[TOC] ## 示例 装饰在 PHP 代码中可谓是标准配置，尤其是在与流式加载相关的代码中 ### 概念示例

main.php

``` component = $component; } public function operation(): string{ return $this->component->operation(); } } // 具体装饰类 class ConcreteDecoratorA extends Decorator{ public function operation(): string{ return "ConcreteDecoratorA(".parent::operation().")"; } } //具体装饰类 class ConcreteDecoratorB extends Decorator{ public function operation(): string{ return "ConcreteDecoratorB(".parent::operation().")"; } } function clientCode(Component $component){ // ... echo "RESULT: ".$component->operation(); // ... } $simple = new ConcreteComponent(); clientCode($simple); echo "\n\n"; $decorator1 = new ConcreteDecoratorA($simple); $decorator2 = new ConcreteDecoratorB($decorator1); clientCode($decorator2); ```

输出 ``` RESULT: ConcreteComponent RESULT: ConcreteDecoratorB(ConcreteDecoratorA(ConcreteComponent)) ``` ### 文本过滤

main.php

``` inputFormat = $inputFormat; } public function formatText(string $text): string { return $this->inputFormat->formatText($text); } } class PlainTextFilter extends TextFormat { public function formatText(string $text): string { $text = parent::formatText($text); return strip_tags($text); } } class DangerousHTMLTagsFilter extends TextFormat { private $dangerousTagPatterns = [ "|([\s\S]*)?|i", // ... ]; private $dangerousAttributes = [ "onclick", "onkeypress", // ... ]; public function formatText(string $text): string { $text = parent::formatText($text); foreach ($this->dangerousTagPatterns as $pattern) { $text = preg_replace($pattern, '', $text); } foreach ($this->dangerousAttributes as $attribute) { $text = preg_replace_callback('|<(.*?)>|', function ($matches) use ($attribute) { $result = preg_replace("|$attribute=|i", '', $matches[1]); return "<" . $result . ">"; }, $text); } return $text; } } class MarkdownFormat extends TextFormat { public function formatText(string $text): string { $text = parent::formatText($text); // Format block elements. $chunks = preg_split('|\n\n|', $text); foreach ($chunks as &$chunk) { // Format headers. if (preg_match('|^#+|', $chunk)) { $chunk = preg_replace_callback('|^(#+)(.*?)$|', function ($matches) { $h = strlen($matches[1]); return "" . trim($matches[2]) . ""; }, $chunk); } // Format paragraphs. else { $chunk = "

$chunk

"; } } $text = implode("\n\n", $chunks); // Format inline elements. $text = preg_replace("|__(.*?)__|", '$1', $text); $text = preg_replace("|\*\*(.*?)\*\*|", '$1', $text); $text = preg_replace("|_(.*?)_|", '$1', $text); $text = preg_replace("|\*(.*?)\*|", '$1', $text); return $text; } } function displayCommentAsAWebsite(InputFormat $format, string $text) { // .. echo $format->formatText($text); // .. } $dangerousComment = <<homepage. HERE; // 不过滤 $naiveInput = new TextInput(); echo "======TextInput======".PHP_EOL; displayCommentAsAWebsite($naiveInput, $dangerousComment); echo "\n\n\n"; // 过滤标签 $filteredInput = new PlainTextFilter($naiveInput); echo "======PlainTextFilter======".PHP_EOL; displayCommentAsAWebsite($filteredInput, $dangerousComment); echo "\n\n\n"; $dangerousForumPost = << performXSSAttack(); HERE; $naiveInput = new TextInput(); echo "======TextInput======".PHP_EOL; displayCommentAsAWebsite($naiveInput, $dangerousForumPost); echo "\n\n\n"; // 过滤标签,过滤Markdown,过滤危险标签 $text = new TextInput(); $markdown = new MarkdownFormat($text); $filteredInput = new DangerousHTMLTagsFilter($markdown); echo "======DangerousHTMLTagsFilter======".PHP_EOL; displayCommentAsAWebsite($filteredInput, $dangerousForumPost); echo "\n\n\n"; ```

输出 ``` ======TextInput====== Hello! Nice blog post! Please visit my homepage. ======PlainTextFilter====== Hello! Nice blog post! Please visit my homepage. performXSSAttack(); ======TextInput====== # Welcome This is my first post on this **gorgeous** forum. ======DangerousHTMLTagsFilter======

Welcome

This is my first post on this gorgeous forum.

```