Notice the "~" character. Checkout http://code.google.com/p/php-pike/wiki/Pike_View_Stream

I know you said that you want to avoid "tricky ways like output buffering and PREG replacing *.phtml files.", but I still think it's a very neat way to fix auto escaping in Zend Framework 1.

If you're trying to improve security then a robust solution would be preferred, which would require a parser instead of regex...

But I suppose this'll do the trick if you make sure you keep it to a one liner.

For your readers, I'll link to a cool thread (that you participated in) about how escaping is being planned for #ZF 2.0:
http://framework.zend.com/wiki/display/ZFDEV2/Zend_View+2.0

I expect it would break :) But then I wouldn't be impressed if I saw that code in a view template anyway!

Rob...

P.S. I didn't look much at the regex but I'm curious, how would you want to handle something like this?:

< ?= @var; @var2 ?>

Very interesting, Thanks!

Regards,

Rob...

It doesn't add the escape method. A subclass of Zend_View escape the variables by default instead.

<?= @$var ? @$var : '-unknown-'; ?>
<?= $var ? $var : '-unknown-'; ?>

become:

<?php echo $this->escape($this->var ? $this->var : '-unknown-'); ?>
<?php echo $this->escape($var ? $var : '-unknown-'); ?>

Even if it is not really what you write, isn't it valid php?

$find = '/<\?=\s*([^;]*);?\s*\?>/';
$replace = "<?php echo \$this->escape($1); ?>";
$this->data = preg_replace($find, $replace, $this->data);

ps: make it to work I had to use the following regex:

$find = '//';
            $replace = "escape($1); ?>";
            $this->data = preg_replace($find, $replace, $this->data);

The regex for a viriable name is from http://www.php.net/language.variables