common.inc 36.9 KB
Newer Older
Dries's avatar
   
Dries committed
1
2
3
4
5
6
7
8
9
10
11
<?php
// $Id$

function conf_init() {

  /*
  ** Try finding a matching configuration file by stripping the website's
  ** URI from left to right.  If no configuration file is found, return a
  ** default value 'conf'.
  */

Dries's avatar
   
Dries committed
12
  $uri = $_SERVER["PHP_SELF"];
Dries's avatar
   
Dries committed
13

Dries's avatar
   
Dries committed
14
  $file = strtolower(strtr($_SERVER["HTTP_HOST"] . substr($uri, 0, strrpos($uri, "/")), "/:", ".."));
Dries's avatar
   
Dries committed
15
16
17
18
19
20
21
22
23
24
25
26
27

  while (strlen($file) > 4) {
    if (file_exists("includes/$file.php")) {
      return $file;
    }
    else {
      $file = substr($file, strpos($file, ".") + 1);
    }
  }

  return "conf";
}

Dries's avatar
   
Dries committed
28
29
30
31
32
33
34
35
36
/**
 * Build the alias/path array
 */
function get_url_map() {
  static $map;

  if (empty($map)) {
    $result = db_query("SELECT * FROM {path}");
    while ($data = db_fetch_object($result)) {
Dries's avatar
   
Dries committed
37
      $map[$data->dst] = $data->src;
Dries's avatar
   
Dries committed
38
39
40
41
42
43
    }
  }

  return $map;
}

Dries's avatar
   
Dries committed
44
45
46
function error_handler($errno, $message, $filename, $line, $variables) {
  $types = array(1 => "error", 2 => "warning", 4 => "parse error", 8 => "notice", 16 => "core error", 32 => "core warning", 64 => "compile error", 128 => "compile warning", 256 => "user error", 512 => "user warning", 1024 => "user notice");
  $entry = $types[$errno] .": $message in $filename on line $line.";
Dries's avatar
   
Dries committed
47
48

  if ($errno & E_ALL ^ E_NOTICE) {
Dries's avatar
   
Dries committed
49
    watchdog("error", $types[$errno] .": $message in $filename on line $line.");
50
    print "<pre>$entry</pre>";
Dries's avatar
   
Dries committed
51
52
53
  }
}

Dries's avatar
   
Dries committed
54
function watchdog($type, $message, $link = NULL) {
Dries's avatar
   
Dries committed
55
  global $user;
Dries's avatar
   
Dries committed
56
  db_query("INSERT INTO {watchdog} (uid, type, message, link, location, hostname, timestamp) VALUES (%d, '%s', '%s', '%s', '%s', '%s', %d)", $user->uid, $type, $message, $link, request_uri(), getenv("REMOTE_ADDR"), time());
Dries's avatar
   
Dries committed
57
58
59
60
}

function throttle($type, $rate) {
  if (!user_access("access administration pages")) {
Dries's avatar
   
Dries committed
61
    if ($throttle = db_fetch_object(db_query("SELECT * FROM {watchdog} WHERE type = '$type' AND hostname = '". getenv("REMOTE_ADDR") ."' AND ". time() ." - timestamp < $rate"))) {
Dries's avatar
   
Dries committed
62
63
64
65
66
67
68
69
70
      watchdog("warning", "throttle: '". getenv("REMOTE_ADDR") ."' exceeded submission rate - $throttle->type");
      die(message_throttle());
    }
    else {
      watchdog($type, "throttle");
    }
  }
}

Dries's avatar
   
Dries committed
71
72
function check_php_setting($name, $value) {
  if (ini_get($name) != $value) {
Steven Wittens's avatar
Steven Wittens committed
73
    print "<p>Note that the value of PHP's configuration option <code><b>$name</b></code> is incorrect.  It should be set to '$value' for Drupal to work properly.  Either configure your webserver to support <code>.htaccess</code> files so Drupal's <code>.htaccess</code> file can set it to the proper value, or edit your <code>php.ini</code> file directly.  This message will automatically dissapear when the problem has been fixed.</p>";
Dries's avatar
   
Dries committed
74
75
76
  }
}

Dries's avatar
   
Dries committed
77
78
79
80
81
function arg($index) {

  static $arguments;

  if (empty($arguments)) {
Dries's avatar
   
Dries committed
82
    $arguments = explode("/", $_GET["q"]);
Dries's avatar
   
Dries committed
83
84
85
86
87
  }

  return $arguments[$index];
}

Dries's avatar
   
Dries committed
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
function array2object($node) {

  if (is_array($node)) {
    foreach ($node as $key => $value) {
      $object->$key = $value;
    }
  }
  else {
    $object = $node;
  }

  return $object;
}

function object2array($node) {

  if (is_object($node)) {
    foreach ($node as $key => $value) {
      $array[$key] = $value;
    }
  }
  else {
    $array = $node;
  }

  return $array;
}

Dries's avatar
   
Dries committed
116
117
118
119
120
121
122
123
124
function referer_uri() {

  if (isset($_SERVER["HTTP_REFERER"])) {
    $uri = $_SERVER["HTTP_REFERER"];

    return check_url($uri);
  }
}

Dries's avatar
   
Dries committed
125
function request_uri() {
Dries's avatar
   
Dries committed
126
127
128
129
  /*
  ** Since request_uri() is only available on Apache, we generate
  ** equivalent using other environment vars.
  */
Dries's avatar
   
Dries committed
130

Dries's avatar
   
Dries committed
131
  if (isset($_SERVER["REQUEST_URI"])) {
132
    $uri = $_SERVER["REQUEST_URI"];
Dries's avatar
   
Dries committed
133
134
  }
  else {
135
    $uri = $_SERVER["PHP_SELF"] ."?". $_SERVER["QUERY_STRING"];
Dries's avatar
   
Dries committed
136
  }
137

Dries's avatar
   
Dries committed
138
  return check_url($uri);
Dries's avatar
   
Dries committed
139
140
}

Dries's avatar
   
Dries committed
141
function message_access() {
Dries's avatar
   
Dries committed
142
  return t("You are not authorized to access this page.");
Dries's avatar
   
Dries committed
143
144
145
146
147
148
149
150
151
152
}

function message_na() {
  return t("n/a");
}

function message_throttle() {
  return t("You exceeded the maximum submission rate.  Please wait a few minutes and try again.");
}

Dries's avatar
   
Dries committed
153
154
function locale_init() {
  global $languages, $user;
Dries's avatar
   
Dries committed
155
156
157
158
159
160
  if ($user->uid && $languages[$user->language]) {
    return $user->language;
  }
  else {
    return key($languages);
  }
Dries's avatar
   
Dries committed
161
162
}

Dries's avatar
   
Dries committed
163
function t($string, $args = 0) {
Dries's avatar
   
Dries committed
164
  global $languages;
165

Dries's avatar
   
Dries committed
166
167
168
169
170
171
172
  /*
  ** About the usage of t().  We try to keep strings whole as much as
  ** possible and are unafraid of HTML markup within translation strings
  ** if necessary.  The suggested syntax for a link embedded within a
  ** translation string is for example:
  **
  ** $msg = t("You must login below or <a href=\"%url\">create a new
Dries's avatar
   
Dries committed
173
174
  **           account</a> before viewing the next page.", array("%url"
  **           => url("user/register")));
Dries's avatar
   
Dries committed
175
176
  */

177
  $string = ($languages && module_exist("locale") ? locale($string) : $string);
178

Dries's avatar
   
Dries committed
179
180
  if (!$args) {
    return $string;
Kjartan's avatar
Kjartan committed
181
182
  }
  else {
Dries's avatar
   
Dries committed
183
184
    return strtr($string, $args);
  }
Dries's avatar
   
Dries committed
185
186
187
}

function variable_init($conf = array()) {
Dries's avatar
   
Dries committed
188
  $result = db_query("SELECT * FROM {variable} ");
Dries's avatar
   
Dries committed
189
190
  while ($variable = db_fetch_object($result)) {
    if (!isset($conf[$variable->name])) {
Dries's avatar
   
Dries committed
191
      $conf[$variable->name] = unserialize($variable->value);
Dries's avatar
   
Dries committed
192
193
194
195
196
197
    }
  }

  return $conf;
}

198
function variable_get($name, $default) {
Dries's avatar
   
Dries committed
199
200
201
202
203
204
205
206
  global $conf;

  return isset($conf[$name]) ? $conf[$name] : $default;
}

function variable_set($name, $value) {
  global $conf;

Dries's avatar
   
Dries committed
207
208
  db_query("DELETE FROM {variable} WHERE name = '%s'", $name);
  db_query("INSERT INTO {variable} (name, value) VALUES ('%s', '%s')", $name, serialize($value));
Dries's avatar
   
Dries committed
209
210
211
212
213
214
215

  $conf[$name] = $value;
}

function variable_del($name) {
  global $conf;

Dries's avatar
   
Dries committed
216
  db_query("DELETE FROM {variable} WHERE name = '%s'", $name);
Dries's avatar
   
Dries committed
217
218
219
220

  unset($conf[$name]);
}

Dries's avatar
   
Dries committed
221
function drupal_specialchars($input, $quotes = ENT_NOQUOTES) {
Dries's avatar
   
Dries committed
222
223
224
225
226
227
228
229
230

  /*
  ** Note that we'd like to go 'htmlspecialchars($input, $quotes, "utf-8")'
  ** like the PHP manual tells us to, but we can't because there's a bug in
  ** PHP <4.3 that makes it mess up multibyte charsets if we specify the
  ** charset.  Change this later once we make PHP 4.3 a requirement.
  */

  return htmlspecialchars($input, $quotes);
Dries's avatar
   
Dries committed
231
232
}

Dries's avatar
   
Dries committed
233
function table_cell($cell, $header = 0) {
Dries's avatar
   
Dries committed
234
  if (is_array($cell)) {
Dries's avatar
   
Dries committed
235
236
237
238
239
240
241
242
243
244
245
    $data = $cell["data"];
    foreach ($cell as $key => $value) {
      if ($key != "data")  {
        $attributes .= " $key=\"$value\"";
      }
    }
  }
  else {
    $data = $cell;
  }

Dries's avatar
   
Dries committed
246
  if ($header) {
Dries's avatar
   
Dries committed
247
248
249
250
251
252
253
254
255
256
257
    $output = "<th$attributes>$data</th>";
  }
  else {
    $output = "<td$attributes>$data</td>";
  }

  return $output;
}

function table($header, $rows) {

258
  $output = "<table>\n";
Dries's avatar
   
Dries committed
259
260
261
262
263

  /*
  ** Emit the table header:
  */

Dries's avatar
   
Dries committed
264
265
266
  if (is_array($header)) {
    $output .= " <tr>";
    foreach ($header as $cell) {
Dries's avatar
   
Dries committed
267
268
269
      if (is_array($cell) && $cell["field"]) {
        $cell = tablesort($cell, $header);
      }
Dries's avatar
   
Dries committed
270
271
      $output .= table_cell($cell, 1);
    }
Dries's avatar
   
Dries committed
272
    $output .= " </tr>\n";
Dries's avatar
   
Dries committed
273
274
275
276
277
278
  }

  /*
  ** Emit the table rows:
  */

Dries's avatar
   
Dries committed
279
280
281
282
283
284
285
286
  if (is_array($rows)) {
    foreach ($rows as $number => $row) {
      if ($number % 2 == 1) {
        $output .= " <tr class=\"light\">";
      }
      else {
        $output .= " <tr class=\"dark\">";
      }
Dries's avatar
   
Dries committed
287

Dries's avatar
   
Dries committed
288
289
290
      foreach ($row as $cell) {
        $output .= table_cell($cell, 0);
      }
Dries's avatar
   
Dries committed
291
      $output .= " </tr>\n";
Dries's avatar
   
Dries committed
292
293
294
    }
  }

Dries's avatar
   
Dries committed
295
  $output .= "</table>\n";
Dries's avatar
   
Dries committed
296
297
298
299

  return $output;
}

300
301
302
303
304
305
/**
 * Verify the syntax of the given e-mail address.  Empty e-mail addresses
 * are allowed.  See RFC 2822 for details.
 *
 * @param $mail  a email address
 */
Dries's avatar
   
Dries committed
306
function valid_email_address($mail) {
307
308
309
310
311
312
313
314
315
316
317
318
319
  $user = '[a-zA-Z0-9_\-\.\+\^!#\$%&*+\/\=\?\`\|\{\}~\']+';
  $domain = '(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9]\.?)+';
  $ipv4 = '[0-9]{1,3}(\.[0-9]{1,3}){3}';
  $ipv6 = '[0-9a-fA-F]{1,4}(\:[0-9a-fA-F]{1,4}){7}';

  if (preg_match("/^$user@($domain|(\[($ipv4|$ipv6)\]))$/", $mail)) {
    return 1;
  }
  else {
    return 0;
  }
}

Dries's avatar
   
Dries committed
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
/**
 * Verify the syntax of the given URL.
 *
 * @param $url  an URL
 */
function valid_url($url) {

  if (preg_match("/^[a-zA-z0-9\/:_\-_\.]+$/", $url)) {
    return 1;
  }
  else {
    return 0;
  }
}

Kjartan's avatar
Kjartan committed
335
336
337
338
/**
 * Format a single result entry of a search query:
 *
 * @param $item  a single search result as returned by <module>_search of type
Dries's avatar
   
Dries committed
339
 *               array("count" => ..., "link" => ..., "title" => ...,
Kjartan's avatar
Kjartan committed
340
341
342
 *               "user" => ..., "date" => ..., "keywords" => ...)
 * @param $type  module type of this item
 */
Dries's avatar
   
Dries committed
343
function search_item($item, $type) {
Dries's avatar
   
Dries committed
344
345
346
347
348
349
350
351
352
353

  /*
  ** Modules may implement the "search_item" hook in order to overwrite
  ** the default function to display search results.
  */

  if (module_hook($type, "search_item")) {
    $output = module_invoke($type, "search_item", $item);
  }
  else {
Dries's avatar
   
Dries committed
354
    $output .= " <b><u><a href=\"". $item["link"] ."\">". $item["title"] ."</a></u></b><br />";
Dries's avatar
   
Dries committed
355
356
357
    $output .= " <small>$type ". ($item["user"] ? " - ". $item["user"] : "") ."". ($item["date"] ? " - ". format_date($item["date"], "small") : "") ."</small>";
    $output .= "<br /><br />";
  }
Dries's avatar
   
Dries committed
358
359
360
361

  return $output;
}

Kjartan's avatar
Kjartan committed
362
363
364
365
/**
 * Render a generic search form.
 *
 * "Generic" means "universal usable" - that is, usable not only from
Dries's avatar
   
Dries committed
366
 * 'site.com/search', but also as a simple seach box (without
Dries's avatar
   
Dries committed
367
368
 * "Restrict search to", help text, etc) from theme's header etc.
 * This means: provide options to only conditionally render certain
Kjartan's avatar
Kjartan committed
369
370
 * parts of this form.
 *
Dries's avatar
   
Dries committed
371
 * @param $action  Form action. Defaults to 'site.com/search'.
Dries's avatar
   
Dries committed
372
 * @param $keys   string containing keywords for the search.
Dries's avatar
   
Dries committed
373
 * @param $options != 0: Render additional form fields/text
Kjartan's avatar
Kjartan committed
374
375
 *                 ("Restrict search to", help text, etc).
 */
Dries's avatar
   
Dries committed
376
function search_form($action = NULL, $keys = NULL, $options = NULL) {
Dries's avatar
   
Dries committed
377
378

  if (!$action) {
Dries's avatar
   
Dries committed
379
    $action = url("search");
Dries's avatar
   
Dries committed
380
381
  }

Kjartan's avatar
Kjartan committed
382
383
  $output .= " <br /><input type=\"text\" size=\"50\" value=\"". check_form($keys) ."\" name=\"keys\" />";
  $output .= " <input type=\"submit\" value=\"". t("Search") ."\" />\n";
Dries's avatar
   
Dries committed
384
385
386
387
388
389
390

  if ($options != 0) {
    $output .= "<br />";
    $output .= t("Restrict search to") .": ";

    foreach (module_list() as $name) {
      if (module_hook($name, "search")) {
Kjartan's avatar
Kjartan committed
391
        $output .= " <input type=\"checkbox\" name=\"edit[type][$name]\" ". ($edit["type"][$name] ? " checked=\"checked\"" : "") ." /> ". t($name);
Dries's avatar
   
Dries committed
392
393
394
395
      }
    }
  }

Kjartan's avatar
Kjartan committed
396
397
  $form .= "<br />";

Dries's avatar
   
Dries committed
398
399
400
401
  return form($output, "post", $action);
}

/*
Kjartan's avatar
Kjartan committed
402
403
 * Collect the search results:
 */
Dries's avatar
   
Dries committed
404
function search_data($keys = NULL) {
Dries's avatar
   
Dries committed
405
406

  $edit = $_POST["edit"];
Dries's avatar
   
Dries committed
407

Dries's avatar
   
Dries committed
408
  if (isset($keys)) {
Dries's avatar
   
Dries committed
409
    foreach (module_list() as $name) {
Dries's avatar
   
Dries committed
410
      if (module_hook($name, "search") && (!$edit["type"] || $edit["type"][$name]) && ($result = module_invoke($name, "search", $keys))) {
Kjartan's avatar
Kjartan committed
411
        if ($name == "node" || $name == "comment") {
Dries's avatar
   
Dries committed
412
          $output .= "<p><b>". t("Matching ". $name ."s ranked in order of relevance") .":</b></p>";
Kjartan's avatar
Kjartan committed
413
414
        }
        else {
Dries's avatar
   
Dries committed
415
          $output .= "<p><b>". t("Matching ". $name ."s") .":</b></p>";
Kjartan's avatar
Kjartan committed
416
        }
Dries's avatar
   
Dries committed
417
418
419
420
421
422
423
424
425
426
        foreach ($result as $entry) {
          $output .= search_item($entry, $name);
        }
      }
    }
  }

  return $output;
}

Kjartan's avatar
Kjartan committed
427
428
429
/**
 * Display the search form and the resulting data.
 *
Dries's avatar
   
Dries committed
430
 * @param $type    If set, search only nodes of this type.
Kjartan's avatar
Kjartan committed
431
 *                 Otherwise, search all types.
Dries's avatar
   
Dries committed
432
 * @param $action  Form action. Defaults to 'site.com/search'.
Kjartan's avatar
Kjartan committed
433
 * @param $query   Query string. Defaults to global $keys.
Dries's avatar
   
Dries committed
434
 * @param $options != 0: Render additional form fields/text
Kjartan's avatar
Kjartan committed
435
436
 *                 ("Restrict search to", help text, etc).
 */
Dries's avatar
   
Dries committed
437
function search_type($type, $action = NULL, $keys = NULL, $options = NULL) {
Dries's avatar
   
Dries committed
438

Dries's avatar
   
Dries committed
439
  $_POST["edit"]["type"][$type] = "on";
Dries's avatar
   
Dries committed
440

Dries's avatar
   
Dries committed
441
  return search_form($action, $keys, $options) . "<br />". search_data($keys);
Dries's avatar
   
Dries committed
442
443
}

Dries's avatar
   
Dries committed
444

Dries's avatar
   
Dries committed
445
446
function drupal_goto($url) {

Dries's avatar
   
Dries committed
447
448
449
  /*
  ** Translate &amp; to simply &
  */
Dries's avatar
   
Dries committed
450

Dries's avatar
   
Dries committed
451
  $url = str_replace("&amp;", "&", $url);
Dries's avatar
   
Dries committed
452

Dries's avatar
   
Dries committed
453
454
455
456
457
  /*
  ** It is advised to use "drupal_goto()" instead of PHP's "header()" as
  ** "drupal_goto()" will append the user's session ID to the URI when PHP
  ** is compiled with "--enable-trans-sid".
  */
Dries's avatar
   
Dries committed
458
  if (!ini_get("session.use_trans_sid") || !session_id() || strstr($url, session_id())) {
Dries's avatar
   
Dries committed
459
460
461
    header("Location: $url");
  }
  else {
Dries's avatar
   
Dries committed
462
463
464
465
466
467
468
469
    $sid = session_name() . "=" . session_id();

    if (strstr($url, "?") && !strstr($url, $sid)) {
      header("Location: $url&". $sid);
    }
    else {
      header("Location: $url?". $sid);
    }
Dries's avatar
   
Dries committed
470
471
472
473
  }

  /*
  ** The "Location" header sends a REDIRECT status code to the http
Dries's avatar
   
Dries committed
474
  ** daemon.  In some cases this can go wrong, so we make sure none
Dries's avatar
   
Dries committed
475
476
477
478
479
480
481
482
483
484
485
  ** of the code /below/ gets executed when we redirect.
  */

  exit();
}

/*
** Stores the referer in a persistent variable:
*/

function referer_save() {
Dries's avatar
   
Dries committed
486
487
  if (!strstr(referer_uri(), request_uri())) {
    $_SESSION["referer"] = referer_uri();
Dries's avatar
   
Dries committed
488
489
490
491
492
493
494
495
  }
}

/*
** Restores the referer from a persistent variable:
*/

function referer_load() {
Dries's avatar
   
Dries committed
496
497
  if (isset($_SESSION["referer"])) {
    return $_SESSION["referer"];
Dries's avatar
   
Dries committed
498
499
500
501
502
503
  }
  else {
    return 0;
  }
}

504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566

/*
** Save a common file
*/
function drupal_file_save($file) {
  global $user;
  // TODO: extend to support filesystem storage
  if (variable_get("file_save", "database")) {
    if ($file->fid) {
      if ($file->tmp_name) {
        $data = fread(fopen($file->tmp_name, "rb"), $file->size);
        db_query("UPDATE {file} SET uid = %d, filename = '%s', type = '%s', size = %d, counter = %d, data = '%s', temporary = %d WHERE fid = %d", $file->uid, $file->filename, $file->type, $file->size, $file->counter, base64_encode($data), $file->temporary, $file->fid);
      }
      else {
        db_query("UPDATE {file} SET uid = %d, filename = '%s', type = '%s', size = %d, counter = %d, temporary = %d WHERE fid = %d", $file->uid, $file->filename, $file->type, $file->size, $file->counter, $file->temporary, $file->fid);
      }
    }
    else {
      if ($file->tmp_name) {
        $file->fid = db_next_id("file_fid");
        $data = fread(fopen($file->tmp_name, "rb"), $file->size);
        db_query("INSERT INTO {file} SET fid = %d, uid = %d, created = %d, filename = '%s', type = '%s', size = %d, counter = 0, data = '%s', temporary = %d", $file->fid, $user->uid, time(), $file->filename, $file->type, $file->size, base64_encode($data), $file->temporary);
      }
      else {
        return 0;
      }
    }
  }
  return $file->fid;
}

/*
** Load a common file
*/
function drupal_file_load($fid, $data = 0) {
  // TODO: extend to support filesystem storage
  if (variable_get("file_save", "database")) {
    if ($data) {
      $file = db_fetch_object(db_query("SELECT * FROM {file} WHERE fid = %d", $fid));
    }
    else {
      $file = db_fetch_object(db_query("SELECT fid, uid, filename, created, type, size, counter, temporary FROM {file} WHERE fid = %d", $fid));
    }

    if ($file->data) {
      $file->data = base64_decode($file->data);
    }
    return $file;
  }
}

/*
** Generate the HTTP headers and dump the data
*/
function drupal_file_send($fid) {
  if (($file = drupal_file_load($fid, 1))) {
    header("Content-type: $file->type");
    header("Content-length: $file->size");
    header("Content-Disposition: inline; filename=$file->filename");
    print $file->data;
  }
}

Dries's avatar
   
Dries committed
567
function valid_input_data($data) {
568

569
  if (is_array($data) || is_object($data)) {
570
571
572
573
574
    /*
    ** Form data can contain a number of nested arrays.
    */

    foreach ($data as $key => $value) {
Dries's avatar
   
Dries committed
575
576
577
      if (!valid_input_data($value)) {
        return 0;
      }
578
579
580
581
582
583
584
    }
  }
  else {
    /*
    ** Detect evil input data.
    */

Dries's avatar
Dries committed
585
    // check strings:
Dries's avatar
Dries committed
586
    $match  = preg_match("/\Wjavascript\s*:/i", $data);
Dries's avatar
Dries committed
587
588
589
    $match += preg_match("/\Wexpression\s*\(/i", $data);
    $match += preg_match("/\Walert\s*\(/i", $data);

590
    // check attributes:
Dries's avatar
Dries committed
591
    $match += preg_match("/\W(dynsrc|datasrc|data|lowsrc|on[a-z]+)\s*=[^>]+?>/i", $data);
Dries's avatar
   
Dries committed
592

593
594

    // check tags:
Dries's avatar
   
Dries committed
595
    $match += preg_match("/<\s*(applet|script|object|style|embed|form|blink|meta|html|frame|iframe|layer|ilayer|head|frameset|xml)/i", $data);
596
597
598

    if ($match) {
      watchdog("warning", "terminated request because of suspicious input data: ". drupal_specialchars($data));
Dries's avatar
   
Dries committed
599
      return 0;
600
601
    }
  }
Dries's avatar
   
Dries committed
602
603

  return 1;
604
}
Dries's avatar
   
Dries committed
605

606
function check_url($uri) {
Dries's avatar
   
Dries committed
607
608
609
610
611
612
613
614
615
616
617
618
  $uri = htmlspecialchars($uri, ENT_QUOTES);

  /*
  ** We replace ( and ) with their entity equivalents to prevent XSS
  ** attacks.
  */

  $uri = strtr($uri, array("(" => "&040;", ")" => "&041;"));

  return $uri;
}

Dries's avatar
   
Dries committed
619
function check_form($text) {
Dries's avatar
   
Dries committed
620
  return drupal_specialchars($text, ENT_QUOTES);
Dries's avatar
   
Dries committed
621
622
}

Dries's avatar
   
Dries committed
623
function check_query($text) {
Dries's avatar
   
Dries committed
624
  return addslashes($text);
Dries's avatar
   
Dries committed
625
626
627
}

function filter($text) {
Dries's avatar
   
Dries committed
628

Dries's avatar
   
Dries committed
629
630
631
632
633
634
635
636
637
638
639
640
641
  $modules = module_list();

  /*
  ** Make sure the HTML filters that are part of the node module
  ** are run first.
  */

  if (in_array("node", $modules)) {
    $text = module_invoke("node", "filter", $text);
  }

  foreach ($modules as $name) {
    if (module_hook($name, "filter") && $name != "node") {
Dries's avatar
   
Dries committed
642
643
644
645
646
      $text = module_invoke($name, "filter", $text);
    }
  }

  return $text;
Dries's avatar
   
Dries committed
647
648
}

Dries's avatar
   
Dries committed
649
650
function rewrite_old_urls($text) {

Dries's avatar
   
Dries committed
651
652
653
654
  global $base_url;

  $end = substr($base_url, 12);

Dries's avatar
   
Dries committed
655
656
657
  /*
  ** This is a *temporary* filter to rewrite old-style URLs to new-style
  ** URLs (clean URLs).  Currently, URLs are being rewritten dynamically
Dries's avatar
   
Dries committed
658
659
  ** (ie. "on output"), however when these rewrite rules have been tested
  ** enough, we will use them to permanently rewrite the links in node
Dries's avatar
   
Dries committed
660
661
662
  ** and comment bodies.
  */

Dries's avatar
   
Dries committed
663
  if (variable_get("clean_url", "0") == "0") {
Dries's avatar
   
Dries committed
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
    /*
    ** Relative URLs:
    */

    // rewrite 'node.php?id=<number>[&cid=<number>]' style URLs:
    $text = eregi_replace("\"(node)\.php\?id=([[:digit:]]+)(&cid=)?([[:digit:]]*)", "\"?q=\\1/view/\\2/\\4", $text);

    // rewrite 'module.php?mod=<name>{&<op>=<value>}' style URLs:
    $text = ereg_replace("\"module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "\"?q=\\2/\\4/\\6" , $text);
    $text = ereg_replace("\"module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "\"?q=\\2/\\4", $text);
    $text = ereg_replace("\"module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))", "\"?q=\\2", $text);

    /*
    ** Absolute URLs:
    */

Dries's avatar
   
Dries committed
680
    // rewrite 'node.php?id=<number>[&cid=<number>]' style URLs:
Dries's avatar
   
Dries committed
681
    $text = eregi_replace("$end/(node)\.php\?id=([[:digit:]]+)(&cid=)?([[:digit:]]*)", "$end/?q=\\1/view/\\2/\\4", $text);
Dries's avatar
   
Dries committed
682

Dries's avatar
   
Dries committed
683
    // rewrite 'module.php?mod=<name>{&<op>=<value>}' style URLs:
Dries's avatar
   
Dries committed
684
685
686
    $text = ereg_replace("$end/module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "$end/?q=\\2/\\4/\\6" , $text);
    $text = ereg_replace("$end/module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "$end/?q=\\2/\\4", $text);
    $text = ereg_replace("$end/module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))", "\"$end/?q=\\2", $text);
Dries's avatar
   
Dries committed
687
688
  }
  else {
Dries's avatar
   
Dries committed
689
690
691
692
    /*
    ** Relative URLs:
    */

Dries's avatar
   
Dries committed
693
    // rewrite 'node.php?id=<number>[&cid=<number>]' style URLs:
Dries's avatar
   
Dries committed
694
    $text = eregi_replace("\"(node)\.php\?id=([[:digit:]]+)(&cid=)?([[:digit:]]*)", "\"\\1/view/\\2/\\4", $text);
Dries's avatar
   
Dries committed
695
696

    // rewrite 'module.php?mod=<name>{&<op>=<value>}' style URLs:
Dries's avatar
   
Dries committed
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
    $text = ereg_replace("\"module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "\"\\2/\\4/\\6", $text);
    $text = ereg_replace("\"module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "\"\\2/\\4", $text);
    $text = ereg_replace("\"module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))", "\"\\2", $text);

    /*
    ** Absolute URLs:
    */

    // rewrite 'node.php?id=<number>[&cid=<number>]' style URLs:
    $text = eregi_replace("$end/(node)\.php\?id=([[:digit:]]+)(&cid=)?([[:digit:]]*)", "$end/\\1/view/\\2/\\4", $text);

    // rewrite 'module.php?mod=<name>{&<op>=<value>}' style URLs:
    $text = ereg_replace("$end/module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "$end/\\2/\\4/\\6", $text);
    $text = ereg_replace("$end/module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "$end/\\2/\\4", $text);
    $text = ereg_replace("$end/module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))", "$end/\\2", $text);
}
Dries's avatar
   
Dries committed
713

Dries's avatar
   
Dries committed
714
715
716
  return $text;
}

Dries's avatar
   
Dries committed
717
function check_output($text) {
Dries's avatar
   
Dries committed
718
  if (isset($text)) {
Dries's avatar
   
Dries committed
719
720
721
722
    // filter content on output:
    $text = filter($text);

    // get the line breaks right:
Dries's avatar
   
Dries committed
723
    if (strip_tags($text, "<a><i><b><u><tt><code><cite><strong><img>") == $text) {
Dries's avatar
   
Dries committed
724
725
726
727
728
729
730
731
      $text = nl2br($text);
    }
  }
  else {
    $text = message_na();
  }

  return $text;
Dries's avatar
   
Dries committed
732
733
}

734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
/**
* Checks if a file is valid and correct.
*
* @param $name the name of the form_file item
* @param $type restrict to mime types
* @param $size restrict file size
* @param $paranoid flag to make sure file belongs to the current user
*
* @returns mixed file object, or error object, or false if there is no file
*/
function check_file($name, $type = "/.+/", $size = 0) {
  // Make sure we don't have a file stored temporarily
  if ($_POST["edit"]["__file"][$name]) {
    $file = drupal_file_load($_POST["edit"]["__file"][$name]);
    if (!$file->temporary) {
      unset($file);
    }
Dries's avatar
   
Dries committed
751
  }
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789

  // make sure $name exists in $_FILES
  if ($_FILES["edit"]["name"][$name]) {

    // populate $file object to make further testing simpler
    $file->filename = $_FILES["edit"]["name"][$name];
    $file->type = $_FILES["edit"]["type"][$name];
    $file->tmp_name = $_FILES["edit"]["tmp_name"][$name];
    $file->error = $_FILES["edit"]["error"][$name];
    $file->size = $_FILES["edit"]["size"][$name];

    if (!valid_input_data($file)) {
      $return->error = t("possible exploit abuse");
    }

    // make sure the file is a valid upload
    if (!is_uploaded_file($file->tmp_name) || $file->error == UPLOAD_ERR_PARTIAL || $file->error == UPLOAD_ERR_NO_FILE) {
      $return->error = t("invalid file upload");
    }

    // validate the file type uploaded
    if (!preg_match($type, $file->filename)) {
      $return->error = t("invalid file type");
    }

    // check the file size to make sure the file isn't too big
    if (($size && $file->size > $size) || $file->error == UPLOAD_ERR_INI_SIZE || $file->error == UPLOAD_ERR_FORM_SIZE) {
      $return->error = t("file size too big");
    }

    if (!$return->error) {
      $file->temporary = 1;
      $file->fid = drupal_file_save($file);
    }
  }

  if ($return->error) {
    return $return;
Dries's avatar
   
Dries committed
790
  }
791
792

  return $file ? $file : false;
Dries's avatar
   
Dries committed
793
794
}

Dries's avatar
   
Dries committed
795
796
797
function format_rss_channel($title, $link, $description, $items, $language = "en", $args = array()) {
  // arbitrary elements may be added using the $args associative array

Dries's avatar
   
Dries committed
798
  $output .= "<channel>\n";
Dries's avatar
   
Dries committed
799
800
801
802
  $output .= " <title>". drupal_specialchars(strip_tags($title)) ."</title>\n";
  $output .= " <link>". drupal_specialchars(strip_tags($link)) ."</link>\n";
  $output .= " <description>". drupal_specialchars($description) ."</description>\n";
  $output .= " <language>". drupal_specialchars(strip_tags($language)) ."</language>\n";
Dries's avatar
   
Dries committed
803
  foreach ($args as $key => $value) {
Dries's avatar
   
Dries committed
804
    $output .= " <$key>". drupal_specialchars(strip_tags($value)) ."</$key>\n";
Dries's avatar
   
Dries committed
805
  }
Dries's avatar
   
Dries committed
806
807
808
809
810
811
  $output .= $items;
  $output .= "</channel>\n";

  return $output;
}

Dries's avatar
   
Dries committed
812
813
814
function format_rss_item($title, $link, $description, $args = array()) {
  // arbitrary elements may be added using the $args associative array

Dries's avatar
   
Dries committed
815
  $output .= "<item>\n";
Dries's avatar
   
Dries committed
816
817
818
  $output .= " <title>". drupal_specialchars(strip_tags($title)) ."</title>\n";
  $output .= " <link>". drupal_specialchars(strip_tags($link)) ."</link>\n";
  $output .= " <description>". drupal_specialchars(check_output($description)) ."</description>\n";
Dries's avatar
   
Dries committed
819
  foreach ($args as $key => $value) {
Dries's avatar
   
Dries committed
820
    $output .= "<$key>". drupal_specialchars(strip_tags($value)) ."</$key>";
Dries's avatar
   
Dries committed
821
  }
Dries's avatar
   
Dries committed
822
823
824
825
826
  $output .= "</item>\n";

  return $output;
}

Dries's avatar
   
Dries committed
827
828
829
830
831
832
833
834
835
836
837
838
839
840
/**
 * Formats a string with a count of items so that the string is pluralized
 * correctly.
 * format_plural calls t() by itself, make sure not to pass already localized
 * strings to it.
 *
 * @param $count    The item count to display.
 * @param $singular The string for the singular case. Please make sure it's clear
 *                  this is singular, to ease translation. ("1 new comment" instead of
 *                  "1 new").
 * @param $plural   The string for the plrual case. Please make sure it's clear
 *                  this is plural, to ease translation. Use %count in places of the
 *                  item count, as in "%count new comments".
 */
Dries's avatar
   
Dries committed
841
function format_plural($count, $singular, $plural) {
Dries's avatar
   
Dries committed
842
  return t($count == 1 ? $singular : $plural, array("%count" => $count));
Dries's avatar
   
Dries committed
843
844
845
}

function format_size($size) {
Dries's avatar
   
Dries committed
846
  $suffix = t("bytes");
Dries's avatar
   
Dries committed
847
848
  if ($size > 1024) {
    $size = round($size / 1024, 2);
Dries's avatar
   
Dries committed
849
    $suffix = t("KB");
Dries's avatar
   
Dries committed
850
851
852
  }
  if ($size > 1024) {
    $size = round($size / 1024, 2);
Dries's avatar
   
Dries committed
853
    $suffix = t("MB");
Dries's avatar
   
Dries committed
854
  }
Dries's avatar
   
Dries committed
855
  return t("%size %suffix", array("%size" => $size, "%suffix" => $suffix));
Dries's avatar
   
Dries committed
856
857
}

Dries's avatar
   
Dries committed
858
function cache_get($key) {
Dries's avatar
   
Dries committed
859
  $cache = db_fetch_object(db_query("SELECT data, created FROM {cache} WHERE cid = '%s'", $key));
Dries's avatar
   
Dries committed
860
  return $cache->data ? $cache : 0;
Dries's avatar
   
Dries committed
861
862
863
}

function cache_set($cid, $data, $expire = 0) {
Dries's avatar
   
Dries committed
864
865
  if (db_fetch_object(db_query("SELECT cid FROM {cache} WHERE cid = '%s'", $cid))) {
    db_query("UPDATE {cache} SET data = '%s', created = %d, expire = %d WHERE cid = '%s'", $data, time(), $expire, $cid);
Dries's avatar
   
Dries committed
866
867
  }
  else {
Dries's avatar
   
Dries committed
868
    db_query("INSERT INTO {cache} (cid, data, created, expire) VALUES('%s', '%s', %d, %d)", $cid, $data, time(), $expire);
Dries's avatar
   
Dries committed
869
  }
Dries's avatar
   
Dries committed
870
871
}

Dries's avatar
   
Dries committed
872
873
function cache_clear_all($cid = NULL) {
  if (empty($cid)) {
Dries's avatar
   
Dries committed
874
    db_query("DELETE FROM {cache} WHERE expire <> 0");
Dries's avatar
   
Dries committed
875
876
  }
  else {
Dries's avatar
   
Dries committed
877
    db_query("DELETE FROM {cache} WHERE cid = '%s'", $cid);
Dries's avatar
   
Dries committed
878
  }
Dries's avatar
   
Dries committed
879
880
881
}

function page_set_cache() {
Dries's avatar
   
Dries committed
882
  global $user;
Dries's avatar
   
Dries committed
883

Dries's avatar
   
Dries committed
884
  if (!$user->uid && $_SERVER["REQUEST_METHOD"] == "GET") {
Dries's avatar
   
Dries committed
885
    if ($data = ob_get_contents()) {
Dries's avatar
   
Dries committed
886
      cache_set(request_uri(), $data, 1);
Dries's avatar
   
Dries committed
887
888
889
890
    }
  }
}

Dries's avatar
   
Dries committed
891
function page_get_cache() {
Dries's avatar
   
Dries committed
892
  global $user;
Dries's avatar
   
Dries committed
893

Dries's avatar
   
Dries committed
894
895
  $cache = NULL;

Dries's avatar
   
Dries committed
896
  if (!$user->uid && $_SERVER["REQUEST_METHOD"] == "GET") {
Dries's avatar
   
Dries committed
897
898
899
    $cache = cache_get(request_uri());

    if (empty($cache)) {
Dries's avatar
   
Dries committed
900
      ob_start();
Dries's avatar
   
Dries committed
901
902
    }
  }
Dries's avatar
   
Dries committed
903

Dries's avatar
   
Dries committed
904
  return $cache;
Dries's avatar
   
Dries committed
905
906
907
}

function format_interval($timestamp) {
Dries's avatar
   
Dries committed
908
  $units = array("1 year|%count years" => 31536000, "1 week|%count weeks" => 604800, "1 day|%count days" => 86400, "1 hour|%count hours" => 3600, "1 min|%count min" => 60, "1 sec|%count sec" => 1);
Kjartan's avatar
Kjartan committed
909
  foreach ($units as $key=>$value) {
Dries's avatar
   
Dries committed
910
911
912
913
914
915
    $key = explode("|", $key);
    if ($timestamp >= $value) {
      $output .= ($output ? " " : "") . format_plural(floor($timestamp / $value), $key[0], $key[1]);
      $timestamp %= $value;
    }
  }
Dries's avatar
   
Dries committed
916
  return ($output) ? $output : t("0 sec");
Dries's avatar
   
Dries committed
917
918
919
920
921
}

function format_date($timestamp, $type = "medium", $format = "") {
  global $user;

Kjartan's avatar
Kjartan committed
922
  $timestamp += ($user->timezone) ? $user->timezone - date("Z") : 0;
Dries's avatar
   
Dries committed
923
924
925

  switch ($type) {
    case "small":
Dries's avatar
   
Dries committed
926
      $format = variable_get("date_format_short", "m/d/Y - H:i");
Dries's avatar
   
Dries committed
927
928
      break;
    case "large":
Dries's avatar
   
Dries committed
929
      $format = variable_get("date_format_long", "l, F j, Y - H:i");
Dries's avatar
   
Dries committed
930
931
      break;
    case "custom":
Dries's avatar
   
Dries committed
932
      // No change to format
Dries's avatar
   
Dries committed
933
      break;
Dries's avatar
   
Dries committed
934
    case "medium":
Dries's avatar
   
Dries committed
935
    default:
Dries's avatar
   
Dries committed
936
937
938
939
940
941
942
943
944
945
946
947
948
      $format = variable_get("date_format_medium", "D, m/d/Y - H:i");
  }

  for ($i = strlen($format); $i >= 0; $c = $format[--$i]) {
    if (strstr("DFlMSw", $c)) {
      $date = t(date($c, $timestamp)) . $date;
    }
    else if (strstr("AaBdgGhHiIjLmnOrstTUWYyZz", $c)) {
      $date = date($c, $timestamp) . $date;
    }
    else {
      $date = $c.$date;
    }
Dries's avatar
   
Dries committed
949
950
951
952
953
954
955
  }
  return $date;
}

function format_name($object) {

  if ($object->uid && $object->name) {
Dries's avatar
Dries committed
956
957
958
959
960
961
962
963
964
965
966
967
    /*
    ** Shorten the name when it is too long or it will break many
    ** tables.
    */

    if (strlen($object->name) > 20) {
      $name = substr($object->name, 0, 15) ."...";
    }
    else {
      $name = $object->name;
    }

Dries's avatar
   
Dries committed
968
    if (arg(0) == "admin") {
Dries's avatar
Dries committed
969
      $output = l($name, "admin/user/edit/$object->uid", array("title" => t("Administer user profile.")));
Dries's avatar
   
Dries committed
970
971
    }
    else {
Dries's avatar
Dries committed
972
      $output = l($name, "user/view/$object->uid", array("title" => t("View user profile.")));
Dries's avatar
   
Dries committed
973
    }
Dries's avatar
   
Dries committed
974
  }
Dries's avatar
   
Dries committed
975
976
977
978
979
980
981
982
983
984
  else if ($object->name) {
    /*
    ** Sometimes modules display content composed by people who are
    ** not registers members of the site (i.e. mailing list or news
    ** aggregator modules).  This clause enables modules to display
    ** the true author of the content.
    */

    $output = $object->name;
  }
Dries's avatar
   
Dries committed
985
  else {
Dries's avatar
   
Dries committed
986
    $output = t(variable_get("anonymous", "Anonymous"));
Dries's avatar
   
Dries committed
987
988
  }

Dries's avatar
   
Dries committed
989
  return $output;
Dries's avatar
   
Dries committed
990
991
992
}

function form($form, $method = "post", $action = 0, $options = 0) {
Dries's avatar
   
Dries committed
993
994

  if (!$action) {
995
    $action = request_uri();
Dries's avatar
   
Dries committed
996
  }
997
  return "<form action=\"$action\" method=\"$method\"". drupal_attributes($options) .">\n$form\n</form>\n";
Dries's avatar
   
Dries committed
998
999
1000
}

function form_item($title, $value, $description = 0) {
Dries's avatar
   
Dries committed
1001
  return "<div class=\"form-item\">". ($title ? "<div class=\"title\">$title:</div>" : "") . $value . ($description ? "<div class=\"description\">$description</div>" : "") ."</div>\n";
Dries's avatar
   
Dries committed
1002
1003
}

1004
1005
function form_radio($title, $name, $value = 1, $checked = 0, $description = 0, $attributes = 0) {
  return form_item(0, "<input type=\"radio\" class=\"form-radio\" name=\"edit[$name]\" value=\"". $value ."\"". ($checked ? " checked=\"checked\"" : "") . drupal_attributes($attributes) ." /> $title", $description);
Dries's avatar
   
Dries committed
1006
1007
}

1008
1009
function form_checkbox($title, $name, $value = 1, $checked = 0, $description = 0, $attributes = 0) {
  return form_hidden($name, 0) . form_item(0, "<input type=\"checkbox\" class=\"form-checkbox\" name=\"edit[$name]\" value=\"". $value ."\"". ($checked ? " checked=\"checked\"" : "") . drupal_attributes($attributes) ." /> $title", $description);
Dries's avatar
   
Dries committed
1010
1011
}

1012
function form_textfield($title, $name, $value, $size, $maxlength, $description = 0, $attributes = 0) {
Dries's avatar
   
Dries committed
1013
  $size = $size ? " size=\"$size\"" : "";
1014
  return form_item($title, "<input type=\"text\" maxlength=\"$maxlength\" class=\"form-text\" name=\"edit[$name]\"$size value=\"". check_form($value) ."\"". drupal_attributes($attributes) ." />", $description);
Dries's avatar
   
Dries committed
1015
1016
}

1017
function form_password($title, $name, $value, $size, $maxlength, $description = 0, $attributes = 0) {
Dries's avatar
   
Dries committed
1018
  $size = $size ? " size=\"$size\"" : "";
1019
  return form_item($title, "<input type=\"password\" class=\"form-password\" maxlength=\"$maxlength\" name=\"edit[$name]\"$size value=\"". check_form($value) ."\"". drupal_attributes($attributes) ." />", $description);
Dries's avatar
   
Dries committed
1020
1021
}

1022
function form_textarea($title, $name, $value, $cols, $rows, $description = 0, $attributes = 0) {
Dries's avatar
   
Dries committed
1023
  $cols = $cols ? " cols=\"$cols\"" : "";
Dries's avatar
   
Dries committed
1024
  module_invoke_all("textarea", $name);  // eg. optionally plug in a WYSIWYG editor
1025
  return form_item($title, "<textarea wrap=\"virtual\"$cols rows=\"$rows\" name=\"edit[$name]\" id=\"edit[$name]\"". drupal_attributes($attributes) .">". check_form($value) ."</textarea>", $description);
Dries's avatar
   
Dries committed
1026
1027
}

Dries's avatar
   
Dries committed
1028
function form_select($title, $name, $value, $options, $description = 0, $extra = 0, $multiple = 0) {
Dries's avatar
   
Dries committed
1029
  if (count($options) > 0) {
Kjartan's avatar
Kjartan committed
1030
    foreach ($options as $key=>$choice) {
1031
      $select .= "<option value=\"$key\"". (is_array($value) ? (in_array($key, $value) ? " selected=\"selected\"" : "") : ($value == $key ? " selected=\"selected\"" : "")) .">". check_form($choice) ."</option>";
Dries's avatar
   
Dries committed
1032
    }
Kjartan's avatar
Kjartan committed
1033
    return form_item($title, "<select name=\"edit[$name]". ($multiple ? "[]" : "") ."\"". ($multiple ? " multiple " : "") . ($extra ? " $extra" : "") .">$select</select>", $description);
Dries's avatar
   
Dries committed
1034
1035
1036
  }
}

Dries's avatar
   
Dries committed
1037
1038
1039
1040
1041
1042
1043
1044
1045
function form_radios($title, $name, $value, $options, $description = 0) {
  if (count($options) > 0) {
    foreach ($options as $key=>$choice) {
      $output .= form_radio($choice, $name, $key, ($key == $value));
    }
    return form_item($title, $output, $description);
  }
}

1046
1047
1048
1049
1050
function form_file($title, $name, $size, $description = 0, $fid = 0) {
  if ($fid) { // Include file upload in case of preview
    $extra = form_hidden("__file][$name", $fid);
  }
  return $extra . form_item($title, "<input type=\"file\" class=\"form-file\" name=\"edit[$name]\" size=\"$size\" />\n", $description);
Dries's avatar
   
Dries committed
1051
1052
1053
1054
1055
1056
}

function form_hidden($name, $value) {
  return "<input type=\"hidden\" name=\"edit[$name]\" value=\"". check_form($value) ."\" />\n";
}

1057
function form_submit($value, $name = "op", $attributes = 0) {
Dries's avatar
   
Dries committed
1058
  return "<input type=\"submit\" class=\"form-submit\" name=\"$name\" value=\"". check_form($value) ."\" />\n";
Dries's avatar
   
Dries committed
1059
1060
}

Dries's avatar
   
Dries committed
1061
function form_weight($title = NULL, $name = "weight", $value = 0, $delta = 10, $description = 0, $extra = 0) {
Dries's avatar
   
Dries committed
1062
  for ($n = (-1 * $delta); $n <= $delta; $n++) {
Dries's avatar
   
Dries committed
1063
1064
1065
1066
1067
1068
    $weights[$n] = $n;
  }

  return form_select($title, $name, $value, $weights, $description, $extra);
}

Dries's avatar
   
Dries committed
1069
1070
1071
1072
function form_allowed_tags_text() {
  return variable_get("allowed_html", "") ? (t("Allowed HTML tags") .": ". htmlspecialchars(variable_get("allowed_html", ""))) : "";
}

Dries's avatar
   
Dries committed
1073
1074
1075
1076
1077
1078
/**
 * Given an old url, return the alias.
 */
function get_url_alias($path) {
  $map = get_url_map();

Dries's avatar
   
Dries committed
1079
1080
1081
  if ($map) {
    return array_search($path, $map);
  }
Dries's avatar
   
Dries committed
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
}

/**
 * Given an alias, return the old url.
 */
function get_old_url($path) {
  $map = get_url_map();
  return $map[$path];
}

Dries's avatar
   
Dries committed
1092
function url($url = NULL, $query = NULL) {
Dries's avatar
   
Dries committed
1093
  global $base_url;
Dries's avatar
   
Dries committed
1094

Dries's avatar
   
Dries committed
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
  static $script;

  if (empty($script)) {
    /*
    ** On some webservers such as IIS we can't omit "index.php".  As such we
    ** generate "index.php?q=foo" instead of "?q=foo" on anything that is not
    ** Apache.
    */
    $script = (strpos($_SERVER["SERVER_SOFTWARE"], "Apache") === false) ? "index.php" : "";
  }

Dries's avatar
   
Dries committed
1106
1107
1108
1109
  if ($alias = get_url_alias($url)) {
    $url = $alias;
  }

Dries's avatar
   
Dries committed
1110
  if (variable_get("clean_url", "0") == "0") {
Dries's avatar
   
Dries committed
1111
1112
    if (isset($url)) {
      if (isset($query)) {
Dries's avatar
   
Dries committed
1113
        return "$base_url/$script?q=$url&amp;$query";
Dries's avatar
   
Dries committed
1114
1115
      }
      else {
Dries's avatar
   
Dries committed
1116
        return "$base_url/$script?q=$url";
Dries's avatar
   
Dries committed
1117
      }
Dries's avatar
   
Dries committed
1118
1119
    }
    else {
Dries's avatar
   
Dries committed
1120
      if (isset($query)) {
Dries's avatar
   
Dries committed
1121
        return "$base_url/$script?$query";
Dries's avatar
   
Dries committed
1122
1123
      }
      else {
Dries's avatar
   
Dries committed
1124
        return "$base_url/";
Dries's avatar
   
Dries committed
1125
      }
Dries's avatar
   
Dries committed
1126
1127
1128
    }
  }
  else {
Dries's avatar
   
Dries committed
1129
1130
    if (isset($url)) {
      if (isset($query)) {
Dries's avatar
   
Dries committed
1131
        return "$base_url/$url?$query";
Dries's avatar
   
Dries committed
1132
1133
      }
      else {
Dries's avatar
   
Dries committed
1134
        return "$base_url/$url";
Dries's avatar
   
Dries committed
1135
      }
Dries's avatar
   
Dries committed
1136
    }
Dries's avatar
   
Dries committed
1137
    else {
Dries's avatar
   
Dries committed
1138
      if (isset($query)) {
Dries's avatar
   
Dries committed
1139
        return "$base_url/$script?$query";
Dries's avatar
   
Dries committed
1140
1141
      }
      else {
Dries's avatar
   
Dries committed
1142
        return "$base_url/";
Dries's avatar
   
Dries committed
1143
      }
Dries's avatar
   
Dries committed
1144
    }
Dries's avatar
   
Dries committed
1145
  }
Dries's avatar
   
Dries committed
1146
1147
}

1148
1149
1150
1151
1152
1153
1154
function drupal_attributes($attributes = 0) {
  if (is_array($attributes)) {
    $t = array();
    foreach ($attributes as $key => $value) {
      $t[] = "$key=\"$value\"";
    }
    return " ". implode($t, " ");
Dries's avatar
   
Dries committed
1155
  }
1156
}
Dries's avatar
   
Dries committed
1157

1158
1159
function l($text, $url, $attributes = array(), $query = NULL) {
  return "<a href=\"". url($url, $query) ."\"". drupal_attributes($attributes) .">$text</a>";
Dries's avatar
   
Dries committed
1160
1161
}

Dries's avatar
   
Dries committed
1162
function field_get($string, $name) {
1163
  ereg(",?$name=([^,]+)", ", $string", $regs);
Dries's avatar
   
Dries committed
1164
1165
1166
1167
1168
  return $regs[1];
}

function field_set($string, $name, $value) {
  $rval = ereg_replace(",$name=[^,]+", "", ",$string");
Dries's avatar
   
Dries committed
1169
  if (isset($value)) {
Kjartan's avatar
Kjartan committed
1170
1171
    $rval .= ($rval == "," ? "" : ",") ."$name=$value";
  }
Dries's avatar
   
Dries committed
1172
1173
1174
1175
  return substr($rval, 1);
}

function link_page() {
1176
  global $custom_links;
Dries's avatar
   
Dries committed
1177

1178
  if (is_array($custom_links)) {
1179
1180
1181
    return $custom_links;
  }
  else {
Dries's avatar
   
Dries committed
1182
    $links = module_invoke_all("link", "page");
1183
    array_unshift($links, l(t("home"), "", array("title" => t("Return to the main page."))));
1184
    return $links;
Dries's avatar
   
Dries committed
1185
  }
Dries's avatar
   
Dries committed
1186
}
Dries's avatar
   
Dries committed
1187
1188

function link_node($node, $main = 0) {
Dries's avatar
   
Dries committed
1189
  return module_invoke_all("link", "node", $node, $main);
Dries's avatar
   
Dries committed
1190
1191
1192
1193
}

function timer_start() {
  global $timer;
Dries's avatar
   
Dries committed
1194
1195
  list($usec, $sec) = explode(" ", microtime());
  $timer = (float)$usec + (float)$sec;
Dries's avatar
   
Dries committed
1196
1197
}

Dries's avatar
   
Dries committed
1198
function drupal_page_header() {
1199

Dries's avatar
   
Dries committed
1200
1201
1202
1203
1204
  if (variable_get("dev_timer", 0)) {
    timer_start();
  }

  if (variable_get("cache", 0)) {
Dries's avatar
   
Dries committed
1205
    if ($cache = page_get_cache()) {
Dries's avatar
   
Dries committed
1206
1207

      // Set default values:
Dries's avatar
   
Dries committed
1208
      $date = gmdate("D, d M Y H:i:s", $cache->created) ." GMT";
Dries's avatar
   
Dries committed
1209
1210
1211
      $etag = '"'. md5($date) .'"';

      // Check http headers:
1212
      $modified_since = isset($_SERVER["HTTP_IF_MODIFIED_SINCE"]) ? $_SERVER["HTTP_IF_MODIFIED_SINCE"] == $date : NULL;
1213
      $none_match = isset($_SERVER["HTTP_IF_NONE_MATCH"]) ? $_SERVER["HTTP_IF_NONE_MATCH"] == $etag : NULL;
Dries's avatar
   
Dries committed
1214