Index: /branches/version-2_12-multilang/data/class/helper/SC_Helper_Locale.php =================================================================== --- /branches/version-2_12-multilang/data/class/helper/SC_Helper_Locale.php (revision 22099) +++ /branches/version-2_12-multilang/data/class/helper/SC_Helper_Locale.php (revision 22186) @@ -70,17 +70,110 @@ } + $return = $string; // Get string list of specified language. - if ($lang_code == 'en') { - return $string; - } else { + if ($lang_code != 'en') { $translations = SC_Helper_Locale_Ex::$_instance->get_translations($lang_code, $device_type_id); // Whether a string which corresponding with alias is exist. - if (isset($translations[$string])) { - return $translations[$string]; - } - else { - return $string; - } - } + if (isset($translations[$return])) { + $return = $translations[$return]; + } + } + + $esc_types = $options['escape']; + if (is_null($esc_types) && $string[0] !== '<') { + $esc_types = 'h'; + } + foreach (explode(',', $esc_types) as $esc_type) { + switch ($esc_type) { + case 'h': + case 'html': + $return = htmlspecialchars($return, ENT_QUOTES); + break; + + case 'j': + case 'javascript': + // escape quotes and backslashes, newlines, etc. + $return = strtr($return, array('\\'=>'\\\\',"'"=>"\\'",'"'=>'\\"',"\r"=>'\\r',"\n"=>'\\n',''=>'<\/')); + break; + + case 'nl2br': + $return = nl2br($return, true); + break; + + case '': + case 'none': + break; + + case 'htmlall': + $return = htmlentities($return, ENT_QUOTES); + break; + + case 'u': + case 'url': + $return = rawurlencode($return); + break; + + case 'urlpathinfo': + $return = str_replace('%2F','/',rawurlencode($return)); + break; + + case 'quotes': + // escape unescaped single quotes + $return = preg_replace("%(?= 126){ + $_res .= '' . $_ord . ';'; + } + else { + $_res .= substr($return, $_i, 1); + } + } + $return = $_res; + break; + + default: + trigger_error('unknown escape type. ' . var_export(func_get_args(), true), E_USER_WARNING); + break; + } + } + + return $return; } Index: /branches/version-2_12-multilang/data/smarty_extends/function.t.php =================================================================== --- /branches/version-2_12-multilang/data/smarty_extends/function.t.php (revision 22099) +++ /branches/version-2_12-multilang/data/smarty_extends/function.t.php (revision 22186) @@ -45,4 +45,9 @@ unset($params['device_type_id']); } + // エスケープの指定がある場合、オプションに移す + if (isset($params['escape'])) { + $options['escape'] = $params['escape']; + unset($params['escape']); + } return t($string, $params, $options); Index: /branches/version-2_12-multilang/data/Smarty/templates/admin/ownersstore/plugin.tpl =================================================================== --- /branches/version-2_12-multilang/data/Smarty/templates/admin/ownersstore/plugin.tpl (revision 22130) +++ /branches/version-2_12-multilang/data/Smarty/templates/admin/ownersstore/plugin.tpl (revision 22186) @@ -34,10 +34,10 @@ if(mode === 'disable') { - result = window.confirm(''); + result = window.confirm(''); if(result === false) { $(event.target).attr("checked", "checked"); } } else if(mode === 'enable') { - result = window.confirm(''); + result = window.confirm(''); if(result === false) { $(event.target).attr("checked", ""); @@ -55,5 +55,5 @@ */ function remoteException(XMLHttpRequest, textStatus, errorThrown) { - alert(''); + alert(''); } @@ -80,5 +80,5 @@ */ function install() { - if (window.confirm('')){ + if (window.confirm('')){ fnModeSubmit('install','',''); } @@ -89,5 +89,5 @@ */ function uninstall(plugin_id, plugin_code) { - if (window.confirm('')){ + if (window.confirm('')){ fnSetFormValue('plugin_id', plugin_id); fnModeSubmit('uninstall', 'plugin_code', plugin_code); @@ -99,5 +99,5 @@ */ function update(plugin_id, plugin_code) { - if (window.confirm('')){ + if (window.confirm('')){ removeUpdateFile('update_file_' + plugin_id); fnSetFormValue('plugin_id', plugin_id); @@ -128,6 +128,17 @@