www.gusucode.com > Piwik 网站流量统计系统 v2.9.1PHP源码程序 > Piwik 网站流量统计系统 v2.9.1/piwik/piwik/core/DataTable/Filter/SafeDecodeLabel.php
<?php /** * Piwik - free/libre analytics platform * * @link http://piwik.org * @license http://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later * */ namespace Piwik\DataTable\Filter; use Piwik\DataTable; use Piwik\DataTable\BaseFilter; /** * Sanitizes DataTable labels as an extra precaution. Called internally by Piwik. * */ class SafeDecodeLabel extends BaseFilter { private $columnToDecode; /** * @param DataTable $table */ public function __construct($table) { parent::__construct($table); $this->columnToDecode = 'label'; } /** * Decodes the given value * * @param string $value * @return mixed|string */ public static function decodeLabelSafe($value) { if (empty($value)) { return $value; } $raw = urldecode($value); $value = htmlspecialchars_decode($raw, ENT_QUOTES); // ENT_IGNORE so that if utf8 string has some errors, we simply discard invalid code unit sequences $style = ENT_QUOTES | ENT_IGNORE; // See changes in 5.4: http://nikic.github.com/2012/01/28/htmlspecialchars-improvements-in-PHP-5-4.html // Note: at some point we should change ENT_IGNORE to ENT_SUBSTITUTE $value = htmlspecialchars($value, $style, 'UTF-8'); return $value; } /** * Decodes all columns of the given data table * * @param DataTable $table */ public function filter($table) { foreach ($table->getRows() as $row) { $value = $row->getColumn($this->columnToDecode); if ($value !== false) { $value = self::decodeLabelSafe($value); $row->setColumn($this->columnToDecode, $value); $this->filterSubTable($row); } } } }