Changeset 22226 for branches/version-2_12-multilang

Timestamp:

2013/01/11 00:21:16 (11 years ago)

Author:

Seasoft

Message:

#1988 (国際化テンプレート：エスケープ処理) 現状コミット。

• PHP 関数の t() の動作に影響が及んでいたので回避。
• 文字列エスケープ処理を分離。SC_Helper_Locale#escape
• デフォルトのエスケープに nl2br を追加。
• 吉本様からご指示いただきました仕様を適用。

  後述されている仕様での実装をお願いしたく思います。
  懸念されています「po の中で HTML エスケープを意識する」といった必要が生じる箇所は
  それほど多くない事、現時点ではβ版リリースという事を踏まえて
  今後修正を掛けていければと考えております。
  
  取り急ぎ最小限の実装で対応できればと考えておりますので
  懸念は残す形となりますが、やはり以下の様な実装で対応できればと思います。
  
  <!--{t string="tpl_465" escape="none"}-->
  <!--{t string="tpl_465"}-->
  

  escape=""は「指定なし」と同様の振る舞いの方が分かりやすいかと思います。
  

Location:

branches/version-2_12-multilang/data

Files:

• Smarty/templates/admin/ownersstore/plugin.tpl (modified) (1 diff)
• class/helper/SC_Helper_Locale.php (modified) (5 diffs)
• locales/ja.mo (modified) (previous)
• locales/ja.po (modified) (3 diffs)
• smarty_extends/function.t.php (modified) (1 diff)

branches/version-2_12-multilang/data/Smarty/templates/admin/ownersstore/plugin.tpl

@@ -128 +128 @@
     <h2><!--{t string="tpl_464"}--></h2>
     <table class="form">
-        <!--{* 案1 *}-->
         <tr>
-            <th><!--{t string="tpl_465"}--> <!--{t string="<require>"}--></th>
-            <td>
-                <!--{assign var=key value="plugin_file"}-->
-                <span class="attention"><!--{$arrErr[$key]}--></span>
-                <input type="file" name="<!--{ $key }-->" class="box45" size="43"  style="<!--{$arrErr[$key]|sfGetErrorColor}--> <!--{if $arrErr[$key]}--> background-color:<!--{$smarty.const.ERR_COLOR|h}--><!--{/if}-->">
-                <a class="btn-action" href="javascript:;" onclick="install(); return false;"><span class="btn-next"><!--{t string="tpl_466"}--></span></a>
-            </td>
-        </tr>
-        <!--{* 案2 *}-->
-        <tr>
-            <th><!--{t string="tpl_465"}--> <span class='attention'><!--{t string="require_mark"}--></span></th>
+            <th><!--{t string="tpl_465" escape="none"}--></th>
             <td>
                 <!--{assign var=key value="plugin_file"}-->

branches/version-2_12-multilang/data/class/helper/SC_Helper_Locale.php

@@ -39 +39 @@
      * @var SC_Helper_Locale
      */
-     static $_instance = NULL;
-
-     public $_translations = array();
+    static $_instance = NULL;
+
+    public $_translations = array();
 
      /**
@@ -50 +50 @@
      * @return  string  a string corresponding with message alias
      */
-     public static function get_locale($string, &$options) {
+    public static function get_locale($string, &$options) {
         is_null(SC_Helper_Locale_Ex::$_instance) and SC_Helper_Locale_Ex::$_instance = new SC_Helper_Locale_Ex();
 
@@ -71 +71 @@
 
         $return = $string;
+
         // Get string list of specified language.
         if ($lang_code != 'en') {
@@ -80 +81 @@
         }
 
-        $esc_types = $options['escape'];
-        if (is_null($esc_types) && $string[0] !== '<') {
-            $esc_types = 'h';
-        }
-        foreach (explode(',', $esc_types) as $esc_type) {
-            switch ($esc_type) {
-                case 'h':
-                case 'html':
-                    $return = htmlspecialchars($return, ENT_QUOTES);
-                    break;
-
-                case 'j':
-                case 'javascript':
-                    // escape quotes and backslashes, newlines, etc.
-                    $return = strtr($return, array('\\'=>'\\\\',"'"=>"\\'",'"'=>'\\"',"\r"=>'\\r',"\n"=>'\\n','</'=>'<\/'));
-                    break;
-
-                case 'nl2br':
-                    $return = nl2br($return, true);
-                    break;
-
-                case '':
-                case 'none':
-                    break;
-
-                case 'htmlall':
-                    $return = htmlentities($return, ENT_QUOTES);
-                    break;
-
-                case 'u':
-                case 'url':
-                    $return = rawurlencode($return);
-                    break;
-
-                case 'urlpathinfo':
-                    $return = str_replace('%2F','/',rawurlencode($return));
-                    break;
-
-                case 'quotes':
-                    // escape unescaped single quotes
-                    $return = preg_replace("%(?<!\\\\)'%", "\\'", $return);
-                    break;
-
-                case 'hex':
-                    // escape every character into hex
-                    $text = '';
-                    for ($x=0; $x < strlen($return); $x++) {
-                        $text .= '%' . bin2hex($return[$x]);
-                    }
-                    $return = $text;
-                    break;
-
-                case 'hexentity':
-                    $text = '';
-                    for ($x=0; $x < strlen($return); $x++) {
-                        $text .= '&#x' . bin2hex($return[$x]) . ';';
-                    }
-                    $return = $text;
-                    break;
-
-                case 'decentity':
-                    $text = '';
-                    for ($x=0; $x < strlen($return); $x++) {
-                        $text .= '&#' . ord($return[$x]) . ';';
-                    }
-                    $return = $text;
-                    break;
-
-                case 'mail':
-                    // safe way to display e-mail address on a web page
-                    $return = str_replace(array('@', '.'),array(' [AT] ', ' [DOT] '), $return);
-                    break;
-
-                case 'nonstd':
-                   // escape non-standard chars, such as ms document quotes
-                   $_res = '';
-                   for($_i = 0, $_len = strlen($return); $_i < $_len; $_i++) {
-                       $_ord = ord(substr($return, $_i, 1));
-                       // non-standard char, escape it
-                       if($_ord >= 126){
-                           $_res .= '&#' . $_ord . ';';
-                       }
-                       else {
-                           $_res .= substr($return, $_i, 1);
-                       }
-                   }
-                   $return = $_res;
-                    break;
-
-                default:
-                    trigger_error('unknown escape type. ' . var_export(func_get_args(), true), E_USER_WARNING);
-                    break;
+        if (is_array($options['escape'])) {
+            foreach ($options['escape'] as $esc_type) {
+                $return = SC_Helper_Locale_Ex::escape($return, $esc_type);
             }
         }
@@ -272 +184 @@
         return $file_list;
     }
+
+    /**
+     * 文字列のエスケープを行う
+     *
+     * @param   string  $string     エスケープを行う文字列
+     * @param   string  $esc_type   エスケープの種類
+     * @return  string  エスケープを行った文字列
+     */
+    static function escape($string, $esc_type) {
+        $return = $string;
+
+        switch ($esc_type) {
+            case 'h':
+            case 'html':
+                $return = htmlspecialchars($return, ENT_QUOTES);
+                break;
+
+            case 'j':
+            case 'javascript':
+                // escape quotes and backslashes, newlines, etc.
+                $return = strtr($return, array('\\'=>'\\\\',"'"=>"\\'",'"'=>'\\"',"\r"=>'\\r',"\n"=>'\\n','</'=>'<\/'));
+                break;
+
+            case 'nl2br':
+                $return = nl2br($return, true);
+                break;
+
+            case '':
+            case 'none':
+                break;
+
+            case 'htmlall':
+                $return = htmlentities($return, ENT_QUOTES);
+                break;
+
+            case 'u':
+            case 'url':
+                $return = rawurlencode($return);
+                break;
+
+            case 'urlpathinfo':
+                $return = str_replace('%2F','/',rawurlencode($return));
+                break;
+
+            case 'quotes':
+                // escape unescaped single quotes
+                $return = preg_replace("%(?<!\\\\)'%", "\\'", $return);
+                break;
+
+            case 'hex':
+                // escape every character into hex
+                $text = '';
+                for ($x=0; $x < strlen($return); $x++) {
+                    $text .= '%' . bin2hex($return[$x]);
+                }
+                $return = $text;
+                break;
+
+            case 'hexentity':
+                $text = '';
+                for ($x=0; $x < strlen($return); $x++) {
+                    $text .= '&#x' . bin2hex($return[$x]) . ';';
+                }
+                $return = $text;
+                break;
+
+            case 'decentity':
+                $text = '';
+                for ($x=0; $x < strlen($return); $x++) {
+                    $text .= '&#' . ord($return[$x]) . ';';
+                }
+                $return = $text;
+                break;
+
+            case 'mail':
+                // safe way to display e-mail address on a web page
+                $return = str_replace(array('@', '.'),array(' [AT] ', ' [DOT] '), $return);
+                break;
+
+            case 'nonstd':
+                // escape non-standard chars, such as ms document quotes
+                $_res = '';
+                for($_i = 0, $_len = strlen($return); $_i < $_len; $_i++) {
+                    $_ord = ord(substr($return, $_i, 1));
+                    // non-standard char, escape it
+                    if($_ord >= 126){
+                        $_res .= '&#' . $_ord . ';';
+                    }
+                    else {
+                        $_res .= substr($return, $_i, 1);
+                    }
+                }
+                $return = $_res;
+                break;
+
+            default:
+                trigger_error('unknown escape type. ' . var_export(func_get_args(), true), E_USER_WARNING);
+                break;
+        }
+
+        return $return;
+    }
 }

branches/version-2_12-multilang/data/locales/ja.po

@@ -3 +3 @@
 "Project-Id-Version: EC-CUBE Core\n"
 "POT-Creation-Date: 2012-05-07 13T_39+0900\n"
-"PO-Revision-Date: 2013-01-08 15:42+0900\n"
+"PO-Revision-Date: 2013-01-11 00:11+0900\n"
 "Last-Translator: MATSUDA Terutaka <matsudaterutaka@gmail.com>\n"
 "Language-Team: \n"
@@ -5032 +5032 @@
 
 msgid "tpl_465"
-msgstr "プラグイン"
+msgstr "プラグイン<span class='attention'> *</span>"
 
 msgid "tpl_466"
@@ -6132 +6132 @@
 msgid "pt_suffix"
 msgstr "pt"
-
-msgid "<require>"
-msgstr "<span class='attention'>*</span>"
-
-msgid "require_mark"
-msgstr "*"

branches/version-2_12-multilang/data/smarty_extends/function.t.php

@@ -46 +46 @@
     }
     // エスケープの指定がある場合、オプションに移す
-    if (isset($params['escape'])) {
-        $options['escape'] = $params['escape'];
-        unset($params['escape']);
+    if (strlen($params['escape']) >= 1) {
+        $options['escape'] = explode(',', $params['escape']);
+    } else {
+        $options['escape'] = array('h', 'nl2br');
     }
+    unset($params['escape']);
 
     return t($string, $params, $options);