common.inc 36.4 KB
Newer Older
Dries's avatar
   
Dries committed
1
2
3
4
5
6
7
8
9
10
11
<?php
// $Id$

function conf_init() {

  /*
  ** Try finding a matching configuration file by stripping the website's
  ** URI from left to right.  If no configuration file is found, return a
  ** default value 'conf'.
  */

Dries's avatar
   
Dries committed
12
  $uri = $_SERVER["PHP_SELF"];
Dries's avatar
   
Dries committed
13

Dries's avatar
   
Dries committed
14
  $file = strtolower(strtr($_SERVER["HTTP_HOST"] . substr($uri, 0, strrpos($uri, "/")), "/:", ".."));
Dries's avatar
   
Dries committed
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30

  while (strlen($file) > 4) {
    if (file_exists("includes/$file.php")) {
      return $file;
    }
    else {
      $file = substr($file, strpos($file, ".") + 1);
    }
  }

  return "conf";
}

function error_handler($errno, $message, $filename, $line, $variables) {
  $types = array(1 => "error", 2 => "warning", 4 => "parse error", 8 => "notice", 16 => "core error", 32 => "core warning", 64 => "compile error", 128 => "compile warning", 256 => "user error", 512 => "user warning", 1024 => "user notice");
  $entry = $types[$errno] .": $message in $filename on line $line.";
Dries's avatar
   
Dries committed
31
32

  if ($errno & E_ALL ^ E_NOTICE) {
Dries's avatar
   
Dries committed
33
    watchdog("error", $types[$errno] .": $message in $filename on line $line.");
34
35
36
37
    foreach (debug_backtrace() as $trace) {
      $functions[] = "$trace[function] ($trace[file]:$trace[line])" . $trace["args"][0];
    }
    print "<pre>$entry\n". implode(" -> ", $functions) ."</pre>";
Dries's avatar
   
Dries committed
38
39
40
  }
}

Dries's avatar
   
Dries committed
41
function watchdog($type, $message, $link = NULL) {
Dries's avatar
   
Dries committed
42
  global $user;
Dries's avatar
   
Dries committed
43
  db_query("INSERT INTO {watchdog} (uid, type, message, link, location, hostname, timestamp) VALUES (%d, '%s', '%s', '%s', '%s', '%s', %d)", $user->uid, $type, $message, $link, request_uri(), getenv("REMOTE_ADDR"), time());
Dries's avatar
   
Dries committed
44
45
46
47
}

function throttle($type, $rate) {
  if (!user_access("access administration pages")) {
Dries's avatar
   
Dries committed
48
    if ($throttle = db_fetch_object(db_query("SELECT * FROM {watchdog} WHERE type = '$type' AND hostname = '". getenv("REMOTE_ADDR") ."' AND ". time() ." - timestamp < $rate"))) {
Dries's avatar
   
Dries committed
49
50
51
52
53
54
55
56
57
      watchdog("warning", "throttle: '". getenv("REMOTE_ADDR") ."' exceeded submission rate - $throttle->type");
      die(message_throttle());
    }
    else {
      watchdog($type, "throttle");
    }
  }
}

Dries's avatar
   
Dries committed
58
59
function check_php_setting($name, $value) {
  if (ini_get($name) != $value) {
Steven Wittens's avatar
Steven Wittens committed
60
    print "<p>Note that the value of PHP's configuration option <code><b>$name</b></code> is incorrect.  It should be set to '$value' for Drupal to work properly.  Either configure your webserver to support <code>.htaccess</code> files so Drupal's <code>.htaccess</code> file can set it to the proper value, or edit your <code>php.ini</code> file directly.  This message will automatically dissapear when the problem has been fixed.</p>";
Dries's avatar
   
Dries committed
61
62
63
  }
}

Dries's avatar
   
Dries committed
64
65
66
67
68
function arg($index) {

  static $arguments;

  if (empty($arguments)) {
Dries's avatar
   
Dries committed
69
    $arguments = explode("/", $_GET["q"]);
Dries's avatar
   
Dries committed
70
71
72
73
74
  }

  return $arguments[$index];
}

Dries's avatar
   
Dries committed
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
function array2object($node) {

  if (is_array($node)) {
    foreach ($node as $key => $value) {
      $object->$key = $value;
    }
  }
  else {
    $object = $node;
  }

  return $object;
}

function object2array($node) {

  if (is_object($node)) {
    foreach ($node as $key => $value) {
      $array[$key] = $value;
    }
  }
  else {
    $array = $node;
  }

  return $array;
}

Dries's avatar
   
Dries committed
103
104
105
106
107
108
109
110
111
function referer_uri() {

  if (isset($_SERVER["HTTP_REFERER"])) {
    $uri = $_SERVER["HTTP_REFERER"];

    return check_url($uri);
  }
}

Dries's avatar
   
Dries committed
112
function request_uri() {
Dries's avatar
   
Dries committed
113
114
115
116
  /*
  ** Since request_uri() is only available on Apache, we generate
  ** equivalent using other environment vars.
  */
Dries's avatar
   
Dries committed
117

Dries's avatar
   
Dries committed
118
  if (isset($_SERVER["REQUEST_URI"])) {
119
    $uri = $_SERVER["REQUEST_URI"];
Dries's avatar
   
Dries committed
120
121
  }
  else {
122
    $uri = $_SERVER["PHP_SELF"] ."?". $_SERVER["QUERY_STRING"];
Dries's avatar
   
Dries committed
123
  }
124

Dries's avatar
   
Dries committed
125
  return check_url($uri);
Dries's avatar
   
Dries committed
126
127
}

Dries's avatar
   
Dries committed
128
function message_access() {
Dries's avatar
   
Dries committed
129
  return t("You are not authorized to access this page.");
Dries's avatar
   
Dries committed
130
131
132
133
134
135
136
137
138
139
}

function message_na() {
  return t("n/a");
}

function message_throttle() {
  return t("You exceeded the maximum submission rate.  Please wait a few minutes and try again.");
}

Dries's avatar
   
Dries committed
140
141
function locale_init() {
  global $languages, $user;
Dries's avatar
   
Dries committed
142
143
144
145
146
147
  if ($user->uid && $languages[$user->language]) {
    return $user->language;
  }
  else {
    return key($languages);
  }
Dries's avatar
   
Dries committed
148
149
}

Dries's avatar
   
Dries committed
150
function t($string, $args = 0) {
Dries's avatar
   
Dries committed
151
  global $languages;
152

Dries's avatar
   
Dries committed
153
154
155
156
157
158
159
  /*
  ** About the usage of t().  We try to keep strings whole as much as
  ** possible and are unafraid of HTML markup within translation strings
  ** if necessary.  The suggested syntax for a link embedded within a
  ** translation string is for example:
  **
  ** $msg = t("You must login below or <a href=\"%url\">create a new
Dries's avatar
   
Dries committed
160
161
  **           account</a> before viewing the next page.", array("%url"
  **           => url("user/register")));
Dries's avatar
   
Dries committed
162
163
  */

164
  $string = ($languages && module_exist("locale") ? locale($string) : $string);
165

Dries's avatar
   
Dries committed
166
167
  if (!$args) {
    return $string;
Kjartan's avatar
Kjartan committed
168
169
  }
  else {
Dries's avatar
   
Dries committed
170
171
    return strtr($string, $args);
  }
Dries's avatar
   
Dries committed
172
173
174
}

function variable_init($conf = array()) {
Dries's avatar
   
Dries committed
175
  $result = db_query("SELECT * FROM {variable} ");
Dries's avatar
   
Dries committed
176
177
  while ($variable = db_fetch_object($result)) {
    if (!isset($conf[$variable->name])) {
Dries's avatar
   
Dries committed
178
      $conf[$variable->name] = unserialize($variable->value);
Dries's avatar
   
Dries committed
179
180
181
182
183
184
    }
  }

  return $conf;
}

185
function variable_get($name, $default) {
Dries's avatar
   
Dries committed
186
187
188
189
190
191
192
193
  global $conf;

  return isset($conf[$name]) ? $conf[$name] : $default;
}

function variable_set($name, $value) {
  global $conf;

Dries's avatar
   
Dries committed
194
195
  db_query("DELETE FROM {variable} WHERE name = '%s'", $name);
  db_query("INSERT INTO {variable} (name, value) VALUES ('%s', '%s')", $name, serialize($value));
Dries's avatar
   
Dries committed
196
197
198
199
200
201
202

  $conf[$name] = $value;
}

function variable_del($name) {
  global $conf;

Dries's avatar
   
Dries committed
203
  db_query("DELETE FROM {variable} WHERE name = '%s'", $name);
Dries's avatar
   
Dries committed
204
205
206
207

  unset($conf[$name]);
}

Dries's avatar
   
Dries committed
208
function drupal_specialchars($input, $quotes = ENT_NOQUOTES) {
Dries's avatar
   
Dries committed
209
210
211
212
213
214
215
216
217

  /*
  ** Note that we'd like to go 'htmlspecialchars($input, $quotes, "utf-8")'
  ** like the PHP manual tells us to, but we can't because there's a bug in
  ** PHP <4.3 that makes it mess up multibyte charsets if we specify the
  ** charset.  Change this later once we make PHP 4.3 a requirement.
  */

  return htmlspecialchars($input, $quotes);
Dries's avatar
   
Dries committed
218
219
}

Dries's avatar
   
Dries committed
220
function table_cell($cell, $header = 0) {
Dries's avatar
   
Dries committed
221
  if (is_array($cell)) {
Dries's avatar
   
Dries committed
222
223
224
225
226
227
228
229
230
231
232
    $data = $cell["data"];
    foreach ($cell as $key => $value) {
      if ($key != "data")  {
        $attributes .= " $key=\"$value\"";
      }
    }
  }
  else {
    $data = $cell;
  }

Dries's avatar
   
Dries committed
233
  if ($header) {
Dries's avatar
   
Dries committed
234
235
236
237
238
239
240
241
242
243
244
    $output = "<th$attributes>$data</th>";
  }
  else {
    $output = "<td$attributes>$data</td>";
  }

  return $output;
}

function table($header, $rows) {

245
  $output = "<table>\n";
Dries's avatar
   
Dries committed
246
247
248
249
250

  /*
  ** Emit the table header:
  */

Dries's avatar
   
Dries committed
251
252
253
  if (is_array($header)) {
    $output .= " <tr>";
    foreach ($header as $cell) {
Dries's avatar
   
Dries committed
254
255
256
      if (is_array($cell) && $cell["field"]) {
        $cell = tablesort($cell, $header);
      }
Dries's avatar
   
Dries committed
257
258
      $output .= table_cell($cell, 1);
    }
Dries's avatar
   
Dries committed
259
    $output .= " </tr>\n";
Dries's avatar
   
Dries committed
260
261
262
263
264
265
  }

  /*
  ** Emit the table rows:
  */

Dries's avatar
   
Dries committed
266
267
268
269
270
271
272
273
  if (is_array($rows)) {
    foreach ($rows as $number => $row) {
      if ($number % 2 == 1) {
        $output .= " <tr class=\"light\">";
      }
      else {
        $output .= " <tr class=\"dark\">";
      }
Dries's avatar
   
Dries committed
274

Dries's avatar
   
Dries committed
275
276
277
      foreach ($row as $cell) {
        $output .= table_cell($cell, 0);
      }
Dries's avatar
   
Dries committed
278
      $output .= " </tr>\n";
Dries's avatar
   
Dries committed
279
280
281
    }
  }

Dries's avatar
   
Dries committed
282
  $output .= "</table>\n";
Dries's avatar
   
Dries committed
283
284
285
286

  return $output;
}

287
288
289
290
291
292
/**
 * Verify the syntax of the given e-mail address.  Empty e-mail addresses
 * are allowed.  See RFC 2822 for details.
 *
 * @param $mail  a email address
 */
Dries's avatar
   
Dries committed
293
function valid_email_address($mail) {
294
295
296
297
298
299
300
301
302
303
304
305
306
  $user = '[a-zA-Z0-9_\-\.\+\^!#\$%&*+\/\=\?\`\|\{\}~\']+';
  $domain = '(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9]\.?)+';
  $ipv4 = '[0-9]{1,3}(\.[0-9]{1,3}){3}';
  $ipv6 = '[0-9a-fA-F]{1,4}(\:[0-9a-fA-F]{1,4}){7}';

  if (preg_match("/^$user@($domain|(\[($ipv4|$ipv6)\]))$/", $mail)) {
    return 1;
  }
  else {
    return 0;
  }
}

Dries's avatar
   
Dries committed
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
/**
 * Verify the syntax of the given URL.
 *
 * @param $url  an URL
 */
function valid_url($url) {

  if (preg_match("/^[a-zA-z0-9\/:_\-_\.]+$/", $url)) {
    return 1;
  }
  else {
    return 0;
  }
}

Kjartan's avatar
Kjartan committed
322
323
324
325
/**
 * Format a single result entry of a search query:
 *
 * @param $item  a single search result as returned by <module>_search of type
Dries's avatar
   
Dries committed
326
 *               array("count" => ..., "link" => ..., "title" => ...,
Kjartan's avatar
Kjartan committed
327
328
329
 *               "user" => ..., "date" => ..., "keywords" => ...)
 * @param $type  module type of this item
 */
Dries's avatar
   
Dries committed
330
function search_item($item, $type) {
Dries's avatar
   
Dries committed
331
332
333
334
335
336
337
338
339
340

  /*
  ** Modules may implement the "search_item" hook in order to overwrite
  ** the default function to display search results.
  */

  if (module_hook($type, "search_item")) {
    $output = module_invoke($type, "search_item", $item);
  }
  else {
Dries's avatar
   
Dries committed
341
    $output .= " <b><u><a href=\"". $item["link"] ."\">". $item["title"] ."</a></u></b><br />";
Dries's avatar
   
Dries committed
342
343
344
    $output .= " <small>$type ". ($item["user"] ? " - ". $item["user"] : "") ."". ($item["date"] ? " - ". format_date($item["date"], "small") : "") ."</small>";
    $output .= "<br /><br />";
  }
Dries's avatar
   
Dries committed
345
346
347
348

  return $output;
}

Kjartan's avatar
Kjartan committed
349
350
351
352
/**
 * Render a generic search form.
 *
 * "Generic" means "universal usable" - that is, usable not only from
Dries's avatar
   
Dries committed
353
 * 'site.com/search', but also as a simple seach box (without
Dries's avatar
   
Dries committed
354
355
 * "Restrict search to", help text, etc) from theme's header etc.
 * This means: provide options to only conditionally render certain
Kjartan's avatar
Kjartan committed
356
357
 * parts of this form.
 *
Dries's avatar
   
Dries committed
358
 * @param $action  Form action. Defaults to 'site.com/search'.
Dries's avatar
   
Dries committed
359
 * @param $keys   string containing keywords for the search.
Dries's avatar
   
Dries committed
360
 * @param $options != 0: Render additional form fields/text
Kjartan's avatar
Kjartan committed
361
362
 *                 ("Restrict search to", help text, etc).
 */
Dries's avatar
   
Dries committed
363
function search_form($action = NULL, $keys = NULL, $options = NULL) {
Dries's avatar
   
Dries committed
364
365

  if (!$action) {
Dries's avatar
   
Dries committed
366
    $action = url("search");
Dries's avatar
   
Dries committed
367
368
  }

Kjartan's avatar
Kjartan committed
369
370
  $output .= " <br /><input type=\"text\" size=\"50\" value=\"". check_form($keys) ."\" name=\"keys\" />";
  $output .= " <input type=\"submit\" value=\"". t("Search") ."\" />\n";
Dries's avatar
   
Dries committed
371
372
373
374
375
376
377

  if ($options != 0) {
    $output .= "<br />";
    $output .= t("Restrict search to") .": ";

    foreach (module_list() as $name) {
      if (module_hook($name, "search")) {
Kjartan's avatar
Kjartan committed
378
        $output .= " <input type=\"checkbox\" name=\"edit[type][$name]\" ". ($edit["type"][$name] ? " checked=\"checked\"" : "") ." /> ". t($name);
Dries's avatar
   
Dries committed
379
380
381
382
      }
    }
  }

Kjartan's avatar
Kjartan committed
383
384
  $form .= "<br />";

Dries's avatar
   
Dries committed
385
386
387
388
  return form($output, "post", $action);
}

/*
Kjartan's avatar
Kjartan committed
389
390
 * Collect the search results:
 */
Dries's avatar
   
Dries committed
391
function search_data($keys = NULL) {
Dries's avatar
   
Dries committed
392
393

  $edit = $_POST["edit"];
Dries's avatar
   
Dries committed
394

Dries's avatar
   
Dries committed
395
  if (isset($keys)) {
Dries's avatar
   
Dries committed
396
    foreach (module_list() as $name) {
Dries's avatar
   
Dries committed
397
      if (module_hook($name, "search") && (!$edit["type"] || $edit["type"][$name]) && ($result = module_invoke($name, "search", $keys))) {
Kjartan's avatar
Kjartan committed
398
        if ($name == "node" || $name == "comment") {
Dries's avatar
   
Dries committed
399
          $output .= "<p><b>". t("Matching ". $name ."s ranked in order of relevance") .":</b></p>";
Kjartan's avatar
Kjartan committed
400
401
        }
        else {
Dries's avatar
   
Dries committed
402
          $output .= "<p><b>". t("Matching ". $name ."s") .":</b></p>";
Kjartan's avatar
Kjartan committed
403
        }
Dries's avatar
   
Dries committed
404
405
406
407
408
409
410
411
412
413
        foreach ($result as $entry) {
          $output .= search_item($entry, $name);
        }
      }
    }
  }

  return $output;
}

Kjartan's avatar
Kjartan committed
414
415
416
/**
 * Display the search form and the resulting data.
 *
Dries's avatar
   
Dries committed
417
 * @param $type    If set, search only nodes of this type.
Kjartan's avatar
Kjartan committed
418
 *                 Otherwise, search all types.
Dries's avatar
   
Dries committed
419
 * @param $action  Form action. Defaults to 'site.com/search'.
Kjartan's avatar
Kjartan committed
420
 * @param $query   Query string. Defaults to global $keys.
Dries's avatar
   
Dries committed
421
 * @param $options != 0: Render additional form fields/text
Kjartan's avatar
Kjartan committed
422
423
 *                 ("Restrict search to", help text, etc).
 */
Dries's avatar
   
Dries committed
424
function search_type($type, $action = NULL, $keys = NULL, $options = NULL) {
Dries's avatar
   
Dries committed
425

Dries's avatar
   
Dries committed
426
  $_POST["edit"]["type"][$type] = "on";
Dries's avatar
   
Dries committed
427

Dries's avatar
   
Dries committed
428
  return search_form($action, $keys, $options) . "<br />". search_data($keys);
Dries's avatar
   
Dries committed
429
430
}

Dries's avatar
   
Dries committed
431

Dries's avatar
   
Dries committed
432
433
function drupal_goto($url) {

Dries's avatar
   
Dries committed
434
435
436
  /*
  ** Translate &amp; to simply &
  */
Dries's avatar
   
Dries committed
437

Dries's avatar
   
Dries committed
438
  $url = str_replace("&amp;", "&", $url);
Dries's avatar
   
Dries committed
439

Dries's avatar
   
Dries committed
440
441
442
443
444
  /*
  ** It is advised to use "drupal_goto()" instead of PHP's "header()" as
  ** "drupal_goto()" will append the user's session ID to the URI when PHP
  ** is compiled with "--enable-trans-sid".
  */
Dries's avatar
   
Dries committed
445
  if (!ini_get("session.use_trans_sid") || !session_id() || strstr($url, session_id())) {
Dries's avatar
   
Dries committed
446
447
448
    header("Location: $url");
  }
  else {
Dries's avatar
   
Dries committed
449
450
451
452
453
454
455
456
    $sid = session_name() . "=" . session_id();

    if (strstr($url, "?") && !strstr($url, $sid)) {
      header("Location: $url&". $sid);
    }
    else {
      header("Location: $url?". $sid);
    }
Dries's avatar
   
Dries committed
457
458
459
460
  }

  /*
  ** The "Location" header sends a REDIRECT status code to the http
Dries's avatar
   
Dries committed
461
  ** daemon.  In some cases this can go wrong, so we make sure none
Dries's avatar
   
Dries committed
462
463
464
465
466
467
468
469
470
471
472
  ** of the code /below/ gets executed when we redirect.
  */

  exit();
}

/*
** Stores the referer in a persistent variable:
*/

function referer_save() {
Dries's avatar
   
Dries committed
473
474
  if (!strstr(referer_uri(), request_uri())) {
    $_SESSION["referer"] = referer_uri();
Dries's avatar
   
Dries committed
475
476
477
478
479
480
481
482
  }
}

/*
** Restores the referer from a persistent variable:
*/

function referer_load() {
Dries's avatar
   
Dries committed
483
484
  if (isset($_SESSION["referer"])) {
    return $_SESSION["referer"];
Dries's avatar
   
Dries committed
485
486
487
488
489
490
  }
  else {
    return 0;
  }
}

491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553

/*
** Save a common file
*/
function drupal_file_save($file) {
  global $user;
  // TODO: extend to support filesystem storage
  if (variable_get("file_save", "database")) {
    if ($file->fid) {
      if ($file->tmp_name) {
        $data = fread(fopen($file->tmp_name, "rb"), $file->size);
        db_query("UPDATE {file} SET uid = %d, filename = '%s', type = '%s', size = %d, counter = %d, data = '%s', temporary = %d WHERE fid = %d", $file->uid, $file->filename, $file->type, $file->size, $file->counter, base64_encode($data), $file->temporary, $file->fid);
      }
      else {
        db_query("UPDATE {file} SET uid = %d, filename = '%s', type = '%s', size = %d, counter = %d, temporary = %d WHERE fid = %d", $file->uid, $file->filename, $file->type, $file->size, $file->counter, $file->temporary, $file->fid);
      }
    }
    else {
      if ($file->tmp_name) {
        $file->fid = db_next_id("file_fid");
        $data = fread(fopen($file->tmp_name, "rb"), $file->size);
        db_query("INSERT INTO {file} SET fid = %d, uid = %d, created = %d, filename = '%s', type = '%s', size = %d, counter = 0, data = '%s', temporary = %d", $file->fid, $user->uid, time(), $file->filename, $file->type, $file->size, base64_encode($data), $file->temporary);
      }
      else {
        return 0;
      }
    }
  }
  return $file->fid;
}

/*
** Load a common file
*/
function drupal_file_load($fid, $data = 0) {
  // TODO: extend to support filesystem storage
  if (variable_get("file_save", "database")) {
    if ($data) {
      $file = db_fetch_object(db_query("SELECT * FROM {file} WHERE fid = %d", $fid));
    }
    else {
      $file = db_fetch_object(db_query("SELECT fid, uid, filename, created, type, size, counter, temporary FROM {file} WHERE fid = %d", $fid));
    }

    if ($file->data) {
      $file->data = base64_decode($file->data);
    }
    return $file;
  }
}

/*
** Generate the HTTP headers and dump the data
*/
function drupal_file_send($fid) {
  if (($file = drupal_file_load($fid, 1))) {
    header("Content-type: $file->type");
    header("Content-length: $file->size");
    header("Content-Disposition: inline; filename=$file->filename");
    print $file->data;
  }
}

Dries's avatar
   
Dries committed
554
function valid_input_data($data) {
555

556
  if (is_array($data) || is_object($data)) {
557
558
559
560
561
    /*
    ** Form data can contain a number of nested arrays.
    */

    foreach ($data as $key => $value) {
Dries's avatar
   
Dries committed
562
563
564
      if (!valid_input_data($value)) {
        return 0;
      }
565
566
567
568
569
570
571
    }
  }
  else {
    /*
    ** Detect evil input data.
    */

Dries's avatar
Dries committed
572
    // check strings:
Dries's avatar
Dries committed
573
    $match  = preg_match("/\Wjavascript\s*:/i", $data);
Dries's avatar
Dries committed
574
575
576
    $match += preg_match("/\Wexpression\s*\(/i", $data);
    $match += preg_match("/\Walert\s*\(/i", $data);

577
    // check attributes:
Dries's avatar
Dries committed
578
    $match += preg_match("/\W(dynsrc|datasrc|data|lowsrc|on[a-z]+)\s*=[^>]+?>/i", $data);
Dries's avatar
   
Dries committed
579

580
581

    // check tags:
Dries's avatar
   
Dries committed
582
    $match += preg_match("/<\s*(applet|script|object|style|embed|form|blink|meta|html|frame|iframe|layer|ilayer|head|frameset|xml)/i", $data);
583
584
585

    if ($match) {
      watchdog("warning", "terminated request because of suspicious input data: ". drupal_specialchars($data));
Dries's avatar
   
Dries committed
586
      return 0;
587
588
    }
  }
Dries's avatar
   
Dries committed
589
590

  return 1;
591
}
Dries's avatar
   
Dries committed
592

593
function check_url($uri) {
Dries's avatar
   
Dries committed
594
595
596
597
598
599
600
601
602
603
604
605
  $uri = htmlspecialchars($uri, ENT_QUOTES);

  /*
  ** We replace ( and ) with their entity equivalents to prevent XSS
  ** attacks.
  */

  $uri = strtr($uri, array("(" => "&040;", ")" => "&041;"));

  return $uri;
}

Dries's avatar
   
Dries committed
606
function check_form($text) {
Dries's avatar
   
Dries committed
607
  return drupal_specialchars($text, ENT_QUOTES);
Dries's avatar
   
Dries committed
608
609
}

Dries's avatar
   
Dries committed
610
function check_query($text) {
Dries's avatar
   
Dries committed
611
  return addslashes($text);
Dries's avatar
   
Dries committed
612
613
614
}

function filter($text) {
Dries's avatar
   
Dries committed
615

Dries's avatar
   
Dries committed
616
617
618
619
620
621
622
623
624
625
626
627
628
  $modules = module_list();

  /*
  ** Make sure the HTML filters that are part of the node module
  ** are run first.
  */

  if (in_array("node", $modules)) {
    $text = module_invoke("node", "filter", $text);
  }

  foreach ($modules as $name) {
    if (module_hook($name, "filter") && $name != "node") {
Dries's avatar
   
Dries committed
629
630
631
632
633
      $text = module_invoke($name, "filter", $text);
    }
  }

  return $text;
Dries's avatar
   
Dries committed
634
635
}

Dries's avatar
   
Dries committed
636
637
function rewrite_old_urls($text) {

Dries's avatar
   
Dries committed
638
639
640
641
  global $base_url;

  $end = substr($base_url, 12);

Dries's avatar
   
Dries committed
642
643
644
  /*
  ** This is a *temporary* filter to rewrite old-style URLs to new-style
  ** URLs (clean URLs).  Currently, URLs are being rewritten dynamically
Dries's avatar
   
Dries committed
645
646
  ** (ie. "on output"), however when these rewrite rules have been tested
  ** enough, we will use them to permanently rewrite the links in node
Dries's avatar
   
Dries committed
647
648
649
  ** and comment bodies.
  */

Dries's avatar
   
Dries committed
650
  if (variable_get("clean_url", "0") == "0") {
Dries's avatar
   
Dries committed
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
    /*
    ** Relative URLs:
    */

    // rewrite 'node.php?id=<number>[&cid=<number>]' style URLs:
    $text = eregi_replace("\"(node)\.php\?id=([[:digit:]]+)(&cid=)?([[:digit:]]*)", "\"?q=\\1/view/\\2/\\4", $text);

    // rewrite 'module.php?mod=<name>{&<op>=<value>}' style URLs:
    $text = ereg_replace("\"module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "\"?q=\\2/\\4/\\6" , $text);
    $text = ereg_replace("\"module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "\"?q=\\2/\\4", $text);
    $text = ereg_replace("\"module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))", "\"?q=\\2", $text);

    /*
    ** Absolute URLs:
    */

Dries's avatar
   
Dries committed
667
    // rewrite 'node.php?id=<number>[&cid=<number>]' style URLs:
Dries's avatar
   
Dries committed
668
    $text = eregi_replace("$end/(node)\.php\?id=([[:digit:]]+)(&cid=)?([[:digit:]]*)", "$end/?q=\\1/view/\\2/\\4", $text);
Dries's avatar
   
Dries committed
669

Dries's avatar
   
Dries committed
670
    // rewrite 'module.php?mod=<name>{&<op>=<value>}' style URLs:
Dries's avatar
   
Dries committed
671
672
673
    $text = ereg_replace("$end/module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "$end/?q=\\2/\\4/\\6" , $text);
    $text = ereg_replace("$end/module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "$end/?q=\\2/\\4", $text);
    $text = ereg_replace("$end/module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))", "\"$end/?q=\\2", $text);
Dries's avatar
   
Dries committed
674
675
  }
  else {
Dries's avatar
   
Dries committed
676
677
678
679
    /*
    ** Relative URLs:
    */

Dries's avatar
   
Dries committed
680
    // rewrite 'node.php?id=<number>[&cid=<number>]' style URLs:
Dries's avatar
   
Dries committed
681
    $text = eregi_replace("\"(node)\.php\?id=([[:digit:]]+)(&cid=)?([[:digit:]]*)", "\"\\1/view/\\2/\\4", $text);
Dries's avatar
   
Dries committed
682
683

    // rewrite 'module.php?mod=<name>{&<op>=<value>}' style URLs:
Dries's avatar
   
Dries committed
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
    $text = ereg_replace("\"module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "\"\\2/\\4/\\6", $text);
    $text = ereg_replace("\"module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "\"\\2/\\4", $text);
    $text = ereg_replace("\"module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))", "\"\\2", $text);

    /*
    ** Absolute URLs:
    */

    // rewrite 'node.php?id=<number>[&cid=<number>]' style URLs:
    $text = eregi_replace("$end/(node)\.php\?id=([[:digit:]]+)(&cid=)?([[:digit:]]*)", "$end/\\1/view/\\2/\\4", $text);

    // rewrite 'module.php?mod=<name>{&<op>=<value>}' style URLs:
    $text = ereg_replace("$end/module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "$end/\\2/\\4/\\6", $text);
    $text = ereg_replace("$end/module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "$end/\\2/\\4", $text);
    $text = ereg_replace("$end/module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))", "$end/\\2", $text);
}
Dries's avatar
   
Dries committed
700

Dries's avatar
   
Dries committed
701
702
703
  return $text;
}

Dries's avatar
   
Dries committed
704
function check_output($text) {
Dries's avatar
   
Dries committed
705
  if (isset($text)) {
Dries's avatar
   
Dries committed
706
707
708
709
    // filter content on output:
    $text = filter($text);

    // get the line breaks right:
Dries's avatar
   
Dries committed
710
    if (strip_tags($text, "<a><i><b><u><tt><code><cite><strong><img>") == $text) {
Dries's avatar
   
Dries committed
711
712
713
714
715
716
717
718
      $text = nl2br($text);
    }
  }
  else {
    $text = message_na();
  }

  return $text;
Dries's avatar
   
Dries committed
719
720
}

721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
/**
* Checks if a file is valid and correct.
*
* @param $name the name of the form_file item
* @param $type restrict to mime types
* @param $size restrict file size
* @param $paranoid flag to make sure file belongs to the current user
*
* @returns mixed file object, or error object, or false if there is no file
*/
function check_file($name, $type = "/.+/", $size = 0) {
  // Make sure we don't have a file stored temporarily
  if ($_POST["edit"]["__file"][$name]) {
    $file = drupal_file_load($_POST["edit"]["__file"][$name]);
    if (!$file->temporary) {
      unset($file);
    }
Dries's avatar
   
Dries committed
738
  }
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776

  // make sure $name exists in $_FILES
  if ($_FILES["edit"]["name"][$name]) {

    // populate $file object to make further testing simpler
    $file->filename = $_FILES["edit"]["name"][$name];
    $file->type = $_FILES["edit"]["type"][$name];
    $file->tmp_name = $_FILES["edit"]["tmp_name"][$name];
    $file->error = $_FILES["edit"]["error"][$name];
    $file->size = $_FILES["edit"]["size"][$name];

    if (!valid_input_data($file)) {
      $return->error = t("possible exploit abuse");
    }

    // make sure the file is a valid upload
    if (!is_uploaded_file($file->tmp_name) || $file->error == UPLOAD_ERR_PARTIAL || $file->error == UPLOAD_ERR_NO_FILE) {
      $return->error = t("invalid file upload");
    }

    // validate the file type uploaded
    if (!preg_match($type, $file->filename)) {
      $return->error = t("invalid file type");
    }

    // check the file size to make sure the file isn't too big
    if (($size && $file->size > $size) || $file->error == UPLOAD_ERR_INI_SIZE || $file->error == UPLOAD_ERR_FORM_SIZE) {
      $return->error = t("file size too big");
    }

    if (!$return->error) {
      $file->temporary = 1;
      $file->fid = drupal_file_save($file);
    }
  }

  if ($return->error) {
    return $return;
Dries's avatar
   
Dries committed
777
  }
778
779

  return $file ? $file : false;
Dries's avatar
   
Dries committed
780
781
}

Dries's avatar
   
Dries committed
782
783
784
function format_rss_channel($title, $link, $description, $items, $language = "en", $args = array()) {
  // arbitrary elements may be added using the $args associative array

Dries's avatar
   
Dries committed
785
  $output .= "<channel>\n";
Dries's avatar
   
Dries committed
786
787
788
789
  $output .= " <title>". drupal_specialchars(strip_tags($title)) ."</title>\n";
  $output .= " <link>". drupal_specialchars(strip_tags($link)) ."</link>\n";
  $output .= " <description>". drupal_specialchars($description) ."</description>\n";
  $output .= " <language>". drupal_specialchars(strip_tags($language)) ."</language>\n";
Dries's avatar
   
Dries committed
790
  foreach ($args as $key => $value) {
Dries's avatar
   
Dries committed
791
    $output .= " <$key>". drupal_specialchars(strip_tags($value)) ."</$key>\n";
Dries's avatar
   
Dries committed
792
  }
Dries's avatar
   
Dries committed
793
794
795
796
797
798
  $output .= $items;
  $output .= "</channel>\n";

  return $output;
}

Dries's avatar
   
Dries committed
799
800
801
function format_rss_item($title, $link, $description, $args = array()) {
  // arbitrary elements may be added using the $args associative array

Dries's avatar
   
Dries committed
802
  $output .= "<item>\n";
Dries's avatar
   
Dries committed
803
804
805
  $output .= " <title>". drupal_specialchars(strip_tags($title)) ."</title>\n";
  $output .= " <link>". drupal_specialchars(strip_tags($link)) ."</link>\n";
  $output .= " <description>". drupal_specialchars(check_output($description)) ."</description>\n";
Dries's avatar
   
Dries committed
806
  foreach ($args as $key => $value) {
Dries's avatar
   
Dries committed
807
    $output .= "<$key>". drupal_specialchars(strip_tags($value)) ."</$key>";
Dries's avatar
   
Dries committed
808
  }
Dries's avatar
   
Dries committed
809
810
811
812
813
  $output .= "</item>\n";

  return $output;
}

Dries's avatar
   
Dries committed
814
815
816
817
818
819
820
821
822
823
824
825
826
827
/**
 * Formats a string with a count of items so that the string is pluralized
 * correctly.
 * format_plural calls t() by itself, make sure not to pass already localized
 * strings to it.
 *
 * @param $count    The item count to display.
 * @param $singular The string for the singular case. Please make sure it's clear
 *                  this is singular, to ease translation. ("1 new comment" instead of
 *                  "1 new").
 * @param $plural   The string for the plrual case. Please make sure it's clear
 *                  this is plural, to ease translation. Use %count in places of the
 *                  item count, as in "%count new comments".
 */
Dries's avatar
   
Dries committed
828
function format_plural($count, $singular, $plural) {
Dries's avatar
   
Dries committed
829
  return t($count == 1 ? $singular : $plural, array("%count" => $count));
Dries's avatar
   
Dries committed
830
831
832
}

function format_size($size) {
Dries's avatar
   
Dries committed
833
  $suffix = t("bytes");
Dries's avatar
   
Dries committed
834
835
  if ($size > 1024) {
    $size = round($size / 1024, 2);
Dries's avatar
   
Dries committed
836
    $suffix = t("KB");
Dries's avatar
   
Dries committed
837
838
839
  }
  if ($size > 1024) {
    $size = round($size / 1024, 2);
Dries's avatar
   
Dries committed
840
    $suffix = t("MB");
Dries's avatar
   
Dries committed
841
  }
Dries's avatar
   
Dries committed
842
  return t("%size %suffix", array("%size" => $size, "%suffix" => $suffix));
Dries's avatar
   
Dries committed
843
844
}

Dries's avatar
   
Dries committed
845
function cache_get($key) {
Dries's avatar
   
Dries committed
846
  $cache = db_fetch_object(db_query("SELECT data, created FROM {cache} WHERE cid = '%s'", $key));
Dries's avatar
   
Dries committed
847
  return $cache->data ? $cache : 0;
Dries's avatar
   
Dries committed
848
849
850
}

function cache_set($cid, $data, $expire = 0) {
Dries's avatar
   
Dries committed
851
852
  if (db_fetch_object(db_query("SELECT cid FROM {cache} WHERE cid = '%s'", $cid))) {
    db_query("UPDATE {cache} SET data = '%s', created = %d, expire = %d WHERE cid = '%s'", $data, time(), $expire, $cid);
Dries's avatar
   
Dries committed
853
854
  }
  else {
Dries's avatar
   
Dries committed
855
    db_query("INSERT INTO {cache} (cid, data, created, expire) VALUES('%s', '%s', %d, %d)", $cid, $data, time(), $expire);
Dries's avatar
   
Dries committed
856
  }
Dries's avatar
   
Dries committed
857
858
}

Dries's avatar
   
Dries committed
859
860
function cache_clear_all($cid = NULL) {
  if (empty($cid)) {
Dries's avatar
   
Dries committed
861
    db_query("DELETE FROM {cache} WHERE expire <> 0");
Dries's avatar
   
Dries committed
862
863
  }
  else {
Dries's avatar
   
Dries committed
864
    db_query("DELETE FROM {cache} WHERE cid = '%s'", $cid);
Dries's avatar
   
Dries committed
865
  }
Dries's avatar
   
Dries committed
866
867
868
}

function page_set_cache() {
Dries's avatar
   
Dries committed
869
  global $user;
Dries's avatar
   
Dries committed
870

Dries's avatar
   
Dries committed
871
  if (!$user->uid && $_SERVER["REQUEST_METHOD"] == "GET") {
Dries's avatar
   
Dries committed
872
    if ($data = ob_get_contents()) {
Dries's avatar
   
Dries committed
873
      cache_set(request_uri(), $data, 1);
Dries's avatar
   
Dries committed
874
875
876
877
    }
  }
}

Dries's avatar
   
Dries committed
878
function page_get_cache() {
Dries's avatar
   
Dries committed
879
  global $user;
Dries's avatar
   
Dries committed
880

Dries's avatar
   
Dries committed
881
882
  $cache = NULL;

Dries's avatar
   
Dries committed
883
  if (!$user->uid && $_SERVER["REQUEST_METHOD"] == "GET") {
Dries's avatar
   
Dries committed
884
885
886
    $cache = cache_get(request_uri());

    if (empty($cache)) {
Dries's avatar
   
Dries committed
887
      ob_start();
Dries's avatar
   
Dries committed
888
889
    }
  }
Dries's avatar
   
Dries committed
890

Dries's avatar
   
Dries committed
891
  return $cache;
Dries's avatar
   
Dries committed
892
893
894
}

function format_interval($timestamp) {
Dries's avatar
   
Dries committed
895
  $units = array("1 year|%count years" => 31536000, "1 week|%count weeks" => 604800, "1 day|%count days" => 86400, "1 hour|%count hours" => 3600, "1 min|%count min" => 60, "1 sec|%count sec" => 1);
Kjartan's avatar
Kjartan committed
896
  foreach ($units as $key=>$value) {
Dries's avatar
   
Dries committed
897
898
899
900
901
902
    $key = explode("|", $key);
    if ($timestamp >= $value) {
      $output .= ($output ? " " : "") . format_plural(floor($timestamp / $value), $key[0], $key[1]);
      $timestamp %= $value;
    }
  }
Dries's avatar
   
Dries committed
903
  return ($output) ? $output : t("0 sec");
Dries's avatar
   
Dries committed
904
905
906
907
908
}

function format_date($timestamp, $type = "medium", $format = "") {
  global $user;

Kjartan's avatar
Kjartan committed
909
  $timestamp += ($user->timezone) ? $user->timezone - date("Z") : 0;
Dries's avatar
   
Dries committed
910
911
912

  switch ($type) {
    case "small":
Dries's avatar
   
Dries committed
913
      $date = date(variable_get("date_format_short", "m/d/Y - H:i"), $timestamp);
Dries's avatar
   
Dries committed
914
915
      break;
    case "medium":
916
      $date = date(variable_get("date_format_medium", "D, m/d/Y - H:i"), $timestamp);
Dries's avatar
   
Dries committed
917
918
      break;
    case "large":
919
      $date = date(variable_get("date_format_long", "l, F j, Y - H:i"), $timestamp);
Dries's avatar
   
Dries committed
920
921
922
923
      break;
    case "custom":
      for ($i = strlen($format); $i >= 0; $c = $format[--$i]) {
        if (strstr("DFlMSw", $c)) {
924
          $date = t(date($c, $timestamp)) . $date;
Dries's avatar
   
Dries committed
925
        }
Kjartan's avatar
Kjartan committed
926
        else if (strstr("AaBdgGhHiIjLmnOrstTUWYyZz", $c)) {
927
          $date = date($c, $timestamp) . $date;
Dries's avatar
   
Dries committed
928
929
        }
        else {
Kjartan's avatar
Kjartan committed
930
          $date = $c.$date;
Dries's avatar
   
Dries committed
931
932
933
934
        }
      }
      break;
    default:
935
      $date = date(variable_get("date_format_medium", "l, m/d/Y - H:i"), $timestamp);
Dries's avatar
   
Dries committed
936
937
938
939
940
941
942
  }
  return $date;
}

function format_name($object) {

  if ($object->uid && $object->name) {
Dries's avatar
Dries committed
943
944
945
946
947
948
949
950
951
952
953
954
    /*
    ** Shorten the name when it is too long or it will break many
    ** tables.
    */

    if (strlen($object->name) > 20) {
      $name = substr($object->name, 0, 15) ."...";
    }
    else {
      $name = $object->name;
    }

Dries's avatar
   
Dries committed
955
    if (arg(0) == "admin") {
Dries's avatar
Dries committed
956
      $output = l($name, "admin/user/edit/$object->uid", array("title" => t("Administer user profile.")));
Dries's avatar
   
Dries committed
957
958
    }
    else {
Dries's avatar
Dries committed
959
      $output = l($name, "user/view/$object->uid", array("title" => t("View user profile.")));
Dries's avatar
   
Dries committed
960
    }
Dries's avatar
   
Dries committed
961
  }
Dries's avatar
   
Dries committed
962
963
964
965
966
967
968
969
970
971
  else if ($object->name) {
    /*
    ** Sometimes modules display content composed by people who are
    ** not registers members of the site (i.e. mailing list or news
    ** aggregator modules).  This clause enables modules to display
    ** the true author of the content.
    */

    $output = $object->name;
  }
Dries's avatar
   
Dries committed
972
  else {
Dries's avatar
   
Dries committed
973
    $output = t(variable_get("anonymous", "Anonymous"));
Dries's avatar
   
Dries committed
974
975
  }

Dries's avatar
   
Dries committed
976
  return $output;
Dries's avatar
   
Dries committed
977
978
979
}

function form($form, $method = "post", $action = 0, $options = 0) {
Dries's avatar
   
Dries committed
980
981

  if (!$action) {
982
    $action = request_uri();
Dries's avatar
   
Dries committed
983
  }
984
  return "<form action=\"$action\" method=\"$method\"". drupal_attributes($options) .">\n$form\n</form>\n";
Dries's avatar
   
Dries committed
985
986
987
}

function form_item($title, $value, $description = 0) {
Dries's avatar
   
Dries committed
988
  return "<div class=\"form-item\">". ($title ? "<div class=\"title\">$title:</div>" : "") . $value . ($description ? "<div class=\"description\">$description</div>" : "") ."</div>\n";
Dries's avatar
   
Dries committed
989
990
}

991
992
function form_radio($title, $name, $value = 1, $checked = 0, $description = 0, $attributes = 0) {
  return form_item(0, "<input type=\"radio\" class=\"form-radio\" name=\"edit[$name]\" value=\"". $value ."\"". ($checked ? " checked=\"checked\"" : "") . drupal_attributes($attributes) ." /> $title", $description);
Dries's avatar
   
Dries committed
993
994
}

995
996
function form_checkbox($title, $name, $value = 1, $checked = 0, $description = 0, $attributes = 0) {
  return form_hidden($name, 0) . form_item(0, "<input type=\"checkbox\" class=\"form-checkbox\" name=\"edit[$name]\" value=\"". $value ."\"". ($checked ? " checked=\"checked\"" : "") . drupal_attributes($attributes) ." /> $title", $description);
Dries's avatar
   
Dries committed
997
998
}

999
function form_textfield($title, $name, $value, $size, $maxlength, $description = 0, $attributes = 0) {
Dries's avatar
   
Dries committed
1000
  $size = $size ? " size=\"$size\"" : "";
1001
  return form_item($title, "<input type=\"text\" maxlength=\"$maxlength\" class=\"form-text\" name=\"edit[$name]\"$size value=\"". check_form($value) ."\"". drupal_attributes($attributes) ." />", $description);
Dries's avatar
   
Dries committed
1002
1003
}

1004
function form_password($title, $name, $value, $size, $maxlength, $description = 0, $attributes = 0) {
Dries's avatar
   
Dries committed
1005
  $size = $size ? " size=\"$size\"" : "";
1006
  return form_item($title, "<input type=\"password\" class=\"form-password\" maxlength=\"$maxlength\" name=\"edit[$name]\"$size value=\"". check_form($value) ."\"". drupal_attributes($attributes) ." />", $description);
Dries's avatar
   
Dries committed
1007
1008
}

1009
function form_textarea($title, $name, $value, $cols, $rows, $description = 0, $attributes = 0) {
Dries's avatar
   
Dries committed
1010
  $cols = $cols ? " cols=\"$cols\"" : "";
Dries's avatar
   
Dries committed
1011
  module_invoke_all("textarea", $name);  // eg. optionally plug in a WYSIWYG editor
1012
  return form_item($title, "<textarea wrap=\"virtual\"$cols rows=\"$rows\" name=\"edit[$name]\" id=\"edit[$name]\"". drupal_attributes($attributes) .">". check_form($value) ."</textarea>", $description);
Dries's avatar
   
Dries committed
1013
1014
}

Dries's avatar
   
Dries committed
1015
function form_select($title, $name, $value, $options, $description = 0, $extra = 0, $multiple = 0) {
Dries's avatar
   
Dries committed
1016
  if (count($options) > 0) {
Kjartan's avatar
Kjartan committed
1017
    foreach ($options as $key=>$choice) {
1018
      $select .= "<option value=\"$key\"". (is_array($value) ? (in_array($key, $value) ? " selected=\"selected\"" : "") : ($value == $key ? " selected=\"selected\"" : "")) .">". check_form($choice) ."</option>";
Dries's avatar
   
Dries committed
1019
    }
Kjartan's avatar
Kjartan committed
1020
    return form_item($title, "<select name=\"edit[$name]". ($multiple ? "[]" : "") ."\"". ($multiple ? " multiple " : "") . ($extra ? " $extra" : "") .">$select</select>", $description);
Dries's avatar
   
Dries committed
1021
1022
1023
  }
}

Dries's avatar
   
Dries committed
1024
1025
1026
1027
1028
1029
1030
1031
1032
function form_radios($title, $name, $value, $options, $description = 0) {
  if (count($options) > 0) {
    foreach ($options as $key=>$choice) {
      $output .= form_radio($choice, $name, $key, ($key == $value));
    }
    return form_item($title, $output, $description);
  }
}

1033
1034
1035
1036
1037
function form_file($title, $name, $size, $description = 0, $fid = 0) {
  if ($fid) { // Include file upload in case of preview
    $extra = form_hidden("__file][$name", $fid);
  }
  return $extra . form_item($title, "<input type=\"file\" class=\"form-file\" name=\"edit[$name]\" size=\"$size\" />\n", $description);
Dries's avatar
   
Dries committed
1038
1039
1040
1041
1042
1043
}

function form_hidden($name, $value) {
  return "<input type=\"hidden\" name=\"edit[$name]\" value=\"". check_form($value) ."\" />\n";
}

1044
function form_submit($value, $name = "op", $attributes = 0) {
Dries's avatar
   
Dries committed
1045
  return "<input type=\"submit\" class=\"form-submit\" name=\"$name\" value=\"". check_form($value) ."\" />\n";
Dries's avatar
   
Dries committed
1046
1047
}

Dries's avatar
   
Dries committed
1048
function form_weight($title = NULL, $name = "weight", $value = 0, $delta = 10, $description = 0, $extra = 0) {
Dries's avatar
   
Dries committed
1049
  for ($n = (-1 * $delta); $n <= $delta; $n++) {
Dries's avatar
   
Dries committed
1050
1051
1052
1053
1054
1055
    $weights[$n] = $n;
  }

  return form_select($title, $name, $value, $weights, $description, $extra);
}

Dries's avatar
   
Dries committed
1056
1057
1058
1059
function form_allowed_tags_text() {
  return variable_get("allowed_html", "") ? (t("Allowed HTML tags") .": ". htmlspecialchars(variable_get("allowed_html", ""))) : "";
}

Dries's avatar
   
Dries committed
1060
function url($url = NULL, $query = NULL) {
Dries's avatar
   
Dries committed
1061
  global $base_url;
Dries's avatar
   
Dries committed
1062

Dries's avatar
   
Dries committed
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
  static $script;

  if (empty($script)) {
    /*
    ** On some webservers such as IIS we can't omit "index.php".  As such we
    ** generate "index.php?q=foo" instead of "?q=foo" on anything that is not
    ** Apache.
    */
    $script = (strpos($_SERVER["SERVER_SOFTWARE"], "Apache") === false) ? "index.php" : "";
  }

Dries's avatar
   
Dries committed
1074
  if (variable_get("clean_url", "0") == "0") {
Dries's avatar
   
Dries committed
1075
1076
    if (isset($url)) {
      if (isset($query)) {
Dries's avatar
   
Dries committed
1077
        return "$base_url/$script?q=$url&amp;$query";
Dries's avatar
   
Dries committed
1078
1079
      }
      else {
Dries's avatar
   
Dries committed
1080
        return "$base_url/$script?q=$url";
Dries's avatar
   
Dries committed
1081
      }
Dries's avatar
   
Dries committed
1082
1083
    }
    else {
Dries's avatar
   
Dries committed
1084
      if (isset($query)) {
Dries's avatar
   
Dries committed
1085
        return "$base_url/$script?$query";
Dries's avatar
   
Dries committed
1086
1087
      }
      else {
Dries's avatar
   
Dries committed
1088
        return "$base_url/";
Dries's avatar
   
Dries committed
1089
      }
Dries's avatar
   
Dries committed
1090
1091
1092
    }
  }
  else {
Dries's avatar
   
Dries committed
1093
1094
    if (isset($url)) {
      if (isset($query)) {
Dries's avatar
   
Dries committed
1095
        return "$base_url/$url?$query";
Dries's avatar
   
Dries committed
1096
1097
      }
      else {
Dries's avatar
   
Dries committed
1098
        return "$base_url/$url";
Dries's avatar
   
Dries committed
1099
      }
Dries's avatar
   
Dries committed
1100
    }
Dries's avatar
   
Dries committed
1101
    else {
Dries's avatar
   
Dries committed
1102
      if (isset($query)) {
Dries's avatar
   
Dries committed
1103
        return "$base_url/$script?$query";
Dries's avatar
   
Dries committed
1104
1105
      }
      else {
Dries's avatar
   
Dries committed
1106
        return "$base_url/";
Dries's avatar
   
Dries committed
1107
      }
Dries's avatar
   
Dries committed
1108
    }
Dries's avatar
   
Dries committed
1109
  }
Dries's avatar
   
Dries committed
1110
1111
}

1112
1113
1114
1115
1116
1117
1118
function drupal_attributes($attributes = 0) {
  if (is_array($attributes)) {
    $t = array();
    foreach ($attributes as $key => $value) {
      $t[] = "$key=\"$value\"";
    }
    return " ". implode($t, " ");
Dries's avatar
   
Dries committed
1119
  }
1120
}
Dries's avatar
   
Dries committed
1121

1122
1123
function l($text, $url, $attributes = array(), $query = NULL) {
  return "<a href=\"". url($url, $query) ."\"". drupal_attributes($attributes) .">$text</a>";
Dries's avatar
   
Dries committed
1124
1125
}

Dries's avatar
   
Dries committed
1126
function field_get($string, $name) {
1127
  ereg(",?$name=([^,]+)", ", $string", $regs);
Dries's avatar
   
Dries committed
1128
1129
1130
1131
1132
  return $regs[1];
}

function field_set($string, $name, $value) {
  $rval = ereg_replace(",$name=[^,]+", "", ",$string");
Dries's avatar
   
Dries committed
1133
  if (isset($value)) {
Kjartan's avatar
Kjartan committed
1134
1135
    $rval .= ($rval == "," ? "" : ",") ."$name=$value";
  }
Dries's avatar
   
Dries committed
1136
1137
1138
1139
  return substr($rval, 1);
}

function link_page() {
1140
  global $custom_links;
Dries's avatar
   
Dries committed
1141

1142
  if (is_array($custom_links)) {
1143
1144
1145
    return $custom_links;
  }
  else {
Dries's avatar
   
Dries committed
1146
    $links = module_invoke_all("link", "page");
1147
    array_unshift($links, l(t("home"), "", array("title" => t("Return to the main page."))));
1148
    return $links;
Dries's avatar
   
Dries committed
1149
  }
Dries's avatar
   
Dries committed
1150
}
Dries's avatar
   
Dries committed
1151
1152

function link_node($node, $main = 0) {
Dries's avatar
   
Dries committed
1153
  return module_invoke_all("link", "node", $node, $main);
Dries's avatar
   
Dries committed
1154
1155
1156
1157
}

function timer_start() {
  global $timer;
Dries's avatar
   
Dries committed
1158
1159
  list($usec, $sec) = explode(" ", microtime());
  $timer = (float)$usec + (float)$sec;
Dries's avatar
   
Dries committed
1160
1161
}

Dries's avatar
   
Dries committed
1162
function drupal_page_header() {
1163

Dries's avatar
   
Dries committed
1164
1165
1166
1167
1168
  if (variable_get("dev_timer", 0)) {
    timer_start();
  }

  if (variable_get("cache", 0)) {
Dries's avatar
   
Dries committed
1169
    if ($cache = page_get_cache()) {
Dries's avatar
   
Dries committed
1170
1171

      // Set default values:
Dries's avatar
   
Dries committed
1172
      $date = gmdate("D, d M Y H:i:s", $cache->created) ." GMT";
Dries's avatar
   
Dries committed
1173
1174
1175
      $etag = '"'. md5($date) .'"';

      // Check http headers:
1176
      $modified_since = isset($_SERVER["HTTP_IF_MODIFIED_SINCE"]) ? $_SERVER["HTTP_IF_MODIFIED_SINCE"] == $date : NULL;
1177
      $none_match = isset($_SERVER["HTTP_IF_NONE_MATCH"]) ? $_SERVER["HTTP_IF_NONE_MATCH"] == $etag : NULL;
Dries's avatar
   
Dries committed
1178

1179
1180
      // The type checking here is very important, be careful when changing entries.
      if (($modified_since !== NULL || $none_match !== NULL) && $modified_since !== false && $none_match !== false) {
Dries's avatar
   
Dries committed
1181
1182
        header("HTTP/1.0 304 Not Modified");
        exit();
Dries's avatar
   
Dries committed
1183
      }
Dries's avatar
   
Dries committed
1184

1185
1186
1187
      // Send appropriate response:
      header("Last-Modified: $date");
      header("ETag: $etag");
Dries's avatar
   
Dries committed
1188
      print $cache->data;
Dries's avatar
   
Dries committed
1189
1190
1191
1192
1193
1194
1195
1196

      /*
      ** A hook for modules where modules may take action at the end of a
      ** request good uses include setting a cache, page logging, etc.
      */

      module_invoke_all("exit"