Merge pull request #3352 from VSEphpbb/ticket/10388

Ticket/10388 Use Twig's JS escape filter instead of addslashes on LA_ keys

phpBB/phpbb/template/twig/extension.php

@@ -71,6 +71,7 @@ class extension extends \Twig_Extension
 	{
 		return array(
 			new \Twig_SimpleFilter('subset', array($this, 'loop_subset'), array('needs_environment' => true)),
+			// @deprecated 3.2.0 Uses twig's JS escape method instead of addslashes
 			new \Twig_SimpleFilter('addslashes', 'addslashes'),
 		);
 	}
@@ -177,7 +178,7 @@ class extension extends \Twig_Extension
 			return $context_vars['L_' . $key];
 		}
 
-		// LA_ is transformed into lang(\'$1\')|addslashes, so we should not
+		// LA_ is transformed into lang(\'$1\')|escape('js'), so we should not
 		// need to check for it
 
 		return call_user_func_array(array($this->user, 'lang'), $args);

phpBB/phpbb/template/twig/lexer.php

@@ -117,9 +117,9 @@ class lexer extends \Twig_Lexer
 		// Appends any filters after lang()
 		$code = preg_replace('#{L_([a-zA-Z0-9_\.]+)(\|[^}]+?)?}#', '{{ lang(\'$1\')$2 }}', $code);
 
-		// Replace all of our escaped language variables, {LA_VARNAME}, with Twig style, {{ lang('NAME')|addslashes }}
+		// Replace all of our escaped language variables, {LA_VARNAME}, with Twig style, {{ lang('NAME')|escape('js') }}
-		// Appends any filters after lang(), but before addslashes
+		// Appends any filters after lang(), but before escape('js')
-		$code = preg_replace('#{LA_([a-zA-Z0-9_\.]+)(\|[^}]+?)?}#', '{{ lang(\'$1\')$2|addslashes }}', $code);
+		$code = preg_replace('#{LA_([a-zA-Z0-9_\.]+)(\|[^}]+?)?}#', '{{ lang(\'$1\')$2|escape(\'js\') }}', $code);
 
 		// Replace all of our variables, {VARNAME}, with Twig style, {{ VARNAME }}
 		// Appends any filters

phpBB/styles/prosilver/template/captcha_recaptcha.html

@@ -29,7 +29,7 @@
 		</div>
 		</noscript>
 
-		<a href="http://www.google.com/intl/{LA_RECAPTCHA_LANG}/policies/" target="_blank" class="recaptcha-responsive" style="display: none"><img alt="" width="71" height="36" src="{RECAPTCHA_SERVER}/img/clean/logo.png"></a>
+		<a href="http://www.google.com/intl/{L_RECAPTCHA_LANG}/policies/" target="_blank" class="recaptcha-responsive" style="display: none"><img alt="" width="71" height="36" src="{RECAPTCHA_SERVER}/img/clean/logo.png"></a>
 	</dd>
 	</dl>
 <!-- ELSE -->

phpBB/styles/prosilver/template/memberlist_body.html

@@ -25,7 +25,7 @@
 
 		<div class="action-bar top">
 			<div class="member-search panel">
-				<!-- IF U_FIND_MEMBER and not S_SEARCH_USER --><a href="{U_FIND_MEMBER}" id="member_search" data-alt-text="{LA_HIDE_MEMBER_SEARCH}">{L_FIND_USERNAME}</a> &bull; <!-- ELSEIF S_SEARCH_USER and U_HIDE_FIND_MEMBER and not S_IN_SEARCH_POPUP --><a href="{U_HIDE_FIND_MEMBER}" id="member_search" data-alt-text="{LA_FIND_USERNAME}">{L_HIDE_MEMBER_SEARCH}</a> &bull; <!-- ENDIF -->
+				<!-- IF U_FIND_MEMBER and not S_SEARCH_USER --><a href="{U_FIND_MEMBER}" id="member_search" data-alt-text="{L_HIDE_MEMBER_SEARCH}">{L_FIND_USERNAME}</a> &bull; <!-- ELSEIF S_SEARCH_USER and U_HIDE_FIND_MEMBER and not S_IN_SEARCH_POPUP --><a href="{U_HIDE_FIND_MEMBER}" id="member_search" data-alt-text="{L_FIND_USERNAME}">{L_HIDE_MEMBER_SEARCH}</a> &bull; <!-- ENDIF -->
 				<strong>
 				<!-- BEGIN first_char -->
 					<a href="{first_char.U_SORT}">{first_char.DESC}</a>&nbsp;

tests/template/template_test.php

@@ -286,7 +286,7 @@ class phpbb_template_template_test extends phpbb_template_template_test_case
 				array(),
 				array(),
 				array(),
-				"Value'\n1 O'Clock\nValue\'\n1 O\'Clock",
+				"Value'\n1 O'Clock\nValue\\x27\n1\\x20O\\x27Clock",
 				array('VARIABLE' => "Value'", '1_VARIABLE' => "1 O'Clock"),
 			),
 			array(