php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #20392 HTML_Template_IT error with $ in values
Submitted: 2002-11-12 09:40 UTC Modified: 2003-02-11 13:37 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: olonoh at yahoo dot com Assigned: pajoye (profile)
Status: Closed Package: PEAR related
PHP Version: 4.2.2 OS: Linux
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: olonoh at yahoo dot com
New email:
PHP Version: OS:

 

 [2002-11-12 09:40 UTC] olonoh at yahoo dot com
When an IT variable is set with "$" in the value, the value isn't taken literally.  Example:

<?php

require_once('HTML/IT.php');

$t = new IntegratedTemplate;
$t->setTemplate('{x}', TRUE, TRUE);
$t->setVariable('x', 'I have $1 in my pocket');
$t->show();

?>

The above prints "I have  in my pocket".  

A solution would be to use str_replace() instead of preg_replace() when substituting the value.  Patch is below:

--- /usr/local/lib/php/HTML/IT.php      2002-10-14 12:05:57.000000000 -0500
+++ /usr/local/lib/php/HTML/IT.php      2002-11-04 11:11:31.000000000 -0500
@@ -414,7 +414,7 @@
         if ($this->clearCacheOnParse) {

             foreach ($this->variableCache as $name => $value) {
-                $regs[] = "@" . $this->openingDelimiter . $name . $this->closingDelimiter . "@";
+                $regs[] = $this->openingDelimiter . $name . $this->closingDelimiter;
                 $values[] = $value;
             }
             $this->variableCache = array();
@@ -424,7 +424,7 @@
             foreach ($this->blockvariables[$block] as $allowedvar => $v) {

                 if (isset($this->variableCache[$allowedvar])) {
-                   $regs[]   = "@".$this->openingDelimiter . $allowedvar . $this->closingDelimiter . "@";
+                   $regs[]   = $this->openingDelimiter . $allowedvar . $this->closingDelimiter;
                    $values[] = $this->variableCache[$allowedvar];
                     unset($this->variableCache[$allowedvar]);
                 }
@@ -433,7 +433,7 @@

         }

-        $outer = (0 == count($regs)) ? $this->blocklist[$block] : preg_replace($regs, $values, $this->blocklist[$block]);
+        $outer = (0 == count($regs)) ? $this->blocklist[$block] : str_replace($regs, $values, $this->blocklist[$block]);
         $empty = (0 == count($values)) ? true : false;

         if (isset($this->blockinner[$block])) {

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-11-12 09:51 UTC] derick@php.net
recategorize
 [2002-11-14 19:34 UTC] jon at jellybob dot co dot uk
Isn't this the expected behaviour? It's certainly what would happen if used $whatever in a string anywhere else in PHP - I think people would just get confused if their variables suddenly disappeared.

If you want to include a $ sign in the string, you need to escape it (\$).
 [2002-11-14 20:06 UTC] nicos@php.net
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php


 [2002-11-14 20:22 UTC] olonoh at yahoo dot com
I think you misunderstood the report.  The $1 was the literal value (note the single quotes around the string).  When IT.php processes the value it's evaluated instead of being taken literally -- I wouldn't think that'd be expected behavior.  Try this modified example:

<?php

require_once('HTML/IT.php');

$value = 'I have $1 in my pocket';

$t = new IntegratedTemplate;
$t->setTemplate('{x}', TRUE, TRUE);
$t->setVariable('x', $value);

print $value."\n";
$t->show();

?>

This prints:

I have $1 in my pocket
I have  in my pocket

The first time it's printed correctly, but after it's processed in IT.php it's printed incorrectly.
 [2002-11-14 20:25 UTC] nicos@php.net
Yes I understand it, but it's an excepted behaviour of the ZendEngine. Just add put a backslash before '$'.

Thanks for your report.
 [2002-11-14 20:36 UTC] olonoh at yahoo dot com
I'm not clear how that's expected behavior.  I'm not referring to PHP's handling of strings, but of IT.php's usage of preg_replace() instead of str_replace().  I understand that this is necessary:

$value = "\$1"

but if I can print $value to STDOUT with the dollar sign, I don't understand why I have to escape it again before substituting it for a template variable.

If the value isn't explicitly defined in my code, form input for example, I'd have to substitute all '$' for '\$' and then revert back to the original value if I wanted to use it in something other than IT.php.
 [2002-11-14 20:43 UTC] nicos@php.net
I got the point. I don't think this can be fixed anyway. I will talk about it with the maintainer.

Thanks you, I will let you know.
 [2002-11-14 20:57 UTC] olonoh at yahoo dot com
OK, thanks.  I think the patch I provided should fix the bug.  Looking at the code, the preg_replace() method is used to match the delimeters + variable name even though that will never contain a regular expression.  There also isn't any of that match reused in the substitution (i.e. the $1, $2, \1, \2, etc. variables).  So str_replace() should be an acceptable replacement while fixing the bug.

By the way, I should probably continue in saying that the bug only affects values with characters representing those match variables -- $1, $2, \1, \2, etc. -- not just any dollar sign character combo.
 [2002-11-14 21:00 UTC] nicos@php.net
I'm not sure the maintainer want to lose the rapidity of the request just because of that too. ereg() are not enough fast. preg_* is definitly the best way to do a Template class.

Anyway...
 [2002-11-14 21:12 UTC] olonoh at yahoo dot com
I never suggested ereg().  I'm suggesting str_replace(), which is much faster than preg_replace() so the patch would actually give it a speed boost.
 [2002-11-14 21:20 UTC] nicos@php.net
Ewps, sorry. Probably too late for me.

well I will see that with the maintainer. There is probably a reason to use preg_replace() and not str_replace() even if I don't see it at 4:18am :-)

Thanks you.
 [2002-11-15 17:30 UTC] pajoye@php.net
Please upgrade the IT package to 1.0.0.

The new class name is HTML_Template_IT

$t = new HTML_Template_IT();
...

I ll be back with your problem this weekend.

pa



 [2002-11-15 18:54 UTC] pajoye@php.net
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

$1 to $99 are used by preg_replace in the replacements arguments (see: http://fr2.php.net/manual/en/function.preg-replace.php).

$t = new HTML_Template_IT();
$t->setTemplate('{x}', TRUE, TRUE);
$t->setVariable('x', 'I have $a in my pocket');
$t->show();

thanks for the post

pa
 [2003-02-11 13:27 UTC] mansion@php.net
I am wondering if using str_replace instead of preg_replace 
would solve these two problems... Could you please test it 
? Thanks.
 [2003-02-11 13:37 UTC] pajoye@php.net
Keep it closed. Replace preg by a str_replace does not solve these problems.

Besides that, can you, please, do not set status if you do not know what the status means.

thank's

pierre
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved.
Last updated: Sun Jul 06 11:02:27 2025 UTC