common.inc 38.8 KB
Newer Older
Dries's avatar
Dries committed
1
<?php
2
// $Id$
Dries's avatar
Dries committed
3

4 5 6 7 8 9 10 11
/**
 * @file
 * Common functions that many Drupal modules will need to reference.
 *
 * The functions that are critical and need to be available even when serving
 * a cached page are instead located in bootstrap.inc.
 */

12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
/**
 * Return status for saving which involved creating a new item.
 */
define('SAVED_NEW', 1);

/**
 * Return status for saving which involved an update to an existing item.
 */
define('SAVED_UPDATED', 2);

/**
 * Return status for saving which deleted an existing item.
 */
define('SAVED_DELETED', 3);

27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70
/**
 * Set content for a specified region.
 *
 * @param $region
 *   Page region the content is assigned to.
 *
 * @param $data
 *   Content to be set.
 */
function drupal_set_content($region = null, $data = null) {
  static $content = array();

  if (!is_null($region) && !is_null($data)) {
    $content[$region][] = $data;
  }
  return $content;
}

/**
 * Get assigned content.
 *
 * @param $region
 *   A specified region to fetch content for.  If null, all regions will be returned.
 *
 * @param $delimiter
 *   Content to be inserted between exploded array elements.
 */
function drupal_get_content($region = null, $delimiter = ' ') {
  $content = drupal_set_content();
  if (isset($region)) {
    if (is_array($content[$region])) {
      return implode ($delimiter, $content[$region]);
    }
  }
  else {
    foreach (array_keys($content) as $region) {
      if (is_array($content[$region])) {
        $content[$region] = implode ($delimiter, $content[$region]);
      }
    }
    return $content;
  }
}

71
/**
72
 * Set the breadcrumb trail for the current page.
73
 *
74 75 76
 * @param $breadcrumb
 *   Array of links, starting with "home" and proceeding up to but not including
 *   the current page.
77
 */
78 79 80 81 82 83 84 85 86
function drupal_set_breadcrumb($breadcrumb = NULL) {
  static $stored_breadcrumb;

  if (isset($breadcrumb)) {
    $stored_breadcrumb = $breadcrumb;
  }
  return $stored_breadcrumb;
}

87 88 89
/**
 * Get the breadcrumb trail for the current page.
 */
90 91 92 93 94 95 96 97 98 99
function drupal_get_breadcrumb() {
  $breadcrumb = drupal_set_breadcrumb();

  if (!isset($breadcrumb)) {
    $breadcrumb = menu_get_active_breadcrumb();
  }

  return $breadcrumb;
}

Dries's avatar
Dries committed
100
/**
101
 * Add output to the head tag of the HTML page.
102
 * This function can be called as long the headers aren't sent.
Dries's avatar
Dries committed
103 104
 */
function drupal_set_html_head($data = NULL) {
105
  static $stored_head = '';
Dries's avatar
Dries committed
106 107

  if (!is_null($data)) {
108
    $stored_head .= $data ."\n";
Dries's avatar
Dries committed
109 110 111 112
  }
  return $stored_head;
}

113 114 115
/**
 * Retrieve output to be displayed in the head tag of the HTML page.
 */
Dries's avatar
Dries committed
116 117 118
function drupal_get_html_head() {
  global $base_url;

119
  $output = "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />\n";
Dries's avatar
Dries committed
120
  $output .= "<base href=\"$base_url/\" />\n";
121
  $output .= theme('stylesheet_import', 'misc/drupal.css');
Dries's avatar
Dries committed
122 123 124 125

  return $output . drupal_set_html_head();
}

126
/**
127
 * Reset the static variable which holds the aliases mapped for this request.
128
 */
129 130
function drupal_clear_path_cache() {
  drupal_lookup_path('wipe');
131
}
132

133
/**
134
 * Given a path alias, return the internal path it represents.
135 136
 */
function drupal_get_normal_path($path) {
137 138 139
  $result = $path;
  if ($src = drupal_lookup_path('source', $path)) {
    $result = $src;
140
  }
141 142
  if (function_exists('custom_url_rewrite')) {
    $result = custom_url_rewrite('source', $result, $path);
143
  }
144
  return $result;
145
}
146

Dries's avatar
Dries committed
147
/**
148
 * Set an HTTP response header for the current page.
Dries's avatar
Dries committed
149 150
 */
function drupal_set_header($header = NULL) {
151
  // We use an array to guarantee there are no leading or trailing delimiters.
152
  // Otherwise, header('') could get called when serving the page later, which
153 154
  // ends HTTP headers prematurely on some PHP versions.
  static $stored_headers = array();
Dries's avatar
Dries committed
155

156
  if (strlen($header)) {
Dries's avatar
Dries committed
157
    header($header);
158
    $stored_headers[] = $header;
Dries's avatar
Dries committed
159
  }
160
  return implode("\n", $stored_headers);
Dries's avatar
Dries committed
161 162
}

163 164 165
/**
 * Get the HTTP response headers for the current page.
 */
Dries's avatar
Dries committed
166 167 168 169
function drupal_get_headers() {
  return drupal_set_header();
}

170 171 172
/**
 * @name HTTP handling
 * @{
173
 * Functions to properly handle HTTP responses.
174 175
 */

176 177
/**
 * Prepare a destination query string for use in combination with
178 179 180 181 182
 * drupal_goto(). Used to direct the user back to the referring page
 * after completing a form. By default the current URL is returned.
 * If a destination exists in the previous request, that destination
 * is returned.  As such, a destination can persist across multiple
 * pages.
183 184 185 186
 *
 * @see drupal_goto()
 */
function drupal_get_destination() {
187 188 189 190 191 192 193 194 195 196
  if ($_REQUEST['destination']) {
    return 'destination='. urlencode($_REQUEST['destination']);
  }
  else {
    $destination[] = $_GET['q'];
    $params = array('page', 'sort', 'order');
    foreach ($params as $param) {
      if (isset($_GET[$param])) {
        $destination[] = "$param=". $_GET[$param];
      }
197
    }
198
    return 'destination='. urlencode(implode('&', $destination));
199 200 201
  }
}

202
/**
203
 * Send the user to a different Drupal page.
204
 *
205 206
 * This issues an on-site HTTP redirect. The function makes sure the redirected
 * URL is formatted correctly.
207
 *
208 209 210 211 212 213 214 215 216 217
 * Usually the redirected URL is constructed from this function's input
 * parameters.  However you may override that behavior by setting a
 * <em>destination</em> in either the $_REQUEST-array (i.e. by using
 * the query string of an URI) or the $_REQUEST['edit']-array (i.e. by
 * using a hidden form field).  This is used to direct the user back to
 * the proper page after completing a form.  For example, after editing
 * a post on the 'admin/node'-page or after having logged on using the
 * 'user login'-block in a sidebar.  The function drupal_get_destination()
 * can be used to help set the destination URL.
 *
218 219 220 221 222 223 224 225 226 227 228 229 230
 * It is advised to use drupal_goto() instead of PHP's header(), because
 * drupal_goto() will append the user's session ID to the URI when PHP is
 * compiled with "--enable-trans-sid".
 *
 * This function ends the request; use it rather than a print theme('page')
 * statement in your menu callback.
 *
 * @param $path
 *   A Drupal path.
 * @param $query
 *   The query string component, if any.
 * @param $fragment
 *   The destination fragment identifier (named anchor).
231 232
 *
 * @see drupal_get_destination()
233
 */
234
function drupal_goto($path = '', $query = NULL, $fragment = NULL) {
235 236 237 238 239 240 241
  if ($_REQUEST['destination']) {
    extract(parse_url($_REQUEST['destination']));
  }
  else if ($_REQUEST['edit']['destination']) {
    extract(parse_url($_REQUEST['edit']['destination']));
  }

242
  $url = url($path, $query, $fragment, TRUE);
243

244 245 246 247
  // Before the redirect, allow modules to react to the end of the page request.
  module_invoke_all('exit', $url);

  header('Location: '. $url);
248

249 250 251
  // The "Location" header sends a REDIRECT status code to the http
  // daemon. In some cases this can go wrong, so we make sure none
  // of the code below the drupal_goto() call gets executed when we redirect.
252 253 254 255 256 257
  exit();
}

/**
 * Generates a 404 error if the request can not be handled.
 */
258
function drupal_not_found() {
259
  header('HTTP/1.0 404 Not Found');
260
  watchdog('page not found', t('%page not found.', array('%page' => theme('placeholder', $_GET['q']))), WATCHDOG_WARNING);
261 262

  $path = drupal_get_normal_path(variable_get('site_404', ''));
263
  $status = MENU_NOT_FOUND;
264 265
  if ($path) {
    menu_set_active_item($path);
266
    $return = menu_execute_active_handler();
267 268
  }

269
  if (empty($return)) {
270
    drupal_set_title(t('Page not found'));
271
  }
272
  print theme('page', $return);
273
}
274

275 276 277 278 279
/**
 * Generates a 403 error if the request is not allowed.
 */
function drupal_access_denied() {
  header('HTTP/1.0 403 Forbidden');
280
  watchdog('access denied', t('%page denied access.', array('%page' => theme('placeholder', $_GET['q']))), WATCHDOG_WARNING, l(t('view'), $_GET['q']));
281 282

  $path = drupal_get_normal_path(variable_get('site_403', ''));
283
  $status = MENU_NOT_FOUND;
284 285
  if ($path) {
    menu_set_active_item($path);
286
    $return = menu_execute_active_handler();
287 288
  }

289
  if (empty($return)) {
290
    drupal_set_title(t('Access denied'));
291
    $return = t('You are not authorized to access this page.');
292
  }
293
  print theme('page', $return);
294 295
}

296
/**
297
 * Perform an HTTP request.
298
 *
299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315
 * This is a flexible and powerful HTTP client implementation. Correctly handles
 * GET, POST, PUT or any other HTTP requests. Handles redirects.
 *
 * @param $url
 *   A string containing a fully qualified URI.
 * @param $headers
 *   An array containing an HTTP header => value pair.
 * @param $method
 *   A string defining the HTTP request to use.
 * @param $data
 *   A string containing data to include in the request.
 * @param $retry
 *   An integer representing how many times to retry the request in case of a
 *   redirect.
 * @return
 *   An object containing the HTTP request headers, response code, headers,
 *   data, and redirect status.
316 317
 */
function drupal_http_request($url, $headers = array(), $method = 'GET', $data = NULL, $retry = 3) {
318 319
  $result = new StdClass();

320
  // Parse the URL, and make sure we can handle the schema.
321 322 323
  $uri = parse_url($url);
  switch ($uri['scheme']) {
    case 'http':
324 325
      $port = $uri['port'] ? $uri['port'] : 80;
      $fp = @fsockopen($uri['host'], $port, $errno, $errstr, 15);
326 327
      break;
    case 'https':
328
      // Note: Only works for PHP 4.3 compiled with OpenSSL.
329 330
      $port = $uri['port'] ? $uri['port'] : 443;
      $fp = @fsockopen('ssl://'. $uri['host'], $port, $errno, $errstr, 20);
331 332
      break;
    default:
333
      $result->error = 'invalid schema '. $uri['scheme'];
334 335 336
      return $result;
  }

337
  // Make sure the socket opened properly.
338
  if (!$fp) {
339
    $result->error = trim($errno .' '. $errstr);
340 341 342
    return $result;
  }

343
  // Construct the path to act on.
344 345
  $path = $uri['path'] ? $uri['path'] : '/';
  if ($uri['query']) {
346
    $path .= '?'. $uri['query'];
347 348
  }

349
  // Create HTTP request.
350
  $defaults = array(
351 352
    // RFC 2616: "non-standard ports MUST, default ports MAY be included". We always add it.
    'Host' => "Host: $uri[host]:$port",
353 354
    'User-Agent' => 'User-Agent: Drupal (+http://www.drupal.org/)',
    'Content-Length' => 'Content-Length: '. strlen($data)
355 356 357
  );

  foreach ($headers as $header => $value) {
358
    $defaults[$header] = $header .': '. $value;
359 360
  }

361
  $request = $method .' '. $path ." HTTP/1.0\r\n";
362 363 364
  $request .= implode("\r\n", $defaults);
  $request .= "\r\n\r\n";
  if ($data) {
365
    $request .= $data ."\r\n";
366 367 368 369 370 371
  }
  $result->request = $request;

  fwrite($fp, $request);

  // Fetch response.
372
  $response = '';
373
  while (!feof($fp) && $data = fread($fp, 1024)) {
374
    $response .= $data;
375 376 377 378
  }
  fclose($fp);

  // Parse response.
379 380 381 382
  list($headers, $result->data) = explode("\r\n\r\n", $response, 2);
  $headers = preg_split("/\r\n|\n|\r/", $headers);

  list($protocol, $code, $text) = explode(' ', trim(array_shift($headers)), 3);
383 384 385
  $result->headers = array();

  // Parse headers.
386
  while ($line = trim(array_shift($headers))) {
387
    list($header, $value) = explode(':', $line, 2);
388 389 390 391 392 393 394 395
    if (isset($result->headers[$header]) && $header == 'Set-Cookie') {
      // RFC 2109: the Set-Cookie response header comprises the token Set-
      // Cookie:, followed by a comma-separated list of one or more cookies.
      $result->headers[$header] .= ','. trim($value);
    }
    else {
      $result->headers[$header] = trim($value);
    }
396 397 398 399 400 401 402 403 404 405
  }

  $responses = array(
    100 => 'Continue', 101 => 'Switching Protocols',
    200 => 'OK', 201 => 'Created', 202 => 'Accepted', 203 => 'Non-Authoritative Information', 204 => 'No Content', 205 => 'Reset Content', 206 => 'Partial Content',
    300 => 'Multiple Choices', 301 => 'Moved Permanently', 302 => 'Found', 303 => 'See Other', 304 => 'Not Modified', 305 => 'Use Proxy', 307 => 'Temporary Redirect',
    400 => 'Bad Request', 401 => 'Unauthorized', 402 => 'Payment Required', 403 => 'Forbidden', 404 => 'Not Found', 405 => 'Method Not Allowed', 406 => 'Not Acceptable', 407 => 'Proxy Authentication Required', 408 => 'Request Time-out', 409 => 'Conflict', 410 => 'Gone', 411 => 'Length Required', 412 => 'Precondition Failed', 413 => 'Request Entity Too Large', 414 => 'Request-URI Too Large', 415 => 'Unsupported Media Type', 416 => 'Requested range not satisfiable', 417 => 'Expectation Failed',
    500 => 'Internal Server Error', 501 => 'Not Implemented', 502 => 'Bad Gateway', 503 => 'Service Unavailable', 504 => 'Gateway Time-out', 505 => 'HTTP Version not supported'
  );
  // RFC 2616 states that all unknown HTTP codes must be treated the same as
406
  // the base code in their class.
407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433
  if (!isset($responses[$code])) {
    $code = floor($code / 100) * 100;
  }

  switch ($code) {
    case 200: // OK
    case 304: // Not modified
      break;
    case 301: // Moved permanently
    case 302: // Moved temporarily
    case 307: // Moved temporarily
      $location = $result->headers['Location'];

      if ($retry) {
        $result = drupal_http_request($result->headers['Location'], $headers, $method, $data, --$retry);
        $result->redirect_code = $result->code;
      }
      $result->redirect_url = $location;

      break;
    default:
      $result->error = $text;
  }

  $result->code = $code;
  return $result;
}
434 435 436
/**
 * @} End of "HTTP handling".
 */
437

438
/**
439 440
 * Log errors as defined by administrator
 * Error levels:
441 442
 *  0 = Log errors to database.
 *  1 = Log errors to database and to screen.
443
 */
444
function error_handler($errno, $message, $filename, $line) {
445
  if ($errno & (E_ALL ^ E_NOTICE)) {
446 447
    $types = array(1 => 'error', 2 => 'warning', 4 => 'parse error', 8 => 'notice', 16 => 'core error', 32 => 'core warning', 64 => 'compile error', 128 => 'compile warning', 256 => 'user error', 512 => 'user warning', 1024 => 'user notice', 2048 => 'strict warning');
    $entry = $types[$errno] .': '. $message .' in '. $filename .' on line '. $line .'.';
448

449
    if (variable_get('error_level', 1) == 1) {
450
      print '<pre>'. $entry .'</pre>';
Dries's avatar
Dries committed
451
    }
452 453

    watchdog('php', t('%message in %file on line %line.', array('%error' => $types[$errno], '%message' => $message, '%file' => $filename, '%line' => $line)), WATCHDOG_ERROR);
Dries's avatar
Dries committed
454 455 456
  }
}

457
function _fix_gpc_magic(&$item) {
Dries's avatar
Dries committed
458
  if (is_array($item)) {
Kjartan's avatar
Kjartan committed
459 460 461
    array_walk($item, '_fix_gpc_magic');
  }
  else {
Kjartan's avatar
Kjartan committed
462
    $item = stripslashes($item);
463 464 465
  }
}

466 467 468 469
/**
 * Correct double-escaping problems caused by "magic quotes" in some PHP
 * installations.
 */
470 471
function fix_gpc_magic() {
  static $fixed = false;
472
  if (!$fixed && ini_get('magic_quotes_gpc')) {
Dries's avatar
Dries committed
473 474 475 476 477 478
    array_walk($_GET, '_fix_gpc_magic');
    array_walk($_POST, '_fix_gpc_magic');
    array_walk($_COOKIE, '_fix_gpc_magic');
    array_walk($_REQUEST, '_fix_gpc_magic');
    $fixed = true;
  }
479 480
}

481 482 483
/**
 * @name Conversion
 * @{
484
 * Converts data structures to different types.
485
 */
486 487 488 489

/**
 * Convert an associative array to an anonymous object.
 */
Dries's avatar
Dries committed
490 491
function array2object($array) {
  if (is_array($array)) {
492
    $object = new StdClass();
Dries's avatar
Dries committed
493
    foreach ($array as $key => $value) {
Dries's avatar
Dries committed
494 495 496 497
      $object->$key = $value;
    }
  }
  else {
Dries's avatar
Dries committed
498
    $object = $array;
Dries's avatar
Dries committed
499 500 501 502 503
  }

  return $object;
}

504 505 506
/**
 * Convert an object to an associative array.
 */
Dries's avatar
Dries committed
507 508 509
function object2array($object) {
  if (is_object($object)) {
    foreach ($object as $key => $value) {
Dries's avatar
Dries committed
510 511 512 513
      $array[$key] = $value;
    }
  }
  else {
Dries's avatar
Dries committed
514
    $array = $object;
Dries's avatar
Dries committed
515 516 517 518
  }

  return $array;
}
519

520

521 522 523
/**
 * @} End of "Conversion".
 */
Dries's avatar
Dries committed
524

525 526 527
/**
 * @name Messages
 * @{
528
 * Frequently used messages.
529
 */
530 531 532 533

/**
 * Return a string with a "not applicable" message.
 */
Dries's avatar
Dries committed
534
function message_na() {
535
  return t('n/a');
Dries's avatar
Dries committed
536 537
}

538 539 540
/**
 * @} End of "Messages".
 */
Dries's avatar
Dries committed
541

542 543 544
/**
 * Initialize the localization system.
 */
545 546
function locale_initialize() {
  global $user;
547 548 549 550 551

  if (function_exists('i18n_get_lang')) {
    return i18n_get_lang();
  }

552 553 554 555 556
  if (function_exists('locale')) {
    $languages = locale_supported_languages();
    $languages = $languages['name'];
  }
  else {
557 558 559
    // Ensure the locale/language is correctly returned, even without locale.module.
    // Useful for e.g. XML/HTML 'lang' attributes.
    $languages = array('en' => 'English');
560
  }
561 562 563 564 565 566
  if ($user->uid && $languages[$user->language]) {
    return $user->language;
  }
  else {
    return key($languages);
  }
567 568
}

569
/**
570
 * Translate strings to the current locale.
571
 *
572
 * When using t(), try to put entire sentences and strings in one t() call.
573 574 575 576
 * This makes it easier for translators. HTML markup within translation strings
 * is acceptable, if necessary. The suggested syntax for a link embedded
 * within a translation string is:
 * @code
577 578 579
 *   $msg = t('You must log in below or <a href="%url">create a new
 *             account</a> before viewing the next page.', array('%url'
 *             => url('user/register')));
580
 * @endcode
581 582 583
 * We suggest the same syntax for links to other sites. This makes it easy to
 * change link URLs if needed (which happens often) without requiring updates
 * to translations.
584
 *
585
 * @param $string
586
 *   A string containing the English string to translate.
587 588
 * @param $args
 *   An associative array of replacements to make after translation. Incidences
589
 *   of any key in this array are replaced with the corresponding value.
590 591
 * @return
 *   The translated string.
592
 */
593
function t($string, $args = 0) {
594 595 596 597
  global $locale;
  if (function_exists('locale') && $locale != 'en') {
    $string = locale($string);
  }
598

599 600
  if (!$args) {
    return $string;
Kjartan's avatar
Kjartan committed
601 602
  }
  else {
603 604
    return strtr($string, $args);
  }
605 606
}

607
/**
608
 * Encode special characters in a plain-text string for display as HTML.
609
 */
610
function check_plain($text) {
611
  return htmlspecialchars($text, ENT_QUOTES);
612 613
}

614
/**
615
 * @defgroup validation Input validation
616
 * @{
617
 * Functions to validate user input.
618 619
 */

620
/**
621 622 623
 * Verify the syntax of the given e-mail address.
 *
 * Empty e-mail addresses are allowed. See RFC 2822 for details.
624
 *
625 626
 * @param $mail
 *   A string containing an email address.
627
 * @return
628
 *   TRUE if the address is in a valid format.
629
 */
630
function valid_email_address($mail) {
631
  $user = '[a-zA-Z0-9_\-\.\+\^!#\$%&*+\/\=\?\`\|\{\}~\']+';
632
  $domain = '(?:(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.?)+';
633 634 635
  $ipv4 = '[0-9]{1,3}(\.[0-9]{1,3}){3}';
  $ipv6 = '[0-9a-fA-F]{1,4}(\:[0-9a-fA-F]{1,4}){7}';

Dries's avatar
Dries committed
636
  return preg_match("/^$user@($domain|(\[($ipv4|$ipv6)\]))$/", $mail);
637 638
}

639 640 641
/**
 * Verify the syntax of the given URL.
 *
642
 * @param $url
643
 *   The URL to verify.
644
 * @param $absolute
645
 *   Whether the URL is absolute (beginning with a scheme such as "http:").
646
 * @return
647
 *   TRUE if the URL is in a valid format.
648
 */
649
function valid_url($url, $absolute = FALSE) {
650
  $allowed_characters = '[a-z0-9\/:_\-_\.\?\$,~=#&%\+]';
651
  if ($absolute) {
652
    return preg_match("/^(http|https|ftp):\/\/". $allowed_characters ."+$/i", $url);
653 654
  }
  else {
655
    return preg_match("/^". $allowed_characters ."+$/i", $url);
656
  }
657 658
}

659 660 661 662 663 664 665 666 667 668
/**
 * Validate data input by a user.
 *
 * Ensures that user data cannot be used to perform attacks on the site.
 *
 * @param $data
 *   The input to check.
 * @return
 *   TRUE if the input data is acceptable.
 */
669 670
function valid_input_data($data) {
  if (is_array($data) || is_object($data)) {
671
    // Form data can contain a number of nested arrays.
672
    foreach ($data as $key => $value) {
Dries's avatar
Dries committed
673
      if (!valid_input_data($key) || !valid_input_data($value)) {
674
        return FALSE;
675 676 677
      }
    }
  }
Dries's avatar
Dries committed
678
  else if (isset($data)) {
679
    // Detect dangerous input data.
680

681 682 683
    // Decode all normal character entities.
    $data = decode_entities($data, array('<', '&', '"'));

684 685 686 687
    // Check strings:
    $match  = preg_match('/\Wjavascript\s*:/i', $data);
    $match += preg_match('/\Wexpression\s*\(/i', $data);
    $match += preg_match('/\Walert\s*\(/i', $data);
688

689
    // Check attributes:
690 691
    $match += preg_match("/\W(dynsrc|datasrc|data|lowsrc|on[a-z]+)\s*=[^>]+?>/i", $data);

692
    // Check tags:
693 694 695
    $match += preg_match("/<\s*(applet|script|object|style|embed|form|blink|meta|html|frame|iframe|layer|ilayer|head|frameset|xml)/i", $data);

    if ($match) {
696
      watchdog('security', t('Terminated request because of suspicious input data: %data.', array('%data' => theme('placeholder', $data))));
697
      return FALSE;
698 699 700
    }
  }

701
  return TRUE;
702
}
703 704 705
/**
 * @} End of "defgroup validation".
 */
706

707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728 729 730 731 732 733
/**
 * Register an event for the current visitor (hostname/IP) to the flood control mechanism.
 *
 * @param $name
 *   The name of the event.
 */
function flood_register_event($name) {
  db_query("INSERT INTO {flood} (event, hostname, timestamp) VALUES ('%s', '%s', %d)", $name, $_SERVER['REMOTE_ADDR'], time());
}

/**
 * Check if the current visitor (hostname/IP) is allowed to proceed with the specified event.
 * The user is allowed to proceed if he did not trigger the specified event more than
 * $threshold times per hour.
 *
 * @param $name
 *   The name of the event.
 * @param $number
 *   The maximum number of the specified event per hour (per visitor).
 * @return
 *   True if the user did not exceed the hourly threshold.  False otherwise.
 */
function flood_is_allowed($name, $threshold) {
  $number = db_num_rows(db_query("SELECT event FROM {flood} WHERE event = '%s' AND hostname = '%s' AND timestamp > %d", $name, $_SERVER['REMOTE_ADDR'], time() - 3600));
  return ($number < $threshold ? TRUE : FALSE);
}

734 735
function check_file($filename) {
  return is_uploaded_file($filename);
Dries's avatar
Dries committed
736 737
}

738
/**
739
 * @defgroup format Formatting
740
 * @{
741
 * Functions to format numbers, strings, dates, etc.
742 743
 */

744 745 746 747 748 749
/**
 * Formats an RSS channel.
 *
 * Arbitrary elements may be added using the $args associative array.
 */
function format_rss_channel($title, $link, $description, $items, $language = 'en', $args = array()) {
Dries's avatar
Dries committed
750 751
  // arbitrary elements may be added using the $args associative array

Dries's avatar
Dries committed
752
  $output = "<channel>\n";
753 754 755 756
  $output .= ' <title>'. check_plain($title) ."</title>\n";
  $output .= ' <link>'. check_url($link) ."</link>\n";
  $output .= ' <description>'. check_plain($description) ."</description>\n";
  $output .= ' <language>'. check_plain($language) ."</language>\n";
Dries's avatar
Dries committed
757
  foreach ($args as $key => $value) {
758
    $output .= ' <'. $key .'>'. check_plain($value) ."</$key>\n";
Dries's avatar
Dries committed
759
  }
Dries's avatar
Dries committed
760 761 762 763 764 765
  $output .= $items;
  $output .= "</channel>\n";

  return $output;
}

766 767 768 769 770
/**
 * Format a single RSS item.
 *
 * Arbitrary elements may be added using the $args associative array.
 */
Dries's avatar
Dries committed
771
function format_rss_item($title, $link, $description, $args = array()) {
Dries's avatar
Dries committed
772
  $output = "<item>\n";
773 774 775
  $output .= ' <title>'. check_plain($title) ."</title>\n";
  $output .= ' <link>'. check_url($link) ."</link>\n";
  $output .= ' <description>'. check_plain($description) ."</description>\n";
Dries's avatar
Dries committed
776
  foreach ($args as $key => $value) {
777 778 779 780 781 782 783 784 785 786 787 788 789 790 791 792
    if (is_array($value)) {
      if ($value['key']) {
        $output .= ' <'. $value['key'];
        if (is_array($value['attributes'])) {
          $output .= drupal_attributes($value['attributes']);
        }

        if ($value['value']) {
          $output .= '>'. $value['value'] .'</'. $value['key'] .">\n";
        }
        else {
          $output .= " />\n";
        }
      }
    }
    else {
793
      $output .= ' <'. $key .'>'. check_plain($value) ."</$key>\n";
794
    }
Dries's avatar
Dries committed
795
  }
Dries's avatar
Dries committed
796 797 798 799 800
  $output .= "</item>\n";

  return $output;
}

801
/**
802
 * Format a string containing a count of items.
803
 *
804 805 806 807 808 809 810 811 812 813 814 815 816 817
 * This function ensures that the string is pluralized correctly. Since t() is
 * called by this function, make sure not to pass already-localized strings to it.
 *
 * @param $count
 *   The item count to display.
 * @param $singular
 *   The string for the singular case. Please make sure it is clear this is
 *   singular, to ease translation (e.g. use "1 new comment" instead of "1 new").
 * @param $plural
 *   The string for the plural case. Please make sure it is clear this is plural,
 *   to ease translation. Use %count in place of the item count, as in "%count
 *   new comments".
 * @return
 *   A translated string.
818
 */
Dries's avatar
Dries committed
819
function format_plural($count, $singular, $plural) {
820
  if ($count == 1) return t($singular, array("%count" => $count));
821 822

  // get the plural index through the gettext formula
823
  $index = (function_exists('locale_get_plural')) ? locale_get_plural($count) : -1;
824 825 826 827 828 829
  if ($index < 0) { // backward compatibility
    return t($plural, array("%count" => $count));
  }
  else {
    switch ($index) {
      case "0":
830
        return t($singular, array("%count" => $count));
831 832 833 834 835 836
      case "1":
        return t($plural, array("%count" => $count));
      default:
        return t(strtr($plural, array("%count" => '%count['. $index .']')), array('%count['. $index .']' => $count));
    }
  }
Dries's avatar
Dries committed
837 838
}

839
/**
840
 * Generate a string representation for the given byte count.
841
 *
842 843 844 845
 * @param $size
 *   The size in bytes.
 * @return
 *   A translated string representation of the size.
846
 */
Dries's avatar
Dries committed
847
function format_size($size) {
848
  $suffix = t('bytes');
849
  if ($size >= 1024) {
Dries's avatar
Dries committed
850
    $size = round($size / 1024, 2);
851
    $suffix = t('KB');
Dries's avatar
Dries committed
852
  }
853
  if ($size >= 1024) {
Dries's avatar
Dries committed
854
    $size = round($size / 1024, 2);
855
    $suffix = t('MB');
Dries's avatar
Dries committed
856
  }
857
  return t('%size %suffix', array('%size' => $size, '%suffix' => $suffix));
Dries's avatar
Dries committed
858 859
}

860
/**
861
 * Format a time interval with the requested granularity.
862
 *
863 864 865 866 867 868
 * @param $timestamp
 *   The length of the interval in seconds.
 * @param $granularity
 *   How many different units to display in the string.
 * @return
 *   A translated string representation of the interval.
869
 */
870
function format_interval($timestamp, $granularity = 2) {
871
  $units = array('1 year|%count years' => 31536000, '1 week|%count weeks' => 604800, '1 day|%count days' => 86400, '1 hour|%count hours' => 3600, '1 min|%count min' => 60, '1 sec|%count sec' => 1);
872
  $output = '';
873
  foreach ($units as $key => $value) {
874
    $key = explode('|', $key);
Dries's avatar
Dries committed
875
    if ($timestamp >= $value) {
876
      $output .= ($output ? ' ' : '') . format_plural(floor($timestamp / $value), $key[0], $key[1]);
Dries's avatar
Dries committed
877
      $timestamp %= $value;
878 879 880 881 882
      $granularity--;
    }

    if ($granularity == 0) {
      break;
Dries's avatar
Dries committed
883 884
    }
  }
885
  return $output ? $output : t('0 sec');
Dries's avatar
Dries committed
886 887
}

888
/**
889 890
 * Format a date with the given configured format or a custom format string.
 *
891 892 893 894
 * Drupal allows administrators to select formatting strings for 'small',
 * 'medium' and 'large' date formats. This function can handle these formats,
 * as well as any custom format.
 *
895 896 897 898 899 900
 * @param $timestamp
 *   The exact date to format, as a UNIX timestamp.
 * @param $type
 *   The format to use. Can be "small", "medium" or "large" for the preconfigured
 *   date formats. If "custom" is specified, then $format is required as well.
 * @param $format
901 902 903
 *   A PHP date format string as required by date(). A backslash should be used
 *   before a character to avoid interpreting the character as part of a date
 *   format.
904 905 906 907
 * @param $timezone
 *   Time zone offset in seconds; if omitted, the user's time zone is used.
 * @return
 *   A translated date string in the requested format.
908
 */
909 910 911
function format_date($timestamp, $type = 'medium', $format = '', $timezone = NULL) {
  if ($timezone === NULL) {
    global $user;
Steven Wittens's avatar
Steven Wittens committed
912 913 914 915 916 917
    if (variable_get('configurable_timezones', 1) && $user->uid && strlen($user->timezone)) {
      $timezone = $user->timezone;
    }
    else {
      $timezone = variable_get('date_default_timezone', 0);
    }
918
  }
Dries's avatar
Dries committed
919

920
  $timestamp += $timezone;
Dries's avatar
Dries committed
921 922

  switch ($type) {
923 924
    case 'small':
      $format = variable_get('date_format_short', 'm/d/Y - H:i');
Dries's avatar
Dries committed
925
      break;
926 927
    case 'large':
      $format = variable_get('date_format_long', 'l, F j, Y - H:i');
Dries's avatar
Dries committed
928
      break;
929
    case 'custom':
930
      // No change to format
Dries's avatar
Dries committed
931
      break;
932
    case 'medium':
Dries's avatar
Dries committed
933
    default:
934
      $format = variable_get('date_format_medium', 'D, m/d/Y - H:i');
935 936
  }

937
  $max = strlen($format);
938
  $date = '';
939 940
  for ($i = 0; $i < $max; $i++) {
    $c = $format{$i};
941
    if (strpos('AaDFlM', $c) !== false) {
942
      $date .= t(gmdate($c, $timestamp));
943
    }
944
    else if (strpos('BdgGhHiIjLmnsStTUwWYyz', $c) !== false) {
945 946 947 948
      $date .= gmdate($c, $timestamp);
    }
    else if ($c == 'r') {
      $date .= format_date($timestamp - $timezone, 'custom', 'D, d M Y H:i:s O', $timezone);
949
    }
950 951 952 953 954
    else if ($c == 'O') {
      $date .= sprintf('%s%02d%02d', ($timezone < 0 ? '-' : '+'), abs($timezone / 3600), abs($timezone % 3600) / 60);
    }
    else if ($c == 'Z') {
      $date .= $timezone;
955
    }
956 957 958
    else if ($c == '\\') {
      $date .= $format[++$i];
    }
959
    else {
960
      $date .= $c;
961
    }
Dries's avatar
Dries committed
962
  }
963

Dries's avatar
Dries committed
964 965 966
  return $date;
}

967 968 969
/**
 * @} End of "defgroup format".
 */
Dries's avatar
Dries committed
970

971 972 973 974 975 976 977 978 979 980 981 982 983 984 985 986 987 988 989
/**
 * Generate an internal Drupal URL.
 *
 * @param $path
 *   The Drupal path being linked to, such as "admin/node".
 * @param $query
 *   A query string to append to the link.
 * @param $fragment
 *   A fragment identifier (named anchor) to append to the link.
 * @param $absolute
 *   Whether to force the output to be an absolute link (beginning with http:).
 *   Useful for links that will be displayed outside the site, such as in an RSS feed.
 * @return
 *   an HTML string containing a link to the given path.
 *
 * When creating links in modules, consider whether l() could be a better
 * alternative than url().
 */
function url($path = NULL, $query = NULL, $fragment = NULL, $absolute = FALSE) {
990
  global $base_url;
Dries's avatar
Dries committed
991

992 993 994
  static $script;

  if (empty($script)) {
995 996 997
    // On some web servers, such as IIS, we can't omit "index.php".  So, we
    // generate "index.php?q=foo" instead of "?q=foo" on anything that is not
    // Apache.
998
    $script = (strpos($_SERVER['SERVER_SOFTWARE'], 'Apache') === false) ? 'index.php' : '';
999
  }
1000

1001
  $path = drupal_get_path_alias($path);
1002

1003
  if (isset($fragment)) {
1004
    $fragment = '#'. $fragment;
1005 1006
  }

1007
  $base = ($absolute ? $base_url .'/' : '');
Dries's avatar
Dries committed
1008

1009 1010
  if (variable_get('clean_url', '0') == '0') {
    if (isset($path)) {
Dries's avatar
Dries committed
1011
      if (isset($query)) {
1012
        return $base . $script .'?q='. $path .'&'. $query . $fragment;
Dries's avatar
Dries committed
1013 1014
      }
      else {
1015
        return $base . $script .'?q='. $path . $fragment;
Dries's avatar
Dries committed
1016
      }
1017 1018
    }
    else {
Dries's avatar
Dries committed
1019
      if (isset($query)) {
1020
        return $base . $script .'?'. $query . $fragment;
Dries's avatar
Dries committed
1021 1022
      }
      else {
1023
        return $base . $fragment;
Dries's avatar
Dries committed
1024
      }
1025 1026 1027
    }
  }
  else {
1028
    if (isset($path)) {
Dries's avatar
Dries committed
1029
      if (isset($query)) {
1030
        return $base . $path .'?'. $query . $fragment;
Dries's avatar
Dries committed
1031 1032
      }
      else {
1033
        return $base . $path . $fragment;
Dries's avatar
Dries committed
1034
      }
1035
    }
1036
    else {
Dries's avatar
Dries committed
1037
      if (isset($query)) {
1038
        return $base . $script .'?'. $query . $fragment;
Dries's avatar
Dries committed
1039 1040
      }
      else {
1041
        return $base . $fragment;
Dries's avatar
Dries committed
1042
      }
1043
    }
1044
  }
1045 1046
}

1047 1048 1049 1050 1051 1052 1053 1054
/**
 * Format an attribute string to insert in a tag.
 *
 * @param $attributes
 *   An associative array of HTML attributes.
 * @return
 *   An HTML string ready for insertion in a tag.
 */
1055
function drupal_attributes($attributes = array()) {
1056
  if (is_array($attributes)) {
1057 1058
    $t = array();
    foreach ($attributes as $key => $value) {
1059
      $t[] = $key .'="'. check_plain($value) .'"';
1060
    }
1061
    return ' '. implode(' ', $t);
Dries's avatar
Dries committed
1062
  }
1063
}
Dries's avatar
Dries committed
1064

1065 1066 1067 1068 1069 1070 1071 1072 1073 1074
/**
 * Format an internal Drupal link.
 *
 * This function correctly handles aliased paths, and allows themes to highlight
 * links to the current page correctly, so all internal links output by modules
 * should be generated by this function if possible.
 *
 * @param $text