common.inc 36.2 KB
Newer Older
Dries's avatar
   
Dries committed
1
2
3
4
5
6
7
8
9
10
11
<?php
// $Id$

function conf_init() {

  /*
  ** Try finding a matching configuration file by stripping the website's
  ** URI from left to right.  If no configuration file is found, return a
  ** default value 'conf'.
  */

Dries's avatar
   
Dries committed
12
  $uri = $_SERVER["PHP_SELF"];
Dries's avatar
   
Dries committed
13

Dries's avatar
   
Dries committed
14
  $file = strtolower(strtr($_SERVER["HTTP_HOST"] . substr($uri, 0, strrpos($uri, "/")), "/:", ".."));
Dries's avatar
   
Dries committed
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30

  while (strlen($file) > 4) {
    if (file_exists("includes/$file.php")) {
      return $file;
    }
    else {
      $file = substr($file, strpos($file, ".") + 1);
    }
  }

  return "conf";
}

function error_handler($errno, $message, $filename, $line, $variables) {
  $types = array(1 => "error", 2 => "warning", 4 => "parse error", 8 => "notice", 16 => "core error", 32 => "core warning", 64 => "compile error", 128 => "compile warning", 256 => "user error", 512 => "user warning", 1024 => "user notice");
  $entry = $types[$errno] .": $message in $filename on line $line.";
Dries's avatar
   
Dries committed
31
32

  if ($errno & E_ALL ^ E_NOTICE) {
Dries's avatar
   
Dries committed
33
    watchdog("error", $types[$errno] .": $message in $filename on line $line.");
34
    print "<pre>$entry</pre>";
Dries's avatar
   
Dries committed
35
36
37
  }
}

Dries's avatar
   
Dries committed
38
function watchdog($type, $message, $link = NULL) {
Dries's avatar
   
Dries committed
39
  global $user;
Dries's avatar
   
Dries committed
40
  db_query("INSERT INTO {watchdog} (uid, type, message, link, location, hostname, timestamp) VALUES (%d, '%s', '%s', '%s', '%s', '%s', %d)", $user->uid, $type, $message, $link, request_uri(), getenv("REMOTE_ADDR"), time());
Dries's avatar
   
Dries committed
41
42
43
44
}

function throttle($type, $rate) {
  if (!user_access("access administration pages")) {
Dries's avatar
   
Dries committed
45
    if ($throttle = db_fetch_object(db_query("SELECT * FROM {watchdog} WHERE type = '$type' AND hostname = '". getenv("REMOTE_ADDR") ."' AND ". time() ." - timestamp < $rate"))) {
Dries's avatar
   
Dries committed
46
47
48
49
50
51
52
53
54
      watchdog("warning", "throttle: '". getenv("REMOTE_ADDR") ."' exceeded submission rate - $throttle->type");
      die(message_throttle());
    }
    else {
      watchdog($type, "throttle");
    }
  }
}

Dries's avatar
   
Dries committed
55
56
function check_php_setting($name, $value) {
  if (ini_get($name) != $value) {
Steven Wittens's avatar
Steven Wittens committed
57
    print "<p>Note that the value of PHP's configuration option <code><b>$name</b></code> is incorrect.  It should be set to '$value' for Drupal to work properly.  Either configure your webserver to support <code>.htaccess</code> files so Drupal's <code>.htaccess</code> file can set it to the proper value, or edit your <code>php.ini</code> file directly.  This message will automatically dissapear when the problem has been fixed.</p>";
Dries's avatar
   
Dries committed
58
59
60
  }
}

Dries's avatar
   
Dries committed
61
62
63
64
65
function arg($index) {

  static $arguments;

  if (empty($arguments)) {
Dries's avatar
   
Dries committed
66
    $arguments = explode("/", $_GET["q"]);
Dries's avatar
   
Dries committed
67
68
69
70
71
  }

  return $arguments[$index];
}

Dries's avatar
   
Dries committed
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
function array2object($node) {

  if (is_array($node)) {
    foreach ($node as $key => $value) {
      $object->$key = $value;
    }
  }
  else {
    $object = $node;
  }

  return $object;
}

function object2array($node) {

  if (is_object($node)) {
    foreach ($node as $key => $value) {
      $array[$key] = $value;
    }
  }
  else {
    $array = $node;
  }

  return $array;
}

Dries's avatar
   
Dries committed
100
101
102
103
104
105
106
107
108
function referer_uri() {

  if (isset($_SERVER["HTTP_REFERER"])) {
    $uri = $_SERVER["HTTP_REFERER"];

    return check_url($uri);
  }
}

Dries's avatar
   
Dries committed
109
function request_uri() {
Dries's avatar
   
Dries committed
110
111
112
113
  /*
  ** Since request_uri() is only available on Apache, we generate
  ** equivalent using other environment vars.
  */
Dries's avatar
   
Dries committed
114

Dries's avatar
   
Dries committed
115
  if (isset($_SERVER["REQUEST_URI"])) {
116
    $uri = $_SERVER["REQUEST_URI"];
Dries's avatar
   
Dries committed
117
118
  }
  else {
119
    $uri = $_SERVER["PHP_SELF"] ."?". $_SERVER["QUERY_STRING"];
Dries's avatar
   
Dries committed
120
  }
121

Dries's avatar
   
Dries committed
122
  return check_url($uri);
Dries's avatar
   
Dries committed
123
124
}

Dries's avatar
   
Dries committed
125
function message_access() {
Dries's avatar
   
Dries committed
126
  return t("You are not authorized to access this page.");
Dries's avatar
   
Dries committed
127
128
129
130
131
132
133
134
135
136
}

function message_na() {
  return t("n/a");
}

function message_throttle() {
  return t("You exceeded the maximum submission rate.  Please wait a few minutes and try again.");
}

Dries's avatar
   
Dries committed
137
138
function locale_init() {
  global $languages, $user;
Dries's avatar
   
Dries committed
139
140
141
142
143
144
  if ($user->uid && $languages[$user->language]) {
    return $user->language;
  }
  else {
    return key($languages);
  }
Dries's avatar
   
Dries committed
145
146
}

Dries's avatar
   
Dries committed
147
function t($string, $args = 0) {
Dries's avatar
   
Dries committed
148
  global $languages;
149

Dries's avatar
   
Dries committed
150
151
152
153
154
155
156
  /*
  ** About the usage of t().  We try to keep strings whole as much as
  ** possible and are unafraid of HTML markup within translation strings
  ** if necessary.  The suggested syntax for a link embedded within a
  ** translation string is for example:
  **
  ** $msg = t("You must login below or <a href=\"%url\">create a new
Dries's avatar
   
Dries committed
157
158
  **           account</a> before viewing the next page.", array("%url"
  **           => url("user/register")));
Dries's avatar
   
Dries committed
159
160
  */

161
  $string = ($languages && module_exist("locale") ? locale($string) : $string);
162

Dries's avatar
   
Dries committed
163
164
  if (!$args) {
    return $string;
Kjartan's avatar
Kjartan committed
165
166
  }
  else {
Dries's avatar
   
Dries committed
167
168
    return strtr($string, $args);
  }
Dries's avatar
   
Dries committed
169
170
171
}

function variable_init($conf = array()) {
Dries's avatar
   
Dries committed
172
  $result = db_query("SELECT * FROM {variable} ");
Dries's avatar
   
Dries committed
173
174
  while ($variable = db_fetch_object($result)) {
    if (!isset($conf[$variable->name])) {
Dries's avatar
   
Dries committed
175
      $conf[$variable->name] = unserialize($variable->value);
Dries's avatar
   
Dries committed
176
177
178
179
180
181
    }
  }

  return $conf;
}

182
function variable_get($name, $default) {
Dries's avatar
   
Dries committed
183
184
185
186
187
188
189
190
  global $conf;

  return isset($conf[$name]) ? $conf[$name] : $default;
}

function variable_set($name, $value) {
  global $conf;

Dries's avatar
   
Dries committed
191
192
  db_query("DELETE FROM {variable} WHERE name = '%s'", $name);
  db_query("INSERT INTO {variable} (name, value) VALUES ('%s', '%s')", $name, serialize($value));
Dries's avatar
   
Dries committed
193
194
195
196
197
198
199

  $conf[$name] = $value;
}

function variable_del($name) {
  global $conf;

Dries's avatar
   
Dries committed
200
  db_query("DELETE FROM {variable} WHERE name = '%s'", $name);
Dries's avatar
   
Dries committed
201
202
203
204

  unset($conf[$name]);
}

Dries's avatar
   
Dries committed
205
function drupal_specialchars($input, $quotes = ENT_NOQUOTES) {
Dries's avatar
   
Dries committed
206
207
208
209
210
211
212
213
214

  /*
  ** Note that we'd like to go 'htmlspecialchars($input, $quotes, "utf-8")'
  ** like the PHP manual tells us to, but we can't because there's a bug in
  ** PHP <4.3 that makes it mess up multibyte charsets if we specify the
  ** charset.  Change this later once we make PHP 4.3 a requirement.
  */

  return htmlspecialchars($input, $quotes);
Dries's avatar
   
Dries committed
215
216
}

Dries's avatar
   
Dries committed
217
function table_cell($cell, $header = 0) {
Dries's avatar
   
Dries committed
218
  if (is_array($cell)) {
Dries's avatar
   
Dries committed
219
220
221
222
223
224
225
226
227
228
229
    $data = $cell["data"];
    foreach ($cell as $key => $value) {
      if ($key != "data")  {
        $attributes .= " $key=\"$value\"";
      }
    }
  }
  else {
    $data = $cell;
  }

Dries's avatar
   
Dries committed
230
  if ($header) {
Dries's avatar
   
Dries committed
231
232
233
234
235
236
237
238
239
240
241
    $output = "<th$attributes>$data</th>";
  }
  else {
    $output = "<td$attributes>$data</td>";
  }

  return $output;
}

function table($header, $rows) {

242
  $output = "<table>\n";
Dries's avatar
   
Dries committed
243
244
245
246
247

  /*
  ** Emit the table header:
  */

Dries's avatar
   
Dries committed
248
249
250
  if (is_array($header)) {
    $output .= " <tr>";
    foreach ($header as $cell) {
Dries's avatar
   
Dries committed
251
252
253
      if (is_array($cell) && $cell["field"]) {
        $cell = tablesort($cell, $header);
      }
Dries's avatar
   
Dries committed
254
255
      $output .= table_cell($cell, 1);
    }
Dries's avatar
   
Dries committed
256
    $output .= " </tr>\n";
Dries's avatar
   
Dries committed
257
258
259
260
261
262
  }

  /*
  ** Emit the table rows:
  */

Dries's avatar
   
Dries committed
263
264
265
266
267
268
269
270
  if (is_array($rows)) {
    foreach ($rows as $number => $row) {
      if ($number % 2 == 1) {
        $output .= " <tr class=\"light\">";
      }
      else {
        $output .= " <tr class=\"dark\">";
      }
Dries's avatar
   
Dries committed
271

Dries's avatar
   
Dries committed
272
273
274
      foreach ($row as $cell) {
        $output .= table_cell($cell, 0);
      }
Dries's avatar
   
Dries committed
275
      $output .= " </tr>\n";
Dries's avatar
   
Dries committed
276
277
278
    }
  }

Dries's avatar
   
Dries committed
279
  $output .= "</table>\n";
Dries's avatar
   
Dries committed
280
281
282
283

  return $output;
}

284
285
286
287
288
289
/**
 * Verify the syntax of the given e-mail address.  Empty e-mail addresses
 * are allowed.  See RFC 2822 for details.
 *
 * @param $mail  a email address
 */
Dries's avatar
   
Dries committed
290
function valid_email_address($mail) {
291
292
293
294
295
296
297
298
299
300
301
302
303
  $user = '[a-zA-Z0-9_\-\.\+\^!#\$%&*+\/\=\?\`\|\{\}~\']+';
  $domain = '(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9]\.?)+';
  $ipv4 = '[0-9]{1,3}(\.[0-9]{1,3}){3}';
  $ipv6 = '[0-9a-fA-F]{1,4}(\:[0-9a-fA-F]{1,4}){7}';

  if (preg_match("/^$user@($domain|(\[($ipv4|$ipv6)\]))$/", $mail)) {
    return 1;
  }
  else {
    return 0;
  }
}

Dries's avatar
   
Dries committed
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
/**
 * Verify the syntax of the given URL.
 *
 * @param $url  an URL
 */
function valid_url($url) {

  if (preg_match("/^[a-zA-z0-9\/:_\-_\.]+$/", $url)) {
    return 1;
  }
  else {
    return 0;
  }
}

Kjartan's avatar
Kjartan committed
319
320
321
322
/**
 * Format a single result entry of a search query:
 *
 * @param $item  a single search result as returned by <module>_search of type
Dries's avatar
   
Dries committed
323
 *               array("count" => ..., "link" => ..., "title" => ...,
Kjartan's avatar
Kjartan committed
324
325
326
 *               "user" => ..., "date" => ..., "keywords" => ...)
 * @param $type  module type of this item
 */
Dries's avatar
   
Dries committed
327
function search_item($item, $type) {
Dries's avatar
   
Dries committed
328
329
330
331
332
333
334
335
336
337

  /*
  ** Modules may implement the "search_item" hook in order to overwrite
  ** the default function to display search results.
  */

  if (module_hook($type, "search_item")) {
    $output = module_invoke($type, "search_item", $item);
  }
  else {
Dries's avatar
   
Dries committed
338
    $output .= " <b><u><a href=\"". $item["link"] ."\">". $item["title"] ."</a></u></b><br />";
Dries's avatar
   
Dries committed
339
340
341
    $output .= " <small>$type ". ($item["user"] ? " - ". $item["user"] : "") ."". ($item["date"] ? " - ". format_date($item["date"], "small") : "") ."</small>";
    $output .= "<br /><br />";
  }
Dries's avatar
   
Dries committed
342
343
344
345

  return $output;
}

Kjartan's avatar
Kjartan committed
346
347
348
349
/**
 * Render a generic search form.
 *
 * "Generic" means "universal usable" - that is, usable not only from
Dries's avatar
   
Dries committed
350
 * 'site.com/search', but also as a simple seach box (without
Dries's avatar
   
Dries committed
351
352
 * "Restrict search to", help text, etc) from theme's header etc.
 * This means: provide options to only conditionally render certain
Kjartan's avatar
Kjartan committed
353
354
 * parts of this form.
 *
Dries's avatar
   
Dries committed
355
 * @param $action  Form action. Defaults to 'site.com/search'.
Dries's avatar
   
Dries committed
356
 * @param $keys   string containing keywords for the search.
Dries's avatar
   
Dries committed
357
 * @param $options != 0: Render additional form fields/text
Kjartan's avatar
Kjartan committed
358
359
 *                 ("Restrict search to", help text, etc).
 */
Dries's avatar
   
Dries committed
360
function search_form($action = NULL, $keys = NULL, $options = NULL) {
Dries's avatar
   
Dries committed
361
362

  if (!$action) {
Dries's avatar
   
Dries committed
363
    $action = url("search");
Dries's avatar
   
Dries committed
364
365
  }

Kjartan's avatar
Kjartan committed
366
367
  $output .= " <br /><input type=\"text\" size=\"50\" value=\"". check_form($keys) ."\" name=\"keys\" />";
  $output .= " <input type=\"submit\" value=\"". t("Search") ."\" />\n";
Dries's avatar
   
Dries committed
368
369
370
371
372
373
374

  if ($options != 0) {
    $output .= "<br />";
    $output .= t("Restrict search to") .": ";

    foreach (module_list() as $name) {
      if (module_hook($name, "search")) {
Kjartan's avatar
Kjartan committed
375
        $output .= " <input type=\"checkbox\" name=\"edit[type][$name]\" ". ($edit["type"][$name] ? " checked=\"checked\"" : "") ." /> ". t($name);
Dries's avatar
   
Dries committed
376
377
378
379
      }
    }
  }

Kjartan's avatar
Kjartan committed
380
381
  $form .= "<br />";

Dries's avatar
   
Dries committed
382
383
384
385
  return form($output, "post", $action);
}

/*
Kjartan's avatar
Kjartan committed
386
387
 * Collect the search results:
 */
Dries's avatar
   
Dries committed
388
function search_data($keys = NULL) {
Dries's avatar
   
Dries committed
389
390

  $edit = $_POST["edit"];
Dries's avatar
   
Dries committed
391

Dries's avatar
   
Dries committed
392
  if (isset($keys)) {
Dries's avatar
   
Dries committed
393
    foreach (module_list() as $name) {
Dries's avatar
   
Dries committed
394
      if (module_hook($name, "search") && (!$edit["type"] || $edit["type"][$name]) && ($result = module_invoke($name, "search", $keys))) {
Kjartan's avatar
Kjartan committed
395
        if ($name == "node" || $name == "comment") {
Dries's avatar
   
Dries committed
396
          $output .= "<p><b>". t("Matching ". $name ."s ranked in order of relevance") .":</b></p>";
Kjartan's avatar
Kjartan committed
397
398
        }
        else {
Dries's avatar
   
Dries committed
399
          $output .= "<p><b>". t("Matching ". $name ."s") .":</b></p>";
Kjartan's avatar
Kjartan committed
400
        }
Dries's avatar
   
Dries committed
401
402
403
404
405
406
407
408
409
410
        foreach ($result as $entry) {
          $output .= search_item($entry, $name);
        }
      }
    }
  }

  return $output;
}

Kjartan's avatar
Kjartan committed
411
412
413
/**
 * Display the search form and the resulting data.
 *
Dries's avatar
   
Dries committed
414
 * @param $type    If set, search only nodes of this type.
Kjartan's avatar
Kjartan committed
415
 *                 Otherwise, search all types.
Dries's avatar
   
Dries committed
416
 * @param $action  Form action. Defaults to 'site.com/search'.
Kjartan's avatar
Kjartan committed
417
 * @param $query   Query string. Defaults to global $keys.
Dries's avatar
   
Dries committed
418
 * @param $options != 0: Render additional form fields/text
Kjartan's avatar
Kjartan committed
419
420
 *                 ("Restrict search to", help text, etc).
 */
Dries's avatar
   
Dries committed
421
function search_type($type, $action = NULL, $keys = NULL, $options = NULL) {
Dries's avatar
   
Dries committed
422

Dries's avatar
   
Dries committed
423
  $_POST["edit"]["type"][$type] = "on";
Dries's avatar
   
Dries committed
424

Dries's avatar
   
Dries committed
425
  return search_form($action, $keys, $options) . "<br />". search_data($keys);
Dries's avatar
   
Dries committed
426
427
}

Dries's avatar
   
Dries committed
428

Dries's avatar
   
Dries committed
429
430
function drupal_goto($url) {

Dries's avatar
   
Dries committed
431
432
433
  /*
  ** Translate &amp; to simply &
  */
Dries's avatar
   
Dries committed
434

Dries's avatar
   
Dries committed
435
  $url = str_replace("&amp;", "&", $url);
Dries's avatar
   
Dries committed
436

Dries's avatar
   
Dries committed
437
438
439
440
441
  /*
  ** It is advised to use "drupal_goto()" instead of PHP's "header()" as
  ** "drupal_goto()" will append the user's session ID to the URI when PHP
  ** is compiled with "--enable-trans-sid".
  */
Dries's avatar
   
Dries committed
442
  if (!ini_get("session.use_trans_sid") || !session_id() || strstr($url, session_id())) {
Dries's avatar
   
Dries committed
443
444
445
    header("Location: $url");
  }
  else {
Dries's avatar
   
Dries committed
446
447
448
449
450
451
452
453
    $sid = session_name() . "=" . session_id();

    if (strstr($url, "?") && !strstr($url, $sid)) {
      header("Location: $url&". $sid);
    }
    else {
      header("Location: $url?". $sid);
    }
Dries's avatar
   
Dries committed
454
455
456
457
  }

  /*
  ** The "Location" header sends a REDIRECT status code to the http
Dries's avatar
   
Dries committed
458
  ** daemon.  In some cases this can go wrong, so we make sure none
Dries's avatar
   
Dries committed
459
460
461
462
463
464
465
466
467
468
469
  ** of the code /below/ gets executed when we redirect.
  */

  exit();
}

/*
** Stores the referer in a persistent variable:
*/

function referer_save() {
Dries's avatar
   
Dries committed
470
471
  if (!strstr(referer_uri(), request_uri())) {
    $_SESSION["referer"] = referer_uri();
Dries's avatar
   
Dries committed
472
473
474
475
476
477
478
479
  }
}

/*
** Restores the referer from a persistent variable:
*/

function referer_load() {
Dries's avatar
   
Dries committed
480
481
  if (isset($_SESSION["referer"])) {
    return $_SESSION["referer"];
Dries's avatar
   
Dries committed
482
483
484
485
486
487
  }
  else {
    return 0;
  }
}

488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550

/*
** Save a common file
*/
function drupal_file_save($file) {
  global $user;
  // TODO: extend to support filesystem storage
  if (variable_get("file_save", "database")) {
    if ($file->fid) {
      if ($file->tmp_name) {
        $data = fread(fopen($file->tmp_name, "rb"), $file->size);
        db_query("UPDATE {file} SET uid = %d, filename = '%s', type = '%s', size = %d, counter = %d, data = '%s', temporary = %d WHERE fid = %d", $file->uid, $file->filename, $file->type, $file->size, $file->counter, base64_encode($data), $file->temporary, $file->fid);
      }
      else {
        db_query("UPDATE {file} SET uid = %d, filename = '%s', type = '%s', size = %d, counter = %d, temporary = %d WHERE fid = %d", $file->uid, $file->filename, $file->type, $file->size, $file->counter, $file->temporary, $file->fid);
      }
    }
    else {
      if ($file->tmp_name) {
        $file->fid = db_next_id("file_fid");
        $data = fread(fopen($file->tmp_name, "rb"), $file->size);
        db_query("INSERT INTO {file} SET fid = %d, uid = %d, created = %d, filename = '%s', type = '%s', size = %d, counter = 0, data = '%s', temporary = %d", $file->fid, $user->uid, time(), $file->filename, $file->type, $file->size, base64_encode($data), $file->temporary);
      }
      else {
        return 0;
      }
    }
  }
  return $file->fid;
}

/*
** Load a common file
*/
function drupal_file_load($fid, $data = 0) {
  // TODO: extend to support filesystem storage
  if (variable_get("file_save", "database")) {
    if ($data) {
      $file = db_fetch_object(db_query("SELECT * FROM {file} WHERE fid = %d", $fid));
    }
    else {
      $file = db_fetch_object(db_query("SELECT fid, uid, filename, created, type, size, counter, temporary FROM {file} WHERE fid = %d", $fid));
    }

    if ($file->data) {
      $file->data = base64_decode($file->data);
    }
    return $file;
  }
}

/*
** Generate the HTTP headers and dump the data
*/
function drupal_file_send($fid) {
  if (($file = drupal_file_load($fid, 1))) {
    header("Content-type: $file->type");
    header("Content-length: $file->size");
    header("Content-Disposition: inline; filename=$file->filename");
    print $file->data;
  }
}

Dries's avatar
   
Dries committed
551
function valid_input_data($data) {
552

553
  if (is_array($data) || is_object($data)) {
554
555
556
557
558
    /*
    ** Form data can contain a number of nested arrays.
    */

    foreach ($data as $key => $value) {
Dries's avatar
   
Dries committed
559
560
561
      if (!valid_input_data($value)) {
        return 0;
      }
562
563
564
565
566
567
568
    }
  }
  else {
    /*
    ** Detect evil input data.
    */

Dries's avatar
Dries committed
569
    // check strings:
Dries's avatar
Dries committed
570
    $match  = preg_match("/\Wjavascript\s*:/i", $data);
Dries's avatar
Dries committed
571
572
573
    $match += preg_match("/\Wexpression\s*\(/i", $data);
    $match += preg_match("/\Walert\s*\(/i", $data);

574
    // check attributes:
Dries's avatar
Dries committed
575
    $match += preg_match("/\W(dynsrc|datasrc|data|lowsrc|on[a-z]+)\s*=[^>]+?>/i", $data);
Dries's avatar
   
Dries committed
576

577
578

    // check tags:
Dries's avatar
   
Dries committed
579
    $match += preg_match("/<\s*(applet|script|object|style|embed|form|blink|meta|html|frame|iframe|layer|ilayer|head|frameset|xml)/i", $data);
580
581
582

    if ($match) {
      watchdog("warning", "terminated request because of suspicious input data: ". drupal_specialchars($data));
Dries's avatar
   
Dries committed
583
      return 0;
584
585
    }
  }
Dries's avatar
   
Dries committed
586
587

  return 1;
588
}
Dries's avatar
   
Dries committed
589

590
function check_url($uri) {
Dries's avatar
   
Dries committed
591
592
593
594
595
596
597
598
599
600
601
602
  $uri = htmlspecialchars($uri, ENT_QUOTES);

  /*
  ** We replace ( and ) with their entity equivalents to prevent XSS
  ** attacks.
  */

  $uri = strtr($uri, array("(" => "&040;", ")" => "&041;"));

  return $uri;
}

Dries's avatar
   
Dries committed
603
function check_form($text) {
Dries's avatar
   
Dries committed
604
  return drupal_specialchars($text, ENT_QUOTES);
Dries's avatar
   
Dries committed
605
606
}

Dries's avatar
   
Dries committed
607
function check_query($text) {
Dries's avatar
   
Dries committed
608
  return addslashes($text);
Dries's avatar
   
Dries committed
609
610
611
}

function filter($text) {
Dries's avatar
   
Dries committed
612

Dries's avatar
   
Dries committed
613
614
615
616
617
618
619
620
621
622
623
624
625
  $modules = module_list();

  /*
  ** Make sure the HTML filters that are part of the node module
  ** are run first.
  */

  if (in_array("node", $modules)) {
    $text = module_invoke("node", "filter", $text);
  }

  foreach ($modules as $name) {
    if (module_hook($name, "filter") && $name != "node") {
Dries's avatar
   
Dries committed
626
627
628
629
630
      $text = module_invoke($name, "filter", $text);
    }
  }

  return $text;
Dries's avatar
   
Dries committed
631
632
}

Dries's avatar
   
Dries committed
633
634
function rewrite_old_urls($text) {

Dries's avatar
   
Dries committed
635
636
637
638
  global $base_url;

  $end = substr($base_url, 12);

Dries's avatar
   
Dries committed
639
640
641
  /*
  ** This is a *temporary* filter to rewrite old-style URLs to new-style
  ** URLs (clean URLs).  Currently, URLs are being rewritten dynamically
Dries's avatar
   
Dries committed
642
643
  ** (ie. "on output"), however when these rewrite rules have been tested
  ** enough, we will use them to permanently rewrite the links in node
Dries's avatar
   
Dries committed
644
645
646
  ** and comment bodies.
  */

Dries's avatar
   
Dries committed
647
  if (variable_get("clean_url", "0") == "0") {
Dries's avatar
   
Dries committed
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
    /*
    ** Relative URLs:
    */

    // rewrite 'node.php?id=<number>[&cid=<number>]' style URLs:
    $text = eregi_replace("\"(node)\.php\?id=([[:digit:]]+)(&cid=)?([[:digit:]]*)", "\"?q=\\1/view/\\2/\\4", $text);

    // rewrite 'module.php?mod=<name>{&<op>=<value>}' style URLs:
    $text = ereg_replace("\"module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "\"?q=\\2/\\4/\\6" , $text);
    $text = ereg_replace("\"module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "\"?q=\\2/\\4", $text);
    $text = ereg_replace("\"module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))", "\"?q=\\2", $text);

    /*
    ** Absolute URLs:
    */

Dries's avatar
   
Dries committed
664
    // rewrite 'node.php?id=<number>[&cid=<number>]' style URLs:
Dries's avatar
   
Dries committed
665
    $text = eregi_replace("$end/(node)\.php\?id=([[:digit:]]+)(&cid=)?([[:digit:]]*)", "$end/?q=\\1/view/\\2/\\4", $text);
Dries's avatar
   
Dries committed
666

Dries's avatar
   
Dries committed
667
    // rewrite 'module.php?mod=<name>{&<op>=<value>}' style URLs:
Dries's avatar
   
Dries committed
668
669
670
    $text = ereg_replace("$end/module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "$end/?q=\\2/\\4/\\6" , $text);
    $text = ereg_replace("$end/module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "$end/?q=\\2/\\4", $text);
    $text = ereg_replace("$end/module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))", "\"$end/?q=\\2", $text);
Dries's avatar
   
Dries committed
671
672
  }
  else {
Dries's avatar
   
Dries committed
673
674
675
676
    /*
    ** Relative URLs:
    */

Dries's avatar
   
Dries committed
677
    // rewrite 'node.php?id=<number>[&cid=<number>]' style URLs:
Dries's avatar
   
Dries committed
678
    $text = eregi_replace("\"(node)\.php\?id=([[:digit:]]+)(&cid=)?([[:digit:]]*)", "\"\\1/view/\\2/\\4", $text);
Dries's avatar
   
Dries committed
679
680

    // rewrite 'module.php?mod=<name>{&<op>=<value>}' style URLs:
Dries's avatar
   
Dries committed
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
    $text = ereg_replace("\"module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "\"\\2/\\4/\\6", $text);
    $text = ereg_replace("\"module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "\"\\2/\\4", $text);
    $text = ereg_replace("\"module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))", "\"\\2", $text);

    /*
    ** Absolute URLs:
    */

    // rewrite 'node.php?id=<number>[&cid=<number>]' style URLs:
    $text = eregi_replace("$end/(node)\.php\?id=([[:digit:]]+)(&cid=)?([[:digit:]]*)", "$end/\\1/view/\\2/\\4", $text);

    // rewrite 'module.php?mod=<name>{&<op>=<value>}' style URLs:
    $text = ereg_replace("$end/module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "$end/\\2/\\4/\\6", $text);
    $text = ereg_replace("$end/module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "$end/\\2/\\4", $text);
    $text = ereg_replace("$end/module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))", "$end/\\2", $text);
}
Dries's avatar
   
Dries committed
697

Dries's avatar
   
Dries committed
698
699
700
  return $text;
}

Dries's avatar
   
Dries committed
701
function check_output($text) {
Dries's avatar
   
Dries committed
702
  if (isset($text)) {
Dries's avatar
   
Dries committed
703
704
705
706
    // filter content on output:
    $text = filter($text);

    // get the line breaks right:
Dries's avatar
   
Dries committed
707
    if (strip_tags($text, "<a><i><b><u><tt><code><cite><strong><img>") == $text) {
Dries's avatar
   
Dries committed
708
709
710
711
712
713
714
715
      $text = nl2br($text);
    }
  }
  else {
    $text = message_na();
  }

  return $text;
Dries's avatar
   
Dries committed
716
717
}

718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
/**
* Checks if a file is valid and correct.
*
* @param $name the name of the form_file item
* @param $type restrict to mime types
* @param $size restrict file size
* @param $paranoid flag to make sure file belongs to the current user
*
* @returns mixed file object, or error object, or false if there is no file
*/
function check_file($name, $type = "/.+/", $size = 0) {
  // Make sure we don't have a file stored temporarily
  if ($_POST["edit"]["__file"][$name]) {
    $file = drupal_file_load($_POST["edit"]["__file"][$name]);
    if (!$file->temporary) {
      unset($file);
    }
Dries's avatar
   
Dries committed
735
  }
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773

  // make sure $name exists in $_FILES
  if ($_FILES["edit"]["name"][$name]) {

    // populate $file object to make further testing simpler
    $file->filename = $_FILES["edit"]["name"][$name];
    $file->type = $_FILES["edit"]["type"][$name];
    $file->tmp_name = $_FILES["edit"]["tmp_name"][$name];
    $file->error = $_FILES["edit"]["error"][$name];
    $file->size = $_FILES["edit"]["size"][$name];

    if (!valid_input_data($file)) {
      $return->error = t("possible exploit abuse");
    }

    // make sure the file is a valid upload
    if (!is_uploaded_file($file->tmp_name) || $file->error == UPLOAD_ERR_PARTIAL || $file->error == UPLOAD_ERR_NO_FILE) {
      $return->error = t("invalid file upload");
    }

    // validate the file type uploaded
    if (!preg_match($type, $file->filename)) {
      $return->error = t("invalid file type");
    }

    // check the file size to make sure the file isn't too big
    if (($size && $file->size > $size) || $file->error == UPLOAD_ERR_INI_SIZE || $file->error == UPLOAD_ERR_FORM_SIZE) {
      $return->error = t("file size too big");
    }

    if (!$return->error) {
      $file->temporary = 1;
      $file->fid = drupal_file_save($file);
    }
  }

  if ($return->error) {
    return $return;
Dries's avatar
   
Dries committed
774
  }
775
776

  return $file ? $file : false;
Dries's avatar
   
Dries committed
777
778
}

Dries's avatar
   
Dries committed
779
780
781
function format_rss_channel($title, $link, $description, $items, $language = "en", $args = array()) {
  // arbitrary elements may be added using the $args associative array

Dries's avatar
   
Dries committed
782
  $output .= "<channel>\n";
Dries's avatar
   
Dries committed
783
784
785
786
  $output .= " <title>". drupal_specialchars(strip_tags($title)) ."</title>\n";
  $output .= " <link>". drupal_specialchars(strip_tags($link)) ."</link>\n";
  $output .= " <description>". drupal_specialchars($description) ."</description>\n";
  $output .= " <language>". drupal_specialchars(strip_tags($language)) ."</language>\n";
Dries's avatar
   
Dries committed
787
  foreach ($args as $key => $value) {
Dries's avatar
   
Dries committed
788
    $output .= " <$key>". drupal_specialchars(strip_tags($value)) ."</$key>\n";
Dries's avatar
   
Dries committed
789
  }
Dries's avatar
   
Dries committed
790
791
792
793
794
795
  $output .= $items;
  $output .= "</channel>\n";

  return $output;
}

Dries's avatar
   
Dries committed
796
797
798
function format_rss_item($title, $link, $description, $args = array()) {
  // arbitrary elements may be added using the $args associative array

Dries's avatar
   
Dries committed
799
  $output .= "<item>\n";
Dries's avatar
   
Dries committed
800
801
802
  $output .= " <title>". drupal_specialchars(strip_tags($title)) ."</title>\n";
  $output .= " <link>". drupal_specialchars(strip_tags($link)) ."</link>\n";
  $output .= " <description>". drupal_specialchars(check_output($description)) ."</description>\n";
Dries's avatar
   
Dries committed
803
  foreach ($args as $key => $value) {
Dries's avatar
   
Dries committed
804
    $output .= "<$key>". drupal_specialchars(strip_tags($value)) ."</$key>";
Dries's avatar
   
Dries committed
805
  }
Dries's avatar
   
Dries committed
806
807
808
809
810
  $output .= "</item>\n";

  return $output;
}

Dries's avatar
   
Dries committed
811
812
813
814
815
816
817
818
819
820
821
822
823
824
/**
 * Formats a string with a count of items so that the string is pluralized
 * correctly.
 * format_plural calls t() by itself, make sure not to pass already localized
 * strings to it.
 *
 * @param $count    The item count to display.
 * @param $singular The string for the singular case. Please make sure it's clear
 *                  this is singular, to ease translation. ("1 new comment" instead of
 *                  "1 new").
 * @param $plural   The string for the plrual case. Please make sure it's clear
 *                  this is plural, to ease translation. Use %count in places of the
 *                  item count, as in "%count new comments".
 */
Dries's avatar
   
Dries committed
825
function format_plural($count, $singular, $plural) {
Dries's avatar
   
Dries committed
826
  return t($count == 1 ? $singular : $plural, array("%count" => $count));
Dries's avatar
   
Dries committed
827
828
829
}

function format_size($size) {
Dries's avatar
   
Dries committed
830
  $suffix = t("bytes");
Dries's avatar
   
Dries committed
831
832
  if ($size > 1024) {
    $size = round($size / 1024, 2);
Dries's avatar
   
Dries committed
833
    $suffix = t("KB");
Dries's avatar
   
Dries committed
834
835
836
  }
  if ($size > 1024) {
    $size = round($size / 1024, 2);
Dries's avatar
   
Dries committed
837
    $suffix = t("MB");
Dries's avatar
   
Dries committed
838
  }
Dries's avatar
   
Dries committed
839
  return t("%size %suffix", array("%size" => $size, "%suffix" => $suffix));
Dries's avatar
   
Dries committed
840
841
}

Dries's avatar
   
Dries committed
842
function cache_get($key) {
Dries's avatar
   
Dries committed
843
  $cache = db_fetch_object(db_query("SELECT data, created FROM {cache} WHERE cid = '%s'", $key));
Dries's avatar
   
Dries committed
844
  return $cache->data ? $cache : 0;
Dries's avatar
   
Dries committed
845
846
847
}

function cache_set($cid, $data, $expire = 0) {
Dries's avatar
   
Dries committed
848
849
  if (db_fetch_object(db_query("SELECT cid FROM {cache} WHERE cid = '%s'", $cid))) {
    db_query("UPDATE {cache} SET data = '%s', created = %d, expire = %d WHERE cid = '%s'", $data, time(), $expire, $cid);
Dries's avatar
   
Dries committed
850
851
  }
  else {
Dries's avatar
   
Dries committed
852
    db_query("INSERT INTO {cache} (cid, data, created, expire) VALUES('%s', '%s', %d, %d)", $cid, $data, time(), $expire);
Dries's avatar
   
Dries committed
853
  }
Dries's avatar
   
Dries committed
854
855
}

Dries's avatar
   
Dries committed
856
857
function cache_clear_all($cid = NULL) {
  if (empty($cid)) {
Dries's avatar
   
Dries committed
858
    db_query("DELETE FROM {cache} WHERE expire <> 0");
Dries's avatar
   
Dries committed
859
860
  }
  else {
Dries's avatar
   
Dries committed
861
    db_query("DELETE FROM {cache} WHERE cid = '%s'", $cid);
Dries's avatar
   
Dries committed
862
  }
Dries's avatar
   
Dries committed
863
864
865
}

function page_set_cache() {
Dries's avatar
   
Dries committed
866
  global $user;
Dries's avatar
   
Dries committed
867

Dries's avatar
   
Dries committed
868
  if (!$user->uid && $_SERVER["REQUEST_METHOD"] == "GET") {
Dries's avatar
   
Dries committed
869
    if ($data = ob_get_contents()) {
Dries's avatar
   
Dries committed
870
      cache_set(request_uri(), $data, 1);
Dries's avatar
   
Dries committed
871
872
873
874
    }
  }
}

Dries's avatar
   
Dries committed
875
function page_get_cache() {
Dries's avatar
   
Dries committed
876
  global $user;
Dries's avatar
   
Dries committed
877

Dries's avatar
   
Dries committed
878
879
  $cache = NULL;

Dries's avatar
   
Dries committed
880
  if (!$user->uid && $_SERVER["REQUEST_METHOD"] == "GET") {
Dries's avatar
   
Dries committed
881
882
883
    $cache = cache_get(request_uri());

    if (empty($cache)) {
Dries's avatar
   
Dries committed
884
      ob_start();
Dries's avatar
   
Dries committed
885
886
    }
  }
Dries's avatar
   
Dries committed
887

Dries's avatar
   
Dries committed
888
  return $cache;
Dries's avatar
   
Dries committed
889
890
891
}

function format_interval($timestamp) {
Dries's avatar
   
Dries committed
892
  $units = array("1 year|%count years" => 31536000, "1 week|%count weeks" => 604800, "1 day|%count days" => 86400, "1 hour|%count hours" => 3600, "1 min|%count min" => 60, "1 sec|%count sec" => 1);
Kjartan's avatar
Kjartan committed
893
  foreach ($units as $key=>$value) {
Dries's avatar
   
Dries committed
894
895
896
897
898
899
    $key = explode("|", $key);
    if ($timestamp >= $value) {
      $output .= ($output ? " " : "") . format_plural(floor($timestamp / $value), $key[0], $key[1]);
      $timestamp %= $value;
    }
  }
Dries's avatar
   
Dries committed
900
  return ($output) ? $output : t("0 sec");
Dries's avatar
   
Dries committed
901
902
903
904
905
}

function format_date($timestamp, $type = "medium", $format = "") {
  global $user;

Kjartan's avatar
Kjartan committed
906
  $timestamp += ($user->timezone) ? $user->timezone - date("Z") : 0;
Dries's avatar
   
Dries committed
907
908
909

  switch ($type) {
    case "small":
Dries's avatar
   
Dries committed
910
      $date = date(variable_get("date_format_short", "m/d/Y - H:i"), $timestamp);
Dries's avatar
   
Dries committed
911
912
      break;
    case "medium":
913
      $date = date(variable_get("date_format_medium", "D, m/d/Y - H:i"), $timestamp);
Dries's avatar
   
Dries committed
914
915
      break;
    case "large":
916
      $date = date(variable_get("date_format_long", "l, F j, Y - H:i"), $timestamp);
Dries's avatar
   
Dries committed
917
918
919
920
      break;
    case "custom":
      for ($i = strlen($format); $i >= 0; $c = $format[--$i]) {
        if (strstr("DFlMSw", $c)) {
921
          $date = t(date($c, $timestamp)) . $date;
Dries's avatar
   
Dries committed
922
        }
Kjartan's avatar
Kjartan committed
923
        else if (strstr("AaBdgGhHiIjLmnOrstTUWYyZz", $c)) {
924
          $date = date($c, $timestamp) . $date;
Dries's avatar
   
Dries committed
925
926
        }
        else {
Kjartan's avatar
Kjartan committed
927
          $date = $c.$date;
Dries's avatar
   
Dries committed
928
929
930
931
        }
      }
      break;
    default:
932
      $date = date(variable_get("date_format_medium", "l, m/d/Y - H:i"), $timestamp);
Dries's avatar
   
Dries committed
933
934
935
936
937
938
939
  }
  return $date;
}

function format_name($object) {

  if ($object->uid && $object->name) {
Dries's avatar
Dries committed
940
941
942
943
944
945
946
947
948
949
950
951
    /*
    ** Shorten the name when it is too long or it will break many
    ** tables.
    */

    if (strlen($object->name) > 20) {
      $name = substr($object->name, 0, 15) ."...";
    }
    else {
      $name = $object->name;
    }

Dries's avatar
   
Dries committed
952
    if (arg(0) == "admin") {
Dries's avatar
Dries committed
953
      $output = l($name, "admin/user/edit/$object->uid", array("title" => t("Administer user profile.")));
Dries's avatar
   
Dries committed
954
955
    }
    else {
Dries's avatar
Dries committed
956
      $output = l($name, "user/view/$object->uid", array("title" => t("View user profile.")));
Dries's avatar
   
Dries committed
957
    }
Dries's avatar
   
Dries committed
958
  }
Dries's avatar
   
Dries committed
959
960
961
962
963
964
965
966
967
968
  else if ($object->name) {
    /*
    ** Sometimes modules display content composed by people who are
    ** not registers members of the site (i.e. mailing list or news
    ** aggregator modules).  This clause enables modules to display
    ** the true author of the content.
    */

    $output = $object->name;
  }
Dries's avatar
   
Dries committed
969
  else {
Dries's avatar
   
Dries committed
970
    $output = t(variable_get("anonymous", "Anonymous"));
Dries's avatar
   
Dries committed
971
972
  }

Dries's avatar
   
Dries committed
973
  return $output;
Dries's avatar
   
Dries committed
974
975
976
}

function form($form, $method = "post", $action = 0, $options = 0) {
Dries's avatar
   
Dries committed
977
978

  if (!$action) {
979
    $action = request_uri();
Dries's avatar
   
Dries committed
980
  }
981
  return "<form action=\"$action\" method=\"$method\"". drupal_attributes($options) .">\n$form\n</form>\n";
Dries's avatar
   
Dries committed
982
983
984
}

function form_item($title, $value, $description = 0) {
Dries's avatar
   
Dries committed
985
  return "<div class=\"form-item\">". ($title ? "<div class=\"title\">$title:</div>" : "") . $value . ($description ? "<div class=\"description\">$description</div>" : "") ."</div>\n";
Dries's avatar
   
Dries committed
986
987
}

988
989
function form_radio($title, $name, $value = 1, $checked = 0, $description = 0, $attributes = 0) {
  return form_item(0, "<input type=\"radio\" class=\"form-radio\" name=\"edit[$name]\" value=\"". $value ."\"". ($checked ? " checked=\"checked\"" : "") . drupal_attributes($attributes) ." /> $title", $description);
Dries's avatar
   
Dries committed
990
991
}

992
993
function form_checkbox($title, $name, $value = 1, $checked = 0, $description = 0, $attributes = 0) {
  return form_hidden($name, 0) . form_item(0, "<input type=\"checkbox\" class=\"form-checkbox\" name=\"edit[$name]\" value=\"". $value ."\"". ($checked ? " checked=\"checked\"" : "") . drupal_attributes($attributes) ." /> $title", $description);
Dries's avatar
   
Dries committed
994
995
}

996
function form_textfield($title, $name, $value, $size, $maxlength, $description = 0, $attributes = 0) {
Dries's avatar
   
Dries committed
997
  $size = $size ? " size=\"$size\"" : "";
998
  return form_item($title, "<input type=\"text\" maxlength=\"$maxlength\" class=\"form-text\" name=\"edit[$name]\"$size value=\"". check_form($value) ."\"". drupal_attributes($attributes) ." />", $description);
Dries's avatar
   
Dries committed
999
1000
}