common.inc 280 KB
Newer Older
Dries's avatar
   
Dries committed
1
2
<?php

3
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
4
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
5
use Drupal\Core\Database\Database;
6

Dries's avatar
   
Dries committed
7
8
9
10
11
12
13
14
/**
 * @file
 * Common functions that many Drupal modules will need to reference.
 *
 * The functions that are critical and need to be available even when serving
 * a cached page are instead located in bootstrap.inc.
 */

15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
/**
 * @defgroup php_wrappers PHP wrapper functions
 * @{
 * Functions that are wrappers or custom implementations of PHP functions.
 *
 * Certain PHP functions should not be used in Drupal. Instead, Drupal's
 * replacement functions should be used.
 *
 * For example, for improved or more secure UTF8-handling, or RFC-compliant
 * handling of URLs in Drupal.
 *
 * For ease of use and memorizing, all these wrapper functions use the same name
 * as the original PHP function, but prefixed with "drupal_". Beware, however,
 * that not all wrapper functions support the same arguments as the original
 * functions.
 *
 * You should always use these wrapper functions in your code.
 *
 * Wrong:
 * @code
 *   $my_substring = substr($original_string, 0, 5);
 * @endcode
 *
 * Correct:
 * @code
 *   $my_substring = drupal_substr($original_string, 0, 5);
 * @endcode
 *
43
 * @}
44
45
 */

46
47
48
/**
 * Return status for saving which involved creating a new item.
 */
49
const SAVED_NEW = 1;
50
51
52
53

/**
 * Return status for saving which involved an update to an existing item.
 */
54
const SAVED_UPDATED = 2;
55
56
57
58

/**
 * Return status for saving which deleted an existing item.
 */
59
const SAVED_DELETED = 3;
60

61
/**
62
 * The default group for system CSS files added to the page.
63
 */
64
const CSS_SYSTEM = -100;
65
66

/**
67
 * The default group for module CSS files added to the page.
68
 */
69
const CSS_DEFAULT = 0;
70
71

/**
72
 * The default group for theme CSS files added to the page.
73
 */
74
const CSS_THEME = 100;
75

76
/**
77
 * The default group for JavaScript and jQuery libraries added to the page.
78
 */
79
const JS_LIBRARY = -100;
80
81

/**
82
 * The default group for module JavaScript code added to the page.
83
 */
84
const JS_DEFAULT = 0;
85
86

/**
87
 * The default group for theme JavaScript code added to the page.
88
 */
89
const JS_THEME = 100;
90

91
92
93
/**
 * The default group for JavaScript settings added to the page.
 */
94
const JS_SETTING = 200;
95

96
/**
97
98
99
 * Error code indicating that the request exceeded the specified timeout.
 *
 * @see drupal_http_request()
100
 */
101
const HTTP_REQUEST_TIMEOUT = -1;
102

103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
/**
 * Constants defining cache granularity for blocks and renderable arrays.
 *
 * Modules specify the caching patterns for their blocks using binary
 * combinations of these constants in their hook_block_info():
 *   $block[delta]['cache'] = DRUPAL_CACHE_PER_ROLE | DRUPAL_CACHE_PER_PAGE;
 * DRUPAL_CACHE_PER_ROLE is used as a default when no caching pattern is
 * specified. Use DRUPAL_CACHE_CUSTOM to disable standard block cache and
 * implement
 *
 * The block cache is cleared in cache_clear_all(), and uses the same clearing
 * policy than page cache (node, comment, user, taxonomy added or updated...).
 * Blocks requiring more fine-grained clearing might consider disabling the
 * built-in block cache (DRUPAL_NO_CACHE) and roll their own.
 *
 * Note that user 1 is excluded from block caching.
 */

/**
122
123
124
125
126
127
128
 * The block should not get cached.
 *
 * This setting should be used:
 * - For simple blocks (notably those that do not perform any db query), where
 *   querying the db cache would be more expensive than directly generating the
 *   content.
 * - For blocks that change too frequently.
129
 */
130
const DRUPAL_NO_CACHE = -1;
131
132

/**
133
134
135
136
137
 * The block is handling its own caching in its hook_block_view().
 *
 * From the perspective of the block cache system, this is equivalent to
 * DRUPAL_NO_CACHE. Useful when time based expiration is needed or a site uses
 * a node access which invalidates standard block cache.
138
 */
139
const DRUPAL_CACHE_CUSTOM = -2;
140
141

/**
142
143
144
145
 * The block or element can change depending on the user's roles.
 *
 * This is the default setting for blocks, used when the block does not specify
 * anything.
146
 */
147
const DRUPAL_CACHE_PER_ROLE = 0x0001;
148
149

/**
150
151
 * The block or element can change depending on the user.
 *
152
153
154
 * This setting can be resource-consuming for sites with large number of users,
 * and thus should only be used when DRUPAL_CACHE_PER_ROLE is not sufficient.
 */
155
const DRUPAL_CACHE_PER_USER = 0x0002;
156
157
158
159

/**
 * The block or element can change depending on the page being viewed.
 */
160
const DRUPAL_CACHE_PER_PAGE = 0x0004;
161
162

/**
163
 * The block or element is the same for every user and page that it is visible.
164
 */
165
const DRUPAL_CACHE_GLOBAL = 0x0008;
166

167
168
169
170
171
172
173
174
175
/**
 * The delimiter used to split plural strings.
 *
 * This is the ETX (End of text) character and is used as a minimal means to
 * separate singular and plural variants in source and translation text. It
 * was found to be the most compatible delimiter for the supported databases.
 */
const LOCALE_PLURAL_DELIMITER = "\03";

176
/**
177
 * Adds content to a specified region.
178
179
 *
 * @param $region
180
 *   Page region the content is added to.
181
 * @param $data
182
 *   Content to be added.
183
 */
184
function drupal_add_region_content($region = NULL, $data = NULL) {
185
186
  static $content = array();

187
  if (isset($region) && isset($data)) {
188
189
190
191
192
193
    $content[$region][] = $data;
  }
  return $content;
}

/**
194
 * Gets assigned content for a given region.
195
196
 *
 * @param $region
197
198
 *   A specified region to fetch content for. If NULL, all regions will be
 *   returned.
199
 * @param $delimiter
200
 *   Content to be inserted between imploded array elements.
201
 */
202
203
function drupal_get_region_content($region = NULL, $delimiter = ' ') {
  $content = drupal_add_region_content();
204
205
  if (isset($region)) {
    if (isset($content[$region]) && is_array($content[$region])) {
Steven Wittens's avatar
Steven Wittens committed
206
      return implode($delimiter, $content[$region]);
207
    }
208
209
210
211
  }
  else {
    foreach (array_keys($content) as $region) {
      if (is_array($content[$region])) {
Steven Wittens's avatar
Steven Wittens committed
212
        $content[$region] = implode($delimiter, $content[$region]);
213
214
215
216
217
218
      }
    }
    return $content;
  }
}

219
/**
220
 * Gets the name of the currently active install profile.
221
222
223
224
 *
 * When this function is called during Drupal's initial installation process,
 * the name of the profile that's about to be installed is stored in the global
 * installation state. At all other times, the standard Drupal systems variable
225
226
 * table contains the name of the current profile, and we can call
 * variable_get() to determine what one is active.
227
228
229
230
231
232
233
234
235
236
237
 *
 * @return $profile
 *   The name of the install profile.
 */
function drupal_get_profile() {
  global $install_state;

  if (isset($install_state['parameters']['profile'])) {
    $profile = $install_state['parameters']['profile'];
  }
  else {
238
    $profile = variable_get('install_profile', 'standard');
239
240
241
242
243
244
  }

  return $profile;
}


Dries's avatar
   
Dries committed
245
/**
246
 * Sets the breadcrumb trail for the current page.
Dries's avatar
   
Dries committed
247
 *
Dries's avatar
   
Dries committed
248
249
250
 * @param $breadcrumb
 *   Array of links, starting with "home" and proceeding up to but not including
 *   the current page.
Kjartan's avatar
Kjartan committed
251
 */
Dries's avatar
   
Dries committed
252
function drupal_set_breadcrumb($breadcrumb = NULL) {
253
  $stored_breadcrumb = &drupal_static(__FUNCTION__);
Dries's avatar
   
Dries committed
254

255
  if (isset($breadcrumb)) {
Dries's avatar
   
Dries committed
256
257
258
259
260
    $stored_breadcrumb = $breadcrumb;
  }
  return $stored_breadcrumb;
}

Dries's avatar
   
Dries committed
261
/**
262
 * Gets the breadcrumb trail for the current page.
Dries's avatar
   
Dries committed
263
 */
Dries's avatar
   
Dries committed
264
265
266
function drupal_get_breadcrumb() {
  $breadcrumb = drupal_set_breadcrumb();

267
  if (!isset($breadcrumb)) {
Dries's avatar
   
Dries committed
268
269
270
271
272
273
    $breadcrumb = menu_get_active_breadcrumb();
  }

  return $breadcrumb;
}

Dries's avatar
Dries committed
274
/**
275
 * Adds output to the HEAD tag of the HTML page.
276
 *
277
 * This function can be called as long as the headers aren't sent. Pass no
278
279
280
281
282
283
284
285
286
287
288
289
290
 * arguments (or NULL for both) to retrieve the currently stored elements.
 *
 * @param $data
 *   A renderable array. If the '#type' key is not set then 'html_tag' will be
 *   added as the default '#type'.
 * @param $key
 *   A unique string key to allow implementations of hook_html_head_alter() to
 *   identify the element in $data. Required if $data is not NULL.
 *
 * @return
 *   An array of all stored HEAD elements.
 *
 * @see theme_html_tag()
Dries's avatar
Dries committed
291
 */
292
293
function drupal_add_html_head($data = NULL, $key = NULL) {
  $stored_head = &drupal_static(__FUNCTION__);
Dries's avatar
Dries committed
294

295
296
297
298
299
300
301
302
303
304
  if (!isset($stored_head)) {
    // Make sure the defaults, including Content-Type, come first.
    $stored_head = _drupal_default_html_head();
  }

  if (isset($data) && isset($key)) {
    if (!isset($data['#type'])) {
      $data['#type'] = 'html_tag';
    }
    $stored_head[$key] = $data;
Dries's avatar
Dries committed
305
306
307
308
  }
  return $stored_head;
}

Dries's avatar
   
Dries committed
309
/**
310
311
312
313
314
315
316
317
318
319
 * Returns elements that are always displayed in the HEAD tag of the HTML page.
 */
function _drupal_default_html_head() {
  // Add default elements. Make sure the Content-Type comes first because the
  // IE browser may be vulnerable to XSS via encoding attacks from any content
  // that comes before this META tag, such as a TITLE tag.
  $elements['system_meta_content_type'] = array(
    '#type' => 'html_tag',
    '#tag' => 'meta',
    '#attributes' => array(
320
      'charset' => 'utf-8',
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
    ),
    // Security: This always has to be output first.
    '#weight' => -1000,
  );
  // Show Drupal and the major version number in the META GENERATOR tag.
  // Get the major version.
  list($version, ) = explode('.', VERSION);
  $elements['system_meta_generator'] = array(
    '#type' => 'html_tag',
    '#tag' => 'meta',
    '#attributes' => array(
      'name' => 'Generator',
      'content' => 'Drupal ' . $version . ' (http://drupal.org)',
    ),
  );
  // Also send the generator in the HTTP header.
  $elements['system_meta_generator']['#attached']['drupal_add_http_header'][] = array('X-Generator', $elements['system_meta_generator']['#attributes']['content']);
  return $elements;
}

/**
342
 * Retrieves output to be displayed in the HEAD tag of the HTML page.
Dries's avatar
   
Dries committed
343
 */
Dries's avatar
Dries committed
344
function drupal_get_html_head() {
345
346
347
  $elements = drupal_add_html_head();
  drupal_alter('html_head', $elements);
  return drupal_render($elements);
Dries's avatar
Dries committed
348
349
}

350
/**
351
 * Adds a feed URL for the current page.
352
 *
353
354
 * This function can be called as long the HTML header hasn't been sent.
 *
355
 * @param $url
356
 *   An internal system path or a fully qualified external URL of the feed.
357
 * @param $title
358
 *   The title of the feed.
359
 */
360
function drupal_add_feed($url = NULL, $title = '') {
361
  $stored_feed_links = &drupal_static(__FUNCTION__, array());
362

363
  if (isset($url)) {
364
    $stored_feed_links[$url] = theme('feed_icon', array('url' => $url, 'title' => $title));
365

366
367
368
369
370
371
372
373
    drupal_add_html_head_link(array(
      'rel' => 'alternate',
      'type' => 'application/rss+xml',
      'title' => $title,
      // Force the URL to be absolute, for consistency with other <link> tags
      // output by Drupal.
      'href' => url($url, array('absolute' => TRUE)),
    ));
374
375
376
377
378
  }
  return $stored_feed_links;
}

/**
379
 * Gets the feed URLs for the current page.
380
381
 *
 * @param $delimiter
382
 *   A delimiter to split feeds by.
383
384
385
386
387
388
 */
function drupal_get_feeds($delimiter = "\n") {
  $feeds = drupal_add_feed();
  return implode($feeds, $delimiter);
}

Dries's avatar
   
Dries committed
389
/**
390
 * @defgroup http_handling HTTP handling
Dries's avatar
   
Dries committed
391
 * @{
Dries's avatar
   
Dries committed
392
 * Functions to properly handle HTTP responses.
Dries's avatar
   
Dries committed
393
394
 */

395
/**
396
 * Processes a URL query parameter array to remove unwanted elements.
397
398
 *
 * @param $query
399
 *   (optional) An array to be processed. Defaults to $_GET.
400
 * @param $exclude
401
 *   (optional) A list of $query array keys to remove. Use "parent[child]" to
402
 *   exclude nested items.
403
 * @param $parent
404
405
 *   Internal use only. Used to build the $query array key for nested items.
 *
406
 * @return
407
 *   An array containing query parameters, which can be used for url().
408
 */
409
function drupal_get_query_parameters(array $query = NULL, array $exclude = array(), $parent = '') {
410
411
412
413
414
415
416
417
418
419
420
  // Set defaults, if none given.
  if (!isset($query)) {
    $query = $_GET;
  }
  // If $exclude is empty, there is nothing to filter.
  if (empty($exclude)) {
    return $query;
  }
  elseif (!$parent) {
    $exclude = array_flip($exclude);
  }
421

422
  $params = array();
423
  foreach ($query as $key => $value) {
424
425
426
    $string_key = ($parent ? $parent . '[' . $key . ']' : $key);
    if (isset($exclude[$string_key])) {
      continue;
427
428
    }

429
430
431
432
433
    if (is_array($value)) {
      $params[$key] = drupal_get_query_parameters($value, $exclude, $string_key);
    }
    else {
      $params[$key] = $value;
434
    }
435
436
437
438
439
  }

  return $params;
}

440
/**
441
 * Splits a URL-encoded query string into an array.
442
443
444
445
446
447
448
449
450
451
452
453
 *
 * @param $query
 *   The query string to split.
 *
 * @return
 *   An array of url decoded couples $param_name => $value.
 */
function drupal_get_query_array($query) {
  $result = array();
  if (!empty($query)) {
    foreach (explode('&', $query) as $param) {
      $param = explode('=', $param);
454
      $result[$param[0]] = isset($param[1]) ? rawurldecode($param[1]) : NULL;
455
456
457
458
459
    }
  }
  return $result;
}

460
/**
461
 * Parses an array into a valid, rawurlencoded query string.
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
 *
 * This differs from http_build_query() as we need to rawurlencode() (instead of
 * urlencode()) all query parameters.
 *
 * @param $query
 *   The query parameter array to be processed, e.g. $_GET.
 * @param $parent
 *   Internal use only. Used to build the $query array key for nested items.
 *
 * @return
 *   A rawurlencoded string which can be used as or appended to the URL query
 *   string.
 *
 * @see drupal_get_query_parameters()
 * @ingroup php_wrappers
 */
function drupal_http_build_query(array $query, $parent = '') {
  $params = array();

  foreach ($query as $key => $value) {
    $key = ($parent ? $parent . '[' . rawurlencode($key) . ']' : rawurlencode($key));
483

484
    // Recurse into children.
485
    if (is_array($value)) {
486
487
488
489
490
      $params[] = drupal_http_build_query($value, $key);
    }
    // If a query parameter value is NULL, only append its key.
    elseif (!isset($value)) {
      $params[] = $key;
491
492
    }
    else {
493
494
      // For better readability of paths in query strings, we decode slashes.
      $params[] = $key . '=' . str_replace('%2F', '/', rawurlencode($value));
495
496
497
498
499
500
    }
  }

  return implode('&', $params);
}

501
/**
502
 * Prepares a 'destination' URL query parameter for use with drupal_goto().
503
 *
504
505
506
507
 * Used to direct the user back to the referring page after completing a form.
 * By default the current URL is returned. If a destination exists in the
 * previous request, that destination is returned. As such, a destination can
 * persist across multiple pages.
508
509
510
511
 *
 * @see drupal_goto()
 */
function drupal_get_destination() {
512
513
514
515
516
517
  $destination = &drupal_static(__FUNCTION__);

  if (isset($destination)) {
    return $destination;
  }

518
  if (isset($_GET['destination'])) {
519
    $destination = array('destination' => $_GET['destination']);
520
521
  }
  else {
522
    $path = current_path();
523
    $query = drupal_http_build_query(drupal_get_query_parameters());
524
    if ($query != '') {
525
      $path .= '?' . $query;
526
    }
527
528
529
530
531
532
    $destination = array('destination' => $path);
  }
  return $destination;
}

/**
533
 * Parses a system URL string into an associative array suitable for url().
534
535
 *
 * This function should only be used for URLs that have been generated by the
536
537
 * system, such as via url(). It should not be used for URLs that come from
 * external sources, or URLs that link to external resources.
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
 *
 * The returned array contains a 'path' that may be passed separately to url().
 * For example:
 * @code
 *   $options = drupal_parse_url($_GET['destination']);
 *   $my_url = url($options['path'], $options);
 *   $my_link = l('Example link', $options['path'], $options);
 * @endcode
 *
 * This is required, because url() does not support relative URLs containing a
 * query string or fragment in its $path argument. Instead, any query string
 * needs to be parsed into an associative query parameter array in
 * $options['query'] and the fragment into $options['fragment'].
 *
 * @param $url
 *   The URL string to parse, f.e. $_GET['destination'].
 *
 * @return
 *   An associative array containing the keys:
 *   - 'path': The path of the URL. If the given $url is external, this includes
 *     the scheme and host.
 *   - 'query': An array of query parameters of $url, if existent.
 *   - 'fragment': The fragment of $url, if existent.
 *
 * @see url()
 * @see drupal_goto()
 * @ingroup php_wrappers
 */
function drupal_parse_url($url) {
  $options = array(
    'path' => NULL,
    'query' => array(),
    'fragment' => '',
  );

  // External URLs: not using parse_url() here, so we do not have to rebuild
  // the scheme, host, and path without having any use for it.
  if (strpos($url, '://') !== FALSE) {
    // Split off everything before the query string into 'path'.
    $parts = explode('?', $url);
    $options['path'] = $parts[0];
    // If there is a query string, transform it into keyed query parameters.
    if (isset($parts[1])) {
      $query_parts = explode('#', $parts[1]);
      parse_str($query_parts[0], $options['query']);
      // Take over the fragment, if there is any.
      if (isset($query_parts[1])) {
        $options['fragment'] = $query_parts[1];
      }
    }
  }
  // Internal URLs.
  else {
591
592
593
594
595
    // parse_url() does not support relative URLs, so make it absolute. E.g. the
    // relative URL "foo/bar:1" isn't properly parsed.
    $parts = parse_url('http://example.com/' . $url);
    // Strip the leading slash that was just added.
    $options['path'] = substr($parts['path'], 1);
596
597
598
599
600
601
602
603
604
605
606
607
    if (isset($parts['query'])) {
      parse_str($parts['query'], $options['query']);
    }
    if (isset($parts['fragment'])) {
      $options['fragment'] = $parts['fragment'];
    }
  }

  return $options;
}

/**
608
 * Encodes a Drupal path for use in a URL.
609
 *
610
 * For aesthetic reasons slashes are not escaped.
611
 *
612
613
 * Note that url() takes care of calling this function, so a path passed to that
 * function should not be encoded in advance.
614
615
 *
 * @param $path
616
 *   The Drupal path to encode.
617
618
 */
function drupal_encode_path($path) {
619
  return str_replace('%2F', '/', rawurlencode($path));
620
621
}

Kjartan's avatar
Kjartan committed
622
/**
623
 * Sends the user to a different Drupal page.
Kjartan's avatar
Kjartan committed
624
 *
Dries's avatar
   
Dries committed
625
626
 * This issues an on-site HTTP redirect. The function makes sure the redirected
 * URL is formatted correctly.
Kjartan's avatar
Kjartan committed
627
 *
628
629
630
631
632
633
 * If a destination was specified in the current request's URI (i.e.,
 * $_GET['destination']) then it will override the $path and $options values
 * passed to this function. This provides the flexibility to build a link to
 * user/login and override the default redirection so that the user is
 * redirected to a specific path after logging in:
 * @code
634
635
 *   $query = array('destination' => "node/$node->nid");
 *   $link = l(t('Log in'), 'user/login', array('query' => $query));
636
 * @endcode
637
 *
638
639
 * Drupal will ensure that messages set by drupal_set_message() and other
 * session data are written to the database before the user is redirected.
Dries's avatar
   
Dries committed
640
 *
641
642
 * This function ends the request; use it instead of a return in your menu
 * callback.
Dries's avatar
   
Dries committed
643
644
 *
 * @param $path
645
 *   A Drupal path or a full URL.
646
647
 * @param $options
 *   An associative array of additional URL options to pass to url().
648
 * @param $http_response_code
649
650
651
652
653
654
655
656
657
658
659
 *   The valid values for 3xx redirection status codes are defined in
 *   @link http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.3 RFC 2616 @endlink
 *   and the
 *   @link http://tools.ietf.org/html/draft-reschke-http-status-308-07 draft for the new HTTP status codes: @endlink
 *   - 301: Moved Permanently (the recommended value for most redirects).
 *   - 302: Found (default in Drupal and PHP, sometimes used for spamming search
 *     engines).
 *   - 303: See Other.
 *   - 304: Not Modified.
 *   - 305: Use Proxy.
 *   - 307: Temporary Redirect.
660
 *
661
 * @see drupal_get_destination()
662
 * @see url()
Kjartan's avatar
Kjartan committed
663
 */
664
665
function drupal_goto($path = '', array $options = array(), $http_response_code = 302) {
  // A destination in $_GET always overrides the function arguments.
666
667
  // We do not allow absolute URLs to be passed via $_GET, as this can be an attack vector.
  if (isset($_GET['destination']) && !url_is_external($_GET['destination'])) {
668
    $destination = drupal_parse_url($_GET['destination']);
669
670
671
    $path = $destination['path'];
    $options['query'] = $destination['query'];
    $options['fragment'] = $destination['fragment'];
672
673
  }

674
675
676
677
  drupal_alter('drupal_goto', $path, $options, $http_response_code);

  // The 'Location' HTTP header must be absolute.
  $options['absolute'] = TRUE;
678

679
  $url = url($path, $options);
Kjartan's avatar
Kjartan committed
680

681
  header('Location: ' . $url, TRUE, $http_response_code);
682
683

  // The "Location" header sends a redirect status code to the HTTP daemon. In
684
685
  // some cases this can be wrong, so we make sure none of the code below the
  // drupal_goto() call gets executed upon redirection.
686
  drupal_exit($url);
Kjartan's avatar
Kjartan committed
687
688
}

689
/**
690
 * Delivers a "site is under maintenance" message to the browser.
691
692
693
694
695
 *
 * Page callback functions wanting to report a "site offline" message should
 * return MENU_SITE_OFFLINE instead of calling drupal_site_offline(). However,
 * functions that are invoked in contexts where that return value might not
 * bubble up to menu_execute_active_handler() should call drupal_site_offline().
696
697
 */
function drupal_site_offline() {
698
  drupal_deliver_page(MENU_SITE_OFFLINE);
699
700
}

Dries's avatar
   
Dries committed
701
/**
702
 * Performs an HTTP request.
Dries's avatar
   
Dries committed
703
 *
704
705
 * This is a flexible and powerful HTTP client implementation. Correctly
 * handles GET, POST, PUT or any other HTTP requests. Handles redirects.
Dries's avatar
   
Dries committed
706
707
708
 *
 * @param $url
 *   A string containing a fully qualified URI.
709
710
711
712
713
714
715
716
717
718
719
720
 * @param array $options
 *   (optional) An array that can have one or more of the following elements:
 *   - headers: An array containing request headers to send as name/value pairs.
 *   - method: A string containing the request method. Defaults to 'GET'.
 *   - data: A string containing the request body, formatted as
 *     'param=value&param=value&...'. Defaults to NULL.
 *   - max_redirects: An integer representing how many times a redirect
 *     may be followed. Defaults to 3.
 *   - timeout: A float representing the maximum number of seconds the function
 *     call may take. The default is 30 seconds. If a timeout occurs, the error
 *     code is set to the HTTP_REQUEST_TIMEOUT constant.
 *   - context: A context resource created with stream_context_create().
721
 *
722
723
724
725
726
727
728
729
730
731
 * @return object
 *   An object that can have one or more of the following components:
 *   - request: A string containing the request body that was sent.
 *   - code: An integer containing the response status code, or the error code
 *     if an error occurred.
 *   - protocol: The response protocol (e.g. HTTP/1.1 or HTTP/1.0).
 *   - status_message: The status message from the response, if a response was
 *     received.
 *   - redirect_code: If redirected, an integer containing the initial response
 *     status code.
732
733
 *   - redirect_url: If redirected, a string containing the URL of the redirect
 *     target.
734
735
736
737
738
 *   - error: If an error occurred, the error message. Otherwise not set.
 *   - headers: An array containing the response headers as name/value pairs.
 *     HTTP header names are case-insensitive (RFC 2616, section 4.2), so for
 *     easy access the array keys are returned in lower case.
 *   - data: A string containing the response body that was received.
Dries's avatar
   
Dries committed
739
 */
740
function drupal_http_request($url, array $options = array()) {
741
  $result = new stdClass();
Dries's avatar
   
Dries committed
742

743
744
745
746
  // Parse the URL and make sure we can handle the schema.
  $uri = @parse_url($url);

  if ($uri == FALSE) {
747
    $result->error = 'unable to parse URL';
748
    $result->code = -1001;
749
750
751
    return $result;
  }

752
753
754
755
756
  if (!isset($uri['scheme'])) {
    $result->error = 'missing schema';
    $result->code = -1002;
    return $result;
  }
757

758
759
760
761
762
763
764
765
  timer_start(__FUNCTION__);

  // Merge the default options.
  $options += array(
    'headers' => array(),
    'method' => 'GET',
    'data' => NULL,
    'max_redirects' => 3,
766
767
    'timeout' => 30.0,
    'context' => NULL,
768
  );
769
770
  // stream_socket_client() requires timeout to be a float.
  $options['timeout'] = (float) $options['timeout'];
771

Dries's avatar
   
Dries committed
772
773
  switch ($uri['scheme']) {
    case 'http':
774
    case 'feed':
Dries's avatar
Dries committed
775
      $port = isset($uri['port']) ? $uri['port'] : 80;
776
777
778
779
780
      $socket = 'tcp://' . $uri['host'] . ':' . $port;
      // RFC 2616: "non-standard ports MUST, default ports MAY be included".
      // We don't add the standard port to prevent from breaking rewrite rules
      // checking the host that do not take into account the port number.
      $options['headers']['Host'] = $uri['host'] . ($port != 80 ? ':' . $port : '');
Dries's avatar
   
Dries committed
781
782
      break;
    case 'https':
783
      // Note: Only works when PHP is compiled with OpenSSL support.
Dries's avatar
Dries committed
784
      $port = isset($uri['port']) ? $uri['port'] : 443;
785
786
      $socket = 'ssl://' . $uri['host'] . ':' . $port;
      $options['headers']['Host'] = $uri['host'] . ($port != 443 ? ':' . $port : '');
Dries's avatar
   
Dries committed
787
788
      break;
    default:
789
      $result->error = 'invalid schema ' . $uri['scheme'];
790
      $result->code = -1003;
Dries's avatar
   
Dries committed
791
792
793
      return $result;
  }

794
795
796
797
798
799
800
801
  if (empty($options['context'])) {
    $fp = @stream_socket_client($socket, $errno, $errstr, $options['timeout']);
  }
  else {
    // Create a stream with context. Allows verification of a SSL certificate.
    $fp = @stream_socket_client($socket, $errno, $errstr, $options['timeout'], STREAM_CLIENT_CONNECT, $options['context']);
  }

Dries's avatar
   
Dries committed
802
  // Make sure the socket opened properly.
Dries's avatar
   
Dries committed
803
  if (!$fp) {
804
805
    // When a network error occurs, we use a negative number so it does not
    // clash with the HTTP status codes.
806
    $result->code = -$errno;
807
    $result->error = trim($errstr) ? trim($errstr) : t('Error opening socket @socket', array('@socket' => $socket));
Dries's avatar
   
Dries committed
808
809
810
    return $result;
  }

Dries's avatar
   
Dries committed
811
  // Construct the path to act on.
Dries's avatar
Dries committed
812
813
  $path = isset($uri['path']) ? $uri['path'] : '/';
  if (isset($uri['query'])) {
814
    $path .= '?' . $uri['query'];
Dries's avatar
   
Dries committed
815
816
  }

817
818
819
  // Merge the default headers.
  $options['headers'] += array(
    'User-Agent' => 'Drupal (+http://drupal.org/)',
Dries's avatar
   
Dries committed
820
821
  );

822
823
824
825
  // Only add Content-Length if we actually have any content or if it is a POST
  // or PUT request. Some non-standard servers get confused by Content-Length in
  // at least HEAD/GET requests, and Squid always requires Content-Length in
  // POST/PUT requests.
826
827
828
  $content_length = strlen($options['data']);
  if ($content_length > 0 || $options['method'] == 'POST' || $options['method'] == 'PUT') {
    $options['headers']['Content-Length'] = $content_length;
829
830
831
  }

  // If the server URL has a user then attempt to use basic authentication.
832
  if (isset($uri['user'])) {
833
    $options['headers']['Authorization'] = 'Basic ' . base64_encode($uri['user'] . (isset($uri['pass']) ? ':' . $uri['pass'] : ''));
834
835
  }

836
837
838
839
840
841
  // If the database prefix is being used by SimpleTest to run the tests in a copied
  // database then set the user-agent header to the database prefix so that any
  // calls to other Drupal pages will run the SimpleTest prefixed database. The
  // user-agent is used to ensure that multiple testing sessions running at the
  // same time won't interfere with each other as they would if the database
  // prefix were stored statically in a file or database variable.
842
843
844
  $test_info = &$GLOBALS['drupal_test_info'];
  if (!empty($test_info['test_run_id'])) {
    $options['headers']['User-Agent'] = drupal_generate_test_ua($test_info['test_run_id']);
845
846
  }

847
  $request = $options['method'] . ' ' . $path . " HTTP/1.0\r\n";
848
  foreach ($options['headers'] as $name => $value) {
849
    $request .= $name . ': ' . trim($value) . "\r\n";
Dries's avatar
   
Dries committed
850
  }
851
  $request .= "\r\n" . $options['data'];
Dries's avatar
   
Dries committed
852
  $result->request = $request;
853
854
855
856
857
858
  // Calculate how much time is left of the original timeout value.
  $timeout = $options['timeout'] - timer_read(__FUNCTION__) / 1000;
  if ($timeout > 0) {
    stream_set_timeout($fp, floor($timeout), floor(1000000 * fmod($timeout, 1)));
    fwrite($fp, $request);
  }
Dries's avatar
   
Dries committed
859

860
861
862
863
864
  // Fetch response. Due to PHP bugs like http://bugs.php.net/bug.php?id=43782
  // and http://bugs.php.net/bug.php?id=46049 we can't rely on feof(), but
  // instead must invoke stream_get_meta_data() each iteration.
  $info = stream_get_meta_data($fp);
  $alive = !$info['eof'] && !$info['timed_out'];
865
  $response = '';
866
867

  while ($alive) {
868
869
870
    // Calculate how much time is left of the original timeout value.
    $timeout = $options['timeout'] - timer_read(__FUNCTION__) / 1000;
    if ($timeout <= 0) {
871
872
      $info['timed_out'] = TRUE;
      break;
873
874
    }
    stream_set_timeout($fp, floor($timeout), floor(1000000 * fmod($timeout, 1)));
875
876
877
878
    $chunk = fread($fp, 1024);
    $response .= $chunk;
    $info = stream_get_meta_data($fp);
    $alive = !$info['eof'] && !$info['timed_out'] && $chunk;
Dries's avatar
   
Dries committed
879
880
881
  }
  fclose($fp);

882
883
884
885
886
  if ($info['timed_out']) {
    $result->code = HTTP_REQUEST_TIMEOUT;
    $result->error = 'request timed out';
    return $result;
  }
887
  // Parse response headers from the response body.
888
889
890
  // Be tolerant of malformed HTTP responses that separate header and body with
  // \n\n or \r\r instead of \r\n\r\n.
  list($response, $result->data) = preg_split("/\r\n\r\n|\n\n|\r\r/", $response, 2);
891
  $response = preg_split("/\r\n|\n|\r/", $response);
892

893
  // Parse the response status line.
894
895
896
897
  list($protocol, $code, $status_message) = explode(' ', trim(array_shift($response)), 3);
  $result->protocol = $protocol;
  $result->status_message = $status_message;

Dries's avatar
   
Dries committed
898
899
  $result->headers = array();

900
901
  // Parse the response headers.
  while ($line = trim(array_shift($response))) {
902
903
904
    list($name, $value) = explode(':', $line, 2);
    $name = strtolower($name);
    if (isset($result->headers[$name]) && $name == 'set-cookie') {
905
906
      // RFC 2109: the Set-Cookie response header comprises the token Set-
      // Cookie:, followed by a comma-separated list of one or more cookies.
907
      $result->headers[$name] .= ',' . trim($value);
908
909
    }
    else {
910
      $result->headers[$name] = trim($value);
911
    }
Dries's avatar
   
Dries committed
912
913
914
  }

  $responses = array(
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
    100 => 'Continue',
    101 => 'Switching Protocols',
    200 => 'OK',
    201 => 'Created',
    202 => 'Accepted',
    203 => 'Non-Authoritative Information',
    204 => 'No Content',
    205 => 'Reset Content',
    206 => 'Partial Content',
    300 => 'Multiple Choices',
    301 => 'Moved Permanently',
    302 => 'Found',
    303 => 'See Other',
    304 => 'Not Modified',
    305 => 'Use Proxy',
    307 => 'Temporary Redirect',
    400 => 'Bad Request',
    401 => 'Unauthorized',
    402 => 'Payment Required',
    403 => 'Forbidden',
    404 => 'Not Found',
    405 => 'Method Not Allowed',
    406 => 'Not Acceptable',
    407 => 'Proxy Authentication Required',
    408 => 'Request Time-out',
    409 => 'Conflict',
    410 => 'Gone',
    411 => 'Length Required',
    412 => 'Precondition Failed',
    413 => 'Request Entity Too Large',
    414 => 'Request-URI Too Large',
    415 => 'Unsupported Media Type',
    416 => 'Requested range not satisfiable',
    417 => 'Expectation Failed',
    500 => 'Internal Server Error',
    501 => 'Not Implemented',
    502 => 'Bad Gateway',
    503 => 'Service Unavailable',
    504 => 'Gateway Time-out',
    505 => 'HTTP Version not supported',
Dries's avatar
   
Dries committed
955
  );
956
957
  // RFC 2616 states that all unknown HTTP codes must be treated the same as the
  // base code in their class.
Dries's avatar
   
Dries committed
958
959
960
  if (!isset($responses[$code])) {
    $code = floor($code / 100) * 100;
  }
961
  $result->code = $code;
Dries's avatar
   
Dries committed
962
963
964
965
966
967
968
969

  switch ($code) {
    case 200: // OK
    case 304: // Not modified
      break;
    case 301: // Moved permanently
    case 302: // Moved temporarily
    case 307: // Moved temporarily
970
      $location = $result->headers['location'];
971
972
973
974
975
976
      $options['timeout'] -= timer_read(__FUNCTION__) / 1000;
      if ($options['timeout'] <= 0) {
        $result->code = HTTP_REQUEST_TIMEOUT;
        $result->error = 'request timed out';
      }
      elseif ($options['max_redirects']) {
977
978
979
        // Redirect to the new location.
        $options['max_redirects']--;
        $result = drupal_http_request($location, $options);
980
        $result->redirect_code = $code;
Dries's avatar
   
Dries committed
981
      }
982
983
984
      if (!isset($result->redirect_url)) {
        $result->redirect_url = $location;
      }
Dries's avatar
   
Dries committed
985
986
      break;
    default:
987
      $result->error = $status_message;
Dries's avatar
   
Dries committed
988
989
990
991
  }

  return $result;
}
Dries's avatar
   
Dries committed
992
/**
993
 * @} End of "defgroup http_handling".
Dries's avatar
   
Dries committed
994
 */
Dries's avatar
   
Dries committed
995

Kjartan's avatar
Kjartan committed
996
/**
Dries's avatar
   
Dries committed
997
 * @defgroup validation Input validation
Dries's avatar
   
Dries committed
998
 * @{
Dries's avatar
   
Dries committed
999
 * Functions to validate user input.
Kjartan's avatar
Kjartan committed
1000
1001
 */

1002
/**
1003
 * Verifies the syntax of the given e-mail address.
Dries's avatar
   
Dries committed
1004
1005
 *
 * Empty e-mail addresses are allowed. See RFC 2822 for details.
1006
 *
Dries's avatar
   
Dries committed
1007
 * @param $mail
1008
 *   A string containing an e-mail address.
1009
 *
Dries's avatar
   
Dries committed
1010
 * @return
Dries's avatar
   
Dries committed
1011
 *   TRUE if the address is in a valid format.
1012
 */
Dries's avatar
   
Dries committed
1013
function valid_email_address($mail) {
1014
  return (bool)filter_var($mail, FILTER_VALIDATE_EMAIL);
1015
1016
}

Dries's avatar
   
Dries committed
1017
/**
1018
 * Verifies the syntax of the given URL.
Dries's avatar
   
Dries committed
1019
 *
1020
1021
 * This function should only be used on actual URLs. It should not be used for
 * Drupal menu paths, which can contain arbitrary characters.
1022
 * Valid values per RFC 3986.
Dries's avatar
   
Dries committed
1023
 * @param $url
Dries's avatar
   
Dries committed
1024
 *   The URL to verify.
Dries's avatar
   
Dries committed
1025
 * @param $absolute
Dries's avatar
   
Dries committed
1026
 *   Whether the URL is absolute (beginning with a scheme such as "http:").
1027
 *
Dries's avatar
   
Dries committed
1028
 * @return
Dries's avatar
   
Dries committed
1029
 *   TRUE if the URL is in a valid format.
Dries's avatar
   
Dries committed
1030
 */
Dries's avatar
   
Dries committed
1031
function valid_url($url, $absolute = FALSE) {
1032
  if ($absolute) {
1033
    return (bool)preg_match("
1034
      /^                                                      # Start at the beginning of the text
1035
      (?:ftp|https?|feed):\/\/                                # Look for ftp, http, https or feed schemes
1036
1037
1038
      (?:                                                     # Userinfo (optional) which is typically
        (?:(?:[\w\.\-\+!$&'\(\)*\+,;=]|%[0-9a-f]{2})+:)*      # a username or a username and password
        (?:[\w\.\-\+%!$&'\(\)*\+,;=]|%[0-9a-f]{2})+@          # combination
1039
      )?
1040
1041
1042
1043
1044
1045
      (?:
        (?:[a-z0-9\-\.]|%[0-9a-f]{2})+                        # A domain name or a IPv4 address
        |(?:\[(?:[0-9a-f]{0,4}:)*(?:[0-9a-f]{0,4})\])         # or a well formed IPv6 address
      )
      (?::[0-9]+)?                                            # Server port number (optional)
      (?:[\/|\?]
1046
        (?:[\w#!:\.\?\+=&@$'~*,;\/\(\)\[\]\-]|%[0-9a-f]{2})   # The path and query (optional)
1047
      *)?
1048
    $/xi", $url);
1049
1050
  }
  else {
1051
    return (bool)preg_match("/^(?:[\w#!:\.\?\+=&@$'~*,;\/\(\)\[\]\-]|%[0-9a-f]{2})+$/i", $url);
1052
  }
Dries's avatar
   
Dries committed
1053
1054
}

1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
/**
 * Verifies that a number is a multiple of a given step.
 *
 * The implementation assumes it is dealing with IEEE 754 double precision
 * floating point numbers that are used by PHP on most systems.
 *
 * This is based on the number/range verification methods of webkit.
 *
 * @param $value
 *   The value that needs to be checked.
 * @param $step
 *   The step scale factor. Must be positive.
 * @param $offset
 *   (optional) An offset, to which the difference must be a multiple of the
 *   given step.
 *
 * @return bool
 *   TRUE if no step mismatch has occured, or FALSE otherwise.
 *
 * @see http://opensource.apple.com/source/WebCore/WebCore-1298/html/NumberInputType.cpp
 */
function valid_number_step($value, $step, $offset = 0.0) {
  $double_value = (double) abs($value - $offset);

  // The fractional part of a double has 53 bits. The greatest number that could
  // be represented with that is 2^53. If the given value is even bigger than
  // $step * 2^53, then dividing by $step will result in a very small remainder.
  // Since that remainder can't even be represented with a single precision
  // float the following computation of the remainder makes no sense and we can
  // safely ignore it instead.
  if ($double_value / pow(2.0, 53) > $step) {
    return TRUE;
  }

  // Now compute that remainder of a division by $step.
  $remainder = (double) abs($double_value - $step * round($double_value / $step));

  // $remainder is a double precision floating point number. Remainders that
  // can't be represented with single precision floats are acceptable. The
  // fractional part of a float has 24 bits. That means remainders smaller than
  // $step * 2^-24 are acceptable.
  $computed_acceptable_error = (double)($step / pow(2.0, 24));

  return $computed_acceptable_error >= $remainder || $remainder >= ($step - $computed_acceptable_error);
}

1101
1102
1103
1104
/**
 * @} End of "defgroup validation".
 */

Dries's avatar
   
Dries committed
1105
/**
1106
 * Registers an event for the current visitor to the flood control mechanism.
Dries's avatar
   
Dries committed
1107
1108
 *
 * @param $name
1109
 *   The name of an event.
1110
1111
1112
1113
1114
 * @param $window
 *   Optional number of seconds before this event expires. Defaults to 3600 (1
 *   hour). Typically uses the same value as the flood_is_allowed() $window
 *   parameter. Expired events are purged on cron run to prevent the flood table
 *   from growing indefinitely.
1115
1116
 * @param $identifier
 *   Optional identifier (defaults to the current user's IP address).
Dries's avatar
   
Dries committed
1117
 */
1118
function flood_register_event($name, $window = 3600, $identifier = NULL) {
1119
1120
1121
  if (!isset($identifier)) {
    $identifier = ip_address();
  }
1122
1123
1124
  db_insert('flood')
    ->fields(array(
      'event' => $name,
1125
      'identifier' => $identifier,
1126
      'timestamp' => REQUEST_TIME,