[英]Automatic variable escaper for Zend Framework
Can you recommend any good solution for automatic view variable escaping for Zend Framework 1.x?您能为 Zend Framework 1.x 的自动视图变量 escaping 推荐任何好的解决方案吗?
I have tried so far:到目前为止我已经尝试过:
$this->var->object()->string
$this->var->object()->string
view streams
, similar to Rob Allen's escaper , but parsing syntax with regex always failsview streams
的自定义解决方案,类似于Rob Allen 的 escaper ,但使用 regex 解析语法总是失败Here is my solution这是我的解决方案
/**
* Purifies all data passed to view
*
* @author miholeus
*/
class HTMLPurifier_View extends Zend_View {
protected $_vars = array();
public function __set($key, $val)
{
if(is_string($val)) {
$purified = $this->escape($val);
} elseif(is_array($val)) {
$purified = array_map(array($this, 'traverseSingle'), $val);
} else { // other types: integers, bools, objects
$purified = $this->traverseSingle($val);
}
$this->_vars[$key] = array(
'raw' => $val,
'purified' => $purified
);
return $this;
}
public function getRaw($key)
{
if(isset($this->_vars[$key])) {
return $this->_vars[$key]['raw'];
}
return null;
}
public function __get($key)
{
if(isset($this->_vars[$key])) {
return $this->_vars[$key]['purified'];
}
return null;
}
private function traverseSingle($element)
{
if(is_object($element)) {
$reflect = new ReflectionObject($element);
foreach ($reflect->getProperties(ReflectionProperty::IS_PUBLIC) as $prop) {
$element->{$prop->getName()} = $this->escape($element->{$prop->getName()});
}
return $element;
} else {
return $this->escape($element);
}
}
}
All you need to do is to set it as your view in bootstrap.您需要做的就是在引导程序中将其设置为您的视图。
if i would think to make an automatic escaper i would create a ZF plugin that run in postDispatch
:如果我想制作一个自动转义器,我会创建一个在
postDispatch
中运行的 ZF 插件:
postDispatch() is called after an action is dispatched by the dispatcher. postDispatch() 在调度程序调度操作后调用。 This callback allows for proxy or filter behavior.
此回调允许代理或过滤器行为。 By altering the request and resetting its dispatched flag (via Zend_Controller_Request_Abstract::setDispatched(false)), a new action may be specified for dispatching.
通过改变请求并重置它的调度标志(通过 Zend_Controller_Request_Abstract::setDispatched(false)),可以指定一个新的动作来调度。 source
资源
mybe some use of htmlprifier would be a smart job:) mybe 对 htmlprifier 的一些使用将是一个聪明的工作:)
class Automatic_Escaper extends Zend_Controller_Plugin_Abstract{
public function postDispatch(Zend_Controller_Request_Abstract $request)
{
$response = $this->getResponse();
$htmlpurifier = Zend_Registry::get('purifier');
$safe = $htmlpurifier->purify($response);
return $this->setResponse($safe);
}
}
I hope I explained my idea regardless of the status the sample above.我希望无论上述示例的状态如何,我都能解释我的想法。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.