template->_checkPlugins( array( array( 'function' => 'smarty_literal_compiler_param', 'file' => SMARTY_PLUGINS_DIR . 'shared.literal_compiler_param.php' ) ) ); try { $esc_type = smarty_literal_compiler_param($params, 1, 'html'); $char_set = smarty_literal_compiler_param($params, 2, Smarty::$_CHARSET); $double_encode = smarty_literal_compiler_param($params, 3, true); if (!$char_set) { $char_set = Smarty::$_CHARSET; } switch ($esc_type) { case 'html': if ($_double_encode) { return 'htmlspecialchars((string)' . $params[ 0 ] . ', ENT_QUOTES, ' . var_export($char_set, true) . ', ' . var_export($double_encode, true) . ')'; } elseif ($double_encode) { return 'htmlspecialchars((string)' . $params[ 0 ] . ', ENT_QUOTES, ' . var_export($char_set, true) . ')'; } else { // fall back to modifier.escape.php } // no break case 'htmlall': if (Smarty::$_MBSTRING) { if ($_double_encode) { // php >=5.2.3 - go native return 'mb_convert_encoding(htmlspecialchars((string)' . $params[ 0 ] . ', ENT_QUOTES, ' . var_export($char_set, true) . ', ' . var_export($double_encode, true) . '), "HTML-ENTITIES", ' . var_export($char_set, true) . ')'; } elseif ($double_encode) { // php <5.2.3 - only handle double encoding return 'mb_convert_encoding(htmlspecialchars((string)' . $params[ 0 ] . ', ENT_QUOTES, ' . var_export($char_set, true) . '), "HTML-ENTITIES", ' . var_export($char_set, true) . ')'; } else { // fall back to modifier.escape.php } } // no MBString fallback if ($_double_encode) { // php >=5.2.3 - go native return 'htmlentities((string)' . $params[ 0 ] . ', ENT_QUOTES, ' . var_export($char_set, true) . ', ' . var_export($double_encode, true) . ')'; } elseif ($double_encode) { // php <5.2.3 - only handle double encoding return 'htmlentities((string)' . $params[ 0 ] . ', ENT_QUOTES, ' . var_export($char_set, true) . ')'; } else { // fall back to modifier.escape.php } // no break case 'url': return 'rawurlencode((string)' . $params[ 0 ] . ')'; case 'urlpathinfo': return 'str_replace("%2F", "/", rawurlencode((string)' . $params[ 0 ] . '))'; case 'quotes': // escape unescaped single quotes return 'preg_replace("%(? "\\\\\\\\", "\'" => "\\\\\'", "\"" => "\\\\\"", "\\r" => "\\\\r", "\\n" => "\\\n", " "<\/", "