[Templating] added better support for encoding problems when escaping a string (available as of PHP 5.4)

fabpot · fabpot · commit 053b42158e2f · 2011-08-30T07:43:00.000+02:00
From the PHP CHANGELOG: The flag ENT_SUBSTITUTE makes invalid multibyte sequences be replaced by U+FFFD (UTF-8) or &#FFFD; by htmlspecialchars and htmlentities. It is an alternative to the default behavior, which just returns an empty string and to ENT_IGNORE, which is a security risk. The behavior follows the recommendations of Unicode Technical Report #36.
diff --git a/src/Symfony/Component/Templating/PhpEngine.php b/src/Symfony/Component/Templating/PhpEngine.php
@@ -17,6 +17,10 @@
 use Symfony\Component\Templating\Helper\HelperInterface;
 use Symfony\Component\Templating\Loader\LoaderInterface;
 
+if (!defined('ENT_SUBSTITUTE')) {
+    define('ENT_SUBSTITUTE', 8);
+}
+
 /**
  * PhpEngine is an engine able to render PHP templates.
  *
@@ -440,7 +444,7 @@ function ($value) use ($that)
                 {
                     // Numbers and Boolean values get turned into strings which can cause problems
                     // with type comparisons (e.g. === or is_int() etc).
-                    return is_string($value) ? htmlspecialchars($value, ENT_QUOTES, $that->getCharset(), false) : $value;
+                    return is_string($value) ? htmlspecialchars($value, ENT_QUOTES | ENT_SUBSTITUTE, $that->getCharset(), false) : $value;
                 },
 
             'js' =>
