pop What do you think about the changes? The function "generate_output" moves the setting of the content and can now be called from the render function. Doesn't look very performant to me, but mainly I want to understand the principle.
I know you are not a plugin developer but you know your stuff 😃
public function handle($match, $state, $pos, Doku_Handler $handler){
if (empty($match)) return false;
$template_arguments = array();
$dump = trim(substr($match, 6, -2)); // remove curly brackets and "wst:" keyword
$dump = preg_replace_callback('/\{\{(((?!(\{\{|\}\})).*?|(?R))*)\}\}/', function($match) {return str_replace('|', '{{!}}', $match[0]);}, $dump);
$dump = explode('|', $dump); // split template name and arguments
return $dump;
}
public function render($mode, Doku_Renderer $renderer, $data) {
if($mode != 'xhtml') return false;
if (!$data) return false;
$template_text = $this->generate_output($data);
$renderer->doc .= $renderer->render_text($template_text, 'xhtml');
return true;
}
function generate_output($dump) {
$template_name = $dump[0];
array_splice($dump, 0, 1); // leave only arguments (if any)
if ($dump) {
$template_arguments = array();
foreach ($dump as $key => $value) {
// cases with {{Template:X|key1=value1|key2=value2}}
if (strpos($value, '=') !== false) {
$tmp = explode("=", $value);
$template_arguments[trim($tmp[0])] = trim($tmp[1]);
}
// cases with {{Template:X|value1|value2}}, same as 1=value1
// start from 1, not 0
else $template_arguments[$key+1] = trim($value);
}
}
$template_arguments = str_replace('{{!}}', '|', $template_arguments);
$template = $this->get_template($template_name);
if (!$template) return;
$template_text = $this->replace_args($template, $template_arguments);
return $template_text;
}
Since here then the content of the variables is formed again and again, it seems to work.
What actually happens with such a simple replacement if malicious PHP code is stored in the reference page? At first sight, everything always seems to be handled as a string. I just wanted to be sure about that.
saggi