common.inc 36.4 KB
Newer Older
Dries's avatar
 
Dries committed
1 2 3 4 5 6 7 8 9 10 11
<?php
// $Id$

function conf_init() {

  /*
  ** Try finding a matching configuration file by stripping the website's
  ** URI from left to right.  If no configuration file is found, return a
  ** default value 'conf'.
  */

Dries's avatar
 
Dries committed
12
  $uri = $_SERVER["PHP_SELF"];
Dries's avatar
 
Dries committed
13

Dries's avatar
 
Dries committed
14
  $file = strtolower(strtr($_SERVER["HTTP_HOST"] . substr($uri, 0, strrpos($uri, "/")), "/:", ".."));
Dries's avatar
 
Dries committed
15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30

  while (strlen($file) > 4) {
    if (file_exists("includes/$file.php")) {
      return $file;
    }
    else {
      $file = substr($file, strpos($file, ".") + 1);
    }
  }

  return "conf";
}

function error_handler($errno, $message, $filename, $line, $variables) {
  $types = array(1 => "error", 2 => "warning", 4 => "parse error", 8 => "notice", 16 => "core error", 32 => "core warning", 64 => "compile error", 128 => "compile warning", 256 => "user error", 512 => "user warning", 1024 => "user notice");
  $entry = $types[$errno] .": $message in $filename on line $line.";
Dries's avatar
 
Dries committed
31 32

  if ($errno & E_ALL ^ E_NOTICE) {
Dries's avatar
 
Dries committed
33
    watchdog("error", $types[$errno] .": $message in $filename on line $line.");
34 35 36 37
    foreach (debug_backtrace() as $trace) {
      $functions[] = "$trace[function] ($trace[file]:$trace[line])" . $trace["args"][0];
    }
    print "<pre>$entry\n". implode(" -> ", $functions) ."</pre>";
Dries's avatar
 
Dries committed
38 39 40
  }
}

Dries's avatar
 
Dries committed
41
function watchdog($type, $message, $link = NULL) {
Dries's avatar
 
Dries committed
42
  global $user;
Dries's avatar
 
Dries committed
43
  db_query("INSERT INTO {watchdog} (uid, type, message, link, location, hostname, timestamp) VALUES (%d, '%s', '%s', '%s', '%s', '%s', %d)", $user->uid, $type, $message, $link, request_uri(), getenv("REMOTE_ADDR"), time());
Dries's avatar
 
Dries committed
44 45 46 47
}

function throttle($type, $rate) {
  if (!user_access("access administration pages")) {
Dries's avatar
 
Dries committed
48
    if ($throttle = db_fetch_object(db_query("SELECT * FROM {watchdog} WHERE type = '$type' AND hostname = '". getenv("REMOTE_ADDR") ."' AND ". time() ." - timestamp < $rate"))) {
Dries's avatar
 
Dries committed
49 50 51 52 53 54 55 56 57
      watchdog("warning", "throttle: '". getenv("REMOTE_ADDR") ."' exceeded submission rate - $throttle->type");
      die(message_throttle());
    }
    else {
      watchdog($type, "throttle");
    }
  }
}

Dries's avatar
 
Dries committed
58 59
function check_php_setting($name, $value) {
  if (ini_get($name) != $value) {
Steven Wittens's avatar
Steven Wittens committed
60
    print "<p>Note that the value of PHP's configuration option <code><b>$name</b></code> is incorrect.  It should be set to '$value' for Drupal to work properly.  Either configure your webserver to support <code>.htaccess</code> files so Drupal's <code>.htaccess</code> file can set it to the proper value, or edit your <code>php.ini</code> file directly.  This message will automatically dissapear when the problem has been fixed.</p>";
Dries's avatar
 
Dries committed
61 62 63
  }
}

Dries's avatar
 
Dries committed
64 65 66 67 68
function arg($index) {

  static $arguments;

  if (empty($arguments)) {
Dries's avatar
 
Dries committed
69
    $arguments = explode("/", $_GET["q"]);
Dries's avatar
 
Dries committed
70 71 72 73 74
  }

  return $arguments[$index];
}

Dries's avatar
 
Dries committed
75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102
function array2object($node) {

  if (is_array($node)) {
    foreach ($node as $key => $value) {
      $object->$key = $value;
    }
  }
  else {
    $object = $node;
  }

  return $object;
}

function object2array($node) {

  if (is_object($node)) {
    foreach ($node as $key => $value) {
      $array[$key] = $value;
    }
  }
  else {
    $array = $node;
  }

  return $array;
}

Dries's avatar
 
Dries committed
103 104 105 106 107 108 109 110 111
function referer_uri() {

  if (isset($_SERVER["HTTP_REFERER"])) {
    $uri = $_SERVER["HTTP_REFERER"];

    return check_url($uri);
  }
}

Dries's avatar
 
Dries committed
112
function request_uri() {
Dries's avatar
 
Dries committed
113 114 115 116
  /*
  ** Since request_uri() is only available on Apache, we generate
  ** equivalent using other environment vars.
  */
Dries's avatar
 
Dries committed
117

Dries's avatar
 
Dries committed
118
  if (isset($_SERVER["REQUEST_URI"])) {
119
    $uri = $_SERVER["REQUEST_URI"];
Dries's avatar
 
Dries committed
120 121
  }
  else {
122
    $uri = $_SERVER["PHP_SELF"] ."?". $_SERVER["QUERY_STRING"];
Dries's avatar
 
Dries committed
123
  }
124

Dries's avatar
 
Dries committed
125
  return check_url($uri);
Dries's avatar
 
Dries committed
126 127
}

Dries's avatar
 
Dries committed
128
function message_access() {
Dries's avatar
 
Dries committed
129
  return t("You are not authorized to access this page.");
Dries's avatar
 
Dries committed
130 131 132 133 134 135 136 137 138 139
}

function message_na() {
  return t("n/a");
}

function message_throttle() {
  return t("You exceeded the maximum submission rate.  Please wait a few minutes and try again.");
}

Dries's avatar
 
Dries committed
140 141
function locale_init() {
  global $languages, $user;
Dries's avatar
 
Dries committed
142 143 144 145 146 147
  if ($user->uid && $languages[$user->language]) {
    return $user->language;
  }
  else {
    return key($languages);
  }
Dries's avatar
 
Dries committed
148 149
}

Dries's avatar
 
Dries committed
150
function t($string, $args = 0) {
Dries's avatar
 
Dries committed
151
  global $languages;
152

Dries's avatar
 
Dries committed
153 154 155 156 157 158 159
  /*
  ** About the usage of t().  We try to keep strings whole as much as
  ** possible and are unafraid of HTML markup within translation strings
  ** if necessary.  The suggested syntax for a link embedded within a
  ** translation string is for example:
  **
  ** $msg = t("You must login below or <a href=\"%url\">create a new
Dries's avatar
 
Dries committed
160 161
  **           account</a> before viewing the next page.", array("%url"
  **           => url("user/register")));
Dries's avatar
 
Dries committed
162 163
  */

164
  $string = ($languages && module_exist("locale") ? locale($string) : $string);
165

Dries's avatar
 
Dries committed
166 167
  if (!$args) {
    return $string;
Kjartan's avatar
Kjartan committed
168 169
  }
  else {
Dries's avatar
 
Dries committed
170 171
    return strtr($string, $args);
  }
Dries's avatar
 
Dries committed
172 173 174
}

function variable_init($conf = array()) {
Dries's avatar
 
Dries committed
175
  $result = db_query("SELECT * FROM {variable} ");
Dries's avatar
 
Dries committed
176 177
  while ($variable = db_fetch_object($result)) {
    if (!isset($conf[$variable->name])) {
Dries's avatar
 
Dries committed
178
      $conf[$variable->name] = unserialize($variable->value);
Dries's avatar
 
Dries committed
179 180 181 182 183 184
    }
  }

  return $conf;
}

185
function variable_get($name, $default) {
Dries's avatar
 
Dries committed
186 187 188 189 190 191 192 193
  global $conf;

  return isset($conf[$name]) ? $conf[$name] : $default;
}

function variable_set($name, $value) {
  global $conf;

Dries's avatar
 
Dries committed
194 195
  db_query("DELETE FROM {variable} WHERE name = '%s'", $name);
  db_query("INSERT INTO {variable} (name, value) VALUES ('%s', '%s')", $name, serialize($value));
Dries's avatar
 
Dries committed
196 197 198 199 200 201 202

  $conf[$name] = $value;
}

function variable_del($name) {
  global $conf;

Dries's avatar
 
Dries committed
203
  db_query("DELETE FROM {variable} WHERE name = '%s'", $name);
Dries's avatar
 
Dries committed
204 205 206 207

  unset($conf[$name]);
}

Dries's avatar
 
Dries committed
208
function drupal_specialchars($input, $quotes = ENT_NOQUOTES) {
Dries's avatar
 
Dries committed
209 210 211 212 213 214 215 216 217

  /*
  ** Note that we'd like to go 'htmlspecialchars($input, $quotes, "utf-8")'
  ** like the PHP manual tells us to, but we can't because there's a bug in
  ** PHP <4.3 that makes it mess up multibyte charsets if we specify the
  ** charset.  Change this later once we make PHP 4.3 a requirement.
  */

  return htmlspecialchars($input, $quotes);
Dries's avatar
 
Dries committed
218 219
}

Dries's avatar
 
Dries committed
220
function table_cell($cell, $header = 0) {
Dries's avatar
 
Dries committed
221
  if (is_array($cell)) {
Dries's avatar
 
Dries committed
222 223 224 225 226 227 228 229 230 231 232
    $data = $cell["data"];
    foreach ($cell as $key => $value) {
      if ($key != "data")  {
        $attributes .= " $key=\"$value\"";
      }
    }
  }
  else {
    $data = $cell;
  }

Dries's avatar
 
Dries committed
233
  if ($header) {
Dries's avatar
 
Dries committed
234 235 236 237 238 239 240 241 242 243 244
    $output = "<th$attributes>$data</th>";
  }
  else {
    $output = "<td$attributes>$data</td>";
  }

  return $output;
}

function table($header, $rows) {

245
  $output = "<table>\n";
Dries's avatar
 
Dries committed
246 247 248 249 250

  /*
  ** Emit the table header:
  */

Dries's avatar
 
Dries committed
251 252 253
  if (is_array($header)) {
    $output .= " <tr>";
    foreach ($header as $cell) {
Dries's avatar
 
Dries committed
254 255 256
      if (is_array($cell) && $cell["field"]) {
        $cell = tablesort($cell, $header);
      }
Dries's avatar
 
Dries committed
257 258
      $output .= table_cell($cell, 1);
    }
Dries's avatar
 
Dries committed
259
    $output .= " </tr>\n";
Dries's avatar
 
Dries committed
260 261 262 263 264 265
  }

  /*
  ** Emit the table rows:
  */

Dries's avatar
 
Dries committed
266 267 268 269 270 271 272 273
  if (is_array($rows)) {
    foreach ($rows as $number => $row) {
      if ($number % 2 == 1) {
        $output .= " <tr class=\"light\">";
      }
      else {
        $output .= " <tr class=\"dark\">";
      }
Dries's avatar
 
Dries committed
274

Dries's avatar
 
Dries committed
275 276 277
      foreach ($row as $cell) {
        $output .= table_cell($cell, 0);
      }
Dries's avatar
 
Dries committed
278
      $output .= " </tr>\n";
Dries's avatar
 
Dries committed
279 280 281
    }
  }

Dries's avatar
 
Dries committed
282
  $output .= "</table>\n";
Dries's avatar
 
Dries committed
283 284 285 286

  return $output;
}

287 288 289 290 291 292
/**
 * Verify the syntax of the given e-mail address.  Empty e-mail addresses
 * are allowed.  See RFC 2822 for details.
 *
 * @param $mail  a email address
 */
Dries's avatar
 
Dries committed
293
function valid_email_address($mail) {
294 295 296 297 298 299 300 301 302 303 304 305 306
  $user = '[a-zA-Z0-9_\-\.\+\^!#\$%&*+\/\=\?\`\|\{\}~\']+';
  $domain = '(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9]\.?)+';
  $ipv4 = '[0-9]{1,3}(\.[0-9]{1,3}){3}';
  $ipv6 = '[0-9a-fA-F]{1,4}(\:[0-9a-fA-F]{1,4}){7}';

  if (preg_match("/^$user@($domain|(\[($ipv4|$ipv6)\]))$/", $mail)) {
    return 1;
  }
  else {
    return 0;
  }
}

Dries's avatar
 
Dries committed
307 308 309 310 311 312 313 314 315 316 317 318 319 320 321
/**
 * Verify the syntax of the given URL.
 *
 * @param $url  an URL
 */
function valid_url($url) {

  if (preg_match("/^[a-zA-z0-9\/:_\-_\.]+$/", $url)) {
    return 1;
  }
  else {
    return 0;
  }
}

Kjartan's avatar
Kjartan committed
322 323 324 325
/**
 * Format a single result entry of a search query:
 *
 * @param $item  a single search result as returned by <module>_search of type
Dries's avatar
 
Dries committed
326
 *               array("count" => ..., "link" => ..., "title" => ...,
Kjartan's avatar
Kjartan committed
327 328 329
 *               "user" => ..., "date" => ..., "keywords" => ...)
 * @param $type  module type of this item
 */
Dries's avatar
 
Dries committed
330
function search_item($item, $type) {
Dries's avatar
 
Dries committed
331 332 333 334 335 336 337 338 339 340

  /*
  ** Modules may implement the "search_item" hook in order to overwrite
  ** the default function to display search results.
  */

  if (module_hook($type, "search_item")) {
    $output = module_invoke($type, "search_item", $item);
  }
  else {
Dries's avatar
 
Dries committed
341
    $output .= " <b><u><a href=\"". $item["link"] ."\">". $item["title"] ."</a></u></b><br />";
Dries's avatar
 
Dries committed
342 343 344
    $output .= " <small>$type ". ($item["user"] ? " - ". $item["user"] : "") ."". ($item["date"] ? " - ". format_date($item["date"], "small") : "") ."</small>";
    $output .= "<br /><br />";
  }
Dries's avatar
 
Dries committed
345 346 347 348

  return $output;
}

Kjartan's avatar
Kjartan committed
349 350 351 352
/**
 * Render a generic search form.
 *
 * "Generic" means "universal usable" - that is, usable not only from
Dries's avatar
 
Dries committed
353
 * 'site.com/search', but also as a simple seach box (without
Dries's avatar
 
Dries committed
354 355
 * "Restrict search to", help text, etc) from theme's header etc.
 * This means: provide options to only conditionally render certain
Kjartan's avatar
Kjartan committed
356 357
 * parts of this form.
 *
Dries's avatar
 
Dries committed
358
 * @param $action  Form action. Defaults to 'site.com/search'.
Dries's avatar
 
Dries committed
359
 * @param $keys   string containing keywords for the search.
Dries's avatar
 
Dries committed
360
 * @param $options != 0: Render additional form fields/text
Kjartan's avatar
Kjartan committed
361 362
 *                 ("Restrict search to", help text, etc).
 */
Dries's avatar
 
Dries committed
363
function search_form($action = NULL, $keys = NULL, $options = NULL) {
Dries's avatar
 
Dries committed
364 365

  if (!$action) {
Dries's avatar
 
Dries committed
366
    $action = url("search");
Dries's avatar
 
Dries committed
367 368
  }

Kjartan's avatar
Kjartan committed
369 370
  $output .= " <br /><input type=\"text\" size=\"50\" value=\"". check_form($keys) ."\" name=\"keys\" />";
  $output .= " <input type=\"submit\" value=\"". t("Search") ."\" />\n";
Dries's avatar
 
Dries committed
371 372 373 374 375 376 377

  if ($options != 0) {
    $output .= "<br />";
    $output .= t("Restrict search to") .": ";

    foreach (module_list() as $name) {
      if (module_hook($name, "search")) {
Kjartan's avatar
Kjartan committed
378
        $output .= " <input type=\"checkbox\" name=\"edit[type][$name]\" ". ($edit["type"][$name] ? " checked=\"checked\"" : "") ." /> ". t($name);
Dries's avatar
 
Dries committed
379 380 381 382
      }
    }
  }

Kjartan's avatar
Kjartan committed
383 384
  $form .= "<br />";

Dries's avatar
 
Dries committed
385 386 387 388
  return form($output, "post", $action);
}

/*
Kjartan's avatar
Kjartan committed
389 390
 * Collect the search results:
 */
Dries's avatar
 
Dries committed
391
function search_data($keys = NULL) {
Dries's avatar
 
Dries committed
392 393

  $edit = $_POST["edit"];
Dries's avatar
 
Dries committed
394

Dries's avatar
 
Dries committed
395
  if (isset($keys)) {
Dries's avatar
 
Dries committed
396
    foreach (module_list() as $name) {
Dries's avatar
 
Dries committed
397
      if (module_hook($name, "search") && (!$edit["type"] || $edit["type"][$name]) && ($result = module_invoke($name, "search", $keys))) {
Kjartan's avatar
Kjartan committed
398
        if ($name == "node" || $name == "comment") {
Dries's avatar
 
Dries committed
399
          $output .= "<p><b>". t("Matching ". $name ."s ranked in order of relevance") .":</b></p>";
Kjartan's avatar
Kjartan committed
400 401
        }
        else {
Dries's avatar
 
Dries committed
402
          $output .= "<p><b>". t("Matching ". $name ."s") .":</b></p>";
Kjartan's avatar
Kjartan committed
403
        }
Dries's avatar
 
Dries committed
404 405 406 407 408 409 410 411 412 413
        foreach ($result as $entry) {
          $output .= search_item($entry, $name);
        }
      }
    }
  }

  return $output;
}

Kjartan's avatar
Kjartan committed
414 415 416
/**
 * Display the search form and the resulting data.
 *
Dries's avatar
 
Dries committed
417
 * @param $type    If set, search only nodes of this type.
Kjartan's avatar
Kjartan committed
418
 *                 Otherwise, search all types.
Dries's avatar
 
Dries committed
419
 * @param $action  Form action. Defaults to 'site.com/search'.
Kjartan's avatar
Kjartan committed
420
 * @param $query   Query string. Defaults to global $keys.
Dries's avatar
 
Dries committed
421
 * @param $options != 0: Render additional form fields/text
Kjartan's avatar
Kjartan committed
422 423
 *                 ("Restrict search to", help text, etc).
 */
Dries's avatar
 
Dries committed
424
function search_type($type, $action = NULL, $keys = NULL, $options = NULL) {
Dries's avatar
 
Dries committed
425

Dries's avatar
 
Dries committed
426
  $_POST["edit"]["type"][$type] = "on";
Dries's avatar
 
Dries committed
427

Dries's avatar
 
Dries committed
428
  return search_form($action, $keys, $options) . "<br />". search_data($keys);
Dries's avatar
 
Dries committed
429 430
}

Dries's avatar
 
Dries committed
431

Dries's avatar
 
Dries committed
432 433
function drupal_goto($url) {

Dries's avatar
 
Dries committed
434 435 436
  /*
  ** Translate &amp; to simply &
  */
Dries's avatar
 
Dries committed
437

Dries's avatar
 
Dries committed
438
  $url = str_replace("&amp;", "&", $url);
Dries's avatar
 
Dries committed
439

Dries's avatar
 
Dries committed
440 441 442 443 444
  /*
  ** It is advised to use "drupal_goto()" instead of PHP's "header()" as
  ** "drupal_goto()" will append the user's session ID to the URI when PHP
  ** is compiled with "--enable-trans-sid".
  */
Dries's avatar
 
Dries committed
445
  if (!ini_get("session.use_trans_sid") || !session_id() || strstr($url, session_id())) {
Dries's avatar
 
Dries committed
446 447 448
    header("Location: $url");
  }
  else {
Dries's avatar
 
Dries committed
449 450 451 452 453 454 455 456
    $sid = session_name() . "=" . session_id();

    if (strstr($url, "?") && !strstr($url, $sid)) {
      header("Location: $url&". $sid);
    }
    else {
      header("Location: $url?". $sid);
    }
Dries's avatar
 
Dries committed
457 458 459 460
  }

  /*
  ** The "Location" header sends a REDIRECT status code to the http
Dries's avatar
 
Dries committed
461
  ** daemon.  In some cases this can go wrong, so we make sure none
Dries's avatar
 
Dries committed
462 463 464 465 466 467 468 469 470 471 472
  ** of the code /below/ gets executed when we redirect.
  */

  exit();
}

/*
** Stores the referer in a persistent variable:
*/

function referer_save() {
Dries's avatar
 
Dries committed
473 474
  if (!strstr(referer_uri(), request_uri())) {
    $_SESSION["referer"] = referer_uri();
Dries's avatar
 
Dries committed
475 476 477 478 479 480 481 482
  }
}

/*
** Restores the referer from a persistent variable:
*/

function referer_load() {
Dries's avatar
 
Dries committed
483 484
  if (isset($_SESSION["referer"])) {
    return $_SESSION["referer"];
Dries's avatar
 
Dries committed
485 486 487 488 489 490
  }
  else {
    return 0;
  }
}

491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553

/*
** Save a common file
*/
function drupal_file_save($file) {
  global $user;
  // TODO: extend to support filesystem storage
  if (variable_get("file_save", "database")) {
    if ($file->fid) {
      if ($file->tmp_name) {
        $data = fread(fopen($file->tmp_name, "rb"), $file->size);
        db_query("UPDATE {file} SET uid = %d, filename = '%s', type = '%s', size = %d, counter = %d, data = '%s', temporary = %d WHERE fid = %d", $file->uid, $file->filename, $file->type, $file->size, $file->counter, base64_encode($data), $file->temporary, $file->fid);
      }
      else {
        db_query("UPDATE {file} SET uid = %d, filename = '%s', type = '%s', size = %d, counter = %d, temporary = %d WHERE fid = %d", $file->uid, $file->filename, $file->type, $file->size, $file->counter, $file->temporary, $file->fid);
      }
    }
    else {
      if ($file->tmp_name) {
        $file->fid = db_next_id("file_fid");
        $data = fread(fopen($file->tmp_name, "rb"), $file->size);
        db_query("INSERT INTO {file} SET fid = %d, uid = %d, created = %d, filename = '%s', type = '%s', size = %d, counter = 0, data = '%s', temporary = %d", $file->fid, $user->uid, time(), $file->filename, $file->type, $file->size, base64_encode($data), $file->temporary);
      }
      else {
        return 0;
      }
    }
  }
  return $file->fid;
}

/*
** Load a common file
*/
function drupal_file_load($fid, $data = 0) {
  // TODO: extend to support filesystem storage
  if (variable_get("file_save", "database")) {
    if ($data) {
      $file = db_fetch_object(db_query("SELECT * FROM {file} WHERE fid = %d", $fid));
    }
    else {
      $file = db_fetch_object(db_query("SELECT fid, uid, filename, created, type, size, counter, temporary FROM {file} WHERE fid = %d", $fid));
    }

    if ($file->data) {
      $file->data = base64_decode($file->data);
    }
    return $file;
  }
}

/*
** Generate the HTTP headers and dump the data
*/
function drupal_file_send($fid) {
  if (($file = drupal_file_load($fid, 1))) {
    header("Content-type: $file->type");
    header("Content-length: $file->size");
    header("Content-Disposition: inline; filename=$file->filename");
    print $file->data;
  }
}

Dries's avatar
 
Dries committed
554
function valid_input_data($data) {
555

556
  if (is_array($data) || is_object($data)) {
557 558 559 560 561
    /*
    ** Form data can contain a number of nested arrays.
    */

    foreach ($data as $key => $value) {
Dries's avatar
 
Dries committed
562 563 564
      if (!valid_input_data($value)) {
        return 0;
      }
565 566 567 568 569 570 571
    }
  }
  else {
    /*
    ** Detect evil input data.
    */

Dries's avatar
Dries committed
572
    // check strings:
Dries's avatar
Dries committed
573
    $match  = preg_match("/\Wjavascript\s*:/i", $data);
Dries's avatar
Dries committed
574 575 576
    $match += preg_match("/\Wexpression\s*\(/i", $data);
    $match += preg_match("/\Walert\s*\(/i", $data);

577
    // check attributes:
Dries's avatar
Dries committed
578
    $match += preg_match("/\W(dynsrc|datasrc|data|lowsrc|on[a-z]+)\s*=[^>]+?>/i", $data);
Dries's avatar
 
Dries committed
579

580 581

    // check tags:
Dries's avatar
 
Dries committed
582
    $match += preg_match("/<\s*(applet|script|object|style|embed|form|blink|meta|html|frame|iframe|layer|ilayer|head|frameset|xml)/i", $data);
583 584 585

    if ($match) {
      watchdog("warning", "terminated request because of suspicious input data: ". drupal_specialchars($data));
Dries's avatar
 
Dries committed
586
      return 0;
587 588
    }
  }
Dries's avatar
 
Dries committed
589 590

  return 1;
591
}
Dries's avatar
 
Dries committed
592

593
function check_url($uri) {
Dries's avatar
 
Dries committed
594 595 596 597 598 599 600 601 602 603 604 605
  $uri = htmlspecialchars($uri, ENT_QUOTES);

  /*
  ** We replace ( and ) with their entity equivalents to prevent XSS
  ** attacks.
  */

  $uri = strtr($uri, array("(" => "&040;", ")" => "&041;"));

  return $uri;
}

Dries's avatar
 
Dries committed
606
function check_form($text) {
Dries's avatar
 
Dries committed
607
  return drupal_specialchars($text, ENT_QUOTES);
Dries's avatar
 
Dries committed
608 609
}

Dries's avatar
 
Dries committed
610
function check_query($text) {
Dries's avatar
 
Dries committed
611
  return addslashes($text);
Dries's avatar
 
Dries committed
612 613 614
}

function filter($text) {
Dries's avatar
 
Dries committed
615

Dries's avatar
 
Dries committed
616 617 618 619 620 621 622 623 624 625 626 627 628
  $modules = module_list();

  /*
  ** Make sure the HTML filters that are part of the node module
  ** are run first.
  */

  if (in_array("node", $modules)) {
    $text = module_invoke("node", "filter", $text);
  }

  foreach ($modules as $name) {
    if (module_hook($name, "filter") && $name != "node") {
Dries's avatar
 
Dries committed
629 630 631 632 633
      $text = module_invoke($name, "filter", $text);
    }
  }

  return $text;
Dries's avatar
 
Dries committed
634 635
}

Dries's avatar
 
Dries committed
636 637
function rewrite_old_urls($text) {

Dries's avatar
 
Dries committed
638 639 640 641
  global $base_url;

  $end = substr($base_url, 12);

Dries's avatar
 
Dries committed
642 643 644
  /*
  ** This is a *temporary* filter to rewrite old-style URLs to new-style
  ** URLs (clean URLs).  Currently, URLs are being rewritten dynamically
Dries's avatar
 
Dries committed
645 646
  ** (ie. "on output"), however when these rewrite rules have been tested
  ** enough, we will use them to permanently rewrite the links in node
Dries's avatar
 
Dries committed
647 648 649
  ** and comment bodies.
  */

Dries's avatar
 
Dries committed
650
  if (variable_get("clean_url", "0") == "0") {
Dries's avatar
 
Dries committed
651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666
    /*
    ** Relative URLs:
    */

    // rewrite 'node.php?id=<number>[&cid=<number>]' style URLs:
    $text = eregi_replace("\"(node)\.php\?id=([[:digit:]]+)(&cid=)?([[:digit:]]*)", "\"?q=\\1/view/\\2/\\4", $text);

    // rewrite 'module.php?mod=<name>{&<op>=<value>}' style URLs:
    $text = ereg_replace("\"module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "\"?q=\\2/\\4/\\6" , $text);
    $text = ereg_replace("\"module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "\"?q=\\2/\\4", $text);
    $text = ereg_replace("\"module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))", "\"?q=\\2", $text);

    /*
    ** Absolute URLs:
    */

Dries's avatar
 
Dries committed
667
    // rewrite 'node.php?id=<number>[&cid=<number>]' style URLs:
Dries's avatar
 
Dries committed
668
    $text = eregi_replace("$end/(node)\.php\?id=([[:digit:]]+)(&cid=)?([[:digit:]]*)", "$end/?q=\\1/view/\\2/\\4", $text);
Dries's avatar
 
Dries committed
669

Dries's avatar
 
Dries committed
670
    // rewrite 'module.php?mod=<name>{&<op>=<value>}' style URLs:
Dries's avatar
 
Dries committed
671 672 673
    $text = ereg_replace("$end/module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "$end/?q=\\2/\\4/\\6" , $text);
    $text = ereg_replace("$end/module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "$end/?q=\\2/\\4", $text);
    $text = ereg_replace("$end/module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))", "\"$end/?q=\\2", $text);
Dries's avatar
 
Dries committed
674 675
  }
  else {
Dries's avatar
 
Dries committed
676 677 678 679
    /*
    ** Relative URLs:
    */

Dries's avatar
 
Dries committed
680
    // rewrite 'node.php?id=<number>[&cid=<number>]' style URLs:
Dries's avatar
 
Dries committed
681
    $text = eregi_replace("\"(node)\.php\?id=([[:digit:]]+)(&cid=)?([[:digit:]]*)", "\"\\1/view/\\2/\\4", $text);
Dries's avatar
 
Dries committed
682 683

    // rewrite 'module.php?mod=<name>{&<op>=<value>}' style URLs:
Dries's avatar
 
Dries committed
684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699
    $text = ereg_replace("\"module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "\"\\2/\\4/\\6", $text);
    $text = ereg_replace("\"module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "\"\\2/\\4", $text);
    $text = ereg_replace("\"module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))", "\"\\2", $text);

    /*
    ** Absolute URLs:
    */

    // rewrite 'node.php?id=<number>[&cid=<number>]' style URLs:
    $text = eregi_replace("$end/(node)\.php\?id=([[:digit:]]+)(&cid=)?([[:digit:]]*)", "$end/\\1/view/\\2/\\4", $text);

    // rewrite 'module.php?mod=<name>{&<op>=<value>}' style URLs:
    $text = ereg_replace("$end/module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "$end/\\2/\\4/\\6", $text);
    $text = ereg_replace("$end/module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "$end/\\2/\\4", $text);
    $text = ereg_replace("$end/module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))", "$end/\\2", $text);
}
Dries's avatar
 
Dries committed
700

Dries's avatar
 
Dries committed
701 702 703
  return $text;
}

Dries's avatar
 
Dries committed
704
function check_output($text) {
Dries's avatar
 
Dries committed
705
  if (isset($text)) {
Dries's avatar
 
Dries committed
706 707 708 709
    // filter content on output:
    $text = filter($text);

    // get the line breaks right:
Dries's avatar
 
Dries committed
710
    if (strip_tags($text, "<a><i><b><u><tt><code><cite><strong><img>") == $text) {
Dries's avatar
 
Dries committed
711 712 713 714 715 716 717 718
      $text = nl2br($text);
    }
  }
  else {
    $text = message_na();
  }

  return $text;
Dries's avatar
 
Dries committed
719 720
}

721 722 723 724 725 726 727 728 729 730 731 732 733 734 735 736 737
/**
* Checks if a file is valid and correct.
*
* @param $name the name of the form_file item
* @param $type restrict to mime types
* @param $size restrict file size
* @param $paranoid flag to make sure file belongs to the current user
*
* @returns mixed file object, or error object, or false if there is no file
*/
function check_file($name, $type = "/.+/", $size = 0) {
  // Make sure we don't have a file stored temporarily
  if ($_POST["edit"]["__file"][$name]) {
    $file = drupal_file_load($_POST["edit"]["__file"][$name]);
    if (!$file->temporary) {
      unset($file);
    }
Dries's avatar
 
Dries committed
738
  }
739 740 741 742 743 744 745 746 747 748 749 750 751 752 753 754 755 756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 772 773 774 775 776

  // make sure $name exists in $_FILES
  if ($_FILES["edit"]["name"][$name]) {

    // populate $file object to make further testing simpler
    $file->filename = $_FILES["edit"]["name"][$name];
    $file->type = $_FILES["edit"]["type"][$name];
    $file->tmp_name = $_FILES["edit"]["tmp_name"][$name];
    $file->error = $_FILES["edit"]["error"][$name];
    $file->size = $_FILES["edit"]["size"][$name];

    if (!valid_input_data($file)) {
      $return->error = t("possible exploit abuse");
    }

    // make sure the file is a valid upload
    if (!is_uploaded_file($file->tmp_name) || $file->error == UPLOAD_ERR_PARTIAL || $file->error == UPLOAD_ERR_NO_FILE) {
      $return->error = t("invalid file upload");
    }

    // validate the file type uploaded
    if (!preg_match($type, $file->filename)) {
      $return->error = t("invalid file type");
    }

    // check the file size to make sure the file isn't too big
    if (($size && $file->size > $size) || $file->error == UPLOAD_ERR_INI_SIZE || $file->error == UPLOAD_ERR_FORM_SIZE) {
      $return->error = t("file size too big");
    }

    if (!$return->error) {
      $file->temporary = 1;
      $file->fid = drupal_file_save($file);
    }
  }

  if ($return->error) {
    return $return;
Dries's avatar
 
Dries committed
777
  }
778 779

  return $file ? $file : false;
Dries's avatar
 
Dries committed
780 781
}

Dries's avatar
 
Dries committed
782 783 784
function format_rss_channel($title, $link, $description, $items, $language = "en", $args = array()) {
  // arbitrary elements may be added using the $args associative array

Dries's avatar
 
Dries committed
785
  $output .= "<channel>\n";
Dries's avatar
 
Dries committed
786 787 788 789
  $output .= " <title>". drupal_specialchars(strip_tags($title)) ."</title>\n";
  $output .= " <link>". drupal_specialchars(strip_tags($link)) ."</link>\n";
  $output .= " <description>". drupal_specialchars($description) ."</description>\n";
  $output .= " <language>". drupal_specialchars(strip_tags($language)) ."</language>\n";
Dries's avatar
 
Dries committed
790
  foreach ($args as $key => $value) {
Dries's avatar
 
Dries committed
791
    $output .= " <$key>". drupal_specialchars(strip_tags($value)) ."</$key>\n";
Dries's avatar
 
Dries committed
792
  }
Dries's avatar
 
Dries committed
793 794 795 796 797 798
  $output .= $items;
  $output .= "</channel>\n";

  return $output;
}

Dries's avatar
 
Dries committed
799 800 801
function format_rss_item($title, $link, $description, $args = array()) {
  // arbitrary elements may be added using the $args associative array

Dries's avatar
 
Dries committed
802
  $output .= "<item>\n";
Dries's avatar
 
Dries committed
803 804 805
  $output .= " <title>". drupal_specialchars(strip_tags($title)) ."</title>\n";
  $output .= " <link>". drupal_specialchars(strip_tags($link)) ."</link>\n";
  $output .= " <description>". drupal_specialchars(check_output($description)) ."</description>\n";
Dries's avatar
 
Dries committed
806
  foreach ($args as $key => $value) {
Dries's avatar
 
Dries committed
807
    $output .= "<$key>". drupal_specialchars(strip_tags($value)) ."</$key>";
Dries's avatar
 
Dries committed
808
  }
Dries's avatar
 
Dries committed
809 810 811 812 813
  $output .= "</item>\n";

  return $output;
}

Dries's avatar
 
Dries committed
814 815 816 817 818 819 820 821 822 823 824 825 826 827
/**
 * Formats a string with a count of items so that the string is pluralized
 * correctly.
 * format_plural calls t() by itself, make sure not to pass already localized
 * strings to it.
 *
 * @param $count    The item count to display.
 * @param $singular The string for the singular case. Please make sure it's clear
 *                  this is singular, to ease translation. ("1 new comment" instead of
 *                  "1 new").
 * @param $plural   The string for the plrual case. Please make sure it's clear
 *                  this is plural, to ease translation. Use %count in places of the
 *                  item count, as in "%count new comments".
 */
Dries's avatar
 
Dries committed
828
function format_plural($count, $singular, $plural) {
Dries's avatar
 
Dries committed
829
  return t($count == 1 ? $singular : $plural, array("%count" => $count));
Dries's avatar
 
Dries committed
830 831 832
}

function format_size($size) {
Dries's avatar
 
Dries committed
833
  $suffix = t("bytes");
Dries's avatar
 
Dries committed
834 835
  if ($size > 1024) {
    $size = round($size / 1024, 2);
Dries's avatar
 
Dries committed
836
    $suffix = t("KB");
Dries's avatar
 
Dries committed
837 838 839
  }
  if ($size > 1024) {
    $size = round($size / 1024, 2);
Dries's avatar
 
Dries committed
840
    $suffix = t("MB");
Dries's avatar
 
Dries committed
841
  }
Dries's avatar
 
Dries committed
842
  return t("%size %suffix", array("%size" => $size, "%suffix" => $suffix));
Dries's avatar
 
Dries committed
843 844
}

Dries's avatar
 
Dries committed
845
function cache_get($key) {
Dries's avatar
 
Dries committed
846
  $cache = db_fetch_object(db_query("SELECT data, created FROM {cache} WHERE cid = '%s'", $key));
Dries's avatar
 
Dries committed
847
  return $cache->data ? $cache : 0;
Dries's avatar
 
Dries committed
848 849 850
}

function cache_set($cid, $data, $expire = 0) {
Dries's avatar
 
Dries committed
851 852
  if (db_fetch_object(db_query("SELECT cid FROM {cache} WHERE cid = '%s'", $cid))) {
    db_query("UPDATE {cache} SET data = '%s', created = %d, expire = %d WHERE cid = '%s'", $data, time(), $expire, $cid);
Dries's avatar
 
Dries committed
853 854
  }
  else {
Dries's avatar
 
Dries committed
855
    db_query("INSERT INTO {cache} (cid, data, created, expire) VALUES('%s', '%s', %d, %d)", $cid, $data, time(), $expire);
Dries's avatar
 
Dries committed
856
  }
Dries's avatar
 
Dries committed
857 858
}

Dries's avatar
 
Dries committed
859 860
function cache_clear_all($cid = NULL) {
  if (empty($cid)) {
Dries's avatar
 
Dries committed
861
    db_query("DELETE FROM {cache} WHERE expire <> 0");
Dries's avatar
 
Dries committed
862 863
  }
  else {
Dries's avatar
 
Dries committed
864
    db_query("DELETE FROM {cache} WHERE cid = '%s'", $cid);
Dries's avatar
 
Dries committed
865
  }
Dries's avatar
 
Dries committed
866 867 868
}

function page_set_cache() {
Dries's avatar
 
Dries committed
869
  global $user;
Dries's avatar
 
Dries committed
870

Dries's avatar
 
Dries committed
871
  if (!$user->uid && $_SERVER["REQUEST_METHOD"] == "GET") {
Dries's avatar
 
Dries committed
872
    if ($data = ob_get_contents()) {
Dries's avatar
 
Dries committed
873
      cache_set(request_uri(), $data, 1);
Dries's avatar
 
Dries committed
874 875 876 877
    }
  }
}

Dries's avatar
 
Dries committed
878
function page_get_cache() {
Dries's avatar
 
Dries committed
879
  global $user;
Dries's avatar
 
Dries committed
880

Dries's avatar
 
Dries committed
881 882
  $cache = NULL;

Dries's avatar
 
Dries committed
883
  if (!$user->uid && $_SERVER["REQUEST_METHOD"] == "GET") {
Dries's avatar
 
Dries committed
884 885 886
    $cache = cache_get(request_uri());

    if (empty($cache)) {
Dries's avatar
 
Dries committed
887
      ob_start();
Dries's avatar
 
Dries committed
888 889
    }
  }
Dries's avatar
 
Dries committed
890

Dries's avatar
 
Dries committed
891
  return $cache;
Dries's avatar
 
Dries committed
892 893 894
}

function format_interval($timestamp) {
Dries's avatar
 
Dries committed
895
  $units = array("1 year|%count years" => 31536000, "1 week|%count weeks" => 604800, "1 day|%count days" => 86400, "1 hour|%count hours" => 3600, "1 min|%count min" => 60, "1 sec|%count sec" => 1);
Kjartan's avatar
Kjartan committed
896
  foreach ($units as $key=>$value) {
Dries's avatar
 
Dries committed
897 898 899 900 901 902
    $key = explode("|", $key);
    if ($timestamp >= $value) {
      $output .= ($output ? " " : "") . format_plural(floor($timestamp / $value), $key[0], $key[1]);
      $timestamp %= $value;
    }
  }
Dries's avatar
 
Dries committed
903
  return ($output) ? $output : t("0 sec");
Dries's avatar
 
Dries committed
904 905 906 907 908
}

function format_date($timestamp, $type = "medium", $format = "") {
  global $user;

Kjartan's avatar
Kjartan committed
909
  $timestamp += ($user->timezone) ? $user->timezone - date("Z") : 0;
Dries's avatar
 
Dries committed
910 911 912

  switch ($type) {
    case "small":
Dries's avatar
 
Dries committed
913
      $date = date(variable_get("date_format_short", "m/d/Y - H:i"), $timestamp);
Dries's avatar
 
Dries committed
914 915
      break;
    case "medium":
916
      $date = date(variable_get("date_format_medium", "D, m/d/Y - H:i"), $timestamp);
Dries's avatar
 
Dries committed
917 918
      break;
    case "large":
919
      $date = date(variable_get("date_format_long", "l, F j, Y - H:i"), $timestamp);
Dries's avatar
 
Dries committed
920 921 922 923
      break;
    case "custom":
      for ($i = strlen($format); $i >= 0; $c = $format[--$i]) {
        if (strstr("DFlMSw", $c)) {
924
          $date = t(date($c, $timestamp)) . $date;
Dries's avatar
 
Dries committed
925
        }
Kjartan's avatar
Kjartan committed
926
        else if (strstr("AaBdgGhHiIjLmnOrstTUWYyZz", $c)) {
927
          $date = date($c, $timestamp) . $date;
Dries's avatar
 
Dries committed
928 929
        }
        else {
Kjartan's avatar
Kjartan committed
930
          $date = $c.$date;
Dries's avatar
 
Dries committed
931 932 933 934
        }
      }
      break;
    default:
935
      $date = date(variable_get("date_format_medium", "l, m/d/Y - H:i"), $timestamp);
Dries's avatar
 
Dries committed
936 937 938 939 940 941 942
  }
  return $date;
}

function format_name($object) {

  if ($object->uid && $object->name) {
Dries's avatar
Dries committed
943 944 945 946 947 948 949 950 951 952 953 954
    /*
    ** Shorten the name when it is too long or it will break many
    ** tables.
    */

    if (strlen($object->name) > 20) {
      $name = substr($object->name, 0, 15) ."...";
    }
    else {
      $name = $object->name;
    }

Dries's avatar
 
Dries committed
955
    if (arg(0) == "admin") {
Dries's avatar
Dries committed
956
      $output = l($name, "admin/user/edit/$object->uid", array("title" => t("Administer user profile.")));
Dries's avatar
 
Dries committed
957 958
    }
    else {
Dries's avatar
Dries committed
959
      $output = l($name, "user/view/$object->uid", array("title" => t("View user profile.")));
Dries's avatar
 
Dries committed
960
    }
Dries's avatar
 
Dries committed
961
  }
Dries's avatar
 
Dries committed
962 963 964 965 966 967 968 969 970 971
  else if ($object->name) {
    /*
    ** Sometimes modules display content composed by people who are
    ** not registers members of the site (i.e. mailing list or news
    ** aggregator modules).  This clause enables modules to display
    ** the true author of the content.
    */

    $output = $object->name;
  }
Dries's avatar
 
Dries committed
972
  else {
Dries's avatar
 
Dries committed
973
    $output = t(variable_get("anonymous", "Anonymous"));
Dries's avatar
 
Dries committed
974 975
  }

Dries's avatar
 
Dries committed
976
  return $output;
Dries's avatar
 
Dries committed
977 978 979
}

function form($form, $method = "post", $action = 0, $options = 0) {
Dries's avatar
 
Dries committed
980 981

  if (!$action) {
982
    $action = request_uri();
Dries's avatar
 
Dries committed
983
  }
984
  return "<form action=\"$action\" method=\"$method\"". drupal_attributes($options) .">\n$form\n</form>\n";
Dries's avatar
 
Dries committed
985 986 987
}

function form_item($title, $value, $description = 0) {
Dries's avatar
 
Dries committed
988
  return "<div class=\"form-item\">". ($title ? "<div class=\"title\">$title:</div>" : "") . $value . ($description ? "<div class=\"description\">$description</div>" : "") ."</div>\n";
Dries's avatar
 
Dries committed
989 990
}

991 992
function form_radio($title, $name, $value = 1, $checked = 0, $description = 0, $attributes = 0) {
  return form_item(0, "<input type=\"radio\" class=\"form-radio\" name=\"edit[$name]\" value=\"". $value ."\"". ($checked ? " checked=\"checked\"" : "") . drupal_attributes($attributes) ." /> $title", $description);
Dries's avatar
 
Dries committed
993 994
}

995 996
function form_checkbox($title, $name, $value = 1, $checked = 0, $description = 0, $attributes = 0) {
  return form_hidden($name, 0) . form_item(0, "<input type=\"checkbox\" class=\"form-checkbox\" name=\"edit[$name]\" value=\"". $value ."\"". ($checked ? " checked=\"checked\"" : "") . drupal_attributes($attributes) ." /> $title", $description);
Dries's avatar
 
Dries committed
997 998
}

999
function form_textfield($title, $name, $value, $size, $maxlength, $description = 0, $attributes = 0) {
Dries's avatar
 
Dries committed
1000
  $size = $size ? " size=\"$size\"" : "";
1001
  return form_item($title, "<input type=\"text\" maxlength=\"$maxlength\" class=\"form-text\" name=\"edit[$name]\"$size value=\"". check_form($value) ."\"". drupal_attributes($attributes) ." />", $description);
Dries's avatar
 
Dries committed
1002 1003
}

1004
function form_password($title, $name, $value, $size, $maxlength, $description = 0, $attributes = 0) {
Dries's avatar
 
Dries committed
1005
  $size = $size ? " size=\"$size\"" : "";
1006
  return form_item($title, "<input type=\"password\" class=\"form-password\" maxlength=\"$maxlength\" name=\"edit[$name]\"$size value=\"". check_form($value) ."\"". drupal_attributes($attributes) ." />", $description);
Dries's avatar
 
Dries committed
1007 1008
}

1009
function form_textarea($title, $name, $value, $cols, $rows, $description = 0, $attributes = 0) {
Dries's avatar
 
Dries committed
1010
  $cols = $cols ? " cols=\"$cols\"" : "";
Dries's avatar
 
Dries committed
1011
  module_invoke_all("textarea", $name);  // eg. optionally plug in a WYSIWYG editor
1012
  return form_item($title, "<textarea wrap=\"virtual\"$cols rows=\"$rows\" name=\"edit[$name]\" id=\"edit[$name]\"". drupal_attributes($attributes) .">". check_form($value) ."</textarea>", $description);
Dries's avatar
 
Dries committed
1013 1014
}

Dries's avatar
 
Dries committed
1015
function form_select($title, $name, $value, $options, $description = 0, $extra = 0, $multiple = 0) {
Dries's avatar
 
Dries committed
1016
  if (count($options) > 0) {
Kjartan's avatar
Kjartan committed
1017
    foreach ($options as $key=>$choice) {
1018
      $select .= "<option value=\"$key\"". (is_array($value) ? (in_array($key, $value) ? " selected=\"selected\"" : "") : ($value == $key ? " selected=\"selected\"" : "")) .">". check_form($choice) ."</option>";
Dries's avatar
 
Dries committed
1019
    }
Kjartan's avatar
Kjartan committed
1020
    return form_item($title, "<select name=\"edit[$name]". ($multiple ? "[]" : "") ."\"". ($multiple ? " multiple " : "") . ($extra ? " $extra" : "") .">$select</select>", $description);
Dries's avatar
 
Dries committed
1021 1022 1023
  }
}

Dries's avatar
 
Dries committed
1024 1025 1026 1027 1028 1029 1030 1031 1032
function form_radios($title, $name, $value, $options, $description = 0) {
  if (count($options) > 0) {
    foreach ($options as $key=>$choice) {
      $output .= form_radio($choice, $name, $key, ($key == $value));
    }
    return form_item($title, $output, $description);
  }
}

1033 1034 1035 1036 1037
function form_file($title, $name, $size, $description = 0, $fid = 0) {
  if ($fid) { // Include file upload in case of preview
    $extra = form_hidden("__file][$name", $fid);
  }
  return $extra . form_item($title, "<input type=\"file\" class=\"form-file\" name=\"edit[$name]\" size=\"$size\" />\n", $description);
Dries's avatar
 
Dries committed
1038 1039 1040 1041 1042 1043
}

function form_hidden($name, $value) {
  return "<input type=\"hidden\" name=\"edit[$name]\" value=\"". check_form($value) ."\" />\n";
}

1044
function form_submit($value, $name = "op", $attributes = 0) {
Dries's avatar
 
Dries committed
1045
  return "<input type=\"submit\" class=\"form-submit\" name=\"$name\" value=\"". check_form($value) ."\" />\n";
Dries's avatar
 
Dries committed
1046 1047
}

Dries's avatar
 
Dries committed
1048
function form_weight($title = NULL, $name = "weight", $value = 0, $delta = 10, $description = 0, $extra = 0) {
Dries's avatar
 
Dries committed
1049
  for ($n = (-1 * $delta); $n <= $delta; $n++) {
Dries's avatar
 
Dries committed
1050 1051 1052 1053 1054 1055
    $weights[$n] = $n;
  }

  return form_select($title, $name, $value, $weights, $description, $extra);
}

Dries's avatar
 
Dries committed
1056 1057 1058 1059
function form_allowed_tags_text() {
  return variable_get("allowed_html", "") ? (t("Allowed HTML tags") .": ". htmlspecialchars(variable_get("allowed_html", ""))) : "";
}

Dries's avatar
 
Dries committed
1060
function url($url = NULL, $query = NULL) {
Dries's avatar
 
Dries committed
1061
  global $base_url;
Dries's avatar
 
Dries committed
1062

Dries's avatar
 
Dries committed
1063 1064 1065 1066 1067 1068 1069 1070 1071 1072 1073
  static $script;

  if (empty($script)) {
    /*
    ** On some webservers such as IIS we can't omit "index.php".  As such we
    ** generate "index.php?q=foo" instead of "?q=foo" on anything that is not
    ** Apache.
    */
    $script = (strpos($_SERVER["SERVER_SOFTWARE"], "Apache") === false) ? "index.php" : "";
  }

Dries's avatar
 
Dries committed
1074
  if (variable_get("clean_url", "0") == "0") {
Dries's avatar
 
Dries committed
1075 1076
    if (isset($url)) {
      if (isset($query)) {
Dries's avatar
 
Dries committed
1077
        return "$base_url/$script?q=$url&amp;$query";
Dries's avatar
 
Dries committed
1078 1079
      }
      else {
Dries's avatar
 
Dries committed
1080
        return "$base_url/$script?q=$url";
Dries's avatar
 
Dries committed
1081
      }
Dries's avatar
 
Dries committed
1082 1083
    }
    else {
Dries's avatar
 
Dries committed
1084
      if (isset($query)) {
Dries's avatar
 
Dries committed
1085
        return "$base_url/$script?$query";
Dries's avatar
 
Dries committed
1086 1087
      }
      else {
Dries's avatar
 
Dries committed
1088
        return "$base_url/";
Dries's avatar
 
Dries committed
1089
      }
Dries's avatar
 
Dries committed
1090 1091 1092
    }
  }
  else {
Dries's avatar
 
Dries committed
1093 1094
    if (isset($url)) {
      if (isset($query)) {
Dries's avatar
 
Dries committed
1095
        return "$base_url/$url?$query";
Dries's avatar
 
Dries committed
1096 1097
      }
      else {
Dries's avatar
 
Dries committed
1098
        return "$base_url/$url";
Dries's avatar
 
Dries committed
1099
      }
Dries's avatar
 
Dries committed
1100
    }
Dries's avatar
 
Dries committed
1101
    else {
Dries's avatar
 
Dries committed
1102
      if (isset($query)) {
Dries's avatar
 
Dries committed
1103
        return "$base_url/$script?$query";
Dries's avatar
 
Dries committed
1104 1105
      }
      else {
Dries's avatar
 
Dries committed
1106
        return "$base_url/";
Dries's avatar
 
Dries committed
1107
      }
Dries's avatar
 
Dries committed
1108
    }
Dries's avatar
 
Dries committed
1109
  }
Dries's avatar
 
Dries committed
1110 1111
}

1112 1113 1114 1115 1116