common.inc 130 KB
Newer Older
Dries's avatar
 
Dries committed
1
<?php
2
// $Id$
Dries's avatar
 
Dries committed
3

Dries's avatar
 
Dries committed
4 5 6 7 8 9 10 11
/**
 * @file
 * Common functions that many Drupal modules will need to reference.
 *
 * The functions that are critical and need to be available even when serving
 * a cached page are instead located in bootstrap.inc.
 */

12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
/**
 * Return status for saving which involved creating a new item.
 */
define('SAVED_NEW', 1);

/**
 * Return status for saving which involved an update to an existing item.
 */
define('SAVED_UPDATED', 2);

/**
 * Return status for saving which deleted an existing item.
 */
define('SAVED_DELETED', 3);

27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42
/**
 * The weight of JavaScript libraries, settings or jQuery plugins being
 * added to the page.
 */
define('JS_LIBRARY', -100);

/**
 * The default weight of JavaScript being added to the page.
 */
define('JS_DEFAULT', 0);

/**
 * The weight of theme JavaScript code being added to the page.
 */
define('JS_THEME', 100);

43 44 45 46 47 48 49 50
/**
 * Set content for a specified region.
 *
 * @param $region
 *   Page region the content is assigned to.
 * @param $data
 *   Content to be set.
 */
51
function drupal_set_content($region = NULL, $data = NULL) {
52 53 54 55 56 57 58 59 60 61 62 63
  static $content = array();

  if (!is_null($region) && !is_null($data)) {
    $content[$region][] = $data;
  }
  return $content;
}

/**
 * Get assigned content.
 *
 * @param $region
64 65
 *   A specified region to fetch content for. If NULL, all regions will be
 *   returned.
66 67 68
 * @param $delimiter
 *   Content to be inserted between exploded array elements.
 */
69
function drupal_get_content($region = NULL, $delimiter = ' ') {
70
  $content = drupal_set_content();
71 72
  if (isset($region)) {
    if (isset($content[$region]) && is_array($content[$region])) {
Steven Wittens's avatar
Steven Wittens committed
73
      return implode($delimiter, $content[$region]);
74
    }
75 76 77 78
  }
  else {
    foreach (array_keys($content) as $region) {
      if (is_array($content[$region])) {
Steven Wittens's avatar
Steven Wittens committed
79
        $content[$region] = implode($delimiter, $content[$region]);
80 81 82 83 84 85
      }
    }
    return $content;
  }
}

Dries's avatar
 
Dries committed
86
/**
Dries's avatar
 
Dries committed
87
 * Set the breadcrumb trail for the current page.
Dries's avatar
 
Dries committed
88
 *
Dries's avatar
 
Dries committed
89 90 91
 * @param $breadcrumb
 *   Array of links, starting with "home" and proceeding up to but not including
 *   the current page.
Kjartan's avatar
Kjartan committed
92
 */
Dries's avatar
 
Dries committed
93 94 95
function drupal_set_breadcrumb($breadcrumb = NULL) {
  static $stored_breadcrumb;

96
  if (!is_null($breadcrumb)) {
Dries's avatar
 
Dries committed
97 98 99 100 101
    $stored_breadcrumb = $breadcrumb;
  }
  return $stored_breadcrumb;
}

Dries's avatar
 
Dries committed
102 103 104
/**
 * Get the breadcrumb trail for the current page.
 */
Dries's avatar
 
Dries committed
105 106 107
function drupal_get_breadcrumb() {
  $breadcrumb = drupal_set_breadcrumb();

108
  if (is_null($breadcrumb)) {
Dries's avatar
 
Dries committed
109 110 111 112 113 114
    $breadcrumb = menu_get_active_breadcrumb();
  }

  return $breadcrumb;
}

115
/**
116 117
 * Return a string containing RDF namespaces for the <html> tag of an XHTML
 * page.
118 119 120 121 122 123 124 125 126 127
 */
function drupal_get_rdf_namespaces() {
  // Serialize the RDF namespaces used in RDFa annotation.
  $xml_rdf_namespaces = array();
  foreach (module_invoke_all('rdf_namespaces') as $prefix => $uri) {
    $xml_rdf_namespaces[] = 'xmlns:' . $prefix . '="' . $uri . '"';
  }
  return implode("\n  ", $xml_rdf_namespaces);
}

Dries's avatar
Dries committed
128
/**
Dries's avatar
 
Dries committed
129
 * Add output to the head tag of the HTML page.
130
 *
Dries's avatar
 
Dries committed
131
 * This function can be called as long the headers aren't sent.
Dries's avatar
Dries committed
132 133
 */
function drupal_set_html_head($data = NULL) {
Dries's avatar
 
Dries committed
134
  static $stored_head = '';
Dries's avatar
Dries committed
135 136

  if (!is_null($data)) {
137
    $stored_head .= $data . "\n";
Dries's avatar
Dries committed
138 139 140 141
  }
  return $stored_head;
}

Dries's avatar
 
Dries committed
142 143 144
/**
 * Retrieve output to be displayed in the head tag of the HTML page.
 */
Dries's avatar
Dries committed
145
function drupal_get_html_head() {
Dries's avatar
 
Dries committed
146
  $output = "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />\n";
Dries's avatar
Dries committed
147 148 149
  return $output . drupal_set_html_head();
}

Dries's avatar
 
Dries committed
150
/**
151
 * Reset the static variable which holds the aliases mapped for this request.
Dries's avatar
 
Dries committed
152
 */
153 154
function drupal_clear_path_cache() {
  drupal_lookup_path('wipe');
Dries's avatar
 
Dries committed
155
}
Kjartan's avatar
Kjartan committed
156

Dries's avatar
Dries committed
157
/**
Dries's avatar
 
Dries committed
158
 * Set an HTTP response header for the current page.
159
 *
160
 * Note: When sending a Content-Type header, always include a 'charset' type,
161
 * too. This is necessary to avoid security bugs (e.g. UTF-7 XSS).
Dries's avatar
Dries committed
162 163
 */
function drupal_set_header($header = NULL) {
164
  // We use an array to guarantee there are no leading or trailing delimiters.
Dries's avatar
 
Dries committed
165
  // Otherwise, header('') could get called when serving the page later, which
166 167
  // ends HTTP headers prematurely on some PHP versions.
  static $stored_headers = array();
Dries's avatar
Dries committed
168

169
  if (strlen($header)) {
Dries's avatar
Dries committed
170
    header($header);
171
    $stored_headers[] = $header;
Dries's avatar
Dries committed
172
  }
173
  return implode("\n", $stored_headers);
Dries's avatar
Dries committed
174 175
}

Dries's avatar
 
Dries committed
176 177 178
/**
 * Get the HTTP response headers for the current page.
 */
Dries's avatar
Dries committed
179 180 181 182
function drupal_get_headers() {
  return drupal_set_header();
}

183
/**
184 185
 * Add a feed URL for the current page.
 *
186 187
 * This function can be called as long the HTML header hasn't been sent.
 *
188
 * @param $url
189
 *   A url for the feed.
190
 * @param $title
191
 *   The title of the feed.
192
 */
193
function drupal_add_feed($url = NULL, $title = '') {
194 195
  static $stored_feed_links = array();

196
  if (!is_null($url) && !isset($stored_feed_links[$url])) {
197
    $stored_feed_links[$url] = theme('feed_icon', $url, $title);
198 199 200 201 202

    drupal_add_link(array('rel' => 'alternate',
                          'type' => 'application/rss+xml',
                          'title' => $title,
                          'href' => $url));
203 204 205 206 207 208 209 210
  }
  return $stored_feed_links;
}

/**
 * Get the feed URLs for the current page.
 *
 * @param $delimiter
211
 *   A delimiter to split feeds by.
212 213 214 215 216 217
 */
function drupal_get_feeds($delimiter = "\n") {
  $feeds = drupal_add_feed();
  return implode($feeds, $delimiter);
}

Dries's avatar
 
Dries committed
218 219 220
/**
 * @name HTTP handling
 * @{
Dries's avatar
 
Dries committed
221
 * Functions to properly handle HTTP responses.
Dries's avatar
 
Dries committed
222 223
 */

224 225 226 227
/**
 * Parse an array into a valid urlencoded query string.
 *
 * @param $query
228
 *   The array to be processed e.g. $_GET.
229
 * @param $exclude
230 231
 *   The array filled with keys to be excluded. Use parent[child] to exclude
 *   nested items.
232
 * @param $parent
233
 *   Should not be passed, only used in recursive calls.
234
 * @return
235
 *   An urlencoded string which can be appended to/as the URL query string.
236 237 238 239 240
 */
function drupal_query_string_encode($query, $exclude = array(), $parent = '') {
  $params = array();

  foreach ($query as $key => $value) {
241
    $key = drupal_urlencode($key);
242
    if ($parent) {
243
      $key = $parent . '[' . $key . ']';
244 245
    }

246
    if (in_array($key, $exclude)) {
247 248 249 250 251 252 253
      continue;
    }

    if (is_array($value)) {
      $params[] = drupal_query_string_encode($value, $exclude, $key);
    }
    else {
254
      $params[] = $key . '=' . drupal_urlencode($value);
255 256 257 258 259 260
    }
  }

  return implode('&', $params);
}

261
/**
262
 * Prepare a destination query string for use in combination with drupal_goto().
263
 *
264 265 266 267
 * Used to direct the user back to the referring page after completing a form.
 * By default the current URL is returned. If a destination exists in the
 * previous request, that destination is returned. As such, a destination can
 * persist across multiple pages.
268 269 270 271
 *
 * @see drupal_goto()
 */
function drupal_get_destination() {
272
  if (isset($_REQUEST['destination'])) {
273
    return 'destination=' . urlencode($_REQUEST['destination']);
274 275
  }
  else {
276 277
    // Use $_GET here to retrieve the original path in source form.
    $path = isset($_GET['q']) ? $_GET['q'] : '';
278 279
    $query = drupal_query_string_encode($_GET, array('q'));
    if ($query != '') {
280
      $path .= '?' . $query;
281
    }
282
    return 'destination=' . urlencode($path);
283 284 285
  }
}

Kjartan's avatar
Kjartan committed
286
/**
Dries's avatar
 
Dries committed
287
 * Send the user to a different Drupal page.
Kjartan's avatar
Kjartan committed
288
 *
Dries's avatar
 
Dries committed
289 290
 * This issues an on-site HTTP redirect. The function makes sure the redirected
 * URL is formatted correctly.
Kjartan's avatar
Kjartan committed
291
 *
292
 * Usually the redirected URL is constructed from this function's input
293
 * parameters. However you may override that behavior by setting a
294
 * destination in either the $_REQUEST-array (i.e. by using
295
 * the query string of an URI) This is used to direct the user back to
296
 * the proper page after completing a form. For example, after editing
297
 * a post on the 'admin/content/node'-page or after having logged on using the
298
 * 'user login'-block in a sidebar. The function drupal_get_destination()
299 300
 * can be used to help set the destination URL.
 *
301 302
 * Drupal will ensure that messages set by drupal_set_message() and other
 * session data are written to the database before the user is redirected.
Dries's avatar
 
Dries committed
303 304 305 306 307
 *
 * This function ends the request; use it rather than a print theme('page')
 * statement in your menu callback.
 *
 * @param $path
308
 *   A Drupal path or a full URL.
Dries's avatar
 
Dries committed
309
 * @param $query
310
 *   A query string component, if any.
Dries's avatar
 
Dries committed
311
 * @param $fragment
312
 *   A destination fragment identifier (named anchor).
313 314 315 316 317 318 319 320
 * @param $http_response_code
 *   Valid values for an actual "goto" as per RFC 2616 section 10.3 are:
 *   - 301 Moved Permanently (the recommended value for most redirects)
 *   - 302 Found (default in Drupal and PHP, sometimes used for spamming search
 *         engines)
 *   - 303 See Other
 *   - 304 Not Modified
 *   - 305 Use Proxy
321
 *   - 307 Temporary Redirect (alternative to "503 Site Down for Maintenance")
322
 *   Note: Other values are defined by RFC 2616, but are rarely used and poorly
323
 *   supported.
324
 * @see drupal_get_destination()
Kjartan's avatar
Kjartan committed
325
 */
326
function drupal_goto($path = '', $query = NULL, $fragment = NULL, $http_response_code = 302) {
327

328
  if (isset($_REQUEST['destination'])) {
329
    extract(parse_url(urldecode($_REQUEST['destination'])));
330 331
  }

332
  $url = url($path, array('query' => $query, 'fragment' => $fragment, 'absolute' => TRUE));
333 334
  // Remove newlines from the URL to avoid header injection attacks.
  $url = str_replace(array("\n", "\r"), '', $url);
Kjartan's avatar
Kjartan committed
335

336
  // Allow modules to react to the end of the page request before redirecting.
337
  // We do not want this while running update.php.
338
  if (!defined('MAINTENANCE_MODE') || MAINTENANCE_MODE != 'update') {
339 340
    module_invoke_all('exit', $url);
  }
Dries's avatar
 
Dries committed
341

342
  // Even though session_write_close() is registered as a shutdown function, we
343
  // need all session data written to the database before redirecting.
344
  session_write_close();
345

346
  header('Location: ' . $url, TRUE, $http_response_code);
347 348

  // The "Location" header sends a redirect status code to the HTTP daemon. In
349 350
  // some cases this can be wrong, so we make sure none of the code below the
  // drupal_goto() call gets executed upon redirection.
Kjartan's avatar
Kjartan committed
351 352 353
  exit();
}

354
/**
355
 * Generates a site offline message.
356 357
 */
function drupal_site_offline() {
358
  drupal_maintenance_theme();
359
  drupal_set_header($_SERVER['SERVER_PROTOCOL'] . ' 503 Service unavailable');
360
  drupal_set_title(t('Site offline'));
361
  print theme('maintenance_page', filter_xss_admin(variable_get('site_offline_message',
362
    t('@site is currently under maintenance. We should be back shortly. Thank you for your patience.', array('@site' => variable_get('site_name', 'Drupal'))))));
363 364
}

Kjartan's avatar
Kjartan committed
365 366 367
/**
 * Generates a 404 error if the request can not be handled.
 */
Dries's avatar
 
Dries committed
368
function drupal_not_found() {
369
  drupal_set_header($_SERVER['SERVER_PROTOCOL'] . ' 404 Not Found');
370

371
  watchdog('page not found', check_plain($_GET['q']), NULL, WATCHDOG_WARNING);
372

373
  // Keep old path for reference.
374 375 376 377
  if (!isset($_REQUEST['destination'])) {
    $_REQUEST['destination'] = $_GET['q'];
  }

Dries's avatar
 
Dries committed
378
  $path = drupal_get_normal_path(variable_get('site_404', ''));
drumm's avatar
drumm committed
379
  if ($path && $path != $_GET['q']) {
380 381 382
    // Set the active item in case there are tabs to display, or other
    // dependencies on the path.
    menu_set_active_item($path);
383
    $return = menu_execute_active_handler($path);
384
  }
Dries's avatar
 
Dries committed
385

386
  if (empty($return) || $return == MENU_NOT_FOUND || $return == MENU_ACCESS_DENIED) {
drumm's avatar
drumm committed
387
    drupal_set_title(t('Page not found'));
388
    $return = t('The requested page could not be found.');
Dries's avatar
 
Dries committed
389
  }
390

391
  // To conserve CPU and bandwidth, omit the blocks.
392
  print theme('page', $return, FALSE);
Dries's avatar
 
Dries committed
393
}
Dries's avatar
 
Dries committed
394

Dries's avatar
 
Dries committed
395 396 397 398
/**
 * Generates a 403 error if the request is not allowed.
 */
function drupal_access_denied() {
399
  drupal_set_header($_SERVER['SERVER_PROTOCOL'] . ' 403 Forbidden');
400
  watchdog('access denied', check_plain($_GET['q']), NULL, WATCHDOG_WARNING);
Dries's avatar
 
Dries committed
401

402
  // Keep old path for reference.
403 404 405 406
  if (!isset($_REQUEST['destination'])) {
    $_REQUEST['destination'] = $_GET['q'];
  }

Dries's avatar
 
Dries committed
407
  $path = drupal_get_normal_path(variable_get('site_403', ''));
drumm's avatar
drumm committed
408
  if ($path && $path != $_GET['q']) {
409
    // Set the active item in case there are tabs to display or other
410 411
    // dependencies on the path.
    menu_set_active_item($path);
412
    $return = menu_execute_active_handler($path);
413
  }
Dries's avatar
 
Dries committed
414

415
  if (empty($return) || $return == MENU_NOT_FOUND || $return == MENU_ACCESS_DENIED) {
drumm's avatar
drumm committed
416 417
    drupal_set_title(t('Access denied'));
    $return = t('You are not authorized to access this page.');
Dries's avatar
 
Dries committed
418
  }
419
  print theme('page', $return);
Dries's avatar
 
Dries committed
420 421
}

Dries's avatar
 
Dries committed
422
/**
Dries's avatar
 
Dries committed
423
 * Perform an HTTP request.
Dries's avatar
 
Dries committed
424
 *
Dries's avatar
 
Dries committed
425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440
 * This is a flexible and powerful HTTP client implementation. Correctly handles
 * GET, POST, PUT or any other HTTP requests. Handles redirects.
 *
 * @param $url
 *   A string containing a fully qualified URI.
 * @param $headers
 *   An array containing an HTTP header => value pair.
 * @param $method
 *   A string defining the HTTP request to use.
 * @param $data
 *   A string containing data to include in the request.
 * @param $retry
 *   An integer representing how many times to retry the request in case of a
 *   redirect.
 * @return
 *   An object containing the HTTP request headers, response code, headers,
441
 *   data and redirect status.
Dries's avatar
 
Dries committed
442 443
 */
function drupal_http_request($url, $headers = array(), $method = 'GET', $data = NULL, $retry = 3) {
444
  global $db_prefix;
445
  static $self_test = FALSE;
446
  $result = new stdClass();
447 448 449 450 451 452 453 454 455 456 457 458 459 460 461
  // Try to clear the drupal_http_request_fails variable if it's set. We
  // can't tie this call to any error because there is no surefire way to
  // tell whether a request has failed, so we add the check to places where
  // some parsing has failed.
  if (!$self_test && variable_get('drupal_http_request_fails', FALSE)) {
    $self_test = TRUE;
    $works = module_invoke('system', 'check_http_request');
    $self_test = FALSE;
    if (!$works) {
      // Do not bother with further operations if we already know that we
      // have no chance.
      $result->error = t("The server can't issue HTTP requests");
      return $result;
    }
  }
Dries's avatar
 
Dries committed
462

463
  // Parse the URL and make sure we can handle the schema.
464
  $uri = @parse_url($url);
465

466 467
  if ($uri == FALSE) {
    $result->error = 'unable to parse URL';
468 469 470
    return $result;
  }

471 472
  if (!isset($uri['scheme'])) {
    $result->error = 'missing schema';
473 474 475
    return $result;
  }

Dries's avatar
 
Dries committed
476 477
  switch ($uri['scheme']) {
    case 'http':
Dries's avatar
Dries committed
478
      $port = isset($uri['port']) ? $uri['port'] : 80;
479
      $host = $uri['host'] . ($port != 80 ? ':' . $port : '');
480
      $fp = @fsockopen($uri['host'], $port, $errno, $errstr, 15);
Dries's avatar
 
Dries committed
481 482
      break;
    case 'https':
483
      // Note: Only works when PHP is compiled with OpenSSL support.
Dries's avatar
Dries committed
484
      $port = isset($uri['port']) ? $uri['port'] : 443;
485 486
      $host = $uri['host'] . ($port != 443 ? ':' . $port : '');
      $fp = @fsockopen('ssl://' . $uri['host'], $port, $errno, $errstr, 20);
Dries's avatar
 
Dries committed
487 488
      break;
    default:
489
      $result->error = 'invalid schema ' . $uri['scheme'];
Dries's avatar
 
Dries committed
490 491 492
      return $result;
  }

Dries's avatar
 
Dries committed
493
  // Make sure the socket opened properly.
Dries's avatar
 
Dries committed
494
  if (!$fp) {
495 496
    // When a network error occurs, we use a negative number so it does not
    // clash with the HTTP status codes.
497 498
    $result->code = -$errno;
    $result->error = trim($errstr);
Dries's avatar
 
Dries committed
499 500 501
    return $result;
  }

Dries's avatar
 
Dries committed
502
  // Construct the path to act on.
Dries's avatar
Dries committed
503 504
  $path = isset($uri['path']) ? $uri['path'] : '/';
  if (isset($uri['query'])) {
505
    $path .= '?' . $uri['query'];
Dries's avatar
 
Dries committed
506 507
  }

Dries's avatar
 
Dries committed
508
  // Create HTTP request.
Dries's avatar
 
Dries committed
509
  $defaults = array(
510
    // RFC 2616: "non-standard ports MUST, default ports MAY be included".
511 512
    // We don't add the port to prevent from breaking rewrite rules checking the
    // host that do not take into account the port number.
513
    'Host' => "Host: $host",
514
    'User-Agent' => 'User-Agent: Drupal (+http://drupal.org/)',
515
    'Content-Length' => 'Content-Length: ' . strlen($data)
Dries's avatar
 
Dries committed
516 517
  );

518 519
  // If the server url has a user then attempt to use basic authentication
  if (isset($uri['user'])) {
520
    $defaults['Authorization'] = 'Authorization: Basic ' . base64_encode($uri['user'] . (!empty($uri['pass']) ? ":" . $uri['pass'] : ''));
521 522
  }

523 524 525 526 527 528
  // If the database prefix is being used by SimpleTest to run the tests in a copied
  // database then set the user-agent header to the database prefix so that any
  // calls to other Drupal pages will run the SimpleTest prefixed database. The
  // user-agent is used to ensure that multiple testing sessions running at the
  // same time won't interfere with each other as they would if the database
  // prefix were stored statically in a file or database variable.
529 530
  if (preg_match("/simpletest\d+/", $db_prefix, $matches)) {
    $headers['User-Agent'] = $matches[0];
531 532
  }

Dries's avatar
 
Dries committed
533
  foreach ($headers as $header => $value) {
534
    $defaults[$header] = $header . ': ' . $value;
Dries's avatar
 
Dries committed
535 536
  }

537
  $request = $method . ' ' . $path . " HTTP/1.0\r\n";
Dries's avatar
 
Dries committed
538 539 540
  $request .= implode("\r\n", $defaults);
  $request .= "\r\n\r\n";
  if ($data) {
541
    $request .= $data . "\r\n";
Dries's avatar
 
Dries committed
542 543 544 545 546 547
  }
  $result->request = $request;

  fwrite($fp, $request);

  // Fetch response.
548
  $response = '';
549 550
  while (!feof($fp) && $chunk = fread($fp, 1024)) {
    $response .= $chunk;
Dries's avatar
 
Dries committed
551 552 553 554
  }
  fclose($fp);

  // Parse response.
555 556
  list($split, $result->data) = explode("\r\n\r\n", $response, 2);
  $split = preg_split("/\r\n|\n|\r/", $split);
557

558
  list($protocol, $code, $text) = explode(' ', trim(array_shift($split)), 3);
Dries's avatar
 
Dries committed
559 560 561
  $result->headers = array();

  // Parse headers.
562
  while ($line = trim(array_shift($split))) {
Dries's avatar
 
Dries committed
563
    list($header, $value) = explode(':', $line, 2);
564 565 566
    if (isset($result->headers[$header]) && $header == 'Set-Cookie') {
      // RFC 2109: the Set-Cookie response header comprises the token Set-
      // Cookie:, followed by a comma-separated list of one or more cookies.
567
      $result->headers[$header] .= ',' . trim($value);
568 569 570 571
    }
    else {
      $result->headers[$header] = trim($value);
    }
Dries's avatar
 
Dries committed
572 573 574 575 576 577 578 579 580
  }

  $responses = array(
    100 => 'Continue', 101 => 'Switching Protocols',
    200 => 'OK', 201 => 'Created', 202 => 'Accepted', 203 => 'Non-Authoritative Information', 204 => 'No Content', 205 => 'Reset Content', 206 => 'Partial Content',
    300 => 'Multiple Choices', 301 => 'Moved Permanently', 302 => 'Found', 303 => 'See Other', 304 => 'Not Modified', 305 => 'Use Proxy', 307 => 'Temporary Redirect',
    400 => 'Bad Request', 401 => 'Unauthorized', 402 => 'Payment Required', 403 => 'Forbidden', 404 => 'Not Found', 405 => 'Method Not Allowed', 406 => 'Not Acceptable', 407 => 'Proxy Authentication Required', 408 => 'Request Time-out', 409 => 'Conflict', 410 => 'Gone', 411 => 'Length Required', 412 => 'Precondition Failed', 413 => 'Request Entity Too Large', 414 => 'Request-URI Too Large', 415 => 'Unsupported Media Type', 416 => 'Requested range not satisfiable', 417 => 'Expectation Failed',
    500 => 'Internal Server Error', 501 => 'Not Implemented', 502 => 'Bad Gateway', 503 => 'Service Unavailable', 504 => 'Gateway Time-out', 505 => 'HTTP Version not supported'
  );
581 582
  // RFC 2616 states that all unknown HTTP codes must be treated the same as the
  // base code in their class.
Dries's avatar
 
Dries committed
583 584 585 586 587 588 589 590 591 592 593 594 595 596
  if (!isset($responses[$code])) {
    $code = floor($code / 100) * 100;
  }

  switch ($code) {
    case 200: // OK
    case 304: // Not modified
      break;
    case 301: // Moved permanently
    case 302: // Moved temporarily
    case 307: // Moved temporarily
      $location = $result->headers['Location'];

      if ($retry) {
597 598
        $result = drupal_http_request($location, $headers, $method, $data, --$retry);
        $result->redirect_code = $code;
Dries's avatar
 
Dries committed
599 600 601 602 603 604 605 606 607 608 609
      }
      $result->redirect_url = $location;

      break;
    default:
      $result->error = $text;
  }

  $result->code = $code;
  return $result;
}
Dries's avatar
 
Dries committed
610 611 612
/**
 * @} End of "HTTP handling".
 */
Dries's avatar
 
Dries committed
613

Dries's avatar
 
Dries committed
614
/**
615
 * Custom PHP error handler.
616
 *
617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646
 * @param $error_level
 *   The level of the error raised.
 * @param $message
 *   The error message.
 * @param $filename
 *   The filename that the error was raised in.
 * @param $line
 *   The line number the error was raised at.
 * @param $context
 *   An array that points to the active symbol table at the point the error occurred.
 */
function _drupal_error_handler($error_level, $message, $filename, $line, $context) {
  if ($error_level & error_reporting()) {
    // All these constants are documented at http://php.net/manual/en/errorfunc.constants.php
    $types = array(
      E_ERROR => 'Error',
      E_WARNING => 'Warning',
      E_PARSE => 'Parse error',
      E_NOTICE => 'Notice',
      E_CORE_ERROR => 'Core error',
      E_CORE_WARNING => 'Core warning',
      E_COMPILE_ERROR => 'Compile error',
      E_COMPILE_WARNING => 'Compile warning',
      E_USER_ERROR => 'User error',
      E_USER_WARNING => 'User warning',
      E_USER_NOTICE => 'User notice',
      E_STRICT => 'Strict warning',
      E_RECOVERABLE_ERROR => 'Recoverable fatal error'
    );
    $backtrace = debug_backtrace();
647

648 649
    $caller = _drupal_get_last_caller(debug_backtrace());

650
    // We treat recoverable errors as fatal.
651 652 653 654 655 656 657
    _drupal_log_error(array(
      '%type' => isset($types[$error_level]) ? $types[$error_level] : 'Unknown error',
      '%message' => $message,
      '%function' => $caller['function'],
      '%file' => $caller['file'],
      '%line' => $caller['line'],
    ), $error_level == E_RECOVERABLE_ERROR);
658 659 660 661 662 663 664 665 666 667 668 669
  }
}

/**
 * Custom PHP exception handler.
 *
 * Uncaught exceptions are those not enclosed in a try/catch block. They are
 * always fatal: the execution of the script will stop as soon as the exception
 * handler exits.
 *
 * @param $exception
 *   The exception object that was thrown.
Dries's avatar
 
Dries committed
670
 */
671
function _drupal_exception_handler($exception) {
672 673 674 675 676 677 678 679 680 681 682 683
  // Log the message to the watchdog and return an error page to the user.
  _drupal_log_error(_drupal_decode_exception($exception), TRUE);
}

/**
 * Decode an exception, especially to retrive the correct caller.
 *
 * @param $exception
 *   The exception object that was thrown.
 * @return An error in the format expected by _drupal_log_error().
 */
function _drupal_decode_exception($exception) {
684 685 686 687 688 689 690 691 692 693 694
  $backtrace = $exception->getTrace();
  // Add the line throwing the exception to the backtrace.
  array_unshift($backtrace, array('line' => $exception->getLine(), 'file' => $exception->getFile()));

  // For PDOException errors, we try to return the initial caller,
  // skipping internal functions of the database layer.
  if ($exception instanceof PDOException) {
    // The first element in the stack is the call, the second element gives us the caller.
    // We skip calls that occurred in one of the classes of the database layer
    // or in one of its global functions.
    $db_functions = array('db_query', 'pager_query', 'db_query_range', 'db_query_temporary', 'update_sql');
695
    while (!empty($backtrace[1]) && ($caller = $backtrace[1]) &&
696 697 698 699 700
         ((isset($caller['class']) && (strpos($caller['class'], 'Query') !== FALSE || strpos($caller['class'], 'Database') !== FALSE)) ||
         in_array($caller['function'], $db_functions))) {
      // We remove that call.
      array_shift($backtrace);
    }
701
  }
702
  $caller = _drupal_get_last_caller($backtrace);
703

704 705 706 707 708 709 710
  return array(
    '%type' => get_class($exception),
    '%message' => $exception->getMessage(),
    '%function' => $caller['function'],
    '%file' => $caller['file'],
    '%line' => $caller['line'],
  );
711
}
712

713 714 715
/**
 * Log a PHP error or exception, display an error page in fatal cases.
 *
716 717
 * @param $error
 *   An array with the following keys: %type, %message, %function, %file, %line.
718 719 720
 * @param $fatal
 *   TRUE if the error is fatal.
 */
721
function _drupal_log_error($error, $fatal = FALSE) {
722 723 724 725
  // Initialize a maintenance theme early if the boostrap was not complete.
  // Do it early because drupal_set_message() triggers an init_theme().
  if ($fatal && (drupal_get_bootstrap_phase() != DRUPAL_BOOTSTRAP_FULL)) {
    unset($GLOBALS['theme']);
726 727 728
    if (!defined('MAINTENANCE_MODE')) {
      define('MAINTENANCE_MODE', 'error');
    }
729 730
    drupal_maintenance_theme();
  }
731

732 733
  // When running inside the testing framework, we relay the errors
  // to the tested site by the way of HTTP headers.
734
  if (preg_match("/^simpletest\d+/", $_SERVER['HTTP_USER_AGENT']) && !headers_sent() && !defined('SIMPLETEST_DONT_COLLECT_ERRORS')) {
735 736
    static $number = 0;
    $assertion = array(
737 738 739
      $error['%message'],
      $error['%type'],
      $error['%function'],
740 741 742 743 744
    );
    header('X-Drupal-Assertion-' . $number . ': ' . rawurlencode(serialize($assertion)));
    $number++;
  }

745 746
  // Force display of error messages in update.php.
  if (variable_get('error_level', 1) == 1 || (defined('MAINTENANCE_MODE') && MAINTENANCE_MODE == 'update')) {
747
    drupal_set_message(t('%type: %message in %function (line %line of %file).', $error), 'error');
748
  }
749

750 751 752 753 754 755 756
  try {
    watchdog('php', '%type: %message in %function (line %line of %file).', $error, WATCHDOG_ERROR);
  }
  catch (Exception $e) {
    $new_error = _drupal_decode_exception($e);
    drupal_set_message(t('%type: %message in %function (line %line of %file).', $new_error), 'error');
  }
Dries's avatar
 
Dries committed
757

758 759 760
  if ($fatal) {
    drupal_set_header($_SERVER['SERVER_PROTOCOL'] . ' Service unavailable');
    drupal_set_title(t('Error'));
761
    if (!defined('MAINTENANCE_MODE') && drupal_get_bootstrap_phase() == DRUPAL_BOOTSTRAP_FULL) {
762
      print theme('page', t('The website encountered an unexpected error. Please try again later.'), FALSE);
Dries's avatar
Dries committed
763
    }
764
    else {
765
      print theme('maintenance_page', t('The website encountered an unexpected error. Please try again later.'), FALSE);
766 767
    }
    exit;
Dries's avatar
 
Dries committed
768 769 770
  }
}

771
/**
772
 * Gets the last caller from a backtrace.
773 774 775 776 777 778 779
 *
 * @param $backtrace
 *   A standard PHP backtrace.
 * @return
 *   An associative array with keys 'file', 'line' and 'function'.
 */
function _drupal_get_last_caller($backtrace) {
780 781 782 783 784 785
  // Errors that occur inside PHP internal functions
  // do not generate information about file and line.
  while ($backtrace && !isset($backtrace[0]['line'])) {
    array_shift($backtrace);
  }

786 787 788
  // The first trace is the call itself.
  // It gives us the line and the file of the last call.
  $call = $backtrace[0];
789

790 791 792 793 794 795 796 797 798 799 800 801 802 803 804
  // The second call give us the function where the call originated.
  if (isset($backtrace[1])) {
    if (isset($backtrace[1]['class'])) {
      $call['function'] = $backtrace[1]['class'] . $backtrace[1]['type'] . $backtrace[1]['function'] . '()';
    }
    else {
      $call['function'] = $backtrace[1]['function'] . '()';
    }
  }
  else {
    $call['function'] = 'main()';
  }
  return $call;
}

Dries's avatar
 
Dries committed
805
function _fix_gpc_magic(&$item) {
Dries's avatar
Dries committed
806
  if (is_array($item)) {
Kjartan's avatar
Kjartan committed
807 808 809
    array_walk($item, '_fix_gpc_magic');
  }
  else {
Kjartan's avatar
Kjartan committed
810
    $item = stripslashes($item);
Dries's avatar
 
Dries committed
811 812 813
  }
}

814 815 816 817 818 819 820 821 822 823 824 825 826 827 828 829 830 831
/**
 * Helper function to strip slashes from $_FILES skipping over the tmp_name keys
 * since PHP generates single backslashes for file paths on Windows systems.
 *
 * tmp_name does not have backslashes added see
 * http://php.net/manual/en/features.file-upload.php#42280
 */
function _fix_gpc_magic_files(&$item, $key) {
  if ($key != 'tmp_name') {
    if (is_array($item)) {
      array_walk($item, '_fix_gpc_magic_files');
    }
    else {
      $item = stripslashes($item);
    }
  }
}

Dries's avatar
 
Dries committed
832
/**
833
 * Fix double-escaping problems caused by "magic quotes" in some PHP installations.
Dries's avatar
 
Dries committed
834
 */
Dries's avatar
 
Dries committed
835
function fix_gpc_magic() {
836
  static $fixed = FALSE;
Dries's avatar
 
Dries committed
837
  if (!$fixed && ini_get('magic_quotes_gpc')) {
Dries's avatar
Dries committed
838 839 840 841
    array_walk($_GET, '_fix_gpc_magic');
    array_walk($_POST, '_fix_gpc_magic');
    array_walk($_COOKIE, '_fix_gpc_magic');
    array_walk($_REQUEST, '_fix_gpc_magic');
842
    array_walk($_FILES, '_fix_gpc_magic_files');
843
    $fixed = TRUE;
Dries's avatar
Dries committed
844
  }
Dries's avatar
 
Dries committed
845 846
}

Kjartan's avatar
Kjartan committed
847
/**
848
 * Translate strings to the page language or a given language.
Kjartan's avatar
Kjartan committed
849
 *
850 851
 * All human-readable text that will be displayed somewhere within a page should
 * be run through the t() function.
852 853 854 855 856 857 858 859 860 861 862 863 864 865 866 867 868 869
 *
 * Examples:
 * @code
 *   if (!$info || !$info['extension']) {
 *     form_set_error('picture_upload', t('The uploaded file was not an image.'));
 *   }
 *
 *   $form['submit'] = array(
 *     '#type' => 'submit',
 *     '#value' => t('Log in'),
 *   );
 * @endcode
 *
 * Any text within t() can be extracted by translators and changed into
 * the equivalent text in their native language.
 *
 * Special variables called "placeholders" are used to signal dynamic
 * information in a string which should not be translated. Placeholders
drumm's avatar
drumm committed
870
 * can also be used for text that may change from time to time
871 872 873 874 875 876 877 878 879 880 881 882 883
 * (such as link paths) to be changed without requiring updates to translations.
 *
 * For example:
 * @code
 *   $output = t('There are currently %members and %visitors online.', array(
 *     '%members' => format_plural($total_users, '1 user', '@count users'),
 *     '%visitors' => format_plural($guests->count, '1 guest', '@count guests')));
 * @endcode
 *
 * There are three styles of placeholders:
 * - !variable, which indicates that the text should be inserted as-is. This is
 *   useful for inserting variables into things like e-mail.
 *   @code
884
 *     $message[] = t("If you don't want to receive such e-mails, you can change your settings at !url.", array('!url' => url("user/$account->uid", array('absolute' => TRUE))));
885 886 887
 *   @endcode
 *
 * - @variable, which indicates that the text should be run through check_plain,
888
 *   to escape HTML characters. Use this for any output that's displayed within
889 890
 *   a Drupal page.
 *   @code
891
 *     drupal_set_title($title = t("@name's blog", array('@name' => $account->name)), PASS_THROUGH);
892 893
 *   @endcode
 *
894 895 896
 * - %variable, which indicates that the string should be HTML escaped and
 *   highlighted with theme_placeholder() which shows up by default as
 *   <em>emphasized</em>.
897
 *   @code
898
 *     $message = t('%name-from sent %name-to an e-mail.', array('%name-from' => $user->name, '%name-to' => $account->name));
899 900
 *   @endcode
 *
901
 * When using t(), try to put entire sentences and strings in one t() call.
902 903 904 905
 * This makes it easier for translators, as it provides context as to what each
 * word refers to. HTML markup within translation strings is allowed, but should
 * be avoided if possible. The exception are embedded links; link titles add a
 * context for translators, so should be kept in the main string.
906
 *
907
 * Here is an example of incorrect usage of t():
908 909 910 911 912 913
 * @code
 *   $output .= t('<p>Go to the @contact-page.</p>', array('@contact-page' => l(t('contact page'), 'contact')));
 * @endcode
 *
 * Here is an example of t() used correctly:
 * @code
914
 *   $output .= '<p>' . t('Go to the <a href="@contact-page">contact page</a>.', array('@contact-page' => url('contact'))) . '</p>';
915 916 917 918 919 920 921 922 923 924
 * @endcode
 *
 * Also avoid escaping quotation marks wherever possible.
 *
 * Incorrect:
 * @code
 *   $output .= t('Don\'t click me.');
 * @endcode
 *
 * Correct:
Dries's avatar
 
Dries committed
925
 * @code
926
 *   $output .= t("Don't click me.");
Dries's avatar
 
Dries committed
927
 * @endcode
Kjartan's avatar
Kjartan committed
928
 *
Dries's avatar
 
Dries committed
929
 * @param $string
Dries's avatar
 
Dries committed
930
 *   A string containing the English string to translate.
Dries's avatar
 
Dries committed
931 932
 * @param $args
 *   An associative array of replacements to make after translation. Incidences
Dries's avatar
 
Dries committed
933
 *   of any key in this array are replaced with the corresponding value.
934 935 936 937 938
 *   Based on the first character of the key, the value is escaped and/or themed:
 *    - !variable: inserted as is
 *    - @variable: escape plain text to HTML (check_plain)
 *    - %variable: escape text and theme as a placeholder for user-submitted
 *      content (check_plain + theme_placeholder)
939
 * @param $langcode
940 941
 *   Optional language code to translate to a language other than what is used
 *   to display the page.
Dries's avatar
 
Dries committed
942 943
 * @return
 *   The translated string.
Kjartan's avatar
Kjartan committed
944
 */
945
function t($string, $args = array(), $langcode = NULL) {
946
  global $language;
947 948
  static $custom_strings;

949 950 951
  if (!isset($langcode)) {
    $langcode = $language->language;
  }
952

953 954 955 956
  // First, check for an array of customized strings. If present, use the array
  // *instead of* database lookups. This is a high performance way to provide a
  // handful of string replacements. See settings.php for examples.
  // Cache the $custom_strings variable to improve performance.
957
  if (!isset($custom_strings[$langcode])) {
958
    $custom_strings[$langcode] = variable_get('locale_custom_strings_' . $langcode, array());
959 960
  }
  // Custom strings work for English too, even if locale module is disabled.
961 962
  if (isset($custom_strings[$langcode][$string])) {
    $string = $custom_strings[$langcode][$string];
963 964
  }
  // Translate with locale module if enabled.
965 966
  elseif (function_exists('locale') && $langcode != 'en') {
    $string = locale($string, $langcode);
Dries's avatar
 
Dries committed
967
  }
968
  if (empty($args)) {
Dries's avatar
 
Dries committed
969
    return $string;
Kjartan's avatar
Kjartan committed
970 971
  }
  else {
972
    // Transform arguments before inserting them.
973
    foreach ($args as $key => $value) {
974 975
      switch ($key[0]) {
        case '@':
976
          // Escaped only.
977
          $args[$key] = check_plain($value);
978
          break;
979

980 981
        case '%':
        default:
982
          // Escaped and placeholder.
983 984
          $args[$key] = theme('placeholder', $value);
          break;
985

986
        case '!':
987
          // Pass-through.
988 989
      }
    }
Dries's avatar
 
Dries committed
990 991
    return strtr($string, $args);
  }
Dries's avatar
 
Dries committed
992 993
}

Kjartan's avatar
Kjartan committed
994
/**
Dries's avatar
 
Dries committed
995
 * @defgroup validation Input validation
Dries's avatar
 
Dries committed
996
 * @{
Dries's avatar
 
Dries committed
997
 * Functions to validate user input.
Kjartan's avatar
Kjartan committed
998 999
 */

1000
/**
Dries's avatar
 
Dries committed
1001 1002 1003
 * Verify the syntax of the given e-mail address.
 *
 * Empty e-mail addresses are allowed. See RFC 2822 for details.
1004
 *
Dries's avatar
 
Dries committed
1005
 * @param $mail
1006
 *   A string containing an e-mail address.
Dries's avatar
 
Dries committed
1007
 * @return
Dries's avatar
 
Dries committed
1008
 *   TRUE if the address is in a valid format.
1009
 */
Dries's avatar
 
Dries committed
1010
function valid_email_address($mail) {
1011
  return (bool)filter_var($mail, FILTER_VALIDATE_EMAIL);
1012 1013
}

Dries's avatar
 
Dries committed
1014 1015 1016
/**
 * Verify the syntax of the given URL.
 *
1017 1018 1019
 * This function should only be used on actual URLs. It should not be used for
 * Drupal menu paths, which can contain arbitrary characters.
 *
Dries's avatar
 
Dries committed
1020
 * @param $url
Dries's avatar
 
Dries committed
1021
 *   The URL to verify.
Dries's avatar
 
Dries committed
1022
 * @param $absolute
Dries's avatar
 
Dries committed
1023
 *   Whether the URL is absolute (beginning with a scheme such as "http:").
Dries's avatar
 
Dries committed
1024
 * @return
Dries's avatar
 
Dries committed
1025
 *   TRUE if the URL is in a valid format.
Dries's avatar
 
Dries committed
1026
 */
Dries's avatar
 
Dries committed
1027
function valid_url($url, $absolute = FALSE) {
1028
  $allowed_characters = '[a-z0-9\/:_\-_\.\?\$,;~=#&%\+]';
1029
  if ($absolute) {
1030
    return (bool)preg_match("/^(http|https|ftp):\/\/" . $allowed_characters . "+$/i", $url);
1031 1032
  }
  else {
1033
    return (bool)preg_match("/^" . $allowed_characters . "+$/i", $url);
1034
  }
Dries's avatar
 
Dries committed
1035 1036
}

1037 1038 1039 1040
/**
 * @} End of "defgroup validation".
 */

Dries's avatar
 
Dries committed
1041 1042 1043 1044
/**
 * Register an event for the current visitor (hostname/IP) to the flood control mechanism.
 *
 * @param $name
1045
 *   The name of an event.
Dries's avatar
 
Dries committed
1046 1047
 */
function flood_register_event($name) {
1048 1049 1050 1051 1052 1053 1054
  db_insert('flood')
    ->fields(array(
      'event' => $name,
      'hostname' => ip_address(),
      'timestamp' => REQUEST_TIME,
    ))
    ->execute();
Dries's avatar
 
Dries committed
1055 1056 1057 1058
}

/**
 * Check if the current visitor (hostname/IP) is allowed to proceed with the specified event.
1059 1060 1061
 *
 * The user is allowed to proceed if he did not trigger the specified event more
 * than $threshold times per hour.
Dries's avatar
 
Dries committed
1062 1063 1064 1065 1066 1067
 *
 * @param $name
 *   The name of the event.
 * @param $number
 *   The maximum number of the specified event per hour (per visitor).
 * @return
1068
 *   True if the user did not exceed the hourly threshold. False otherwise.
Dries's avatar
 
Dries committed
1069 1070
 */
function flood_is_allowed($name, $threshold) {
1071 1072 1073 1074 1075 1076
  $number = db_query("SELECT COUNT(*) FROM {flood} WHERE event = :event AND hostname = :hostname AND timestamp > :timestamp", array(
    ':event' => $name,
    ':hostname' => ip_address(),
    ':timestamp' => REQUEST_TIME - 3600))
    ->fetchField();
  return ($number < $threshold);
Dries's avatar
 
Dries committed
1077 1078
}

1079 1080
function check_file($filename