php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #20392 HTML_Template_IT error with $ in values
Submitted: 2002-11-12 09:40 UTC Modified: 2003-02-11 13:37 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: olonoh at yahoo dot com Assigned: pajoye (profile)
Status: Closed Package: PEAR related
PHP Version: 4.2.2 OS: Linux
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: olonoh at yahoo dot com
New email:
PHP Version: OS:

 

 [2002-11-12 09:40 UTC] olonoh at yahoo dot com
When an IT variable is set with "$" in the value, the value isn't taken literally.  Example:

<?php

require_once('HTML/IT.php');

$t = new IntegratedTemplate;
$t->setTemplate('{x}', TRUE, TRUE);
$t->setVariable('x', 'I have $1 in my pocket');
$t->show();

?>

The above prints "I have  in my pocket".  

A solution would be to use str_replace() instead of preg_replace() when substituting the value.  Patch is below:

--- /usr/local/lib/php/HTML/IT.php      2002-10-14 12:05:57.000000000 -0500
+++ /usr/local/lib/php/HTML/IT.php      2002-11-04 11:11:31.000000000 -0500
@@ -414,7 +414,7 @@
         if ($this->clearCacheOnParse) {

             foreach ($this->variableCache as $name => $value) {
-                $regs[] = "@" . $this->openingDelimiter . $name . $this->closingDelimiter . "@";
+                $regs[] = $this->openingDelimiter . $name . $this->closingDelimiter;
                 $values[] = $value;
             }
             $this->variableCache = array();
@@ -424,7 +424,7 @@
             foreach ($this->blockvariables[$block] as $allowedvar => $v) {

                 if (isset($this->variableCache[$allowedvar])) {
-                   $regs[]   = "@".$this->openingDelimiter . $allowedvar . $this->closingDelimiter . "@";
+                   $regs[]   = $this->openingDelimiter . $allowedvar . $this->closingDelimiter;
                    $values[] = $this->variableCache[$allowedvar];
                     unset($this->variableCache[$allowedvar]);
                 }
@@ -433,7 +433,7 @@

         }

-        $outer = (0 == count($regs)) ? $this->blocklist[$block] : preg_replace($regs, $values, $this->blocklist[$block]);
+        $outer = (0 == count($regs)) ? $this->blocklist[$block] : str_replace($regs, $values, $this->blocklist[$block]);
         $empty = (0 == count($values)) ? true : false;

         if (isset($this->blockinner[$block])) {

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-11-12 09:51 UTC] derick@php.net
recategorize
 [2002-11-14 19:34 UTC] jon at jellybob dot co dot uk
Isn't this the expected behaviour? It's certainly what would happen if used $whatever in a string anywhere else in PHP - I think people would just get confused if their variables suddenly disappeared.

If you want to include a $ sign in the string, you need to escape it (\$).
 [2002-11-14 20:06 UTC] nicos@php.net
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php


 [2002-11-14 20:22 UTC] olonoh at yahoo dot com
I think you misunderstood the report.  The $1 was the literal value (note the single quotes around the string).  When IT.php processes the value it's evaluated instead of being taken literally -- I wouldn't think that'd be expected behavior.  Try this modified example:

<?php

require_once('HTML/IT.php');

$value = 'I have $1 in my pocket';

$t = new IntegratedTemplate;
$t->setTemplate('{x}', TRUE, TRUE);
$t->setVariable('x', $value);

print $value."\n";
$t->show();

?>

This prints:

I have $1 in my pocket
I have  in my pocket

The first time it's printed correctly, but after it's processed in IT.php it's printed incorrectly.
 [2002-11-14 20:25 UTC] nicos@php.net
Yes I understand it, but it's an excepted behaviour of the ZendEngine. Just add put a backslash before '$'.

Thanks for your report.
 [2002-11-14 20:36 UTC] olonoh at yahoo dot com
I'm not clear how that's expected behavior.  I'm not referring to PHP's handling of strings, but of IT.php's usage of preg_replace() instead of str_replace().  I understand that this is necessary:

$value = "\$1"

but if I can print $value to STDOUT with the dollar sign, I don't understand why I have to escape it again before substituting it for a template variable.

If the value isn't explicitly defined in my code, form input for example, I'd have to substitute all '$' for '\$' and then revert back to the original value if I wanted to use it in something other than IT.php.
 [2002-11-14 20:43 UTC] nicos@php.net
I got the point. I don't think this can be fixed anyway. I will talk about it with the maintainer.

Thanks you, I will let you know.
 [2002-11-14 20:57 UTC] olonoh at yahoo dot com
OK, thanks.  I think the patch I provided should fix the bug.  Looking at the code, the preg_replace() method is used to match the delimeters + variable name even though that will never contain a regular expression.  There also isn't any of that match reused in the substitution (i.e. the $1, $2, \1, \2, etc. variables).  So str_replace() should be an acceptable replacement while fixing the bug.

By the way, I should probably continue in saying that the bug only affects values with characters representing those match variables -- $1, $2, \1, \2, etc. -- not just any dollar sign character combo.
 [2002-11-14 21:00 UTC] nicos@php.net
I'm not sure the maintainer want to lose the rapidity of the request just because of that too. ereg() are not enough fast. preg_* is definitly the best way to do a Template class.

Anyway...
 [2002-11-14 21:12 UTC] olonoh at yahoo dot com
I never suggested ereg().  I'm suggesting str_replace(), which is much faster than preg_replace() so the patch would actually give it a speed boost.
 [2002-11-14 21:20 UTC] nicos@php.net
Ewps, sorry. Probably too late for me.

well I will see that with the maintainer. There is probably a reason to use preg_replace() and not str_replace() even if I don't see it at 4:18am :-)

Thanks you.
 [2002-11-15 17:30 UTC] pajoye@php.net
Please upgrade the IT package to 1.0.0.

The new class name is HTML_Template_IT

$t = new HTML_Template_IT();
...

I ll be back with your problem this weekend.

pa



 [2002-11-15 18:54 UTC] pajoye@php.net
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

$1 to $99 are used by preg_replace in the replacements arguments (see: http://fr2.php.net/manual/en/function.preg-replace.php).

$t = new HTML_Template_IT();
$t->setTemplate('{x}', TRUE, TRUE);
$t->setVariable('x', 'I have $a in my pocket');
$t->show();

thanks for the post

pa
 [2003-02-11 13:27 UTC] mansion@php.net
I am wondering if using str_replace instead of preg_replace 
would solve these two problems... Could you please test it 
? Thanks.
 [2003-02-11 13:37 UTC] pajoye@php.net
Keep it closed. Replace preg by a str_replace does not solve these problems.

Besides that, can you, please, do not set status if you do not know what the status means.

thank's

pierre
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Wed Dec 01 06:03:45 2021 UTC