Search moodle.org's
Developer Documentation

See Release Notes
Long Term Support Release

  • Bug fixes for general core bugs in 4.1.x will end 13 November 2023 (12 months).
  • Bug fixes for security issues in 4.1.x will end 10 November 2025 (36 months).
  • PHP version: minimum PHP 7.4.0 Note: minimum PHP version has increased since Moodle 4.0. PHP 8.0.x is supported too.

Differences Between: [Versions 310 and 401] [Versions 39 and 401]

   1  <?php
   2  
   3  namespace Box\Spout\Common\Helper\Escaper;
   4  
   5  /**
   6   * Class ODS
   7   * Provides functions to escape and unescape data for ODS files
   8   */
   9  class ODS implements EscaperInterface
  10  {
  11      /**
  12       * Escapes the given string to make it compatible with XLSX
  13       *
  14       * @param string $string The string to escape
  15       * @return string The escaped string
  16       */
  17      public function escape($string)
  18      {
  19          // @NOTE: Using ENT_QUOTES as XML entities ('<', '>', '&') as well as
  20          //        single/double quotes (for XML attributes) need to be encoded.
  21          if (\defined('ENT_DISALLOWED')) {
  22              // 'ENT_DISALLOWED' ensures that invalid characters in the given document type are replaced.
  23              // Otherwise control characters like a vertical tab "\v" will make the XML document unreadable by the XML processor
  24              // @link https://github.com/box/spout/issues/329
  25              $replacedString = \htmlspecialchars($string, ENT_QUOTES | ENT_DISALLOWED, 'UTF-8');
  26          } else {
  27              // We are on hhvm or any other engine that does not support ENT_DISALLOWED.
  28              $escapedString =  \htmlspecialchars($string, ENT_QUOTES, 'UTF-8');
  29  
  30              // control characters values are from 0 to 1F (hex values) in the ASCII table
  31              // some characters should not be escaped though: "\t", "\r" and "\n".
  32              $regexPattern = '[\x00-\x08' .
  33                              // skipping "\t" (0x9) and "\n" (0xA)
  34                              '\x0B-\x0C' .
  35                              // skipping "\r" (0xD)
  36                              '\x0E-\x1F]';
  37              $replacedString = \preg_replace("/$regexPattern/", '�', $escapedString);
  38          }
  39  
  40          return $replacedString;
  41      }
  42  
  43      /**
  44       * Unescapes the given string to make it compatible with XLSX
  45       *
  46       * @param string $string The string to unescape
  47       * @return string The unescaped string
  48       */
  49      public function unescape($string)
  50      {
  51          // ==============
  52          // =   WARNING  =
  53          // ==============
  54          // It is assumed that the given string has already had its XML entities decoded.
  55          // This is true if the string is coming from a DOMNode (as DOMNode already decode XML entities on creation).
  56          // Therefore there is no need to call "htmlspecialchars_decode()".
  57          return $string;
  58      }
  59  }