shell bypass 403
UnknownSec Shell
:
/
usr
/
local
/
lib64
/
perl5
/
Template
/
Manual
/ [
drwxr-xr-x
]
upload
mass deface
mass delete
console
info server
name :
Filters.pod
#============================================================= -*-perl-*- # # Template::Manual::Filters # # AUTHOR # Andy Wardley <abw@wardley.org> # # COPYRIGHT # Copyright (C) 1996-2022 Andy Wardley. All Rights Reserved. # # This module is free software; you can redistribute it and/or # modify it under the same terms as Perl itself. # #======================================================================== =encoding latin1 =head1 NAME Template::Manual::Filters - Standard filters =head1 format(format) The C<format> filter takes a format string as a parameter (as per C<printf()>) and formats each line of text accordingly. [% FILTER format('<!-- %-40s -->') %] This is a block of text filtered through the above format. [% END %] Output: <!-- This is a block of text filtered --> <!-- through the above format. --> =head1 upper Folds the input to UPPER CASE. [% "hello world" FILTER upper %] Output: HELLO WORLD =head1 lower Folds the input to lower case. [% "Hello World" FILTER lower %] Output: hello world =head1 ucfirst Folds the first character of the input to UPPER CASE. [% "hello" FILTER ucfirst %] Output: Hello =head1 lcfirst Folds the first character of the input to lower case. [% "HELLO" FILTER lcfirst %] Output: hELLO =head1 trim Trims any leading or trailing whitespace from the input text. Particularly useful in conjunction with C<INCLUDE>, C<PROCESS>, etc., having the same effect as the C<TRIM> configuration option. [% INCLUDE myfile | trim %] =head1 collapse Collapse any whitespace sequences in the input text into a single space. Leading and trailing whitespace (which would be reduced to a single space) is removed, as per trim. [% FILTER collapse %] The cat sat on the mat [% END %] Output: The cat sat on the mat =head1 html Converts the characters C<E<lt>>, C<E<gt>>, C<&> and C<"> to C<<>, C<>>, C<&>, and C<"> respectively, protecting them from being interpreted as representing HTML tags or entities. [% FILTER html %] Binary "<=>" returns -1, 0, or 1 depending on... [% END %] Output: Binary "<=>" returns -1, 0, or 1 depending on... =head1 html_entity The C<html> filter is fast and simple but it doesn't encode the full range of HTML entities that your text may contain. The C<html_entity> filter uses either the C<Apache::Util> module (which is written in C and is therefore faster) or the C<HTML::Entities> module (written in Perl but equally as comprehensive) to perform the encoding. If one or other of these modules are installed on your system then the text will be encoded (via the C<escape_html()> or C<encode_entities()> subroutines respectively) to convert all extended characters into their appropriate HTML entities (e.g. converting 'C<?>' to 'C<é>'). If neither module is available on your system then an 'C<html_entity>' exception will be thrown reporting an appropriate message. If you want to force TT to use one of the above modules in preference to the other, then call either of the L<Template::Filters> class methods: L<use_html_entities()|Template::Filters/use_html_entities()> or L<use_apache_util()|Template::Filters/use_apache_util()>. use Template::Filters; Template::Filters->use_html_entities; For further information on HTML entity encoding, see L<http://www.w3.org/TR/REC-html40/sgml/entities.html>. =head1 xml Same as the C<html> filter, but adds C<'> which is the fifth XML built-in entity. =head1 html_para This filter formats a block of text into HTML paragraphs. A sequence of two or more newlines is used as the delimiter for paragraphs which are then wrapped in HTML C<E<lt>pE<gt>>...C<E<lt>/pE<gt>> tags. [% FILTER html_para %] The cat sat on the mat. Mary had a little lamb. [% END %] Output: <p> The cat sat on the mat. </p> <p> Mary had a little lamb. </p> =head1 html_break / html_para_break Similar to the html_para filter described above, but uses the HTML tag sequence C<E<lt>brE<gt>E<lt>brE<gt>> to join paragraphs. [% FILTER html_break %] The cat sat on the mat. Mary had a little lamb. [% END %] Output: The cat sat on the mat. <br> <br> Mary had a little lamb. =head1 html_line_break This filter replaces any newlines with C<E<lt>brE<gt>> HTML tags, thus preserving the line breaks of the original text in the HTML output. [% FILTER html_line_break %] The cat sat on the mat. Mary had a little lamb. [% END %] Output: The cat sat on the mat.<br> Mary had a little lamb.<br> =head1 uri This filter URI escapes the input text, converting any characters outside of the permitted URI character set (as defined by RFC 3986) into a C<%nn> hex escape. [% 'my file.html' | uri %] Output: my%20file.html The uri filter correctly encodes all reserved characters, including C<&>, C<@>, C</>, C<;>, C<:>, C<=>, C<+>, C<?> and C<$>. This filter is typically used to encode parameters in a URL that could otherwise be interpreted as part of the URL. Here's an example: [% path = 'http://tt2.org/example' back = '/other?foo=bar&baz=bam' title = 'Earth: "Mostly Harmless"' %] <a href="[% path %]?back=[% back | uri %]&title=[% title | uri %]"> The output generated is rather long so we'll show it split across two lines: <a href="http://tt2.org/example?back=%2Fother%3Ffoo%3Dbar%26 baz%3Dbam&title=Earth%3A%20%22Mostly%20Harmless%22"> Without the uri filter the output would look like this (also split across two lines). <a href="http://tt2.org/example?back=/other?foo=bar &baz=bam&title=Earth: "Mostly Harmless""> In this rather contrived example we've manage to generate both a broken URL (the repeated C<?> is not allowed) and a broken HTML element (the href attribute is terminated by the first C<"> after C<Earth: > leaving C<Mostly Harmless"> dangling on the end of the tag in precisely the way that harmless things shouldn't dangle). So don't do that. Always use the uri filter to encode your URL parameters. However, you should B<not> use the uri filter to encode an entire URL. <a href="[% page_url | uri %]"> # WRONG! This will incorrectly encode any reserved characters like C<:> and C</> and that's almost certainly not what you want in this case. Instead you should use the B<url> (note spelling) filter for this purpose. <a href="[% page_url | url %]"> # CORRECT Please note that this behaviour was changed in version 2.16 of the Template Toolkit. Prior to that, the uri filter did not encode the reserved characters, making it technically incorrect according to the RFC 2396 specification (since superceded by RFC2732 and RFC3986). So we fixed it in 2.16 and provided the url filter to implement the old behaviour of not encoding reserved characters. As of version 2.28 of the Template Toolkit, the C<uri> and L<url> filters use the unsafe character set defined by RFC3986. This means that certain characters ("(", ")", "*", "!", "'", and '"') are now deemed unsafe and will be escaped as hex character sequences. The ability to use the RFC3986 character set was added in 2.26 but not enabled by default; double quote was incorrectly deemed safe in 2.26 but correctly escaped in 2.27. If you want to enable the old behaviour then call the C<use_rfc2732()> method in L<Template::Filters> use Template::Filters Template::Filters->use_rfc2732; =head1 url The url filter is a less aggressive version of the uri filter. It encodes any characters outside of the permitted URI character set (as defined by RFC 2396) into C<%nn> hex escapes. However, unlike the uri filter, the url filter does B<not> encode the reserved characters C<&>, C<@>, C</>, C<;>, C<:>, C<=>, C<+>, C<?> and C<$>. =head1 indent(pad) Indents the text block by a fixed pad string or width. The 'C<pad>' argument can be specified as a string, or as a numerical value to indicate a pad width (spaces). Defaults to 4 spaces if unspecified. [% FILTER indent('ME> ') %] blah blah blah cabbages, rhubard, onions [% END %] Output: ME> blah blah blah ME> cabbages, rhubard, onions =head1 truncate(length,dots) Truncates the text block to the length specified, or a default length of 32. Truncated text will be terminated with 'C<...>' (i.e. the 'C<...>' falls inside the required length, rather than appending to it). [% FILTER truncate(21) %] I have much to say on this matter that has previously been said on more than one occasion. [% END %] Output: I have much to say... If you want to use something other than 'C<...>' you can pass that as a second argument. [% FILTER truncate(26, '…') %] I have much to say on this matter that has previously been said on more than one occasion. [% END %] Output: I have much to say… =head1 repeat(iterations) Repeats the text block for as many iterations as are specified (default: 1). [% FILTER repeat(3) %] We want more beer and we want more beer, [% END %] We are the more beer wanters! Output: We want more beer and we want more beer, We want more beer and we want more beer, We want more beer and we want more beer, We are the more beer wanters! =head1 remove(string) Searches the input text for any occurrences of the specified string and removes them. A Perl regular expression may be specified as the search string. [% "The cat sat on the mat" FILTER remove('\s+') %] Output: Thecatsatonthemat =head1 replace(search, replace) Similar to the remove filter described above, but taking a second parameter which is used as a replacement string for instances of the search string. [% "The cat sat on the mat" | replace('\s+', '_') %] Output: The_cat_sat_on_the_mat =head1 redirect(file, options) The C<redirect> filter redirects the output of the block into a separate file, specified relative to the C<OUTPUT_PATH> configuration item. [% FOREACH user IN myorg.userlist %] [% FILTER redirect("users/${user.id}.html") %] [% INCLUDE userinfo %] [% END %] [% END %] or more succinctly, using side-effect notation: [% FOREACH user IN myorg.userlist; INCLUDE userinfo FILTER redirect("users/${user.id}.html"); END %] A C<file> exception will be thrown if the C<OUTPUT_PATH> option is undefined. An optional C<binmode> argument can follow the filename to explicitly set the output file to binary mode. [% PROCESS my/png/generator FILTER redirect("images/logo.png", binmode=1) %] For backwards compatibility with earlier versions, a single true/false value can be used to set binary mode. [% PROCESS my/png/generator FILTER redirect("images/logo.png", 1) %] For the sake of future compatibility and clarity, if nothing else, we would strongly recommend you explicitly use the named C<binmode> option as shown in the first example. =head1 eval / evaltt The C<eval> filter evaluates the block as template text, processing any directives embedded within it. This allows template variables to contain template fragments, or for some method to be provided for returning template fragments from an external source such as a database, which can then be processed in the template as required. my $vars = { fragment => "The cat sat on the [% place %]", }; $template->process($file, $vars); The following example: [% fragment | eval %] is therefore equivalent to The cat sat on the [% place %] The C<evaltt> filter is provided as an alias for C<eval>. =head1 perl / evalperl The C<perl> filter evaluates the block as Perl code. The C<EVAL_PERL> option must be set to a true value or a C<perl> exception will be thrown. [% my_perl_code | perl %] In most cases, the C<[% PERL %]> ... C<[% END %]> block should suffice for evaluating Perl code, given that template directives are processed before being evaluate as Perl. Thus, the previous example could have been written in the more verbose form: [% PERL %] [% my_perl_code %] [% END %] as well as [% FILTER perl %] [% my_perl_code %] [% END %] The C<evalperl> filter is provided as an alias for C<perl> for backwards compatibility. =head1 stdout(options) The stdout filter prints the output generated by the enclosing block to C<STDOUT>. The C<binmode> option can be passed as either a named parameter or a single argument to set C<STDOUT> to binary mode (see the binmode perl function). [% PROCESS something/cool FILTER stdout(binmode=1) # recommended %] [% PROCESS something/cool FILTER stdout(1) # alternate %] The C<stdout> filter can be used to force C<binmode> on C<STDOUT>, or also inside C<redirect>, C<null> or C<stderr> blocks to make sure that particular output goes to C<STDOUT>. See the C<null> filter below for an example. =head1 stderr The stderr filter prints the output generated by the enclosing block to C<STDERR>. =head1 null The C<null> filter prints nothing. This is useful for plugins whose methods return values that you don't want to appear in the output. Rather than assigning every plugin method call to a dummy variable to silence it, you can wrap the block in a null filter: [% FILTER null; USE im = GD.Image(100,100); black = im.colorAllocate(0, 0, 0); red = im.colorAllocate(255,0, 0); blue = im.colorAllocate(0, 0, 255); im.arc(50,50,95,75,0,360,blue); im.fill(50,50,red); im.png | stdout(1); END; -%] Notice the use of the C<stdout> filter to ensure that a particular expression generates output to C<STDOUT> (in this case in binary mode). =cut # Local Variables: # mode: perl # perl-indent-level: 4 # indent-tabs-mode: nil # End: # # vim: expandtab shiftwidth=4:
© 2025 UnknownSec