From 5d502a6465d76ba34b2f52edf672fbae8ead8cc0 Mon Sep 17 00:00:00 2001
From: Alexander Ebert <ebert@woltlab.com>
Date: Mon, 15 Apr 2013 14:15:20 +0200
Subject: [PATCH] Fixed usernames with apostrophes

---
 ...EncodeJSONModifierTemplatePlugin.class.php | 28 +++++++++++++++++++
 .../files/lib/util/StringUtil.class.php       | 15 ++++++++++
 2 files changed, 43 insertions(+)
 create mode 100644 wcfsetup/install/files/lib/system/template/plugin/EncodeJSONModifierTemplatePlugin.class.php

diff --git a/wcfsetup/install/files/lib/system/template/plugin/EncodeJSONModifierTemplatePlugin.class.php b/wcfsetup/install/files/lib/system/template/plugin/EncodeJSONModifierTemplatePlugin.class.php
new file mode 100644
index 0000000000..1ceaee0af3
--- /dev/null
+++ b/wcfsetup/install/files/lib/system/template/plugin/EncodeJSONModifierTemplatePlugin.class.php
@@ -0,0 +1,28 @@
+<?php
+namespace wcf\system\template\plugin;
+use wcf\system\template\TemplateEngine;
+use wcf\util\StringUtil;
+
+/**
+ * Template modifier plugin which formats a JSON string for usage in a single quoted
+ * javascript string by escapes single quotes and new lines.
+ * 
+ * Usage:
+ * 	{$string|encodeJSON}
+ * 	{"bl''ah"|encodeJSON}
+ * 
+ * @author	Alexander Ebert
+ * @copyright	2001-2013 WoltLab GmbH
+ * @license	GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
+ * @package	com.woltlab.wcf
+ * @subpackage	system.template.plugin
+ * @category	Community Framework
+ */
+class EncodeJSONModifierTemplatePlugin implements IModifierTemplatePlugin {
+	/**
+	 * @see	wcf\system\template\IModifierTemplatePlugin::execute()
+	 */
+	public function execute($tagArgs, TemplateEngine $tplObj) {
+		return StringUtil::encodeJSON($tagArgs[0]);
+	}
+}
diff --git a/wcfsetup/install/files/lib/util/StringUtil.class.php b/wcfsetup/install/files/lib/util/StringUtil.class.php
index 90f7b4a546..6e4198861a 100644
--- a/wcfsetup/install/files/lib/util/StringUtil.class.php
+++ b/wcfsetup/install/files/lib/util/StringUtil.class.php
@@ -106,6 +106,21 @@ final class StringUtil {
 		return $string;
 	}
 	
+	/**
+	 * Encodes JSON strings. This is not the same as PHP's json_encode()!
+	 * 
+	 * @param	string		$string
+	 * @return	string
+	 */
+	public static function encodeJSON($string) {
+		$string = self::encodeJS($string);
+		
+		// single quotes must be encoded as HTML entity
+		$string = self::replace("\'", "&#39;", $string);
+		
+		return $string;
+	}
+	
 	/**
 	 * Decodes html entities.
 	 * 
-- 
2.20.1