public function parseXmlAttr($attr, $tag)
{
//XML解析安全过滤
$attr = str_replace(array('&', 'THEME_PATH', 'APP_TPL_PATH'), array('___', THEME_PATH, APP_TPL_PATH), $attr);
$xml = '<tpl><tag ' . $attr . ' /></tpl>';
$xml = simplexml_load_string($xml);
if (!$xml) {
throw_exception(L('_XML_TAG_ERROR_') . ' : ' . $attr);
}
$xml = (array) $xml->tag->attributes();
$array = array_change_key_case($xml['@attributes']);
$attrs = $this->getTagAttrList($tag);
foreach ($attrs as $val) {
$name = strtolower($val['name']);
if (!isset($array[$name])) {
$array[$name] = '';
} else {
$array[$name] = str_replace('___', '&', $array[$name]);
}
}
return $array;
}