*
* $o->a() // Escapes the return value of a()
* $o->a(ESC_RAW) // Uses the escaping method ESC_RAW with a()
* $o->a('esc_raw') // Uses the escaping strategy 'raw' with a()
* $o->b('a') // Escapes the return value of b('a')
* $o->b('a', ESC_RAW); // Uses the escaping method ESC_RAW with b('a')
* $o->b('a', 'esc_raw'); // Uses the escaping strategy 'raw' with b('a')
*
* @param string $method The method on the object to be called
* @param array $args An array of arguments to be passed to the method
@ -49,24 +48,26 @@ class ObjectDecorator extends GetterDecorator
{
if (count($args) > 0)
{
$escapingMethod = $args[count($args) - 1];
if (is_string($escapingMethod) && substr($escapingMethod, 0, 4) === 'esc_')
$escaper = $args[count($args) - 1];
if (is_string($escaper) && 'esc_' === substr($escaper, 0, 4))
{
$escaper = substr($escaper, 4);
array_pop($args);
}
else
{
$escapingMethod = $this->escapingMethod;
$escaper = $this->escaper;
}
}
else
{
$escapingMethod = $this->escapingMethod;
$escaper = $this->escaper;
}
$value = call_user_func_array(array($this->value, $method), $args);
return Escaper::escape($escapingMethod, $value);
return Escaper::escape($escaper, $value);
}
/**
@ -98,6 +99,6 @@ class ObjectDecorator extends GetterDecorator
*/
public function __toString()
{
return $this->escape($this->escapingMethod, $this->value->__toString());
return $this->escape($this->escaper, $this->value->__toString());
}
}

3
src/Symfony/Components/OutputEscaper/Safe.php
View File

@ -20,8 +20,7 @@ namespace Symfony\Components\OutputEscaper;
*/
class Safe extends \ArrayIterator
{
protected
$value = null;
protected $value;
/**
* Constructor.

111
src/Symfony/Components/OutputEscaper/escaping_helpers.php
View File

@ -1,111 +0,0 @@
<?php
/*
* This file is part of the symfony package.
*
* (c) Fabien Potencier <fabien.potencier@symfony-project.com>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
/**
* The functions are primarily used by the output escaping component.
*
* Each function specifies a way for applying a transformation to a string
* passed to it. The purpose is for the string to be "escaped" so it is
* suitable for the format it is being displayed in.
*
* For example, the string: "It's required that you enter a username & password.\n"
* If this were to be displayed as HTML it would be sensible to turn the
* ampersand into '&amp;' and the apostrophe into '&aps;'. However if it were
* going to be used as a string in JavaScript to be displayed in an alert box
* it would be right to leave the string as-is, but c-escape the apostrophe and
* the new line.
*
* For each function there is a define to avoid problems with strings being
* incorrectly specified.
*
* @package symfony
* @subpackage helper
* @author Mike Squire <mike@somosis.co.uk>
*/
/**
* Runs the PHP function htmlentities on the value passed.
*
* @param string $value the value to escape
* @return string the escaped value
*/
function esc_entities($value)
{
// Numbers and boolean values get turned into strings which can cause problems
// with type comparisons (e.g. === or is_int() etc).
return is_string($value) ? htmlentities($value, ENT_QUOTES, Symfony\Components\OutputEscaper\Escaper::getCharset()) : $value;
}
define('ESC_ENTITIES', 'esc_entities');
/**
* Runs the PHP function htmlspecialchars on the value passed.
*
* @param string $value the value to escape
* @return string the escaped value
*/
function esc_specialchars($value)
{
// Numbers and boolean values get turned into strings which can cause problems
// with type comparisons (e.g. === or is_int() etc).
return is_string($value) ? htmlspecialchars($value, ENT_QUOTES, Symfony\Components\OutputEscaper\Escaper::getCharset()) : $value;
}
define('ESC_SPECIALCHARS', 'esc_specialchars');
/**
* An identity function that merely returns that which it is given, the purpose
* being to be able to specify that the value is not to be escaped in any way.
*
* @param string $value the value to escape
* @return string the escaped value
*/
function esc_raw($value)
{
return $value;
}
define('ESC_RAW', 'esc_raw');
/**
* A function that c-escapes a string after applying {@link esc_entities()}. The
* assumption is that the value will be used to generate dynamic HTML in some
* way and the safest way to prevent mishap is to assume the value should have
* HTML entities set properly.
*
* The {@link esc_js_no_entities()} method should be used to escape a string
* that is ultimately not going to end up as text in an HTML document.
*
* @param string $value the value to escape
* @return string the escaped value
*/
function esc_js($value)
{
return esc_js_no_entities(esc_entities($value));
}
define('ESC_JS', 'esc_js');
/**
* A function the c-escapes a string, making it suitable to be placed in a
* JavaScript string.
*
* @param string $value the value to escape
* @return string the escaped value
*/
function esc_js_no_entities($value)
{
return str_replace(array("\\" , "\n" , "\r" , "\"" , "'" ),
array("\\\\", "\\n" , "\\r", "\\\"", "\\'"),
$value);
}
define('ESC_JS_NO_ENTITIES', 'esc_js_no_entities');

2
tests/unit/Symfony/Components/OutputEscaper/ArrayDecoratorTest.php
View File

@ -16,7 +16,7 @@ use Symfony\Components\OutputEscaper\Escaper;
$t = new LimeTest(11);
$a = array('<strong>escaped!</strong>', 1, null, array(2, '<strong>escaped!</strong>'));
$escaped = Escaper::escape('esc_entities', $a);
$escaped = Escaper::escape('entities', $a);
// ->getRaw()
$t->diag('->getRaw()');

46
tests/unit/Symfony/Components/OutputEscaper/EscaperTest.php
View File

@ -43,23 +43,23 @@ class OutputEscaperTestClassChild extends OutputEscaperTestClass
// ::escape()
$t->diag('::escape()');
$t->diag('::escape() does not escape special values');
$t->ok(Escaper::escape('esc_entities', null) === null, '::escape() returns null if the value to escape is null');
$t->ok(Escaper::escape('esc_entities', false) === false, '::escape() returns false if the value to escape is false');
$t->ok(Escaper::escape('esc_entities', true) === true, '::escape() returns true if the value to escape is true');
$t->ok(Escaper::escape('entities', null) === null, '::escape() returns null if the value to escape is null');
$t->ok(Escaper::escape('entities', false) === false, '::escape() returns false if the value to escape is false');
$t->ok(Escaper::escape('entities', true) === true, '::escape() returns true if the value to escape is true');
$t->diag('::escape() does not escape a value when escaping method is ESC_RAW');
$t->is(Escaper::escape('esc_raw', '<strong>escaped!</strong>'), '<strong>escaped!</strong>', '::escape() takes an escaping strategy function name as its first argument');
$t->diag('::escape() does not escape a value when escaping method is RAW');
$t->is(Escaper::escape('raw', '<strong>escaped!</strong>'), '<strong>escaped!</strong>', '::escape() takes an escaping strategy function name as its first argument');
$t->diag('::escape() escapes strings');
$t->is(Escaper::escape('esc_entities', '<strong>escaped!</strong>'), '&lt;strong&gt;escaped!&lt;/strong&gt;', '::escape() returns an escaped string if the value to escape is a string');
$t->is(Escaper::escape('esc_entities', '<strong>échappé</strong>'), '&lt;strong&gt;&eacute;chapp&eacute;&lt;/strong&gt;', '::escape() returns an escaped string if the value to escape is a string');
$t->is(Escaper::escape('entities', '<strong>escaped!</strong>'), '&lt;strong&gt;escaped!&lt;/strong&gt;', '::escape() returns an escaped string if the value to escape is a string');
$t->is(Escaper::escape('entities', '<strong>échappé</strong>'), '&lt;strong&gt;&eacute;chapp&eacute;&lt;/strong&gt;', '::escape() returns an escaped string if the value to escape is a string');
$t->diag('::escape() escapes arrays');
$input = array(
'foo' => '<strong>escaped!</strong>',
'bar' => array('foo' => '<strong>escaped!</strong>'),
);
$output = Escaper::escape('esc_entities', $input);
$output = Escaper::escape('entities', $input);
$t->ok($output instanceof ArrayDecorator, '::escape() returns a ArrayDecorator object if the value to escape is an array');
$t->is($output['foo'], '&lt;strong&gt;escaped!&lt;/strong&gt;', '::escape() escapes all elements of the original array');
$t->is($output['bar']['foo'], '&lt;strong&gt;escaped!&lt;/strong&gt;', '::escape() is recursive');
@ -67,28 +67,28 @@ $t->is($output->getRawValue(), $input, '->getRawValue() returns the unescaped va
$t->diag('::escape() escapes objects');
$input = new OutputEscaperTestClass();
$output = Escaper::escape('esc_entities', $input);
$output = Escaper::escape('entities', $input);
$t->ok($output instanceof ObjectDecorator, '::escape() returns a ObjectDecorator object if the value to escape is an object');
$t->is($output->getTitle(), '&lt;strong&gt;escaped!&lt;/strong&gt;', '::escape() escapes all methods of the original object');
$t->is($output->title, '&lt;strong&gt;escaped!&lt;/strong&gt;', '::escape() escapes all properties of the original object');
$t->is($output->getTitleTitle(), '&lt;strong&gt;escaped!&lt;/strong&gt;', '::escape() is recursive');
$t->is($output->getRawValue(), $input, '->getRawValue() returns the unescaped value');
$t->is(Escaper::escape('esc_entities', $output)->getTitle(), '&lt;strong&gt;escaped!&lt;/strong&gt;', '::escape() does not double escape an object');
$t->ok(Escaper::escape('esc_entities', new \DirectoryIterator('.')) instanceof IteratorDecorator, '::escape() returns a IteratorDecorator object if the value to escape is an object that implements the ArrayAccess interface');
$t->is(Escaper::escape('entities', $output)->getTitle(), '&lt;strong&gt;escaped!&lt;/strong&gt;', '::escape() does not double escape an object');
$t->ok(Escaper::escape('entities', new \DirectoryIterator('.')) instanceof IteratorDecorator, '::escape() returns a IteratorDecorator object if the value to escape is an object that implements the ArrayAccess interface');
$t->diag('::escape() does not escape object marked as being safe');
$t->ok(Escaper::escape('esc_entities', new Safe(new OutputEscaperTestClass())) instanceof OutputEscaperTestClass, '::escape() returns the original value if it is marked as being safe');
$t->ok(Escaper::escape('entities', new Safe(new OutputEscaperTestClass())) instanceof OutputEscaperTestClass, '::escape() returns the original value if it is marked as being safe');
Escaper::markClassAsSafe('OutputEscaperTestClass');
$t->ok(Escaper::escape('esc_entities', new OutputEscaperTestClass()) instanceof OutputEscaperTestClass, '::escape() returns the original value if the object class is marked as being safe');
$t->ok(Escaper::escape('esc_entities', new OutputEscaperTestClassChild()) instanceof OutputEscaperTestClassChild, '::escape() returns the original value if one of the object parent class is marked as being safe');
$t->ok(Escaper::escape('entities', new OutputEscaperTestClass()) instanceof OutputEscaperTestClass, '::escape() returns the original value if the object class is marked as being safe');
$t->ok(Escaper::escape('entities', new OutputEscaperTestClassChild()) instanceof OutputEscaperTestClassChild, '::escape() returns the original value if one of the object parent class is marked as being safe');
$t->diag('::escape() cannot escape resources');
$fh = fopen(__FILE__, 'r');
try
{
Escaper::escape('esc_entities', $fh);
Escaper::escape('entities', $fh);
$t->fail('::escape() throws an InvalidArgumentException if the value cannot be escaped');
}
catch (InvalidArgumentException $e)
@ -108,7 +108,7 @@ $t->is(Escaper::unescape('&lt;strong&gt;escaped!&lt;/strong&gt;'), '<strong>esca
$t->is(Escaper::unescape('&lt;strong&gt;&eacute;chapp&eacute;&lt;/strong&gt;'), '<strong>échappé</strong>', '::unescape() returns an unescaped string if the value to unescape is a string');
$t->diag('::unescape() unescapes arrays');
$input = Escaper::escape('esc_entities', array(
$input = Escaper::escape('entities', array(
'foo' => '<strong>escaped!</strong>',
'bar' => array('foo' => '<strong>escaped!</strong>'),
));
@ -119,21 +119,21 @@ $t->is($output['bar']['foo'], '<strong>escaped!</strong>', '::unescape() is recu
$t->diag('::unescape() unescapes objects');
$object = new OutputEscaperTestClass();
$input = Escaper::escape('esc_entities', $object);
$input = Escaper::escape('entities', $object);
$output = Escaper::unescape($input);
$t->ok($output instanceof OutputEscaperTestClass, '::unescape() returns the original object when a ObjectDecorator object is passed');
$t->is($output->getTitle(), '<strong>escaped!</strong>', '::unescape() unescapes all methods of the original object');
$t->is($output->title, '<strong>escaped!</strong>', '::unescape() unescapes all properties of the original object');
$t->is($output->getTitleTitle(), '<strong>escaped!</strong>', '::unescape() is recursive');
$t->ok(IteratorDecorator::unescape(Escaper::escape('esc_entities', new DirectoryIterator('.'))) instanceof DirectoryIterator, '::unescape() unescapes IteratorDecorator objects');
$t->ok(IteratorDecorator::unescape(Escaper::escape('entities', new DirectoryIterator('.'))) instanceof DirectoryIterator, '::unescape() unescapes IteratorDecorator objects');
$t->diag('::unescape() does not unescape object marked as being safe');
$t->ok(Escaper::unescape(Escaper::escape('esc_entities', new Safe(new OutputEscaperTestClass()))) instanceof OutputEscaperTestClass, '::unescape() returns the original value if it is marked as being safe');
$t->ok(Escaper::unescape(Escaper::escape('entities', new Safe(new OutputEscaperTestClass()))) instanceof OutputEscaperTestClass, '::unescape() returns the original value if it is marked as being safe');
Escaper::markClassAsSafe('OutputEscaperTestClass');
$t->ok(Escaper::unescape(Escaper::escape('esc_entities', new OutputEscaperTestClass())) instanceof OutputEscaperTestClass, '::unescape() returns the original value if the object class is marked as being safe');
$t->ok(Escaper::unescape(Escaper::escape('esc_entities', new OutputEscaperTestClassChild())) instanceof OutputEscaperTestClassChild, '::unescape() returns the original value if one of the object parent class is marked as being safe');
$t->ok(Escaper::unescape(Escaper::escape('entities', new OutputEscaperTestClass())) instanceof OutputEscaperTestClass, '::unescape() returns the original value if the object class is marked as being safe');
$t->ok(Escaper::unescape(Escaper::escape('entities', new OutputEscaperTestClassChild())) instanceof OutputEscaperTestClassChild, '::unescape() returns the original value if one of the object parent class is marked as being safe');
$t->diag('::unescape() do nothing to resources');
$fh = fopen(__FILE__, 'r');
@ -143,8 +143,8 @@ $t->diag('::unescape() unescapes mixed arrays');
$object = new OutputEscaperTestClass();
$input = array(
'foo' => 'bar',
'bar' => Escaper::escape('esc_entities', '<strong>bar</strong>'),
'foobar' => Escaper::escape('esc_entities', $object),
'bar' => Escaper::escape('entities', '<strong>bar</strong>'),
'foobar' => Escaper::escape('entities', $object),
);
$output = array(
'foo' => 'bar',

2
tests/unit/Symfony/Components/OutputEscaper/ObjectDecoratorTest.php
View File

@ -34,7 +34,7 @@ class OutputEscaperTest
}
$object = new OutputEscaperTest();
$escaped = Escaper::escape('esc_entities', $object);
$escaped = Escaper::escape('entities', $object);
$t->is($escaped->getTitle(), '&lt;strong&gt;escaped!&lt;/strong&gt;', 'The escaped object behaves like the real object');