*/
private $backupFrames = [];
- /**
- * Class constructor.
- *
- * @return CRM_Core_Smarty
- */
- public function __construct() {
- parent::__construct();
- }
-
private function initialize() {
$config = CRM_Core_Config::singleton();
$this->register_function('crmURL', ['CRM_Utils_System', 'crmURL']);
if (CRM_Utils_Constant::value('CIVICRM_SMARTY_DEFAULT_ESCAPE')) {
+ // When default escape is enabled if the core escape is called before
+ // any custom escaping is done the modifier_escape function is not
+ // found, so require_once straight away. Note this was hit on the basic
+ // contribution dashboard from RecentlyViewed.tpl
+ require_once 'Smarty/plugins/modifier.escape.php';
if (!isset($this->_plugins['modifier']['escape'])) {
$this->register_modifier('escape', ['CRM_Core_Smarty', 'escape']);
}
*
* @return string
*/
- public static function escape($string, $esc_type = 'html', $char_set = 'ISO-8859-1') {
+ public static function escape($string, $esc_type = 'html', $char_set = 'UTF-8') {
// CiviCRM variables are often arrays - just handle them.
// The early return on booleans & numbers is mostly to prevent them being
// logged as 'changed' when they are cast to a string.
// The ones below this point are hopefully here short term.
|| strpos($string, '<a') === 0
+ // Message templates screen
+ || strpos($string, '<span><a href') === 0
// Not sure how big a pattern this is - used in Pledge view tab
// not sure if it needs escaping
|| strpos($string, ' action="/civicrm/') === 0
+ // eg. Tag edit page, civicrm/admin/financial/financialType/accounts?action=add&reset=1&aid=1
+ || strpos($string, ' action="" method="post"') === 0
// This seems to be urls...
|| strpos($string, '/civicrm/') === 0
// Validation error message - eg. <span class="crm-error">Tournament Fees is a required field.</span>
return $string;
}
}
- require_once 'Smarty/plugins/modifier.escape.php';
+
$value = smarty_modifier_escape($string, $esc_type, $char_set);
if ($value !== $string) {
Civi::log()->debug('smarty escaping original {original}, escaped {escaped} type {type} charset {charset}', [