common.inc 36.9 KB
Newer Older
Dries's avatar
 
Dries committed
1 2 3 4 5 6 7 8 9 10 11
<?php
// $Id$

function conf_init() {

  /*
  ** Try finding a matching configuration file by stripping the website's
  ** URI from left to right.  If no configuration file is found, return a
  ** default value 'conf'.
  */

Dries's avatar
 
Dries committed
12
  $uri = $_SERVER["PHP_SELF"];
Dries's avatar
 
Dries committed
13

Dries's avatar
 
Dries committed
14
  $file = strtolower(strtr($_SERVER["HTTP_HOST"] . substr($uri, 0, strrpos($uri, "/")), "/:", ".."));
Dries's avatar
 
Dries committed
15 16 17 18 19 20 21 22 23 24 25 26 27

  while (strlen($file) > 4) {
    if (file_exists("includes/$file.php")) {
      return $file;
    }
    else {
      $file = substr($file, strpos($file, ".") + 1);
    }
  }

  return "conf";
}

Dries's avatar
 
Dries committed
28 29 30 31 32 33 34 35 36
/**
 * Build the alias/path array
 */
function get_url_map() {
  static $map;

  if (empty($map)) {
    $result = db_query("SELECT * FROM {path}");
    while ($data = db_fetch_object($result)) {
Dries's avatar
 
Dries committed
37
      $map[$data->dst] = $data->src;
Dries's avatar
 
Dries committed
38 39 40 41 42 43
    }
  }

  return $map;
}

Dries's avatar
 
Dries committed
44 45 46
function error_handler($errno, $message, $filename, $line, $variables) {
  $types = array(1 => "error", 2 => "warning", 4 => "parse error", 8 => "notice", 16 => "core error", 32 => "core warning", 64 => "compile error", 128 => "compile warning", 256 => "user error", 512 => "user warning", 1024 => "user notice");
  $entry = $types[$errno] .": $message in $filename on line $line.";
Dries's avatar
 
Dries committed
47 48

  if ($errno & E_ALL ^ E_NOTICE) {
Dries's avatar
 
Dries committed
49
    watchdog("error", $types[$errno] .": $message in $filename on line $line.");
50
    print "<pre>$entry</pre>";
Dries's avatar
 
Dries committed
51 52 53
  }
}

Dries's avatar
 
Dries committed
54
function watchdog($type, $message, $link = NULL) {
Dries's avatar
 
Dries committed
55
  global $user;
Dries's avatar
 
Dries committed
56
  db_query("INSERT INTO {watchdog} (uid, type, message, link, location, hostname, timestamp) VALUES (%d, '%s', '%s', '%s', '%s', '%s', %d)", $user->uid, $type, $message, $link, request_uri(), getenv("REMOTE_ADDR"), time());
Dries's avatar
 
Dries committed
57 58 59 60
}

function throttle($type, $rate) {
  if (!user_access("access administration pages")) {
Dries's avatar
 
Dries committed
61
    if ($throttle = db_fetch_object(db_query("SELECT * FROM {watchdog} WHERE type = '$type' AND hostname = '". getenv("REMOTE_ADDR") ."' AND ". time() ." - timestamp < $rate"))) {
Dries's avatar
 
Dries committed
62 63 64 65 66 67 68 69 70
      watchdog("warning", "throttle: '". getenv("REMOTE_ADDR") ."' exceeded submission rate - $throttle->type");
      die(message_throttle());
    }
    else {
      watchdog($type, "throttle");
    }
  }
}

Dries's avatar
 
Dries committed
71 72
function check_php_setting($name, $value) {
  if (ini_get($name) != $value) {
Steven Wittens's avatar
Steven Wittens committed
73
    print "<p>Note that the value of PHP's configuration option <code><b>$name</b></code> is incorrect.  It should be set to '$value' for Drupal to work properly.  Either configure your webserver to support <code>.htaccess</code> files so Drupal's <code>.htaccess</code> file can set it to the proper value, or edit your <code>php.ini</code> file directly.  This message will automatically dissapear when the problem has been fixed.</p>";
Dries's avatar
 
Dries committed
74 75 76
  }
}

Dries's avatar
 
Dries committed
77 78 79 80 81
function arg($index) {

  static $arguments;

  if (empty($arguments)) {
Dries's avatar
 
Dries committed
82
    $arguments = explode("/", $_GET["q"]);
Dries's avatar
 
Dries committed
83 84 85 86 87
  }

  return $arguments[$index];
}

Dries's avatar
 
Dries committed
88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115
function array2object($node) {

  if (is_array($node)) {
    foreach ($node as $key => $value) {
      $object->$key = $value;
    }
  }
  else {
    $object = $node;
  }

  return $object;
}

function object2array($node) {

  if (is_object($node)) {
    foreach ($node as $key => $value) {
      $array[$key] = $value;
    }
  }
  else {
    $array = $node;
  }

  return $array;
}

Dries's avatar
 
Dries committed
116 117 118 119 120 121 122 123 124
function referer_uri() {

  if (isset($_SERVER["HTTP_REFERER"])) {
    $uri = $_SERVER["HTTP_REFERER"];

    return check_url($uri);
  }
}

Dries's avatar
 
Dries committed
125
function request_uri() {
Dries's avatar
 
Dries committed
126 127 128 129
  /*
  ** Since request_uri() is only available on Apache, we generate
  ** equivalent using other environment vars.
  */
Dries's avatar
 
Dries committed
130

Dries's avatar
 
Dries committed
131
  if (isset($_SERVER["REQUEST_URI"])) {
132
    $uri = $_SERVER["REQUEST_URI"];
Dries's avatar
 
Dries committed
133 134
  }
  else {
135
    $uri = $_SERVER["PHP_SELF"] ."?". $_SERVER["QUERY_STRING"];
Dries's avatar
 
Dries committed
136
  }
137

Dries's avatar
 
Dries committed
138
  return check_url($uri);
Dries's avatar
 
Dries committed
139 140
}

Dries's avatar
 
Dries committed
141
function message_access() {
Dries's avatar
 
Dries committed
142
  return t("You are not authorized to access this page.");
Dries's avatar
 
Dries committed
143 144 145 146 147 148 149 150 151 152
}

function message_na() {
  return t("n/a");
}

function message_throttle() {
  return t("You exceeded the maximum submission rate.  Please wait a few minutes and try again.");
}

Dries's avatar
 
Dries committed
153 154
function locale_init() {
  global $languages, $user;
Dries's avatar
 
Dries committed
155 156 157 158 159 160
  if ($user->uid && $languages[$user->language]) {
    return $user->language;
  }
  else {
    return key($languages);
  }
Dries's avatar
 
Dries committed
161 162
}

Dries's avatar
 
Dries committed
163
function t($string, $args = 0) {
Dries's avatar
 
Dries committed
164
  global $languages;
165

Dries's avatar
 
Dries committed
166 167 168 169 170 171 172
  /*
  ** About the usage of t().  We try to keep strings whole as much as
  ** possible and are unafraid of HTML markup within translation strings
  ** if necessary.  The suggested syntax for a link embedded within a
  ** translation string is for example:
  **
  ** $msg = t("You must login below or <a href=\"%url\">create a new
Dries's avatar
 
Dries committed
173 174
  **           account</a> before viewing the next page.", array("%url"
  **           => url("user/register")));
Dries's avatar
 
Dries committed
175 176
  */

177
  $string = ($languages && module_exist("locale") ? locale($string) : $string);
178

Dries's avatar
 
Dries committed
179 180
  if (!$args) {
    return $string;
Kjartan's avatar
Kjartan committed
181 182
  }
  else {
Dries's avatar
 
Dries committed
183 184
    return strtr($string, $args);
  }
Dries's avatar
 
Dries committed
185 186 187
}

function variable_init($conf = array()) {
Dries's avatar
 
Dries committed
188
  $result = db_query("SELECT * FROM {variable} ");
Dries's avatar
 
Dries committed
189 190
  while ($variable = db_fetch_object($result)) {
    if (!isset($conf[$variable->name])) {
Dries's avatar
 
Dries committed
191
      $conf[$variable->name] = unserialize($variable->value);
Dries's avatar
 
Dries committed
192 193 194 195 196 197
    }
  }

  return $conf;
}

198
function variable_get($name, $default) {
Dries's avatar
 
Dries committed
199 200 201 202 203 204 205 206
  global $conf;

  return isset($conf[$name]) ? $conf[$name] : $default;
}

function variable_set($name, $value) {
  global $conf;

Dries's avatar
 
Dries committed
207 208
  db_query("DELETE FROM {variable} WHERE name = '%s'", $name);
  db_query("INSERT INTO {variable} (name, value) VALUES ('%s', '%s')", $name, serialize($value));
Dries's avatar
 
Dries committed
209 210 211 212 213 214 215

  $conf[$name] = $value;
}

function variable_del($name) {
  global $conf;

Dries's avatar
 
Dries committed
216
  db_query("DELETE FROM {variable} WHERE name = '%s'", $name);
Dries's avatar
 
Dries committed
217 218 219 220

  unset($conf[$name]);
}

Dries's avatar
 
Dries committed
221
function drupal_specialchars($input, $quotes = ENT_NOQUOTES) {
Dries's avatar
 
Dries committed
222 223 224 225 226 227 228 229 230

  /*
  ** Note that we'd like to go 'htmlspecialchars($input, $quotes, "utf-8")'
  ** like the PHP manual tells us to, but we can't because there's a bug in
  ** PHP <4.3 that makes it mess up multibyte charsets if we specify the
  ** charset.  Change this later once we make PHP 4.3 a requirement.
  */

  return htmlspecialchars($input, $quotes);
Dries's avatar
 
Dries committed
231 232
}

Dries's avatar
 
Dries committed
233
function table_cell($cell, $header = 0) {
Dries's avatar
 
Dries committed
234
  if (is_array($cell)) {
Dries's avatar
 
Dries committed
235 236 237 238 239 240 241 242 243 244 245
    $data = $cell["data"];
    foreach ($cell as $key => $value) {
      if ($key != "data")  {
        $attributes .= " $key=\"$value\"";
      }
    }
  }
  else {
    $data = $cell;
  }

Dries's avatar
 
Dries committed
246
  if ($header) {
Dries's avatar
 
Dries committed
247 248 249 250 251 252 253 254 255 256 257
    $output = "<th$attributes>$data</th>";
  }
  else {
    $output = "<td$attributes>$data</td>";
  }

  return $output;
}

function table($header, $rows) {

258
  $output = "<table>\n";
Dries's avatar
 
Dries committed
259 260 261 262 263

  /*
  ** Emit the table header:
  */

Dries's avatar
 
Dries committed
264 265 266
  if (is_array($header)) {
    $output .= " <tr>";
    foreach ($header as $cell) {
Dries's avatar
 
Dries committed
267 268 269
      if (is_array($cell) && $cell["field"]) {
        $cell = tablesort($cell, $header);
      }
Dries's avatar
 
Dries committed
270 271
      $output .= table_cell($cell, 1);
    }
Dries's avatar
 
Dries committed
272
    $output .= " </tr>\n";
Dries's avatar
 
Dries committed
273 274 275 276 277 278
  }

  /*
  ** Emit the table rows:
  */

Dries's avatar
 
Dries committed
279 280 281 282 283 284 285 286
  if (is_array($rows)) {
    foreach ($rows as $number => $row) {
      if ($number % 2 == 1) {
        $output .= " <tr class=\"light\">";
      }
      else {
        $output .= " <tr class=\"dark\">";
      }
Dries's avatar
 
Dries committed
287

Dries's avatar
 
Dries committed
288 289 290
      foreach ($row as $cell) {
        $output .= table_cell($cell, 0);
      }
Dries's avatar
 
Dries committed
291
      $output .= " </tr>\n";
Dries's avatar
 
Dries committed
292 293 294
    }
  }

Dries's avatar
 
Dries committed
295
  $output .= "</table>\n";
Dries's avatar
 
Dries committed
296 297 298 299

  return $output;
}

300 301 302 303 304 305
/**
 * Verify the syntax of the given e-mail address.  Empty e-mail addresses
 * are allowed.  See RFC 2822 for details.
 *
 * @param $mail  a email address
 */
Dries's avatar
 
Dries committed
306
function valid_email_address($mail) {
307 308 309 310 311 312 313 314 315 316 317 318 319
  $user = '[a-zA-Z0-9_\-\.\+\^!#\$%&*+\/\=\?\`\|\{\}~\']+';
  $domain = '(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9]\.?)+';
  $ipv4 = '[0-9]{1,3}(\.[0-9]{1,3}){3}';
  $ipv6 = '[0-9a-fA-F]{1,4}(\:[0-9a-fA-F]{1,4}){7}';

  if (preg_match("/^$user@($domain|(\[($ipv4|$ipv6)\]))$/", $mail)) {
    return 1;
  }
  else {
    return 0;
  }
}

Dries's avatar
 
Dries committed
320 321 322 323 324 325 326 327 328 329 330 331 332 333 334
/**
 * Verify the syntax of the given URL.
 *
 * @param $url  an URL
 */
function valid_url($url) {

  if (preg_match("/^[a-zA-z0-9\/:_\-_\.]+$/", $url)) {
    return 1;
  }
  else {
    return 0;
  }
}

Kjartan's avatar
Kjartan committed
335 336 337 338
/**
 * Format a single result entry of a search query:
 *
 * @param $item  a single search result as returned by <module>_search of type
Dries's avatar
 
Dries committed
339
 *               array("count" => ..., "link" => ..., "title" => ...,
Kjartan's avatar
Kjartan committed
340 341 342
 *               "user" => ..., "date" => ..., "keywords" => ...)
 * @param $type  module type of this item
 */
Dries's avatar
 
Dries committed
343
function search_item($item, $type) {
Dries's avatar
 
Dries committed
344 345 346 347 348 349 350 351 352 353

  /*
  ** Modules may implement the "search_item" hook in order to overwrite
  ** the default function to display search results.
  */

  if (module_hook($type, "search_item")) {
    $output = module_invoke($type, "search_item", $item);
  }
  else {
Dries's avatar
 
Dries committed
354
    $output .= " <b><u><a href=\"". $item["link"] ."\">". $item["title"] ."</a></u></b><br />";
Dries's avatar
 
Dries committed
355 356 357
    $output .= " <small>$type ". ($item["user"] ? " - ". $item["user"] : "") ."". ($item["date"] ? " - ". format_date($item["date"], "small") : "") ."</small>";
    $output .= "<br /><br />";
  }
Dries's avatar
 
Dries committed
358 359 360 361

  return $output;
}

Kjartan's avatar
Kjartan committed
362 363 364 365
/**
 * Render a generic search form.
 *
 * "Generic" means "universal usable" - that is, usable not only from
Dries's avatar
 
Dries committed
366
 * 'site.com/search', but also as a simple seach box (without
Dries's avatar
 
Dries committed
367 368
 * "Restrict search to", help text, etc) from theme's header etc.
 * This means: provide options to only conditionally render certain
Kjartan's avatar
Kjartan committed
369 370
 * parts of this form.
 *
Dries's avatar
 
Dries committed
371
 * @param $action  Form action. Defaults to 'site.com/search'.
Dries's avatar
 
Dries committed
372
 * @param $keys   string containing keywords for the search.
Dries's avatar
 
Dries committed
373
 * @param $options != 0: Render additional form fields/text
Kjartan's avatar
Kjartan committed
374 375
 *                 ("Restrict search to", help text, etc).
 */
Dries's avatar
 
Dries committed
376
function search_form($action = NULL, $keys = NULL, $options = NULL) {
Dries's avatar
 
Dries committed
377 378

  if (!$action) {
Dries's avatar
 
Dries committed
379
    $action = url("search");
Dries's avatar
 
Dries committed
380 381
  }

Kjartan's avatar
Kjartan committed
382 383
  $output .= " <br /><input type=\"text\" size=\"50\" value=\"". check_form($keys) ."\" name=\"keys\" />";
  $output .= " <input type=\"submit\" value=\"". t("Search") ."\" />\n";
Dries's avatar
 
Dries committed
384 385 386 387 388 389 390

  if ($options != 0) {
    $output .= "<br />";
    $output .= t("Restrict search to") .": ";

    foreach (module_list() as $name) {
      if (module_hook($name, "search")) {
Kjartan's avatar
Kjartan committed
391
        $output .= " <input type=\"checkbox\" name=\"edit[type][$name]\" ". ($edit["type"][$name] ? " checked=\"checked\"" : "") ." /> ". t($name);
Dries's avatar
 
Dries committed
392 393 394 395
      }
    }
  }

Kjartan's avatar
Kjartan committed
396 397
  $form .= "<br />";

Dries's avatar
 
Dries committed
398 399 400 401
  return form($output, "post", $action);
}

/*
Kjartan's avatar
Kjartan committed
402 403
 * Collect the search results:
 */
Dries's avatar
 
Dries committed
404
function search_data($keys = NULL) {
Dries's avatar
 
Dries committed
405 406

  $edit = $_POST["edit"];
Dries's avatar
 
Dries committed
407

Dries's avatar
 
Dries committed
408
  if (isset($keys)) {
Dries's avatar
 
Dries committed
409
    foreach (module_list() as $name) {
Dries's avatar
 
Dries committed
410
      if (module_hook($name, "search") && (!$edit["type"] || $edit["type"][$name]) && ($result = module_invoke($name, "search", $keys))) {
Kjartan's avatar
Kjartan committed
411
        if ($name == "node" || $name == "comment") {
Dries's avatar
 
Dries committed
412
          $output .= "<p><b>". t("Matching ". $name ."s ranked in order of relevance") .":</b></p>";
Kjartan's avatar
Kjartan committed
413 414
        }
        else {
Dries's avatar
 
Dries committed
415
          $output .= "<p><b>". t("Matching ". $name ."s") .":</b></p>";
Kjartan's avatar
Kjartan committed
416
        }
Dries's avatar
 
Dries committed
417 418 419 420 421 422 423 424 425 426
        foreach ($result as $entry) {
          $output .= search_item($entry, $name);
        }
      }
    }
  }

  return $output;
}

Kjartan's avatar
Kjartan committed
427 428 429
/**
 * Display the search form and the resulting data.
 *
Dries's avatar
 
Dries committed
430
 * @param $type    If set, search only nodes of this type.
Kjartan's avatar
Kjartan committed
431
 *                 Otherwise, search all types.
Dries's avatar
 
Dries committed
432
 * @param $action  Form action. Defaults to 'site.com/search'.
Kjartan's avatar
Kjartan committed
433
 * @param $query   Query string. Defaults to global $keys.
Dries's avatar
 
Dries committed
434
 * @param $options != 0: Render additional form fields/text
Kjartan's avatar
Kjartan committed
435 436
 *                 ("Restrict search to", help text, etc).
 */
Dries's avatar
 
Dries committed
437
function search_type($type, $action = NULL, $keys = NULL, $options = NULL) {
Dries's avatar
 
Dries committed
438

Dries's avatar
 
Dries committed
439
  $_POST["edit"]["type"][$type] = "on";
Dries's avatar
 
Dries committed
440

Dries's avatar
 
Dries committed
441
  return search_form($action, $keys, $options) . "<br />". search_data($keys);
Dries's avatar
 
Dries committed
442 443
}

Dries's avatar
 
Dries committed
444

Dries's avatar
 
Dries committed
445 446
function drupal_goto($url) {

Dries's avatar
 
Dries committed
447 448 449
  /*
  ** Translate &amp; to simply &
  */
Dries's avatar
 
Dries committed
450

Dries's avatar
 
Dries committed
451
  $url = str_replace("&amp;", "&", $url);
Dries's avatar
 
Dries committed
452

Dries's avatar
 
Dries committed
453 454 455 456 457
  /*
  ** It is advised to use "drupal_goto()" instead of PHP's "header()" as
  ** "drupal_goto()" will append the user's session ID to the URI when PHP
  ** is compiled with "--enable-trans-sid".
  */
Dries's avatar
 
Dries committed
458
  if (!ini_get("session.use_trans_sid") || !session_id() || strstr($url, session_id())) {
Dries's avatar
 
Dries committed
459 460 461
    header("Location: $url");
  }
  else {
Dries's avatar
 
Dries committed
462 463 464 465 466 467 468 469
    $sid = session_name() . "=" . session_id();

    if (strstr($url, "?") && !strstr($url, $sid)) {
      header("Location: $url&". $sid);
    }
    else {
      header("Location: $url?". $sid);
    }
Dries's avatar
 
Dries committed
470 471 472 473
  }

  /*
  ** The "Location" header sends a REDIRECT status code to the http
Dries's avatar
 
Dries committed
474
  ** daemon.  In some cases this can go wrong, so we make sure none
Dries's avatar
 
Dries committed
475 476 477 478 479 480 481 482 483 484 485
  ** of the code /below/ gets executed when we redirect.
  */

  exit();
}

/*
** Stores the referer in a persistent variable:
*/

function referer_save() {
Dries's avatar
 
Dries committed
486 487
  if (!strstr(referer_uri(), request_uri())) {
    $_SESSION["referer"] = referer_uri();
Dries's avatar
 
Dries committed
488 489 490 491 492 493 494 495
  }
}

/*
** Restores the referer from a persistent variable:
*/

function referer_load() {
Dries's avatar
 
Dries committed
496 497
  if (isset($_SESSION["referer"])) {
    return $_SESSION["referer"];
Dries's avatar
 
Dries committed
498 499 500 501 502 503
  }
  else {
    return 0;
  }
}

504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566

/*
** Save a common file
*/
function drupal_file_save($file) {
  global $user;
  // TODO: extend to support filesystem storage
  if (variable_get("file_save", "database")) {
    if ($file->fid) {
      if ($file->tmp_name) {
        $data = fread(fopen($file->tmp_name, "rb"), $file->size);
        db_query("UPDATE {file} SET uid = %d, filename = '%s', type = '%s', size = %d, counter = %d, data = '%s', temporary = %d WHERE fid = %d", $file->uid, $file->filename, $file->type, $file->size, $file->counter, base64_encode($data), $file->temporary, $file->fid);
      }
      else {
        db_query("UPDATE {file} SET uid = %d, filename = '%s', type = '%s', size = %d, counter = %d, temporary = %d WHERE fid = %d", $file->uid, $file->filename, $file->type, $file->size, $file->counter, $file->temporary, $file->fid);
      }
    }
    else {
      if ($file->tmp_name) {
        $file->fid = db_next_id("file_fid");
        $data = fread(fopen($file->tmp_name, "rb"), $file->size);
        db_query("INSERT INTO {file} SET fid = %d, uid = %d, created = %d, filename = '%s', type = '%s', size = %d, counter = 0, data = '%s', temporary = %d", $file->fid, $user->uid, time(), $file->filename, $file->type, $file->size, base64_encode($data), $file->temporary);
      }
      else {
        return 0;
      }
    }
  }
  return $file->fid;
}

/*
** Load a common file
*/
function drupal_file_load($fid, $data = 0) {
  // TODO: extend to support filesystem storage
  if (variable_get("file_save", "database")) {
    if ($data) {
      $file = db_fetch_object(db_query("SELECT * FROM {file} WHERE fid = %d", $fid));
    }
    else {
      $file = db_fetch_object(db_query("SELECT fid, uid, filename, created, type, size, counter, temporary FROM {file} WHERE fid = %d", $fid));
    }

    if ($file->data) {
      $file->data = base64_decode($file->data);
    }
    return $file;
  }
}

/*
** Generate the HTTP headers and dump the data
*/
function drupal_file_send($fid) {
  if (($file = drupal_file_load($fid, 1))) {
    header("Content-type: $file->type");
    header("Content-length: $file->size");
    header("Content-Disposition: inline; filename=$file->filename");
    print $file->data;
  }
}

Dries's avatar
 
Dries committed
567
function valid_input_data($data) {
568

569
  if (is_array($data) || is_object($data)) {
570 571 572 573 574
    /*
    ** Form data can contain a number of nested arrays.
    */

    foreach ($data as $key => $value) {
Dries's avatar
 
Dries committed
575 576 577
      if (!valid_input_data($value)) {
        return 0;
      }
578 579 580 581 582 583 584
    }
  }
  else {
    /*
    ** Detect evil input data.
    */

Dries's avatar
Dries committed
585
    // check strings:
Dries's avatar
Dries committed
586
    $match  = preg_match("/\Wjavascript\s*:/i", $data);
Dries's avatar
Dries committed
587 588 589
    $match += preg_match("/\Wexpression\s*\(/i", $data);
    $match += preg_match("/\Walert\s*\(/i", $data);

590
    // check attributes:
Dries's avatar
Dries committed
591
    $match += preg_match("/\W(dynsrc|datasrc|data|lowsrc|on[a-z]+)\s*=[^>]+?>/i", $data);
Dries's avatar
 
Dries committed
592

593 594

    // check tags:
Dries's avatar
 
Dries committed
595
    $match += preg_match("/<\s*(applet|script|object|style|embed|form|blink|meta|html|frame|iframe|layer|ilayer|head|frameset|xml)/i", $data);
596 597 598

    if ($match) {
      watchdog("warning", "terminated request because of suspicious input data: ". drupal_specialchars($data));
Dries's avatar
 
Dries committed
599
      return 0;
600 601
    }
  }
Dries's avatar
 
Dries committed
602 603

  return 1;
604
}
Dries's avatar
 
Dries committed
605

606
function check_url($uri) {
Dries's avatar
 
Dries committed
607 608 609 610 611 612 613 614 615 616 617 618
  $uri = htmlspecialchars($uri, ENT_QUOTES);

  /*
  ** We replace ( and ) with their entity equivalents to prevent XSS
  ** attacks.
  */

  $uri = strtr($uri, array("(" => "&040;", ")" => "&041;"));

  return $uri;
}

Dries's avatar
 
Dries committed
619
function check_form($text) {
Dries's avatar
 
Dries committed
620
  return drupal_specialchars($text, ENT_QUOTES);
Dries's avatar
 
Dries committed
621 622
}

Dries's avatar
 
Dries committed
623
function check_query($text) {
Dries's avatar
 
Dries committed
624
  return addslashes($text);
Dries's avatar
 
Dries committed
625 626 627
}

function filter($text) {
Dries's avatar
 
Dries committed
628

Dries's avatar
 
Dries committed
629 630 631 632 633 634 635 636 637 638 639 640 641
  $modules = module_list();

  /*
  ** Make sure the HTML filters that are part of the node module
  ** are run first.
  */

  if (in_array("node", $modules)) {
    $text = module_invoke("node", "filter", $text);
  }

  foreach ($modules as $name) {
    if (module_hook($name, "filter") && $name != "node") {
Dries's avatar
 
Dries committed
642 643 644 645 646
      $text = module_invoke($name, "filter", $text);
    }
  }

  return $text;
Dries's avatar
 
Dries committed
647 648
}

Dries's avatar
 
Dries committed
649 650
function rewrite_old_urls($text) {

Dries's avatar
 
Dries committed
651 652 653 654
  global $base_url;

  $end = substr($base_url, 12);

Dries's avatar
 
Dries committed
655 656 657
  /*
  ** This is a *temporary* filter to rewrite old-style URLs to new-style
  ** URLs (clean URLs).  Currently, URLs are being rewritten dynamically
Dries's avatar
 
Dries committed
658 659
  ** (ie. "on output"), however when these rewrite rules have been tested
  ** enough, we will use them to permanently rewrite the links in node
Dries's avatar
 
Dries committed
660 661 662
  ** and comment bodies.
  */

Dries's avatar
 
Dries committed
663
  if (variable_get("clean_url", "0") == "0") {
Dries's avatar
 
Dries committed
664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679
    /*
    ** Relative URLs:
    */

    // rewrite 'node.php?id=<number>[&cid=<number>]' style URLs:
    $text = eregi_replace("\"(node)\.php\?id=([[:digit:]]+)(&cid=)?([[:digit:]]*)", "\"?q=\\1/view/\\2/\\4", $text);

    // rewrite 'module.php?mod=<name>{&<op>=<value>}' style URLs:
    $text = ereg_replace("\"module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "\"?q=\\2/\\4/\\6" , $text);
    $text = ereg_replace("\"module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "\"?q=\\2/\\4", $text);
    $text = ereg_replace("\"module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))", "\"?q=\\2", $text);

    /*
    ** Absolute URLs:
    */

Dries's avatar
 
Dries committed
680
    // rewrite 'node.php?id=<number>[&cid=<number>]' style URLs:
Dries's avatar
 
Dries committed
681
    $text = eregi_replace("$end/(node)\.php\?id=([[:digit:]]+)(&cid=)?([[:digit:]]*)", "$end/?q=\\1/view/\\2/\\4", $text);
Dries's avatar
 
Dries committed
682

Dries's avatar
 
Dries committed
683
    // rewrite 'module.php?mod=<name>{&<op>=<value>}' style URLs:
Dries's avatar
 
Dries committed
684 685 686
    $text = ereg_replace("$end/module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "$end/?q=\\2/\\4/\\6" , $text);
    $text = ereg_replace("$end/module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "$end/?q=\\2/\\4", $text);
    $text = ereg_replace("$end/module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))", "\"$end/?q=\\2", $text);
Dries's avatar
 
Dries committed
687 688
  }
  else {
Dries's avatar
 
Dries committed
689 690 691 692
    /*
    ** Relative URLs:
    */

Dries's avatar
 
Dries committed
693
    // rewrite 'node.php?id=<number>[&cid=<number>]' style URLs:
Dries's avatar
 
Dries committed
694
    $text = eregi_replace("\"(node)\.php\?id=([[:digit:]]+)(&cid=)?([[:digit:]]*)", "\"\\1/view/\\2/\\4", $text);
Dries's avatar
 
Dries committed
695 696

    // rewrite 'module.php?mod=<name>{&<op>=<value>}' style URLs:
Dries's avatar
 
Dries committed
697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712
    $text = ereg_replace("\"module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "\"\\2/\\4/\\6", $text);
    $text = ereg_replace("\"module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "\"\\2/\\4", $text);
    $text = ereg_replace("\"module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))", "\"\\2", $text);

    /*
    ** Absolute URLs:
    */

    // rewrite 'node.php?id=<number>[&cid=<number>]' style URLs:
    $text = eregi_replace("$end/(node)\.php\?id=([[:digit:]]+)(&cid=)?([[:digit:]]*)", "$end/\\1/view/\\2/\\4", $text);

    // rewrite 'module.php?mod=<name>{&<op>=<value>}' style URLs:
    $text = ereg_replace("$end/module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "$end/\\2/\\4/\\6", $text);
    $text = ereg_replace("$end/module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "$end/\\2/\\4", $text);
    $text = ereg_replace("$end/module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))", "$end/\\2", $text);
}
Dries's avatar
 
Dries committed
713

Dries's avatar
 
Dries committed
714 715 716
  return $text;
}

Dries's avatar
 
Dries committed
717
function check_output($text) {
Dries's avatar
 
Dries committed
718
  if (isset($text)) {
Dries's avatar
 
Dries committed
719 720 721 722
    // filter content on output:
    $text = filter($text);

    // get the line breaks right:
Dries's avatar
 
Dries committed
723
    if (strip_tags($text, "<a><i><b><u><tt><code><cite><strong><img>") == $text) {
Dries's avatar
 
Dries committed
724 725 726 727 728 729 730 731
      $text = nl2br($text);
    }
  }
  else {
    $text = message_na();
  }

  return $text;
Dries's avatar
 
Dries committed
732 733
}

734 735 736 737 738 739 740 741 742 743 744 745 746 747 748 749 750
/**
* Checks if a file is valid and correct.
*
* @param $name the name of the form_file item
* @param $type restrict to mime types
* @param $size restrict file size
* @param $paranoid flag to make sure file belongs to the current user
*
* @returns mixed file object, or error object, or false if there is no file
*/
function check_file($name, $type = "/.+/", $size = 0) {
  // Make sure we don't have a file stored temporarily
  if ($_POST["edit"]["__file"][$name]) {
    $file = drupal_file_load($_POST["edit"]["__file"][$name]);
    if (!$file->temporary) {
      unset($file);
    }
Dries's avatar
 
Dries committed
751
  }
752 753 754 755 756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 784 785 786 787 788 789

  // make sure $name exists in $_FILES
  if ($_FILES["edit"]["name"][$name]) {

    // populate $file object to make further testing simpler
    $file->filename = $_FILES["edit"]["name"][$name];
    $file->type = $_FILES["edit"]["type"][$name];
    $file->tmp_name = $_FILES["edit"]["tmp_name"][$name];
    $file->error = $_FILES["edit"]["error"][$name];
    $file->size = $_FILES["edit"]["size"][$name];

    if (!valid_input_data($file)) {
      $return->error = t("possible exploit abuse");
    }

    // make sure the file is a valid upload
    if (!is_uploaded_file($file->tmp_name) || $file->error == UPLOAD_ERR_PARTIAL || $file->error == UPLOAD_ERR_NO_FILE) {
      $return->error = t("invalid file upload");
    }

    // validate the file type uploaded
    if (!preg_match($type, $file->filename)) {
      $return->error = t("invalid file type");
    }

    // check the file size to make sure the file isn't too big
    if (($size && $file->size > $size) || $file->error == UPLOAD_ERR_INI_SIZE || $file->error == UPLOAD_ERR_FORM_SIZE) {
      $return->error = t("file size too big");
    }

    if (!$return->error) {
      $file->temporary = 1;
      $file->fid = drupal_file_save($file);
    }
  }

  if ($return->error) {
    return $return;
Dries's avatar
 
Dries committed
790
  }
791 792

  return $file ? $file : false;
Dries's avatar
 
Dries committed
793 794
}

Dries's avatar
 
Dries committed
795 796 797
function format_rss_channel($title, $link, $description, $items, $language = "en", $args = array()) {
  // arbitrary elements may be added using the $args associative array

Dries's avatar
 
Dries committed
798
  $output .= "<channel>\n";
Dries's avatar
 
Dries committed
799 800 801 802
  $output .= " <title>". drupal_specialchars(strip_tags($title)) ."</title>\n";
  $output .= " <link>". drupal_specialchars(strip_tags($link)) ."</link>\n";
  $output .= " <description>". drupal_specialchars($description) ."</description>\n";
  $output .= " <language>". drupal_specialchars(strip_tags($language)) ."</language>\n";
Dries's avatar
 
Dries committed
803
  foreach ($args as $key => $value) {
Dries's avatar
 
Dries committed
804
    $output .= " <$key>". drupal_specialchars(strip_tags($value)) ."</$key>\n";
Dries's avatar
 
Dries committed
805
  }
Dries's avatar
 
Dries committed
806 807 808 809 810 811
  $output .= $items;
  $output .= "</channel>\n";

  return $output;
}

Dries's avatar
 
Dries committed
812 813 814
function format_rss_item($title, $link, $description, $args = array()) {
  // arbitrary elements may be added using the $args associative array

Dries's avatar
 
Dries committed
815
  $output .= "<item>\n";
Dries's avatar
 
Dries committed
816 817 818
  $output .= " <title>". drupal_specialchars(strip_tags($title)) ."</title>\n";
  $output .= " <link>". drupal_specialchars(strip_tags($link)) ."</link>\n";
  $output .= " <description>". drupal_specialchars(check_output($description)) ."</description>\n";
Dries's avatar
 
Dries committed
819
  foreach ($args as $key => $value) {
Dries's avatar
 
Dries committed
820
    $output .= "<$key>". drupal_specialchars(strip_tags($value)) ."</$key>";
Dries's avatar
 
Dries committed
821
  }
Dries's avatar
 
Dries committed
822 823 824 825 826
  $output .= "</item>\n";

  return $output;
}

Dries's avatar
 
Dries committed
827 828 829 830 831 832 833 834 835 836 837 838 839 840
/**
 * Formats a string with a count of items so that the string is pluralized
 * correctly.
 * format_plural calls t() by itself, make sure not to pass already localized
 * strings to it.
 *
 * @param $count    The item count to display.
 * @param $singular The string for the singular case. Please make sure it's clear
 *                  this is singular, to ease translation. ("1 new comment" instead of
 *                  "1 new").
 * @param $plural   The string for the plrual case. Please make sure it's clear
 *                  this is plural, to ease translation. Use %count in places of the
 *                  item count, as in "%count new comments".
 */
Dries's avatar
 
Dries committed
841
function format_plural($count, $singular, $plural) {
Dries's avatar
 
Dries committed
842
  return t($count == 1 ? $singular : $plural, array("%count" => $count));
Dries's avatar
 
Dries committed
843 844 845
}

function format_size($size) {
Dries's avatar
 
Dries committed
846
  $suffix = t("bytes");
Dries's avatar
 
Dries committed
847 848
  if ($size > 1024) {
    $size = round($size / 1024, 2);
Dries's avatar
 
Dries committed
849
    $suffix = t("KB");
Dries's avatar
 
Dries committed
850 851 852
  }
  if ($size > 1024) {
    $size = round($size / 1024, 2);
Dries's avatar
 
Dries committed
853
    $suffix = t("MB");
Dries's avatar
 
Dries committed
854
  }
Dries's avatar
 
Dries committed
855
  return t("%size %suffix", array("%size" => $size, "%suffix" => $suffix));
Dries's avatar
 
Dries committed
856 857
}

Dries's avatar
 
Dries committed
858
function cache_get($key) {
Dries's avatar
 
Dries committed
859
  $cache = db_fetch_object(db_query("SELECT data, created FROM {cache} WHERE cid = '%s'", $key));
Dries's avatar
 
Dries committed
860
  return $cache->data ? $cache : 0;
Dries's avatar
 
Dries committed
861 862 863
}

function cache_set($cid, $data, $expire = 0) {
Dries's avatar
 
Dries committed
864 865
  if (db_fetch_object(db_query("SELECT cid FROM {cache} WHERE cid = '%s'", $cid))) {
    db_query("UPDATE {cache} SET data = '%s', created = %d, expire = %d WHERE cid = '%s'", $data, time(), $expire, $cid);
Dries's avatar
 
Dries committed
866 867
  }
  else {
Dries's avatar
 
Dries committed
868
    db_query("INSERT INTO {cache} (cid, data, created, expire) VALUES('%s', '%s', %d, %d)", $cid, $data, time(), $expire);
Dries's avatar
 
Dries committed
869
  }
Dries's avatar
 
Dries committed
870 871
}

Dries's avatar
 
Dries committed
872 873
function cache_clear_all($cid = NULL) {
  if (empty($cid)) {
Dries's avatar
 
Dries committed
874
    db_query("DELETE FROM {cache} WHERE expire <> 0");
Dries's avatar
 
Dries committed
875 876
  }
  else {
Dries's avatar
 
Dries committed
877
    db_query("DELETE FROM {cache} WHERE cid = '%s'", $cid);
Dries's avatar
 
Dries committed
878
  }
Dries's avatar
 
Dries committed
879 880 881
}

function page_set_cache() {
Dries's avatar
 
Dries committed
882
  global $user;
Dries's avatar
 
Dries committed
883

Dries's avatar
 
Dries committed
884
  if (!$user->uid && $_SERVER["REQUEST_METHOD"] == "GET") {
Dries's avatar
 
Dries committed
885
    if ($data = ob_get_contents()) {
Dries's avatar
 
Dries committed
886
      cache_set(request_uri(), $data, 1);
Dries's avatar
 
Dries committed
887 888 889 890
    }
  }
}

Dries's avatar
 
Dries committed
891
function page_get_cache() {
Dries's avatar
 
Dries committed
892
  global $user;
Dries's avatar
 
Dries committed
893

Dries's avatar
 
Dries committed
894 895
  $cache = NULL;

Dries's avatar
 
Dries committed
896
  if (!$user->uid && $_SERVER["REQUEST_METHOD"] == "GET") {
Dries's avatar
 
Dries committed
897 898 899
    $cache = cache_get(request_uri());

    if (empty($cache)) {
Dries's avatar
 
Dries committed
900
      ob_start();
Dries's avatar
 
Dries committed
901 902
    }
  }
Dries's avatar
 
Dries committed
903

Dries's avatar
 
Dries committed
904
  return $cache;
Dries's avatar
 
Dries committed
905 906 907
}

function format_interval($timestamp) {
Dries's avatar
 
Dries committed
908
  $units = array("1 year|%count years" => 31536000, "1 week|%count weeks" => 604800, "1 day|%count days" => 86400, "1 hour|%count hours" => 3600, "1 min|%count min" => 60, "1 sec|%count sec" => 1);
Kjartan's avatar
Kjartan committed
909
  foreach ($units as $key=>$value) {
Dries's avatar
 
Dries committed
910 911 912 913 914 915
    $key = explode("|", $key);
    if ($timestamp >= $value) {
      $output .= ($output ? " " : "") . format_plural(floor($timestamp / $value), $key[0], $key[1]);
      $timestamp %= $value;
    }
  }
Dries's avatar
 
Dries committed
916
  return ($output) ? $output : t("0 sec");
Dries's avatar
 
Dries committed
917 918 919 920 921
}

function format_date($timestamp, $type = "medium", $format = "") {
  global $user;

Kjartan's avatar
Kjartan committed
922
  $timestamp += ($user->timezone) ? $user->timezone - date("Z") : 0;
Dries's avatar
 
Dries committed
923 924 925

  switch ($type) {
    case "small":
Dries's avatar
 
Dries committed
926
      $format = variable_get("date_format_short", "m/d/Y - H:i");
Dries's avatar
 
Dries committed
927 928
      break;
    case "large":
Dries's avatar
 
Dries committed
929
      $format = variable_get("date_format_long", "l, F j, Y - H:i");
Dries's avatar
 
Dries committed
930 931
      break;
    case "custom":
Dries's avatar
 
Dries committed
932
      // No change to format
Dries's avatar
 
Dries committed
933
      break;
Dries's avatar
 
Dries committed
934
    case "medium":
Dries's avatar
 
Dries committed
935
    default:
Dries's avatar
 
Dries committed
936 937 938 939 940 941 942 943 944 945 946 947 948
      $format = variable_get("date_format_medium", "D, m/d/Y - H:i");
  }

  for ($i = strlen($format); $i >= 0; $c = $format[--$i]) {
    if (strstr("DFlMSw", $c)) {
      $date = t(date($c, $timestamp)) . $date;
    }
    else if (strstr("AaBdgGhHiIjLmnOrstTUWYyZz", $c)) {
      $date = date($c, $timestamp) . $date;
    }
    else {
      $date = $c.$date;
    }
Dries's avatar
 
Dries committed
949 950 951 952 953 954 955
  }
  return $date;
}

function format_name($object) {

  if ($object->uid && $object->name) {
Dries's avatar
Dries committed
956 957 958 959 960 961 962 963 964 965 966 967
    /*
    ** Shorten the name when it is too long or it will break many
    ** tables.
    */

    if (strlen($object->name) > 20) {
      $name = substr($object->name, 0, 15) ."...";
    }
    else {
      $name = $object->name;
    }

Dries's avatar
 
Dries committed
968
    if (arg(0) == "admin") {
Dries's avatar
Dries committed
969
      $output = l($name, "admin/user/edit/$object->uid", array("title" => t("Administer user profile.")));
Dries's avatar
 
Dries committed
970 971
    }
    else {
Dries's avatar
Dries committed
972
      $output = l($name, "user/view/$object->uid", array("title" => t("View user profile.")));
Dries's avatar
 
Dries committed
973
    }
Dries's avatar
 
Dries committed
974
  }
Dries's avatar
 
Dries committed
975 976 977 978 979 980 981 982 983 984
  else if ($object->name) {
    /*
    ** Sometimes modules display content composed by people who are
    ** not registers members of the site (i.e. mailing list or news
    ** aggregator modules).  This clause enables modules to display
    ** the true author of the content.
    */

    $output = $object->name;
  }
Dries's avatar
 
Dries committed
985
  else {
Dries's avatar
 
Dries committed
986
    $output = t(variable_get("anonymous", "Anonymous"));
Dries's avatar
 
Dries committed
987 988
  }

Dries's avatar
 
Dries committed
989
  return $output;
Dries's avatar
 
Dries committed
990 991 992
}

function form($form, $method = "post", $action = 0, $options = 0) {
Dries's avatar
 
Dries committed
993 994

  if (!$action) {
995
    $action = request_uri();
Dries's avatar
 
Dries committed
996
  }
997
  return "<form action=\"$action\" method=\"$method\"". drupal_attributes($options) .">\n$form\n</form>\n";
Dries's avatar
 
Dries committed
998 999 1000
}

function form_item($title, $value, $description = 0) {
Dries's avatar
 
Dries committed
1001
  return "<div class=\"form-item\">". ($title ? "<div class=\"title\">$title:</div>" : "") . $value . ($description ? "<div class=\"description\">$description</div>" : "") ."</div>\n";
Dries's avatar
 
Dries committed
1002 1003
}

1004 1005
function form_radio($title, $name, $value = 1, $checked = 0, $description = 0, $attributes = 0) {
  return form_item(0, "<input type=\"radio\" class=\"form-radio\" name=\"edit[$name]\" value=\"". $value ."\"". ($checked ? " checked=\"checked\"" : "") . drupal_attributes($attributes) ." /> $title", $description);
Dries's avatar
 
Dries committed
1006 1007
}

1008 1009
function form_checkbox($title, $name, $value = 1, $checked = 0, $description = 0, $attributes = 0) {
  return form_hidden($name, 0) . form_item(0, "<input type=\"checkbox\" class=\"form-checkbox\" name=\"edit[$name]\" value=\"". $value ."\"". ($checked ? " checked=\"checked\"" : "") . drupal_attributes($attributes) ." /> $title", $description);
Dries's avatar
 
Dries committed
1010 1011
}

1012
function form_textfield($title, $name, $value, $size, $maxlength, $description = 0, $attributes = 0) {
Dries's avatar
 
Dries committed
1013
  $size = $size ? " size=\"$size\"" : "";
1014
  return form_item($title, "<input type=\"text\" maxlength=\"$maxlength\" class=\"form-text\" name=\"edit[$name]\"$size value=\"". check_form($value) ."\"". drupal_attributes($attributes) ." />", $description);
Dries's avatar
 
Dries committed
1015 1016
}

1017
function form_password($title, $name, $value, $size, $maxlength, $description = 0, $attributes = 0) {
Dries's avatar
 
Dries committed
1018
  $size = $size ? " size=\"$size\"" : "";
1019
  return form_item($title, "<input type=\"password\" class=\"form-password\" maxlength=\"$maxlength\" name=\"edit[$name]\"$size value=\"". check_form($value) ."\"". drupal_attributes($attributes) ." />", $description);
Dries's avatar
 
Dries committed
1020 1021
}

1022
function form_textarea($title, $name, $value, $cols, $rows, $description = 0, $attributes = 0) {
Dries's avatar
 
Dries committed
1023
  $cols = $cols ? " cols=\"$cols\"" : "";
Dries's avatar
 
Dries committed
1024
  module_invoke_all("textarea", $name);  // eg. optionally plug in a WYSIWYG editor
1025
  return form_item($title, "<textarea wrap=\"virtual\"$cols rows=\"$rows\" name=\"edit[$name]\" id=\"edit[$name]\"". drupal_attributes($attributes) .">". check_form($value) ."</textarea>", $description);
Dries's avatar
 
Dries committed
1026 1027
}

Dries's avatar
 
Dries committed
1028
function form_select($title, $name, $value, $options, $description = 0, $extra = 0, $multiple = 0) {
Dries's avatar
 
Dries committed
1029
  if (count($options) > 0) {
Kjartan's avatar
Kjartan committed
1030
    foreach ($options as $key=>$choice) {
1031
      $select .= "<option value=\"$key\"". (is_array($value) ? (in_array($key, $value) ? " selected=\"selected\"" : "") : ($value == $key ? " selected=\"selected\"" : "")) .">". check_form($choice) ."</option>";
Dries's avatar
 
Dries committed
1032
    }
Kjartan's avatar
Kjartan committed
1033
    return form_item($title, "<select name=\"edit[$name]". ($multiple ? "[]" : "") ."\"". ($multiple ? " multiple " : "") . ($extra ? " $extra" : "") .">$select</select>", $description);
Dries's avatar
 
Dries committed
1034 1035 1036
  }
}

Dries's avatar
 
Dries committed
1037 1038 1039 1040 1041 1042 1043 1044 1045
function form_radios($title, $name, $value, $options, $description = 0) {
  if (count($options) > 0) {
    foreach ($options as $key=>$choice) {
      $output .= form_radio($choice, $name, $key, ($key == $value));
    }
    return form_item($title, $output, $description);
  }
}

1046 1047 1048 1049 1050
function form_file($title, $name, $size, $description = 0, $fid = 0) {
  if ($fid) { // Include file upload in case of preview
    $extra = form_hidden("__file][$name", $fid);
  }
  return $extra . form_item($title, "<input type=\"file\" class=\"form-file\" name=\"edit[$name]\" size=\"$size\" />\n", $description);
Dries's avatar
 
Dries committed
1051 1052 1053 1054 1055 1056
}

function form_hidden($name, $value) {
  return "<input type=\"hidden\" name=\"edit[$name]\" value=\"". check_form($value) ."\" />\n";
}

1057
function form_submit($value, $name = "op", $attributes = 0) {
Dries's avatar
 
Dries committed
1058
  return "<input type=\"submit\" class=\"form-submit\" name=\"$name\" value=\"". check_form($value) ."\" />\n";
Dries's avatar
 
Dries committed
1059 1060
}

Dries's avatar
 
Dries committed
1061
function form_weight($title = NULL, $name = "weight", $value = 0, $delta = 10, $description = 0, $extra = 0) {
Dries's avatar
 
Dries committed
1062
  for ($n = (-1 * $delta); $n <= $delta; $n++) {
Dries's avatar
 
Dries committed
1063 1064 1065 1066 1067 1068
    $weights[$n] = $n;
  }

  return form_select($title, $name, $value, $weights, $description, $extra);
}

Dries's avatar
 
Dries committed
1069 1070 1071 1072
function form_allowed_tags_text() {
  return variable_get("allowed_html", "") ? (t("Allowed HTML tags") .": ". htmlspecialchars(variable_get("allowed_html", ""))) : "";
}

Dries's avatar
 
Dries committed
1073 1074 1075 1076 1077 1078
/**
 * Given an old url, return the alias.
 */
function get_url_alias($path) {
  $map = get_url_map();

Dries's avatar
 
Dries committed
1079 1080 1081
  if ($map) {
    return array_search($path, $map);
  }
Dries's avatar
 
Dries committed
1082 1083 1084 1085 1086 1087 1088 1089 1090 1091
}

/**
 * Given an alias, return the old url.
 */
function get_old_url($path) {
  $map = get_url_map();
  return $map[$path];
}

Dries's avatar
 
Dries committed
1092
function url($url = NULL, $query = NULL) {
Dries's avatar
 
Dries committed
1093
  global $base_url;
Dries's avatar
 
Dries committed
1094

Dries's avatar
 
Dries committed
1095 1096 1097 1098 1099 1100 1101 1102 1103 1104 1105
  static $script;

  if (empty($script)) {
    /*
    ** On some webservers such as IIS we can't omit "index.php".  As such we
    ** generate "index.php?q=foo" instead of "?q=foo" on anything that is not
    ** Apache.
    */
    $script = (strpos($_SERVER["SERVER_SOFTWARE"], "Apache") === false) ? "index.php" : "";
  }

Dries's avatar
 
Dries committed
1106 1107 1108 1109
  if ($alias = get_url_alias($url)) {
    $url = $alias;
  }

Dries's avatar
 
Dries committed
1110
  if (variable_get("clean_url", "0") == "0") {
Dries's avatar
 
Dries committed
1111 1112
    if (isset($url)) {
      if (isset($query)) {
Dries's avatar
 
Dries committed
1113
        return "$base_url/$script?q=$url&amp;$query";
Dries's avatar
 
Dries committed
1114 1115
      }
      else {
Dries's avatar
 
Dries committed
1116
        return "$base_url/$script?q=$url";
Dries's avatar
 
Dries committed
1117
      }
Dries's avatar
 
Dries committed
1118 1119
    }
    else {
Dries's avatar
 
Dries committed
1120
      if (isset($query)) {
Dries's avatar
 
Dries committed
1121
        return "$base_url/$script?$query";
Dries's avatar
 
Dries committed
1122 1123
      }
      else {
Dries's avatar
 
Dries committed
1124
        return "$base_url/";
Dries's avatar
 
Dries committed
1125
      }
Dries's avatar
 
Dries committed
1126 1127 1128
    }
  }
  else {
Dries's avatar
 
Dries committed
1129 1130
    if (isset($url)) {
      if (isset($query)) {
Dries's avatar
 
Dries committed
1131
        return "$base_url/$url?$query";
Dries's avatar
 
Dries committed
1132 1133
      }
      else {
Dries's avatar
 
Dries committed
1134
        return "$base_url/$url";
Dries's avatar
 
Dries committed
1135
      }
Dries's avatar
 
Dries committed
1136
    }
Dries's avatar
 
Dries committed