From e50d9186ce15367e8f6e2aab5c04481ca0046ec6 Mon Sep 17 00:00:00 2001
From: JoshyPHP <s9e.dev@gmail.com>
Date: Tue, 19 May 2015 23:10:35 +0200
Subject: [PATCH] [ticket/13847] Changed enquote() logic to use whichever is
 the shortest

Will enclose attribute values in single- or double- quotes depending on
whichever requires the least escaping. Characters that need to be escaped
are always escaped regardless.

PHPBB3-13847
---
 phpBB/phpbb/textformatter/s9e/utils.php |  7 ++++---
 tests/text_formatter/s9e/utils_test.php | 15 +++++++++++++++
 2 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/phpBB/phpbb/textformatter/s9e/utils.php b/phpBB/phpbb/textformatter/s9e/utils.php
index fe33c04da3..04df589930 100644
--- a/phpBB/phpbb/textformatter/s9e/utils.php
+++ b/phpBB/phpbb/textformatter/s9e/utils.php
@@ -37,7 +37,7 @@ class utils implements \phpbb\textformatter\utils_interface
 	/**
 	* Return given string between quotes
 	*
-	* Will use either single- or double- quotes depending on whichever requires to be escaped.
+	* Will use either single- or double- quotes depending on whichever requires less escaping.
 	* Quotes and backslashes are escaped with backslashes where necessary
 	*
 	* @param  string $str Original string
@@ -45,9 +45,10 @@ class utils implements \phpbb\textformatter\utils_interface
 	*/
 	protected function enquote($str)
 	{
-		$quote = (strpos($str, '"') === false || strpos($str, "'") !== false) ? '"' : "'";
+		$singleQuoted = "'" . addcslashes($str, "\\'") . "'";
+		$doubleQuoted = '"' . addcslashes($str, '\\"') . '"';
 
-		return $quote . addcslashes($str, '\\' . $quote) . $quote;
+		return (strlen($singleQuoted) < strlen($doubleQuoted)) ? $singleQuoted : $doubleQuoted;
 	}
 
 	/**
diff --git a/tests/text_formatter/s9e/utils_test.php b/tests/text_formatter/s9e/utils_test.php
index 3c92965b49..555f29cb38 100644
--- a/tests/text_formatter/s9e/utils_test.php
+++ b/tests/text_formatter/s9e/utils_test.php
@@ -147,6 +147,21 @@ class phpbb_textformatter_s9e_utils_test extends phpbb_test_case
 				array('author' => "\\\"'"),
 				'[quote="\\\\\\"\'"]...[/quote]',
 			),
+			array(
+				'...',
+				array('author' => 'Lots of doubles """ one single \' one backslash \\'),
+				'[quote=\'Lots of doubles """ one single \\\' one backslash \\\\\']...[/quote]',
+			),
+			array(
+				'...',
+				array('author' => "Lots of singles ''' one double \" one backslash \\"),
+				'[quote="Lots of singles \'\'\' one double \\" one backslash \\\\"]...[/quote]',
+			),
+			array(
+				'...',
+				array('author' => 'Defaults to doublequotes """\'\'\''),
+				'[quote="Defaults to doublequotes \\"\\"\\"\'\'\'"]...[/quote]',
+			),
 			array(
 				'...',
 				array(