From 48bbcaaa120ab346f816f7a11a959900b6358f2e Mon Sep 17 00:00:00 2001 From: "Laurent Destailleur (aka Eldy)" Date: Wed, 8 Jan 2025 18:24:46 +0100 Subject: [PATCH] Restore lines commented for test --- htdocs/core/class/translate.class.php | 22 +++++++++++++++-- htdocs/core/lib/functions.lib.php | 16 ++++--------- test/phpunit/test.php | 34 +++++++++++++++++---------- 3 files changed, 46 insertions(+), 26 deletions(-) diff --git a/htdocs/core/class/translate.class.php b/htdocs/core/class/translate.class.php index ec0900a8ae7..4e3fa70483a 100644 --- a/htdocs/core/class/translate.class.php +++ b/htdocs/core/class/translate.class.php @@ -759,10 +759,28 @@ class Translate * @param string $param5 chaine de param5 * @return string Translated string */ + public function tr($key, $param1 = '', $param2 = '', $param3 = '', $param4 = '', $param5 = '') + { + return $this->transnoentitiesnoconv($key, $param1, $param2, $param3, $param4, $param5); + } + + /** + * Return translated value of a text string. Alias of tr() for backward compatibility. + * If there is no match for this text, we look in alternative file and if still not found, + * it is returned as is. + * No conversion to encoding charset of lang object is done. + * Parameters of this method must not contains any HTML tags. + * + * @param string $key Key to translate + * @param string $param1 chaine de param1 + * @param string $param2 chaine de param2 + * @param string $param3 chaine de param3 + * @param string $param4 chaine de param4 + * @param string $param5 chaine de param5 + * @return string Translated string + */ public function transnoentitiesnoconv($key, $param1 = '', $param2 = '', $param3 = '', $param4 = '', $param5 = '') { - global $conf; - if (!empty($this->tab_translate[$key])) { // Translation is available $str = $this->tab_translate[$key]; diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 64d1f2137fa..7af08245d3c 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -2100,7 +2100,7 @@ function dol_escape_htmltag($stringtoescape, $keepb = 0, $keepn = 0, $noescapeta // In a future, we should not need this $tmp = (string) $stringtoescape; - /* + // We protect the 6 special entities that we don't want to decode. $tmp = str_ireplace('<', '__DONOTDECODELT', $tmp); $tmp = str_ireplace('>', '__DONOTDECODEGT', $tmp); @@ -2118,7 +2118,7 @@ function dol_escape_htmltag($stringtoescape, $keepb = 0, $keepn = 0, $noescapeta $tmp = str_ireplace('__DONOTDECODEQUOT', '"', $tmp); $tmp = str_ireplace('__DONOTDECODEAPOS', '&apos', $tmp); $tmp = str_ireplace('__DONOTDECODE39', ''', $tmp); - */ + $tmp = str_ireplace(''', '__SIMPLEQUOTE', $tmp); // HTML 4 } if (!$keepb) { @@ -2178,17 +2178,9 @@ function dol_escape_htmltag($stringtoescape, $keepb = 0, $keepn = 0, $noescapeta $tmp = str_ireplace('<', '__LESSTAN', $tmp); $tmp = str_ireplace('>', '__GREATERTHAN', $tmp); - } else { - // var_dump($tmp); - //$tmp = str_ireplace('<', '__LESSTHAN', $tmp); - //$tmp = str_ireplace('>', '__GREATERTHAN', $tmp); } - // Warning: htmlentities encode HTML tags like , but forget < > "es; ' ' & - // So we do it ourself afterfor < at > - //$tmp = str_ireplace('<', '&lt', $tmp); - //$tmp = str_ireplace('>', '&gt', $tmp); - //var_dump("eeeeeeeeeeeeeeeeeeeee"); - //var_dump($tmp); + + // Warning: htmlentities encode HTML tags like , but not < > "es; ' ' & that remains untouched. $result = htmlentities($tmp, ENT_COMPAT, 'UTF-8'); // Convert & into & and more... //print $result; diff --git a/test/phpunit/test.php b/test/phpunit/test.php index cfdfdd55d52..28272ff73f7 100755 --- a/test/phpunit/test.php +++ b/test/phpunit/test.php @@ -9,11 +9,21 @@ include "../../htdocs/master.inc.php"; include_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; -print ">>> dol_escape_htmltag(eée < > bbbold) - should not happen\n"; -print dol_escape_htmltag("eée < > bbbold", 1); +$langs->setDefaultLang('fr'); +$langs->loadLangs(array('main', 'companies')); + +var_dump($langs->tab_translate["Preview"]); + +print $langs->tr("Preview"); print "\n"; -print ">>> dol_escape_htmltag(eée < > bbbold)\n"; -print dol_escape_htmltag("eée < > bbbold", 1); +print $langs->trans("Preview"); +print "\n"; + +print ">>> dol_escape_htmltag(eée < > bbbold ç) - should not happen\n"; +print dol_escape_htmltag("eée < > bbbold ç", 1); +print "\n"; +print ">>> dol_escape_htmltag(eée < > bbbold ç)\n"; +print dol_escape_htmltag("eée < > bbbold ç", 1); print "\n"; print '>>> dol_escape_htmltag(<script>alert("azerty")</script>)'."\n"; print dol_escape_htmltag('<script>alert("azerty")</script>', 1); @@ -22,11 +32,11 @@ print "\n"; print "\n"; // dol_escape_htmltag(dol_htmlwithnojs(dol_string_onlythesehtmltags(dol_htmlentitiesbr($s), 1, 1, 1, array())), 1, 1, 'common', 0, 1); -print ">>> dolPrintHtml(eée < > bbbold) - should not happen\n"; -print dolPrintHtml("eée < > bbbold"); +print ">>> dolPrintHtml(eée < > bbbold ç) - should not happen\n"; +print dolPrintHtml("eée < > bbbold ç"); print "\n"; -print ">>> dolPrintHtml(eée < > bbbold)\n"; -print dolPrintHtml("eée < > bbbold"); +print ">>> dolPrintHtml(eée < > bbbold ç)\n"; +print dolPrintHtml("eée < > bbbold ç"); print "\n"; print '>>> dolPrintHtml(<script>alert("azerty")</script>)'."\n"; print dolPrintHtml('<script>alert("azerty")</script>'); @@ -35,11 +45,11 @@ print "\n"; print "\n"; // dol_escape_htmltag(dol_string_onlythesehtmltags(dol_htmlentitiesbr($s), 1, 0, 0, 0, array('br', 'b', 'font', 'hr', 'span')), 1, -1, '', 0, 1); -print ">>> dolPrintHtmlForattribute(eée < > bbbold)\n"; -print dolPrintHtmlForAttribute("eée < > bbbold"); +print ">>> dolPrintHtmlForattribute(eée < > bbbold ç)\n"; +print dolPrintHtmlForAttribute("eée < > bbbold ç"); print "\n"; -print ">>> dolPrintHtmlForAttribute(eée < > bbbold)\n"; -print dolPrintHtmlForAttribute("eée < > bbbold"); +print ">>> dolPrintHtmlForAttribute(eée < > bbbold ç)\n"; +print dolPrintHtmlForAttribute("eée < > bbbold ç"); print "\n"; print '>>> dolPrintHtmlForattribute(<script>alert("azerty")</script>)'."\n"; print dolPrintHtmlForAttribute('<script>alert("azerty")</script>');