新增视图变量输出默认过滤方法

This commit is contained in:
Karson
2025-12-18 23:04:15 +08:00
parent 9a2e7c2a1b
commit f0774ddd5a
2 changed files with 41 additions and 10 deletions

View File

@@ -51,6 +51,7 @@ class Template
'cache_id' => '', // 模板缓存ID
'tpl_replace_string' => [],
'tpl_var_identify' => 'array', // .语法变量识别array|object|'', 为空时自动识别
'default_filter' => 'htmlentities', // 默认过滤方法 用于普通标签输出
];
private $literal = [];
@@ -732,7 +733,7 @@ class Template
$array = preg_split('/([!=]={1,2}|(?<!-)[><]={0,1})/', substr($str, 0, $pos), 2, PREG_SPLIT_DELIM_CAPTURE);
$name = $array[0];
$this->parseVar($name);
$this->parseVarFunction($name);
//$this->parseVarFunction($name);
$str = trim(substr($str, $pos + 1));
$this->parseVar($str);
@@ -745,6 +746,7 @@ class Template
}
switch ($first) {
case '?':
$this->parseVarFunction($name);
$str = '<?php echo (' . $name . ') ? ' . $name . ' : ' . substr($str, 1) . '; ?>';
break;
case '=':
@@ -760,22 +762,39 @@ class Template
} else {
$express = false;
}
if (in_array($first, ['?', '=', ':'])) {
$str = trim(substr($str, 1));
if (strpos($str, '$') === 0) {
$str = $this->parseVarFunction($str);
}
}
// $name为数组
switch ($first) {
case '?':
// {$varname??'xxx'} $varname有定义则输出$varname,否则输出xxx
$str = '<?php echo ' . ($express ?: 'isset(' . $name . ')') . '?' . $name . ':' . substr($str, 1) . '; ?>';
$str = '<?php echo ' . ($express ?: 'isset(' . $name . ')') . ' ? ' . $this->parseVarFunction($name) . ' : ' . $str . '; ?>';
break;
case '=':
// {$varname?='xxx'} $varname为真时才输出xxx
$str = '<?php if(' . ($express ?: '!empty(' . $name . ')') . ') echo ' . substr($str, 1) . '; ?>';
$str = '<?php if(' . ($express ?: '!empty(' . $name . ')') . ') echo ' . $str . '; ?>';
break;
case ':':
// {$varname?:'xxx'} $varname为真时输出$varname,否则输出xxx
$str = '<?php echo ' . ($express ?: '!empty(' . $name . ')') . '?' . $name . $str . '; ?>';
$str = '<?php echo ' . ($express ?: '!empty(' . $name . ')') . ' ? ' . $this->parseVarFunction($name) . ' : ' . $str . '; ?>';
break;
default:
$str = '<?php echo ' . ($express ?: '!empty(' . $name . ')') . '?' . $str . '; ?>';
if (strpos($str, ':')) {
// {$varname ? 'a' : 'b'} $varname为真时输出a,否则输出b
$array = explode(':', $str, 2);
$array[0] = strpos(trim($array[0]), '$') === 0 ? $this->parseVarFunction($array[0]) : $array[0];
$array[1] = strpos(trim($array[1]), '$') === 0 ? $this->parseVarFunction($array[1]) : $array[1];
$str = implode(' : ', $array);
}
$str = '<?php echo ' . ($express ?: '!empty(' . $name . ')') . ' ? ' . $str . '; ?>';
}
}
} else {
@@ -886,13 +905,20 @@ class Template
* 格式 {$varname|function1|function2=arg1,arg2}
* @access public
* @param string $varStr 变量字符串
* @param bool $autoescape 自动转义
* @return void
*/
public function parseVarFunction(&$varStr)
public function parseVarFunction(&$varStr, $autoescape = true)
{
if (false == strpos($varStr, '|')) {
return;
if (!$autoescape && strpos($varStr, '|') === false) {
return $varStr;
} elseif ($autoescape && !preg_match('/\|(\s)?raw(\||\s)?/i', $varStr) && $this->config['default_filter']) {
// 如果varStr中不存在默认过滤规则则应用默认过滤
if (!preg_match('/\|(\s)?' . $this->config['default_filter'] . '(\||\s)?/i', $varStr)) {
$varStr .= '|' . $this->config['default_filter'];
}
}
static $_varFunctionList = [];
$_key = md5($varStr);
//如果已经解析过该变量字串,则直接返回变量值
@@ -901,7 +927,7 @@ class Template
} else {
$varArray = explode('|', $varStr);
// 取得变量名称
$name = array_shift($varArray);
$name = trim(array_shift($varArray));
// 对变量使用函数
$length = count($varArray);
// 取得模板禁止使用函数列表
@@ -911,6 +937,11 @@ class Template
// 模板函数过滤
$fun = trim($args[0]);
switch ($fun) {
case 'raw':
break;
case 'htmlentities':
$name = 'htmlentities((string) ' . $name . ')';
break;
case 'default': // 特殊模板函数
if (false === strpos($name, '(')) {
$name = '(isset(' . $name . ') && (' . $name . ' !== \'\')?' . $name . ':' . $args[1] . ')';

View File

@@ -317,7 +317,7 @@ class TagLib
$name = '$' . $name;
}
$this->tpl->parseVar($name);
$this->tpl->parseVarFunction($name);
$this->tpl->parseVarFunction($name, false);
return $name;
}