Merge branch '1.x' into 2.x

* 1.x:
  fixed website URL
  Fix cache update after uploading the template file (when auto-update is enabled).
  Small optimization for Twig_NodeTraverser::traverseForVisitor
  Add JSON escape strategy

CHANGELOG

@@ -112,7 +112,7 @@
 
 * 1.35.4 (2018-XX-XX)
 
- * n/a
+ * "js" filter now produces valid JSON
 
 * 1.35.3 (2018-03-20)
 

README.rst

@@ -12,4 +12,4 @@ More Information
 
 Read the `documentation`_ for more information.
 
-.. _documentation: http://twig.sensiolabs.org/documentation
+.. _documentation: https://twig.symfony.com/documentation

composer.json

@@ -3,7 +3,7 @@
     "type": "library",
     "description": "Twig, the flexible, fast, and secure template language for PHP",
     "keywords": ["templating"],
-    "homepage": "http://twig.sensiolabs.org",
+    "homepage": "https://twig.symfony.com",
     "license": "BSD-3-Clause",
     "authors": [
         {
@@ -14,7 +14,7 @@
         },
         {
             "name": "Twig Team",
-            "homepage": "http://twig.sensiolabs.org/contributors",
+            "homepage": "https://twig.symfony.com/contributors",
             "role": "Contributors"
         },
         {

lib/Twig/Extension/Core.php

@@ -948,7 +948,7 @@ function twig_escape_filter(Twig_Environment $env, $string, $strategy = 'html',
 
         case 'js':
             // escape all non-alphanumeric characters
-            // into their \xHH or \uHHHH representations
+            // into their \x or \uHHHH representations
             if ('UTF-8' !== $charset) {
                 $string = iconv($charset, 'UTF-8', $string);
             }
@@ -960,9 +960,23 @@ function twig_escape_filter(Twig_Environment $env, $string, $strategy = 'html',
             $string = preg_replace_callback('#[^a-zA-Z0-9,\._]#Su', function ($matches) {
                 $char = $matches[0];
 
-                // \xHH
-                if (!isset($char[1])) {
-                    return '\\x'.strtoupper(substr('00'.bin2hex($char), -2));
+                /*
+                 * A few characters have short escape sequences in JSON and JavaScript.
+                 * Escape sequences supported only by JavaScript, not JSON, are ommitted.
+                 * \" is also supported but omitted, because the resulting string is not HTML safe.
+                 */
+                static $shortMap = array(
+                    '\\' => '\\\\',
+                    '/' => '\\/',
+                    "\x08" => '\b',
+                    "\x0C" => '\f',
+                    "\x0A" => '\n',
+                    "\x0D" => '\r',
+                    "\x09" => '\t',
+                );
+
+                if (isset($shortMap[$char])) {
+                    return $shortMap[$char];
                 }
 
                 // \uHHHH

lib/Twig/Loader/Filesystem.php

@@ -162,7 +162,7 @@ public function exists($name)
 
     public function isFresh($name, $time)
     {
-        return filemtime($this->findTemplate($name)) <= $time;
+        return filemtime($this->findTemplate($name)) < $time;
     }
 
     /**

lib/Twig/NodeTraverser.php

@@ -64,8 +64,10 @@ private function traverseForVisitor(Twig_NodeVisitorInterface $visitor, Twig_Nod
         $node = $visitor->enterNode($node, $this->env);
 
         foreach ($node as $k => $n) {
-            if (false !== $n = $this->traverseForVisitor($visitor, $n)) {
-                $node->setNode($k, $n);
+            if (false !== $m = $this->traverseForVisitor($visitor, $n)) {
+                if ($m !== $n) {
+                    $node->setNode($k, $m);
+                }
             } else {
                 $node->removeNode($k);
             }

test/Twig/Tests/EnvironmentTest.php

@@ -25,7 +25,7 @@ public function testAutoescapeOption()
         ));
 
         $this->assertEquals('foo&lt;br/ &gt; foo&lt;br/ &gt;', $twig->render('html', array('foo' => 'foo<br/ >')));
-        $this->assertEquals('foo\x3Cbr\x2F\x20\x3E foo\x3Cbr\x2F\x20\x3E', $twig->render('js', array('bar' => 'foo<br/ >')));
+        $this->assertEquals('foo\u003Cbr\/\u0020\u003E foo\u003Cbr\/\u0020\u003E', $twig->render('js', array('bar' => 'foo<br/ >')));
     }
 
     public function escapingStrategyCallback($name)

test/Twig/Tests/Fixtures/autoescape/name.test

@@ -17,6 +17,6 @@ return array('br' => '<br />')
 return array('autoescape' => 'name')
 --EXPECT--
 &lt;br /&gt;
-\x3Cbr\x20\x2F\x3E
+\u003Cbr\u0020\/\u003E
 &lt;br /&gt;
 <br />

test/Twig/Tests/Fixtures/filters/escape_javascript.test

@@ -5,4 +5,4 @@
 --DATA--
 return array()
 --EXPECT--
-\u00E9\x20\u265C\x20\uD834\uDF06
+\u00E9\u0020\u265C\u0020\uD834\uDF06

test/Twig/Tests/Fixtures/filters/force_escape.test

@@ -14,5 +14,5 @@
 return array()
 --EXPECT--
     foo<br />
-\x20\x20\x20\x20foo\x3Cbr\x20\x2F\x3E\x0A
+\u0020\u0020\u0020\u0020foo\u003Cbr\u0020\/\u003E\n
         foo<br />

test/Twig/Tests/Fixtures/tags/autoescape/functions.test

@@ -80,4 +80,4 @@ unsafe_br()|escape
 autoescape js
 
 safe_br
-\x3Cbr\x20\x2F\x3E
+\u003Cbr\u0020\/\u003E

test/Twig/Tests/Fixtures/tags/autoescape/strategy.test

@@ -7,5 +7,5 @@
 --DATA--
 return array('var' => '<br />"')
 --EXPECT--
-\x3Cbr\x20\x2F\x3E\x22
+\u003Cbr\u0020\/\u003E\u0022
 &lt;br /&gt;&quot;

test/Twig/Tests/Fixtures/tags/autoescape/type.test

@@ -44,15 +44,15 @@ return array('msg' => "<>\n'\"")
 
 1. autoescape 'html' |escape('js')
 
-<a onclick="alert(&quot;\x3C\x3E\x0A\x27\x22&quot;)"></a>
+<a onclick="alert(&quot;\u003C\u003E\n\u0027\u0022&quot;)"></a>
 
 2. autoescape 'html' |escape('js')
 
-<a onclick="alert(&quot;\x3C\x3E\x0A\x27\x22&quot;)"></a>
+<a onclick="alert(&quot;\u003C\u003E\n\u0027\u0022&quot;)"></a>
 
 3. autoescape 'js' |escape('js')
 
-<a onclick="alert(&quot;\x3C\x3E\x0A\x27\x22&quot;)"></a>
+<a onclick="alert(&quot;\u003C\u003E\n\u0027\u0022&quot;)"></a>
 
 4. no escape
 
@@ -61,9 +61,9 @@ return array('msg' => "<>\n'\"")
 
 5. |escape('js')|escape('html')
 
-<a onclick="alert(&quot;\x3C\x3E\x0A\x27\x22&quot;)"></a>
+<a onclick="alert(&quot;\u003C\u003E\n\u0027\u0022&quot;)"></a>
 
 6. autoescape 'html' |escape('js')|escape('html')
 
-<a onclick="alert(&quot;\x3C\x3E\x0A\x27\x22&quot;)"></a>
+<a onclick="alert(&quot;\u003C\u003E\n\u0027\u0022&quot;)"></a>
 

test/Twig/Tests/escapingTest.php

@@ -51,13 +51,15 @@ class Twig_Test_EscapingTest extends \PHPUnit\Framework\TestCase
 
     protected $jsSpecialChars = array(
         /* HTML special chars - escape without exception to hex */
-        '<' => '\\x3C',
-        '>' => '\\x3E',
-        '\'' => '\\x27',
-        '"' => '\\x22',
-        '&' => '\\x26',
+        '<' => '\\u003C',
+        '>' => '\\u003E',
+        '\'' => '\\u0027',
+        '"' => '\\u0022',
+        '&' => '\\u0026',
+        '/' => '\\/',
         /* Characters beyond ASCII value 255 to unicode escape */
         'Ā' => '\\u0100',
+        '😀' => '\\uD83D\\uDE00',
         /* Immune chars excluded */
         ',' => ',',
         '.' => '.',
@@ -70,12 +72,14 @@ class Twig_Test_EscapingTest extends \PHPUnit\Framework\TestCase
         '0' => '0',
         '9' => '9',
         /* Basic control characters and null */
-        "\r" => '\\x0D',
-        "\n" => '\\x0A',
-        "\t" => '\\x09',
-        "\0" => '\\x00',
+        "\r" => '\r',
+        "\n" => '\n',
+        "\x08" => '\b',
+        "\t" => '\t',
+        "\x0C" => '\f',
+        "\0" => '\\u0000',
         /* Encode spaces for quoteless attribute protection */
-        ' ' => '\\x20',
+        ' ' => '\\u0020',
     );
 
     protected $urlSpecialChars = array(