common.inc 192 KB
Newer Older
Dries's avatar
 
Dries committed
1 2
<?php

3
use Drupal\Component\Utility\Crypt;
4
use Drupal\Component\Utility\Json;
5
use Drupal\Component\Utility\Number;
6
use Drupal\Component\Utility\Settings;
7
use Drupal\Component\Utility\SortArray;
8
use Drupal\Component\Utility\String;
9
use Drupal\Component\Utility\Tags;
10
use Drupal\Component\Utility\Url;
11
use Drupal\Component\Utility\Xss;
12
use Drupal\Core\Cache\Cache;
13
use Drupal\Core\Language\Language;
14 15
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpFoundation\Request;
16 17
use Symfony\Component\Yaml\Parser;
use Symfony\Component\Yaml\Exception\ParseException;
18
use Drupal\Component\PhpStorage\PhpStorageFactory;
19
use Drupal\Component\Utility\NestedArray;
20
use Drupal\Core\Datetime\DrupalDateTime;
21
use Drupal\Core\Routing\GeneratorNotInitializedException;
22
use Drupal\Core\Template\Attribute;
23
use Drupal\Core\Render\Element;
24

Dries's avatar
 
Dries committed
25 26 27 28 29 30 31 32
/**
 * @file
 * Common functions that many Drupal modules will need to reference.
 *
 * The functions that are critical and need to be available even when serving
 * a cached page are instead located in bootstrap.inc.
 */

33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60
/**
 * @defgroup php_wrappers PHP wrapper functions
 * @{
 * Functions that are wrappers or custom implementations of PHP functions.
 *
 * Certain PHP functions should not be used in Drupal. Instead, Drupal's
 * replacement functions should be used.
 *
 * For example, for improved or more secure UTF8-handling, or RFC-compliant
 * handling of URLs in Drupal.
 *
 * For ease of use and memorizing, all these wrapper functions use the same name
 * as the original PHP function, but prefixed with "drupal_". Beware, however,
 * that not all wrapper functions support the same arguments as the original
 * functions.
 *
 * You should always use these wrapper functions in your code.
 *
 * Wrong:
 * @code
 *   $my_substring = substr($original_string, 0, 5);
 * @endcode
 *
 * Correct:
 * @code
 *   $my_substring = drupal_substr($original_string, 0, 5);
 * @endcode
 *
61
 * @}
62 63
 */

64 65 66
/**
 * Return status for saving which involved creating a new item.
 */
67
const SAVED_NEW = 1;
68 69 70 71

/**
 * Return status for saving which involved an update to an existing item.
 */
72
const SAVED_UPDATED = 2;
73 74 75 76

/**
 * Return status for saving which deleted an existing item.
 */
77
const SAVED_DELETED = 3;
78

79
/**
80
 * The default aggregation group for CSS files added to the page.
81
 */
82
const CSS_AGGREGATE_DEFAULT = 0;
83 84

/**
85
 * The default aggregation group for theme CSS files added to the page.
86
 */
87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112
const CSS_AGGREGATE_THEME = 100;

/**
 * The default weight for CSS rules that style HTML elements ("base" styles).
 */
const CSS_BASE = -200;

/**
 * The default weight for CSS rules that layout a page.
 */
const CSS_LAYOUT = -100;

/**
 * The default weight for CSS rules that style design components (and their associated states and skins.)
 */
const CSS_COMPONENT = 0;

/**
 * The default weight for CSS rules that style states and are not included with components.
 */
const CSS_STATE = 100;

/**
 * The default weight for CSS rules that style skins and are not included with components.
 */
const CSS_SKIN = 200;
113

114 115 116 117 118
/**
 * The default group for JavaScript settings added to the page.
 */
const JS_SETTING = -200;

119
/**
120
 * The default group for JavaScript and jQuery libraries added to the page.
121
 */
122
const JS_LIBRARY = -100;
123 124

/**
125
 * The default group for module JavaScript code added to the page.
126
 */
127
const JS_DEFAULT = 0;
128 129

/**
130
 * The default group for theme JavaScript code added to the page.
131
 */
132
const JS_THEME = 100;
133

134
/**
135 136 137
 * @defgroup block_caching Block Caching
 * @{
 * Constants that define each block's caching state.
138
 *
139 140 141 142 143 144 145 146 147 148
 * Modules specify how their blocks can be cached in their hook_block_info()
 * implementations. Caching can be turned off (DRUPAL_NO_CACHE), managed by the
 * module declaring the block (DRUPAL_CACHE_CUSTOM), or managed by the core
 * Block module. If the Block module is managing the cache, you can specify that
 * the block is the same for every page and user (DRUPAL_CACHE_GLOBAL), or that
 * it can change depending on the page (DRUPAL_CACHE_PER_PAGE) or by user
 * (DRUPAL_CACHE_PER_ROLE or DRUPAL_CACHE_PER_USER). Page and user settings can
 * be combined with a bitwise-binary or operator; for example,
 * DRUPAL_CACHE_PER_ROLE | DRUPAL_CACHE_PER_PAGE means that the block can change
 * depending on the user role or page it is on.
149
 *
150 151
 * The block cache is cleared when the 'content' cache tag is invalidated,
 * following the same pattern as the page cache (node, comment, user, taxonomy
152
 * added or updated...).
153 154 155 156 157
 *
 * Note that user 1 is excluded from block caching.
 */

/**
158 159 160 161 162 163 164
 * The block should not get cached.
 *
 * This setting should be used:
 * - For simple blocks (notably those that do not perform any db query), where
 *   querying the db cache would be more expensive than directly generating the
 *   content.
 * - For blocks that change too frequently.
165
 */
166
const DRUPAL_NO_CACHE = -1;
167 168

/**
169 170
 * The block is handling its own caching in its hook_block_view().
 *
171 172
 * This setting is useful when time based expiration is needed or a site uses a
 * node access which invalidates standard block cache.
173
 */
174
const DRUPAL_CACHE_CUSTOM = -2;
175 176

/**
177 178 179 180
 * The block or element can change depending on the user's roles.
 *
 * This is the default setting for blocks, used when the block does not specify
 * anything.
181
 */
182
const DRUPAL_CACHE_PER_ROLE = 0x0001;
183 184

/**
185 186
 * The block or element can change depending on the user.
 *
187 188 189
 * This setting can be resource-consuming for sites with large number of users,
 * and thus should only be used when DRUPAL_CACHE_PER_ROLE is not sufficient.
 */
190
const DRUPAL_CACHE_PER_USER = 0x0002;
191 192 193 194

/**
 * The block or element can change depending on the page being viewed.
 */
195
const DRUPAL_CACHE_PER_PAGE = 0x0004;
196 197

/**
198
 * The block or element is the same for every user and page that it is visible.
199
 */
200
const DRUPAL_CACHE_GLOBAL = 0x0008;
201

202 203 204 205
/**
 * @} End of "defgroup block_caching".
 */

206 207 208 209 210 211 212 213 214
/**
 * The delimiter used to split plural strings.
 *
 * This is the ETX (End of text) character and is used as a minimal means to
 * separate singular and plural variants in source and translation text. It
 * was found to be the most compatible delimiter for the supported databases.
 */
const LOCALE_PLURAL_DELIMITER = "\03";

215
/**
216
 * Adds content to a specified region.
217 218
 *
 * @param $region
219
 *   Page region the content is added to.
220
 * @param $data
221
 *   Content to be added.
222
 */
223
function drupal_add_region_content($region = NULL, $data = NULL) {
224 225
  static $content = array();

226
  if (isset($region) && isset($data)) {
227 228 229 230 231 232
    $content[$region][] = $data;
  }
  return $content;
}

/**
233
 * Gets assigned content for a given region.
234 235
 *
 * @param $region
236 237
 *   A specified region to fetch content for. If NULL, all regions will be
 *   returned.
238
 * @param $delimiter
239
 *   Content to be inserted between imploded array elements.
240
 */
241 242
function drupal_get_region_content($region = NULL, $delimiter = ' ') {
  $content = drupal_add_region_content();
243 244
  if (isset($region)) {
    if (isset($content[$region]) && is_array($content[$region])) {
Steven Wittens's avatar
Steven Wittens committed
245
      return implode($delimiter, $content[$region]);
246
    }
247 248 249 250
  }
  else {
    foreach (array_keys($content) as $region) {
      if (is_array($content[$region])) {
Steven Wittens's avatar
Steven Wittens committed
251
        $content[$region] = implode($delimiter, $content[$region]);
252 253 254 255 256 257
      }
    }
    return $content;
  }
}

258
/**
259
 * Gets the name of the currently active installation profile.
260 261 262
 *
 * When this function is called during Drupal's initial installation process,
 * the name of the profile that's about to be installed is stored in the global
263 264
 * installation state. At all other times, the "install_profile" setting will be
 * available in settings.php.
265 266
 *
 * @return $profile
267
 *   The name of the installation profile.
268 269 270 271
 */
function drupal_get_profile() {
  global $install_state;

272 273 274 275 276 277 278 279
  if (drupal_installation_attempted()) {
    // If the profile has been selected return it.
    if (isset($install_state['parameters']['profile'])) {
      $profile = $install_state['parameters']['profile'];
    }
    else {
      $profile = '';
    }
280 281
  }
  else {
282
    $profile = settings()->get('install_profile') ?: 'standard';
283 284 285 286 287
  }

  return $profile;
}

Dries's avatar
Dries committed
288
/**
289
 * Adds output to the HEAD tag of the HTML page.
290
 *
291
 * This function can be called as long as the headers aren't sent. Pass no
292 293 294 295 296 297 298 299 300 301 302 303
 * arguments (or NULL for both) to retrieve the currently stored elements.
 *
 * @param $data
 *   A renderable array. If the '#type' key is not set then 'html_tag' will be
 *   added as the default '#type'.
 * @param $key
 *   A unique string key to allow implementations of hook_html_head_alter() to
 *   identify the element in $data. Required if $data is not NULL.
 *
 * @return
 *   An array of all stored HEAD elements.
 *
304
 * @see drupal_pre_render_html_tag()
Dries's avatar
Dries committed
305
 */
306 307
function drupal_add_html_head($data = NULL, $key = NULL) {
  $stored_head = &drupal_static(__FUNCTION__);
Dries's avatar
Dries committed
308

309 310 311 312 313 314 315 316 317 318
  if (!isset($stored_head)) {
    // Make sure the defaults, including Content-Type, come first.
    $stored_head = _drupal_default_html_head();
  }

  if (isset($data) && isset($key)) {
    if (!isset($data['#type'])) {
      $data['#type'] = 'html_tag';
    }
    $stored_head[$key] = $data;
Dries's avatar
Dries committed
319 320 321 322
  }
  return $stored_head;
}

Dries's avatar
 
Dries committed
323
/**
324 325 326 327 328 329 330 331 332 333
 * Returns elements that are always displayed in the HEAD tag of the HTML page.
 */
function _drupal_default_html_head() {
  // Add default elements. Make sure the Content-Type comes first because the
  // IE browser may be vulnerable to XSS via encoding attacks from any content
  // that comes before this META tag, such as a TITLE tag.
  $elements['system_meta_content_type'] = array(
    '#type' => 'html_tag',
    '#tag' => 'meta',
    '#attributes' => array(
334
      'charset' => 'utf-8',
335 336 337 338 339 340
    ),
    // Security: This always has to be output first.
    '#weight' => -1000,
  );
  // Show Drupal and the major version number in the META GENERATOR tag.
  // Get the major version.
341
  list($version, ) = explode('.', \Drupal::VERSION);
342 343 344 345 346 347 348 349 350 351 352 353 354 355
  $elements['system_meta_generator'] = array(
    '#type' => 'html_tag',
    '#tag' => 'meta',
    '#attributes' => array(
      'name' => 'Generator',
      'content' => 'Drupal ' . $version . ' (http://drupal.org)',
    ),
  );
  // Also send the generator in the HTTP header.
  $elements['system_meta_generator']['#attached']['drupal_add_http_header'][] = array('X-Generator', $elements['system_meta_generator']['#attributes']['content']);
  return $elements;
}

/**
356
 * Retrieves output to be displayed in the HEAD tag of the HTML page.
357
  */
Dries's avatar
Dries committed
358
function drupal_get_html_head() {
359
  $elements = drupal_add_html_head();
360
  \Drupal::moduleHandler()->alter('html_head', $elements);
361
  return drupal_render($elements);
Dries's avatar
Dries committed
362 363
}

364
/**
365
 * Adds a feed URL for the current page.
366
 *
367 368
 * This function can be called as long the HTML header hasn't been sent.
 *
369
 * @param $url
370
 *   An internal system path or a fully qualified external URL of the feed.
371
 * @param $title
372
 *   The title of the feed.
373
 */
374
function drupal_add_feed($url = NULL, $title = '') {
375
  $stored_feed_links = &drupal_static(__FUNCTION__, array());
376

377
  if (isset($url)) {
378 379 380 381 382
    $feed_icon = array(
      '#theme' => 'feed_icon',
      '#url' => $url,
      '#title' => $title,
    );
383

384
    $feed_icon['#attached']['drupal_add_html_head_link'][][] = array(
385 386 387 388 389 390
      'rel' => 'alternate',
      'type' => 'application/rss+xml',
      'title' => $title,
      // Force the URL to be absolute, for consistency with other <link> tags
      // output by Drupal.
      'href' => url($url, array('absolute' => TRUE)),
391
    );
392 393

    $stored_feed_links[$url] = drupal_render($feed_icon);
394 395 396 397 398
  }
  return $stored_feed_links;
}

/**
399
 * Gets the feed URLs for the current page.
400 401
 *
 * @param $delimiter
402
 *   A delimiter to split feeds by.
403 404 405 406 407 408
 */
function drupal_get_feeds($delimiter = "\n") {
  $feeds = drupal_add_feed();
  return implode($feeds, $delimiter);
}

Dries's avatar
 
Dries committed
409
/**
410
 * @defgroup http_handling HTTP handling
Dries's avatar
 
Dries committed
411
 * @{
Dries's avatar
 
Dries committed
412
 * Functions to properly handle HTTP responses.
Dries's avatar
 
Dries committed
413 414
 */

415
/**
416
 * Processes a URL query parameter array to remove unwanted elements.
417 418
 *
 * @param $query
419 420
 *   (optional) An array to be processed. Defaults to \Drupal::request()->query
 *   parameters.
421
 * @param $exclude
422
 *   (optional) A list of $query array keys to remove. Use "parent[child]" to
423
 *   exclude nested items.
424
 * @param $parent
425 426
 *   Internal use only. Used to build the $query array key for nested items.
 *
427
 * @return
428
 *   An array containing query parameters, which can be used for url().
429
 *
430 431
 * @deprecated in Drupal 8.x-dev, will be removed before Drupal 8.0.
 *   Use \Drupal\Component\Utility\Url::filterQueryParameters().
432
 */
433
function drupal_get_query_parameters(array $query = NULL, array $exclude = array(), $parent = '') {
434
  if (!isset($query)) {
435
    $query = \Drupal::request()->query->all();
436
  }
437
  return Url::filterQueryParameters($query, $exclude, $parent);
438 439
}

440
/**
441
 * Parses an array into a valid, rawurlencoded query string.
442 443 444
 *
 * @see drupal_get_query_parameters()
 * @ingroup php_wrappers
445
 *
446 447
 * @deprecated in Drupal 8.x-dev, will be removed before Drupal 8.0.
 *   Use \Drupal\Component\Utility\Url::buildQuery().
448 449
 */
function drupal_http_build_query(array $query, $parent = '') {
450
  return Url::buildQuery($query, $parent);
451 452
}

453
/**
454
 * Prepares a 'destination' URL query parameter for use with url().
455
 *
456 457 458 459
 * Used to direct the user back to the referring page after completing a form.
 * By default the current URL is returned. If a destination exists in the
 * previous request, that destination is returned. As such, a destination can
 * persist across multiple pages.
460
 *
461 462 463 464 465 466
 * @return
 *   An associative array containing the key:
 *   - destination: The path provided via the destination query string or, if
 *     not available, the current path.
 *
 * @see current_path()
467 468
 */
function drupal_get_destination() {
469 470 471 472 473 474
  $destination = &drupal_static(__FUNCTION__);

  if (isset($destination)) {
    return $destination;
  }

475
  $query = \Drupal::request()->query;
476 477
  if ($query->has('destination')) {
    $destination = array('destination' => $query->get('destination'));
478 479
  }
  else {
480
    $path = current_path();
481
    $query = Url::buildQuery(Url::filterQueryParameters($query->all()));
482
    if ($query != '') {
483
      $path .= '?' . $query;
484
    }
485 486 487 488 489 490
    $destination = array('destination' => $path);
  }
  return $destination;
}

/**
491
 * Parses a system URL string into an associative array suitable for url().
492 493
 *
 * This function should only be used for URLs that have been generated by the
494 495
 * system, such as via url(). It should not be used for URLs that come from
 * external sources, or URLs that link to external resources.
496 497 498 499
 *
 * The returned array contains a 'path' that may be passed separately to url().
 * For example:
 * @code
500
 *   $options = drupal_parse_url(\Drupal::request()->query->get('destination'));
501 502 503 504 505 506 507 508 509 510
 *   $my_url = url($options['path'], $options);
 *   $my_link = l('Example link', $options['path'], $options);
 * @endcode
 *
 * This is required, because url() does not support relative URLs containing a
 * query string or fragment in its $path argument. Instead, any query string
 * needs to be parsed into an associative query parameter array in
 * $options['query'] and the fragment into $options['fragment'].
 *
 * @param $url
511
 *   The URL string to parse.
512 513 514 515 516 517 518 519 520 521
 *
 * @return
 *   An associative array containing the keys:
 *   - 'path': The path of the URL. If the given $url is external, this includes
 *     the scheme and host.
 *   - 'query': An array of query parameters of $url, if existent.
 *   - 'fragment': The fragment of $url, if existent.
 *
 * @see url()
 * @ingroup php_wrappers
522
 *
523 524
 * @deprecated in Drupal 8.x-dev, will be removed before Drupal 8.0.
 *   Use \Drupal\Component\Utility\Url::parse().
525 526
 */
function drupal_parse_url($url) {
527
  return Url::parse($url);
528 529 530
}

/**
531
 * Encodes a Drupal path for use in a URL.
532
 *
533
 * For aesthetic reasons slashes are not escaped.
534
 *
535 536
 * Note that url() takes care of calling this function, so a path passed to that
 * function should not be encoded in advance.
537 538
 *
 * @param $path
539
 *   The Drupal path to encode.
540
 *
541 542
 * @deprecated in Drupal 8.x-dev, will be removed before Drupal 8.0.
 *   Use \Drupal\Component\Utility\Url::encodePath().
543 544
 */
function drupal_encode_path($path) {
545
  return Url::encodePath($path);
546 547
}

548 549 550 551 552 553 554 555
/**
 * Determines if an external URL points to this Drupal installation.
 *
 * @param $url
 *   A string containing an external URL, such as "http://example.com/foo".
 *
 * @return
 *   TRUE if the URL has the same domain and base path.
556
 *
557 558
 * @deprecated in Drupal 8.x-dev, will be removed before Drupal 8.0.
 *   Use \Drupal\Component\Utility\Url::externalIsLocal().
559 560
 */
function _external_url_is_local($url) {
561
  return Url::externalIsLocal($url, base_path());
562 563
}

564 565 566 567 568 569 570
/**
 * Helper function for determining hosts excluded from needing a proxy.
 *
 * @return
 *   TRUE if a proxy should be used for this host.
 */
function _drupal_http_use_proxy($host) {
571
  $proxy_exceptions = settings()->get('proxy_exceptions', array('localhost', '127.0.0.1'));
572 573 574
  return !in_array(strtolower($host), $proxy_exceptions, TRUE);
}

Dries's avatar
 
Dries committed
575
/**
576
 * @} End of "defgroup http_handling".
Dries's avatar
 
Dries committed
577
 */
Dries's avatar
 
Dries committed
578

Kjartan's avatar
Kjartan committed
579
/**
Dries's avatar
 
Dries committed
580
 * @defgroup validation Input validation
Dries's avatar
 
Dries committed
581
 * @{
Dries's avatar
 
Dries committed
582
 * Functions to validate user input.
Kjartan's avatar
Kjartan committed
583 584
 */

585
/**
586
 * Verifies the syntax of the given e-mail address.
Dries's avatar
 
Dries committed
587
 *
588 589
 * This uses the
 * @link http://php.net/manual/filter.filters.validate.php PHP e-mail validation filter. @endlink
590
 *
Dries's avatar
 
Dries committed
591
 * @param $mail
592
 *   A string containing an e-mail address.
593
 *
Dries's avatar
 
Dries committed
594
 * @return
Dries's avatar
 
Dries committed
595
 *   TRUE if the address is in a valid format.
596
 */
Dries's avatar
 
Dries committed
597
function valid_email_address($mail) {
598
  return (bool)filter_var($mail, FILTER_VALIDATE_EMAIL);
599 600
}

Dries's avatar
 
Dries committed
601
/**
602
 * Verifies the syntax of the given URL.
Dries's avatar
 
Dries committed
603
 *
604 605
 * This function should only be used on actual URLs. It should not be used for
 * Drupal menu paths, which can contain arbitrary characters.
606
 * Valid values per RFC 3986.
Dries's avatar
 
Dries committed
607
 * @param $url
Dries's avatar
 
Dries committed
608
 *   The URL to verify.
Dries's avatar
 
Dries committed
609
 * @param $absolute
Dries's avatar
 
Dries committed
610
 *   Whether the URL is absolute (beginning with a scheme such as "http:").
611
 *
Dries's avatar
 
Dries committed
612
 * @return
Dries's avatar
 
Dries committed
613
 *   TRUE if the URL is in a valid format.
614
 *
615
 * @see \Drupal\Component\Utility\Url::isValid()
616
 *
617 618
 * @deprecated in Drupal 8.x-dev, will be removed before Drupal 8.0.
 *   Use \Drupal\Component\Utility\Url::isValid().
Dries's avatar
 
Dries committed
619
 */
Dries's avatar
 
Dries committed
620
function valid_url($url, $absolute = FALSE) {
621
  return Url::isValid($url, $absolute);
Dries's avatar
 
Dries committed
622 623
}

624 625 626 627
/**
 * @} End of "defgroup validation".
 */

628 629 630 631
/**
 * @defgroup sanitization Sanitization functions
 * @{
 * Functions to sanitize values.
632 633 634
 *
 * See http://drupal.org/writing-secure-code for information
 * on writing secure code.
635 636
 */

637
/**
638
 * Strips dangerous protocols from a URI and encodes it for output to HTML.
639 640 641 642 643 644 645
 *
 * @param $uri
 *   A plain-text URI that might contain dangerous protocols.
 *
 * @return
 *   A URI stripped of dangerous protocols and encoded for output to an HTML
 *   attribute value. Because it is already encoded, it should not be set as a
646 647 648
 *   value within a $attributes array passed to Drupal\Core\Template\Attribute,
 *   because Drupal\Core\Template\Attribute expects those values to be
 *   plain-text strings. To pass a filtered URI to
649 650
 *   Drupal\Core\Template\Attribute, call
 *   \Drupal\Component\Utility\Url::stripDangerousProtocols() instead.
651
 *
652 653
 * @see \Drupal\Component\Utility\Url::stripDangerousProtocols()
 * @see \Drupal\Component\Utility\String::checkPlain()
Dries's avatar
Dries committed
654 655
 */
function check_url($uri) {
656
  return String::checkPlain(Url::stripDangerousProtocols($uri));
Dries's avatar
Dries committed
657 658
}

659
/**
660
 * Applies a very permissive XSS/HTML filter for admin-only use.
661 662 663
 *
 * Use only for fields where it is impractical to use the
 * whole filter system, but where some (mainly inline) mark-up
664 665
 * is desired (so \Drupal\Component\Utility\String::checkPlain() is not
 * acceptable).
666 667 668
 *
 * Allows all tags that can be used inside an HTML body, save
 * for scripts and styles.
669 670 671 672 673 674 675 676
 *
 * @param string $string
 *   The string to apply the filter to.
 *
 * @return string
 *   The filtered string.
 *
 * @see \Drupal\Component\Utility\Xss::filterAdmin()
677 678
 */
function filter_xss_admin($string) {
679
  return Xss::filterAdmin($string);
680 681 682
}

/**
683
 * Filters HTML to prevent cross-site-scripting (XSS) vulnerabilities.
684
 *
685 686
 * Based on kses by Ulf Harnhammar, see http://sourceforge.net/projects/kses.
 * For examples of various XSS attacks, see: http://ha.ckers.org/xss.html.
687 688
 *
 * This code does four things:
689 690 691 692 693
 * - Removes characters and constructs that can trick browsers.
 * - Makes sure all HTML entities are well-formed.
 * - Makes sure all HTML tags and attributes are well-formed.
 * - Makes sure no HTML tags contain URLs with a disallowed protocol (e.g.
 *   javascript:).
694 695
 *
 * @param $string
696 697
 *   The string with raw HTML in it. It will be stripped of everything that can
 *   cause an XSS attack.
698 699
 * @param $allowed_tags
 *   An array of allowed tags.
700 701 702 703 704
 *
 * @return
 *   An XSS safe version of $string, or an empty string if $string is not
 *   valid UTF-8.
 *
705 706
 * @see \Drupal\Component\Utility\Xss::filter()
 *
707
 * @ingroup sanitization
708 709
 */
function filter_xss($string, $allowed_tags = array('a', 'em', 'strong', 'cite', 'blockquote', 'code', 'ul', 'ol', 'li', 'dl', 'dt', 'dd')) {
710
  return Xss::filter($string, $allowed_tags);
711 712 713
}

/**
714
 * Processes an HTML attribute value and strips dangerous protocols from URLs.
715
 *
716
 * @param string $string
717
 *   The string with the attribute value.
718
 *
719
 * @return string
720
 *   Cleaned up and HTML-escaped version of $string.
721 722
 *
 * @see \Drupal\Component\Utility\Url::filterBadProtocol()
723
 */
724
function filter_xss_bad_protocol($string) {
725
  return Url::filterBadProtocol($string);
726 727 728 729 730 731
}

/**
 * @} End of "defgroup sanitization".
 */

Dries's avatar
 
Dries committed
732
/**
Dries's avatar
 
Dries committed
733
 * @defgroup format Formatting
Dries's avatar
 
Dries committed
734
 * @{
Dries's avatar
 
Dries committed
735
 * Functions to format numbers, strings, dates, etc.
Dries's avatar
 
Dries committed
736 737
 */

Dries's avatar
 
Dries committed
738 739 740 741 742
/**
 * Formats an RSS channel.
 *
 * Arbitrary elements may be added using the $args associative array.
 */
743
function format_rss_channel($title, $link, $description, $items, $langcode = NULL, $args = array()) {
744
  $langcode = $langcode ? $langcode : \Drupal::languageManager()->getCurrentLanguage(Language::TYPE_CONTENT)->id;
Dries's avatar
 
Dries committed
745

Dries's avatar
Dries committed
746
  $output = "<channel>\n";
747
  $output .= ' <title>' . String::checkPlain($title) . "</title>\n";
748
  $output .= ' <link>' . check_url($link) . "</link>\n";
749 750 751 752

  // The RSS 2.0 "spec" doesn't indicate HTML can be used in the description.
  // We strip all HTML tags, but need to prevent double encoding from properly
  // escaped source data (such as &amp becoming &amp;amp;).
753 754
  $output .= ' <description>' . String::checkPlain(decode_entities(strip_tags($description))) . "</description>\n";
  $output .= ' <language>' . String::checkPlain($langcode) . "</language>\n";
755
  $output .= format_xml_elements($args);
Dries's avatar
 
Dries committed
756 757 758 759 760 761
  $output .= $items;
  $output .= "</channel>\n";

  return $output;
}

Dries's avatar
 
Dries committed
762
/**
763
 * Formats a single RSS item.
Dries's avatar
 
Dries committed
764 765 766
 *
 * Arbitrary elements may be added using the $args associative array.
 */
Dries's avatar
 
Dries committed
767
function format_rss_item($title, $link, $description, $args = array()) {
Dries's avatar
Dries committed
768
  $output = "<item>\n";
769
  $output .= ' <title>' . String::checkPlain($title) . "</title>\n";
770
  $output .= ' <link>' . check_url($link) . "</link>\n";
771
  $output .= ' <description>' . String::checkPlain($description) . "</description>\n";
772 773 774 775 776 777 778
  $output .= format_xml_elements($args);
  $output .= "</item>\n";

  return $output;
}

/**
779
 * Formats XML elements.
780 781
 *
 * @param $array
782
 *   An array where each item represents an element and is either a:
783 784 785 786 787 788 789 790 791 792
 *   - (key => value) pair (<key>value</key>)
 *   - Associative array with fields:
 *     - 'key': element name
 *     - 'value': element contents
 *     - 'attributes': associative array of element attributes
 *
 * In both cases, 'value' can be a simple string, or it can be another array
 * with the same format as $array itself for nesting.
 */
function format_xml_elements($array) {
793
  $output = '';
794 795
  foreach ($array as $key => $value) {
    if (is_numeric($key)) {
Dries's avatar
 
Dries committed
796
      if ($value['key']) {
797
        $output .= ' <' . $value['key'];
798
        if (isset($value['attributes']) && is_array($value['attributes'])) {
799
          $output .= new Attribute($value['attributes']);
Dries's avatar
 
Dries committed
800 801
        }

802
        if (isset($value['value']) && $value['value'] != '') {
803
          $output .= '>' . (is_array($value['value']) ? format_xml_elements($value['value']) : String::checkPlain($value['value'])) . '</' . $value['key'] . ">\n";
Dries's avatar
 
Dries committed
804 805 806 807 808 809 810
        }
        else {
          $output .= " />\n";
        }
      }
    }
    else {
811
      $output .= ' <' . $key . '>' . (is_array($value) ? format_xml_elements($value) : String::checkPlain($value)) . "</$key>\n";
Dries's avatar
 
Dries committed
812
    }
Dries's avatar
 
Dries committed
813
  }
Dries's avatar
 
Dries committed
814 815 816
  return $output;
}

Dries's avatar
 
Dries committed
817
/**
818
 * Formats a string containing a count of items.
Dries's avatar
 
Dries committed
819
 *
Dries's avatar
 
Dries committed
820
 * This function ensures that the string is pluralized correctly. Since t() is
821 822
 * called by this function, make sure not to pass already-localized strings to
 * it.
Dries's avatar
 
Dries committed
823
 *
824 825 826 827 828 829 830 831 832 833
 * For example:
 * @code
 *   $output = format_plural($node->comment_count, '1 comment', '@count comments');
 * @endcode
 *
 * Example with additional replacements:
 * @code
 *   $output = format_plural($update_count,
 *     'Changed the content type of 1 post from %old-type to %new-type.',
 *     'Changed the content type of @count posts from %old-type to %new-type.',
834
 *     array('%old-type' => $info->old_type, '%new-type' => $info->new_type));
835 836
 * @endcode
 *
Dries's avatar
 
Dries committed
837 838 839
 * @param $count
 *   The item count to display.
 * @param $singular
840 841 842
 *   The string for the singular case. Make sure it is clear this is singular,
 *   to ease translation (e.g. use "1 new comment" instead of "1 new"). Do not
 *   use @count in the singular string.
Dries's avatar
 
Dries committed
843
 * @param $plural
844 845 846
 *   The string for the plural case. Make sure it is clear this is plural, to
 *   ease translation. Use @count in place of the item count, as in
 *   "@count new comments".
847
 * @param $args
848
 *   An associative array of replacements to make after translation. Instances
849
 *   of any key in this array are replaced with the corresponding value.
850 851 852
 *   Based on the first character of the key, the value is escaped and/or
 *   themed. See format_string(). Note that you do not need to include @count
 *   in this array; this replacement is done automatically for the plural case.
853
 * @param $options
854 855
 *   An associative array of additional options. See t() for allowed keys.
 *
Dries's avatar
 
Dries committed
856 857
 * @return
 *   A translated string.
858 859 860
 *
 * @see t()
 * @see format_string()
861
 * @see \Drupal\Core\StringTranslation\TranslationManager->formatPlural()
862
 *
863 864
 * @deprecated in Drupal 8.x-dev, will be removed before Drupal 8.0.
 *   Use \Drupal::translation()->formatPlural().
Dries's avatar
 
Dries committed
865
 */
866
function format_plural($count, $singular, $plural, array $args = array(), array $options = array()) {
867
  return \Drupal::translation()->formatPlural($count, $singular, $plural, $args, $options);
Dries's avatar
 
Dries committed
868 869
}

870
/**
871
 * Parses a given byte count.
872 873
 *
 * @param $size
874 875
 *   A size expressed as a number of bytes with optional SI or IEC binary unit
 *   prefix (e.g. 2, 3K, 5MB, 10G, 6GiB, 8 bytes, 9mbytes).
876
 *
877
 * @return
878
 *   An integer representation of the size in bytes.
879 880
 */
function parse_size($size) {
881 882 883 884 885 886 887 888
  $unit = preg_replace('/[^bkmgtpezy]/i', '', $size); // Remove the non-unit characters from the size.
  $size = preg_replace('/[^0-9\.]/', '', $size); // Remove the non-numeric characters from the size.
  if ($unit) {
    // Find the position of the unit in the ordered string which is the power of magnitude to multiply a kilobyte by.
    return round($size * pow(DRUPAL_KILOBYTE, stripos('bkmgtpezy', $unit[0])));
  }
  else {
    return round($size);
889 890 891
  }
}

Dries's avatar
 
Dries committed
892
/**
893
 * Generates a string representation for the given byte count.
Dries's avatar
 
Dries committed
894
 *
Dries's avatar
 
Dries committed
895
 * @param $size
896
 *   A size in bytes.
897
 * @param $langcode
898 899
 *   Optional language code to translate to a language other than what is used
 *   to display the page.
900
 *
Dries's avatar
 
Dries committed
901 902
 * @return
 *   A translated string representation of the size.
Dries's avatar
 
Dries committed
903
 */
904
function format_size($size, $langcode = NULL) {
905
  if ($size < DRUPAL_KILOBYTE) {
906
    return format_plural($size, '1 byte', '@count bytes', array(), array('langcode' => $langcode));
Dries's avatar
 
Dries committed
907
  }
908
  else {
909
    $size = $size / DRUPAL_KILOBYTE; // Convert bytes to kilobytes.
910
    $units = array(
911 912 913 914 915 916 917 918
      t('@size KB', array(), array('langcode' => $langcode)),
      t('@size MB', array(), array('langcode' => $langcode)),
      t('@size GB', array(), array('langcode' => $langcode)),
      t('@size TB', array(), array('langcode' => $langcode)),
      t('@size PB', array(), array('langcode' => $langcode)),
      t('@size EB', array(), array('langcode' => $langcode)),
      t('@size ZB', array(), array('langcode' => $langcode)),
      t('@size YB', array(), array('langcode' => $langcode)),
919 920
    );
    foreach ($units as $unit) {
921 922
      if (round($size, 2) >= DRUPAL_KILOBYTE) {
        $size = $size / DRUPAL_KILOBYTE;
923 924 925 926
      }
      else {
        break;
      }
927
    }
928
    return str_replace('@size', round($size, 2), $unit);
Dries's avatar
 
Dries committed
929 930 931
  }
}

Dries's avatar
 
Dries committed
932
/**
933
 * Formats a time interval with the requested granularity.
Dries's avatar
 
Dries committed
934
 *
935
 * @param $interval
Dries's avatar
 
Dries committed
936 937 938
 *   The length of the interval in seconds.
 * @param $granularity
 *   How many different units to display in the string.
939 940 941
 * @param $langcode
 *   Optional language code to translate to a language other than
 *   what is used to display the page.
942
 *
Dries's avatar
 
Dries committed
943 944
 * @return
 *   A translated string representation of the interval.
945
 *
946 947 948 949
 * @see \Drupal\Core\Datetime\Date::formatInterval()
 *
 * @deprecated in Drupal 8.x-dev, will be removed before Drupal 8.0.
 *   Use \Drupal::service('date')->formatInterval().
Dries's avatar
 
Dries committed
950
 */
951
function format_interval($interval, $granularity = 2, $langcode = NULL) {
952
  return \Drupal::service('date')->formatInterval($interval, $granularity, $langcode);
Dries's avatar
 
Dries committed
953 954
}

Dries's avatar
 
Dries committed
955
/**
956
 * Formats a date, using a date type or a custom date format string.
Dries's avatar
 
Dries committed
957
 *
Dries's avatar
 
Dries committed
958
 * @param $timestamp
959
 *   A UNIX timestamp to format.
Dries's avatar
 
Dries committed
960
 * @param $type
961
 *   (optional) The format to use, one of:
962 963 964 965 966
 *   - One of the built-in formats: 'short', 'medium',
 *     'long', 'html_datetime', 'html_date', 'html_time',
 *     'html_yearless_date', 'html_week', 'html_month', 'html_year'.
 *   - The name of a date type defined by a module in
 *     hook_date_format_types(), if it's been assigned a format.
967 968 969
 *   - The machine name of an administrator-defined date format.
 *   - 'custom', to use $format.
 *   Defaults to 'medium'.
Dries's avatar
 
Dries committed
970
 * @param $format
971 972 973
 *   (optional) If $type is 'custom', a PHP date format string suitable for
 *   input to date(). Use a backslash to escape ordinary text, so it does not
 *   get interpreted as date format characters.
Dries's avatar
 
Dries committed
974
 * @param $timezone
975
 *   (optional) Time zone identifier, as described at
976
 *   http://php.net/manual/timezones.php Defaults to the time zone used to
977
 *   display the page.
978
 * @param $langcode
979 980 981
 *   (optional) Language code to translate to. Defaults to the language used to
 *   display the page.
 *
Dries's avatar
 
Dries committed
982 983
 * @return
 *   A translated date string in the requested format.
984 985
 *
 * @see \Drupal\Component\Datetime\Date::format()
Dries's avatar
 
Dries committed
986
 */
987
function format_date($timestamp, $type = 'medium', $format = '', $timezone = NULL, $langcode = NULL) {
988
  return \Drupal::service('date')->format($timestamp, $type, $format, $timezone, $langcode);
989 990
}

991 992 993 994 995
/**
 * Returns an ISO8601 formatted date based on the given date.
 *
 * @param $date
 *   A UNIX timestamp.
996
 *
997 998 999 1000 1001 1002 1003 1004 1005
 * @return string
 *   An ISO8601 formatted date.
 */
function date_iso8601($date) {
  // The DATE_ISO8601 constant cannot be used here because it does not match
  // date('c') and produces invalid RDF markup.
  return date('c', $date);
}

1006
/**
1007 1008 1009
 * Translates a formatted date string.
 *
 * Callback for preg_replace_callback() within format_date().
1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029
 */
function _format_date_callback(array $matches = NULL, $new_langcode = NULL) {
  // We cache translations to avoid redundant and rather costly calls to t().
  static $cache, $langcode;

  if (!isset($matches)) {
    $langcode = $new_langcode;
    return;
  }

  $code = $matches[1];
  $string = $matches[2];

  if (!isset($cache[$langcode][$code][$string])) {
    $options = array(
      'langcode' => $langcode,
    );

    if ($code == 'F') {
      $options['context'] = 'Long month name';
Dries's avatar
 
Dries committed
1030
    }