unescape \n convert

SQLサニタイジングでエスケープした\nを戻す

diff --git a/app/models/behaviors/sanitize_plus.php b/app/models/behaviors/sanitize_plus.php
index 8a32f1b..f111186 100644 (file)
--- a/app/models/behaviors/sanitize_plus.php
+++ b/app/models/behaviors/sanitize_plus.php
@@ -53,6 +53,7 @@ class SanitizePlusBehavior extends ModelBehavior {
                $replacements = array("&", "%", "<", ">", '"', "'", "(", ")", "+", "-");
 
                $string = preg_replace($patterns, $replacements, $string);
+               $string = preg_replace('/\\\n/', "\n", $string);
 
                if ($strip_all) {
                        $string = Sanitize::stripAll($string);

diff --git a/app/plugins/cakeplus/controllers/components/html_escape.php b/app/plugins/cakeplus/controllers/components/html_escape.php
index a7919a3..b740cc4 100644 (file)
--- a/app/plugins/cakeplus/controllers/components/html_escape.php
+++ b/app/plugins/cakeplus/controllers/components/html_escape.php
@@ -68,6 +68,55 @@ class HtmlEscapeComponent extends Object {
                }
        }
 
+       function _unsecape_recursive($value, $funcname, $noescape_list = null ,$parent_key = null) {
+               if (is_array($value)) {
+                       foreach ($value as $key => $val) {
+                               $parent_key_arr = ( isset($parent_key) ) ? $parent_key . '.' . $key : $key ;
+
+
+                               $value[$key] = self::_unsecape_recursive($val, $funcname, $noescape_list, $parent_key_arr);
+                       }
+                       return $value;
+               } else {
+                       if( is_array($noescape_list) ){
+                               foreach( $noescape_list as $noescape_value ){
+                                       $noescape_value = str_replace( ".", '\.' , $noescape_value );
+
+                                       if( preg_match( "/^(.+\.|)$noescape_value(\..+|)$/", $parent_key ) ){
+                                               return $value;
+                                       }
+                               }
+                       }
+                       $value = call_user_func(array('HtmlEscapeComponent', $funcname), $value);
+
+                       return $value;
+               }
+       }
+
+    /**
+     * Execute nl2br() to escaped Array Data
+     *
+     * @param string or array $value
+     * @param array $noescape_list
+     * @param string $parent_key
+     * @return string or array
+     */
+       function nl2br_escaped( $value, $noescape_list = null ,$parent_key = null ) {
+               return $this->_unsecape_recursive($value, "_nl2br_escaped", $noescape_list, $parent_key);
+       }
+
+    /**
+     * Execute unescape Array Data
+     *
+     * @param string or array $value
+     * @param array $noescape_list
+     * @param string $parent_key
+     * @return string or array
+     */
+       function nl_unescape($value, $noescape_list = null ,$parent_key = null ) {
+               return $this->_unsecape_recursive($value, "_nl_unescape", $noescape_list, $parent_key);
+       }
+
 
     /**
      * Execute nl2br() and  h() to String Data
@@ -78,5 +127,24 @@ class HtmlEscapeComponent extends Object {
                return nl2br( h( $value, $charset ) );
        }
 
+    /**
+     * Execute nl2br() to escaped String Data
+     * @param string $value
+     * @return string
+     */
+       function _nl2br_escaped(&$value) {
+               $value = $this->nl_unescape($value);
+               return nl2br($value);
+       }
+
+    /**
+     * Execute unescape String Data
+     * @param string $value
+     * @return string
+     */
+       function _nl_unescape($value) {
+               return preg_replace('/\\\n/', "\n", $value);
+       }
+
 }
 ?>