From 2a40eb87c8c679a25ddb42587a1934e02312cb4a Mon Sep 17 00:00:00 2001
From: Kevin Chabowski <kevin@kch42.de>
Date: Thu, 4 Oct 2012 16:04:55 +0200
Subject: improved <ste:escape> and fixed docu.

* <ste:escape> can now also convert line breaks to <br />, if parameter
  lines is true.
* <ste:escape> now uses PHP's htmlspecialchars instead of htmlentities
  since it only escapes the minimal neccessary chars which should work,
  if encoding is handled correctly.
* Fixed 2 markup bugs in docu/language_definition.html
---
 docu/language_definition.html | 7 +++++--
 stupid_template_engine.php    | 5 ++++-
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/docu/language_definition.html b/docu/language_definition.html
index e311907..2c809bc 100644
--- a/docu/language_definition.html
+++ b/docu/language_definition.html
@@ -113,7 +113,7 @@
 				Just like their XML counterparts, they can wrap other elements (<code>&lt;ste:foo&gt;bar&lt;ste:baz&gt;herpdederp&lt;/ste:baz&gt;&lt;/ste:foo&gt;</code>) or can be self-closing (<code>&lt;ste:foo /&gt;</code>).
 				And they can have additional parameters (or "attributes", using the XML terminology): <code>&lt;ste:foo bar="baz" /&gt;</code>
 			</p>
-			<p>A Tag is wrapped in <code>&lt;</code> and <code>&gt;</code>. The tag's name always start with <code>ste:</code> and can then consist of letters, numbers and underscores (Regex: <code>[a-zA-Z0-9_]+</code>).<p>
+			<p>A Tag is wrapped in <code>&lt;</code> and <code>&gt;</code>. The tag's name always start with <code>ste:</code> and can then consist of letters, numbers and underscores (Regex: <code>[a-zA-Z0-9_]+</code>).</p>
 			<p>If the tag is self-closing, the last char is a <code>/</code> (e.g.: <code>&lt;ste:foo /&gt;</code>).</p>
 			<p>If the tag is a closing one, the first char is a <code>/</code>. An opening Tag does not have a <code>/</code>.An example of an opening-closing Tag pair wrapping the text <code>bar</code>: <code>&lt;ste:foo&gt;bar&lt;/ste:foo&gt;</code></p>
 			<p>
@@ -474,13 +474,16 @@
 	<h2 id="stdlib">Standard Library</h2>
 		<p>The Standard Library contains some useful tags, which are not <a href="#builtin">builtin</a> but still always available.</p>
 		<h3 id="stdlib_escape">ste:escape</h3>
-			<p>Escapes characters that are reserved for HTML (e.g. <code>&lt;</code>, <code>&gt;</code>, <code>&quot;</code>, <code>&amp;</code>). The text to escape is the tag's content.
+			<p>Escapes characters that are reserved for HTML (e.g. <code>&lt;</code>, <code>&gt;</code>, <code>&quot;</code>, <code>&amp;</code>). The text to escape is the tag's content.</p>
 			<p>
 				Example:<br />
 				<code><pre>&lt;ste:escape&gt;Foo &amp; bar...&lt;/ste:escape&gt;</pre></code>
 				Result:<br />
 				<code><pre>Foo &amp;amp; bar...</pre></code>
 			</p>
+			<p>
+				If the optional parameter <code>lines</code> is true (i.e. not empty), then additionally line breaks are converted to <code>&lt;br /&gt;</code>.
+			</p>
 		
 		<h3 id="stdlib_strlen">ste:strlen</h3>
 			<p>Returns the length of then content.</p>
diff --git a/stupid_template_engine.php b/stupid_template_engine.php
index b231e12..81a7688 100644
--- a/stupid_template_engine.php
+++ b/stupid_template_engine.php
@@ -1360,7 +1360,10 @@ class STEStandardLibrary
 	
 	static public function escape($ste, $params, $sub)
 	{
-		return htmlentities($sub($ste), ENT_QUOTES, "UTF-8");
+		if($ste->evalbool($params["lines"]))
+			return nl2br(htmlspecialchars(str_replace("\r\n", "\n", $sub($ste))));
+		else
+			return htmlspecialchars($sub($ste));
 	}
 	
 	static public function strlen($ste, $params, $sub)
-- 
cgit v1.2.3-54-g00ecf