common.inc 36.2 KB
Newer Older
Dries's avatar
 
Dries committed
1 2 3 4 5 6 7 8 9 10 11
<?php
// $Id$

function conf_init() {

  /*
  ** Try finding a matching configuration file by stripping the website's
  ** URI from left to right.  If no configuration file is found, return a
  ** default value 'conf'.
  */

Dries's avatar
 
Dries committed
12
  $uri = $_SERVER["PHP_SELF"];
Dries's avatar
 
Dries committed
13

Dries's avatar
 
Dries committed
14
  $file = strtolower(strtr($_SERVER["HTTP_HOST"] . substr($uri, 0, strrpos($uri, "/")), "/:", ".."));
Dries's avatar
 
Dries committed
15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30

  while (strlen($file) > 4) {
    if (file_exists("includes/$file.php")) {
      return $file;
    }
    else {
      $file = substr($file, strpos($file, ".") + 1);
    }
  }

  return "conf";
}

function error_handler($errno, $message, $filename, $line, $variables) {
  $types = array(1 => "error", 2 => "warning", 4 => "parse error", 8 => "notice", 16 => "core error", 32 => "core warning", 64 => "compile error", 128 => "compile warning", 256 => "user error", 512 => "user warning", 1024 => "user notice");
  $entry = $types[$errno] .": $message in $filename on line $line.";
Dries's avatar
 
Dries committed
31 32

  if ($errno & E_ALL ^ E_NOTICE) {
Dries's avatar
 
Dries committed
33
    watchdog("error", $types[$errno] .": $message in $filename on line $line.");
34
    print "<pre>$entry</pre>";
Dries's avatar
 
Dries committed
35 36 37
  }
}

Dries's avatar
 
Dries committed
38
function watchdog($type, $message, $link = NULL) {
Dries's avatar
 
Dries committed
39
  global $user;
Dries's avatar
 
Dries committed
40
  db_query("INSERT INTO {watchdog} (uid, type, message, link, location, hostname, timestamp) VALUES (%d, '%s', '%s', '%s', '%s', '%s', %d)", $user->uid, $type, $message, $link, request_uri(), getenv("REMOTE_ADDR"), time());
Dries's avatar
 
Dries committed
41 42 43 44
}

function throttle($type, $rate) {
  if (!user_access("access administration pages")) {
Dries's avatar
 
Dries committed
45
    if ($throttle = db_fetch_object(db_query("SELECT * FROM {watchdog} WHERE type = '$type' AND hostname = '". getenv("REMOTE_ADDR") ."' AND ". time() ." - timestamp < $rate"))) {
Dries's avatar
 
Dries committed
46 47 48 49 50 51 52 53 54
      watchdog("warning", "throttle: '". getenv("REMOTE_ADDR") ."' exceeded submission rate - $throttle->type");
      die(message_throttle());
    }
    else {
      watchdog($type, "throttle");
    }
  }
}

Dries's avatar
 
Dries committed
55 56
function check_php_setting($name, $value) {
  if (ini_get($name) != $value) {
Steven Wittens's avatar
Steven Wittens committed
57
    print "<p>Note that the value of PHP's configuration option <code><b>$name</b></code> is incorrect.  It should be set to '$value' for Drupal to work properly.  Either configure your webserver to support <code>.htaccess</code> files so Drupal's <code>.htaccess</code> file can set it to the proper value, or edit your <code>php.ini</code> file directly.  This message will automatically dissapear when the problem has been fixed.</p>";
Dries's avatar
 
Dries committed
58 59 60
  }
}

Dries's avatar
 
Dries committed
61 62 63 64 65
function arg($index) {

  static $arguments;

  if (empty($arguments)) {
Dries's avatar
 
Dries committed
66
    $arguments = explode("/", $_GET["q"]);
Dries's avatar
 
Dries committed
67 68 69 70 71
  }

  return $arguments[$index];
}

Dries's avatar
 
Dries committed
72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99
function array2object($node) {

  if (is_array($node)) {
    foreach ($node as $key => $value) {
      $object->$key = $value;
    }
  }
  else {
    $object = $node;
  }

  return $object;
}

function object2array($node) {

  if (is_object($node)) {
    foreach ($node as $key => $value) {
      $array[$key] = $value;
    }
  }
  else {
    $array = $node;
  }

  return $array;
}

Dries's avatar
 
Dries committed
100 101 102 103 104 105 106 107 108
function referer_uri() {

  if (isset($_SERVER["HTTP_REFERER"])) {
    $uri = $_SERVER["HTTP_REFERER"];

    return check_url($uri);
  }
}

Dries's avatar
 
Dries committed
109
function request_uri() {
Dries's avatar
 
Dries committed
110 111 112 113
  /*
  ** Since request_uri() is only available on Apache, we generate
  ** equivalent using other environment vars.
  */
Dries's avatar
 
Dries committed
114

Dries's avatar
 
Dries committed
115
  if (isset($_SERVER["REQUEST_URI"])) {
116
    $uri = $_SERVER["REQUEST_URI"];
Dries's avatar
 
Dries committed
117 118
  }
  else {
119
    $uri = $_SERVER["PHP_SELF"] ."?". $_SERVER["QUERY_STRING"];
Dries's avatar
 
Dries committed
120
  }
121

Dries's avatar
 
Dries committed
122
  return check_url($uri);
Dries's avatar
 
Dries committed
123 124
}

Dries's avatar
 
Dries committed
125
function message_access() {
Dries's avatar
 
Dries committed
126
  return t("You are not authorized to access this page.");
Dries's avatar
 
Dries committed
127 128 129 130 131 132 133 134 135 136
}

function message_na() {
  return t("n/a");
}

function message_throttle() {
  return t("You exceeded the maximum submission rate.  Please wait a few minutes and try again.");
}

Dries's avatar
 
Dries committed
137 138
function locale_init() {
  global $languages, $user;
Dries's avatar
 
Dries committed
139 140 141 142 143 144
  if ($user->uid && $languages[$user->language]) {
    return $user->language;
  }
  else {
    return key($languages);
  }
Dries's avatar
 
Dries committed
145 146
}

Dries's avatar
 
Dries committed
147
function t($string, $args = 0) {
Dries's avatar
 
Dries committed
148
  global $languages;
149

Dries's avatar
 
Dries committed
150 151 152 153 154 155 156
  /*
  ** About the usage of t().  We try to keep strings whole as much as
  ** possible and are unafraid of HTML markup within translation strings
  ** if necessary.  The suggested syntax for a link embedded within a
  ** translation string is for example:
  **
  ** $msg = t("You must login below or <a href=\"%url\">create a new
Dries's avatar
 
Dries committed
157 158
  **           account</a> before viewing the next page.", array("%url"
  **           => url("user/register")));
Dries's avatar
 
Dries committed
159 160
  */

161
  $string = ($languages && module_exist("locale") ? locale($string) : $string);
162

Dries's avatar
 
Dries committed
163 164
  if (!$args) {
    return $string;
Kjartan's avatar
Kjartan committed
165 166
  }
  else {
Dries's avatar
 
Dries committed
167 168
    return strtr($string, $args);
  }
Dries's avatar
 
Dries committed
169 170 171
}

function variable_init($conf = array()) {
Dries's avatar
 
Dries committed
172
  $result = db_query("SELECT * FROM {variable} ");
Dries's avatar
 
Dries committed
173 174
  while ($variable = db_fetch_object($result)) {
    if (!isset($conf[$variable->name])) {
Dries's avatar
 
Dries committed
175
      $conf[$variable->name] = unserialize($variable->value);
Dries's avatar
 
Dries committed
176 177 178 179 180 181
    }
  }

  return $conf;
}

182
function variable_get($name, $default) {
Dries's avatar
 
Dries committed
183 184 185 186 187 188 189 190
  global $conf;

  return isset($conf[$name]) ? $conf[$name] : $default;
}

function variable_set($name, $value) {
  global $conf;

Dries's avatar
 
Dries committed
191 192
  db_query("DELETE FROM {variable} WHERE name = '%s'", $name);
  db_query("INSERT INTO {variable} (name, value) VALUES ('%s', '%s')", $name, serialize($value));
Dries's avatar
 
Dries committed
193 194 195 196 197 198 199

  $conf[$name] = $value;
}

function variable_del($name) {
  global $conf;

Dries's avatar
 
Dries committed
200
  db_query("DELETE FROM {variable} WHERE name = '%s'", $name);
Dries's avatar
 
Dries committed
201 202 203 204

  unset($conf[$name]);
}

Dries's avatar
 
Dries committed
205
function drupal_specialchars($input, $quotes = ENT_NOQUOTES) {
Dries's avatar
 
Dries committed
206 207 208 209 210 211 212 213 214

  /*
  ** Note that we'd like to go 'htmlspecialchars($input, $quotes, "utf-8")'
  ** like the PHP manual tells us to, but we can't because there's a bug in
  ** PHP <4.3 that makes it mess up multibyte charsets if we specify the
  ** charset.  Change this later once we make PHP 4.3 a requirement.
  */

  return htmlspecialchars($input, $quotes);
Dries's avatar
 
Dries committed
215 216
}

Dries's avatar
 
Dries committed
217
function table_cell($cell, $header = 0) {
Dries's avatar
 
Dries committed
218
  if (is_array($cell)) {
Dries's avatar
 
Dries committed
219 220 221 222 223 224 225 226 227 228 229
    $data = $cell["data"];
    foreach ($cell as $key => $value) {
      if ($key != "data")  {
        $attributes .= " $key=\"$value\"";
      }
    }
  }
  else {
    $data = $cell;
  }

Dries's avatar
 
Dries committed
230
  if ($header) {
Dries's avatar
 
Dries committed
231 232 233 234 235 236 237 238 239 240 241
    $output = "<th$attributes>$data</th>";
  }
  else {
    $output = "<td$attributes>$data</td>";
  }

  return $output;
}

function table($header, $rows) {

242
  $output = "<table>\n";
Dries's avatar
 
Dries committed
243 244 245 246 247

  /*
  ** Emit the table header:
  */

Dries's avatar
 
Dries committed
248 249 250
  if (is_array($header)) {
    $output .= " <tr>";
    foreach ($header as $cell) {
Dries's avatar
 
Dries committed
251 252 253
      if (is_array($cell) && $cell["field"]) {
        $cell = tablesort($cell, $header);
      }
Dries's avatar
 
Dries committed
254 255
      $output .= table_cell($cell, 1);
    }
Dries's avatar
 
Dries committed
256
    $output .= " </tr>\n";
Dries's avatar
 
Dries committed
257 258 259 260 261 262
  }

  /*
  ** Emit the table rows:
  */

Dries's avatar
 
Dries committed
263 264 265 266 267 268 269 270
  if (is_array($rows)) {
    foreach ($rows as $number => $row) {
      if ($number % 2 == 1) {
        $output .= " <tr class=\"light\">";
      }
      else {
        $output .= " <tr class=\"dark\">";
      }
Dries's avatar
 
Dries committed
271

Dries's avatar
 
Dries committed
272 273 274
      foreach ($row as $cell) {
        $output .= table_cell($cell, 0);
      }
Dries's avatar
 
Dries committed
275
      $output .= " </tr>\n";
Dries's avatar
 
Dries committed
276 277 278
    }
  }

Dries's avatar
 
Dries committed
279
  $output .= "</table>\n";
Dries's avatar
 
Dries committed
280 281 282 283

  return $output;
}

284 285 286 287 288 289
/**
 * Verify the syntax of the given e-mail address.  Empty e-mail addresses
 * are allowed.  See RFC 2822 for details.
 *
 * @param $mail  a email address
 */
Dries's avatar
 
Dries committed
290
function valid_email_address($mail) {
291 292 293 294 295 296 297 298 299 300 301 302 303
  $user = '[a-zA-Z0-9_\-\.\+\^!#\$%&*+\/\=\?\`\|\{\}~\']+';
  $domain = '(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9]\.?)+';
  $ipv4 = '[0-9]{1,3}(\.[0-9]{1,3}){3}';
  $ipv6 = '[0-9a-fA-F]{1,4}(\:[0-9a-fA-F]{1,4}){7}';

  if (preg_match("/^$user@($domain|(\[($ipv4|$ipv6)\]))$/", $mail)) {
    return 1;
  }
  else {
    return 0;
  }
}

Dries's avatar
 
Dries committed
304 305 306 307 308 309 310 311 312 313 314 315 316 317 318
/**
 * Verify the syntax of the given URL.
 *
 * @param $url  an URL
 */
function valid_url($url) {

  if (preg_match("/^[a-zA-z0-9\/:_\-_\.]+$/", $url)) {
    return 1;
  }
  else {
    return 0;
  }
}

Kjartan's avatar
Kjartan committed
319 320 321 322
/**
 * Format a single result entry of a search query:
 *
 * @param $item  a single search result as returned by <module>_search of type
Dries's avatar
 
Dries committed
323
 *               array("count" => ..., "link" => ..., "title" => ...,
Kjartan's avatar
Kjartan committed
324 325 326
 *               "user" => ..., "date" => ..., "keywords" => ...)
 * @param $type  module type of this item
 */
Dries's avatar
 
Dries committed
327
function search_item($item, $type) {
Dries's avatar
 
Dries committed
328 329 330 331 332 333 334 335 336 337

  /*
  ** Modules may implement the "search_item" hook in order to overwrite
  ** the default function to display search results.
  */

  if (module_hook($type, "search_item")) {
    $output = module_invoke($type, "search_item", $item);
  }
  else {
Dries's avatar
 
Dries committed
338
    $output .= " <b><u><a href=\"". $item["link"] ."\">". $item["title"] ."</a></u></b><br />";
Dries's avatar
 
Dries committed
339 340 341
    $output .= " <small>$type ". ($item["user"] ? " - ". $item["user"] : "") ."". ($item["date"] ? " - ". format_date($item["date"], "small") : "") ."</small>";
    $output .= "<br /><br />";
  }
Dries's avatar
 
Dries committed
342 343 344 345

  return $output;
}

Kjartan's avatar
Kjartan committed
346 347 348 349
/**
 * Render a generic search form.
 *
 * "Generic" means "universal usable" - that is, usable not only from
Dries's avatar
 
Dries committed
350
 * 'site.com/search', but also as a simple seach box (without
Dries's avatar
 
Dries committed
351 352
 * "Restrict search to", help text, etc) from theme's header etc.
 * This means: provide options to only conditionally render certain
Kjartan's avatar
Kjartan committed
353 354
 * parts of this form.
 *
Dries's avatar
 
Dries committed
355
 * @param $action  Form action. Defaults to 'site.com/search'.
Dries's avatar
 
Dries committed
356
 * @param $keys   string containing keywords for the search.
Dries's avatar
 
Dries committed
357
 * @param $options != 0: Render additional form fields/text
Kjartan's avatar
Kjartan committed
358 359
 *                 ("Restrict search to", help text, etc).
 */
Dries's avatar
 
Dries committed
360
function search_form($action = NULL, $keys = NULL, $options = NULL) {
Dries's avatar
 
Dries committed
361 362

  if (!$action) {
Dries's avatar
 
Dries committed
363
    $action = url("search");
Dries's avatar
 
Dries committed
364 365
  }

Kjartan's avatar
Kjartan committed
366 367
  $output .= " <br /><input type=\"text\" size=\"50\" value=\"". check_form($keys) ."\" name=\"keys\" />";
  $output .= " <input type=\"submit\" value=\"". t("Search") ."\" />\n";
Dries's avatar
 
Dries committed
368 369 370 371 372 373 374

  if ($options != 0) {
    $output .= "<br />";
    $output .= t("Restrict search to") .": ";

    foreach (module_list() as $name) {
      if (module_hook($name, "search")) {
Kjartan's avatar
Kjartan committed
375
        $output .= " <input type=\"checkbox\" name=\"edit[type][$name]\" ". ($edit["type"][$name] ? " checked=\"checked\"" : "") ." /> ". t($name);
Dries's avatar
 
Dries committed
376 377 378 379
      }
    }
  }

Kjartan's avatar
Kjartan committed
380 381
  $form .= "<br />";

Dries's avatar
 
Dries committed
382 383 384 385
  return form($output, "post", $action);
}

/*
Kjartan's avatar
Kjartan committed
386 387
 * Collect the search results:
 */
Dries's avatar
 
Dries committed
388
function search_data($keys = NULL) {
Dries's avatar
 
Dries committed
389 390

  $edit = $_POST["edit"];
Dries's avatar
 
Dries committed
391

Dries's avatar
 
Dries committed
392
  if (isset($keys)) {
Dries's avatar
 
Dries committed
393
    foreach (module_list() as $name) {
Dries's avatar
 
Dries committed
394
      if (module_hook($name, "search") && (!$edit["type"] || $edit["type"][$name]) && ($result = module_invoke($name, "search", $keys))) {
Kjartan's avatar
Kjartan committed
395
        if ($name == "node" || $name == "comment") {
Dries's avatar
 
Dries committed
396
          $output .= "<p><b>". t("Matching ". $name ."s ranked in order of relevance") .":</b></p>";
Kjartan's avatar
Kjartan committed
397 398
        }
        else {
Dries's avatar
 
Dries committed
399
          $output .= "<p><b>". t("Matching ". $name ."s") .":</b></p>";
Kjartan's avatar
Kjartan committed
400
        }
Dries's avatar
 
Dries committed
401 402 403 404 405 406 407 408 409 410
        foreach ($result as $entry) {
          $output .= search_item($entry, $name);
        }
      }
    }
  }

  return $output;
}

Kjartan's avatar
Kjartan committed
411 412 413
/**
 * Display the search form and the resulting data.
 *
Dries's avatar
 
Dries committed
414
 * @param $type    If set, search only nodes of this type.
Kjartan's avatar
Kjartan committed
415
 *                 Otherwise, search all types.
Dries's avatar
 
Dries committed
416
 * @param $action  Form action. Defaults to 'site.com/search'.
Kjartan's avatar
Kjartan committed
417
 * @param $query   Query string. Defaults to global $keys.
Dries's avatar
 
Dries committed
418
 * @param $options != 0: Render additional form fields/text
Kjartan's avatar
Kjartan committed
419 420
 *                 ("Restrict search to", help text, etc).
 */
Dries's avatar
 
Dries committed
421
function search_type($type, $action = NULL, $keys = NULL, $options = NULL) {
Dries's avatar
 
Dries committed
422

Dries's avatar
 
Dries committed
423
  $_POST["edit"]["type"][$type] = "on";
Dries's avatar
 
Dries committed
424

Dries's avatar
 
Dries committed
425
  return search_form($action, $keys, $options) . "<br />". search_data($keys);
Dries's avatar
 
Dries committed
426 427
}

Dries's avatar
 
Dries committed
428

Dries's avatar
 
Dries committed
429 430
function drupal_goto($url) {

Dries's avatar
 
Dries committed
431 432 433
  /*
  ** Translate &amp; to simply &
  */
Dries's avatar
 
Dries committed
434

Dries's avatar
 
Dries committed
435
  $url = str_replace("&amp;", "&", $url);
Dries's avatar
 
Dries committed
436

Dries's avatar
 
Dries committed
437 438 439 440 441
  /*
  ** It is advised to use "drupal_goto()" instead of PHP's "header()" as
  ** "drupal_goto()" will append the user's session ID to the URI when PHP
  ** is compiled with "--enable-trans-sid".
  */
Dries's avatar
 
Dries committed
442
  if (!ini_get("session.use_trans_sid") || !session_id() || strstr($url, session_id())) {
Dries's avatar
 
Dries committed
443 444 445
    header("Location: $url");
  }
  else {
Dries's avatar
 
Dries committed
446 447 448 449 450 451 452 453
    $sid = session_name() . "=" . session_id();

    if (strstr($url, "?") && !strstr($url, $sid)) {
      header("Location: $url&". $sid);
    }
    else {
      header("Location: $url?". $sid);
    }
Dries's avatar
 
Dries committed
454 455 456 457
  }

  /*
  ** The "Location" header sends a REDIRECT status code to the http
Dries's avatar
 
Dries committed
458
  ** daemon.  In some cases this can go wrong, so we make sure none
Dries's avatar
 
Dries committed
459 460 461 462 463 464 465 466 467 468 469
  ** of the code /below/ gets executed when we redirect.
  */

  exit();
}

/*
** Stores the referer in a persistent variable:
*/

function referer_save() {
Dries's avatar
 
Dries committed
470 471
  if (!strstr(referer_uri(), request_uri())) {
    $_SESSION["referer"] = referer_uri();
Dries's avatar
 
Dries committed
472 473 474 475 476 477 478 479
  }
}

/*
** Restores the referer from a persistent variable:
*/

function referer_load() {
Dries's avatar
 
Dries committed
480 481
  if (isset($_SESSION["referer"])) {
    return $_SESSION["referer"];
Dries's avatar
 
Dries committed
482 483 484 485 486 487
  }
  else {
    return 0;
  }
}

488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550

/*
** Save a common file
*/
function drupal_file_save($file) {
  global $user;
  // TODO: extend to support filesystem storage
  if (variable_get("file_save", "database")) {
    if ($file->fid) {
      if ($file->tmp_name) {
        $data = fread(fopen($file->tmp_name, "rb"), $file->size);
        db_query("UPDATE {file} SET uid = %d, filename = '%s', type = '%s', size = %d, counter = %d, data = '%s', temporary = %d WHERE fid = %d", $file->uid, $file->filename, $file->type, $file->size, $file->counter, base64_encode($data), $file->temporary, $file->fid);
      }
      else {
        db_query("UPDATE {file} SET uid = %d, filename = '%s', type = '%s', size = %d, counter = %d, temporary = %d WHERE fid = %d", $file->uid, $file->filename, $file->type, $file->size, $file->counter, $file->temporary, $file->fid);
      }
    }
    else {
      if ($file->tmp_name) {
        $file->fid = db_next_id("file_fid");
        $data = fread(fopen($file->tmp_name, "rb"), $file->size);
        db_query("INSERT INTO {file} SET fid = %d, uid = %d, created = %d, filename = '%s', type = '%s', size = %d, counter = 0, data = '%s', temporary = %d", $file->fid, $user->uid, time(), $file->filename, $file->type, $file->size, base64_encode($data), $file->temporary);
      }
      else {
        return 0;
      }
    }
  }
  return $file->fid;
}

/*
** Load a common file
*/
function drupal_file_load($fid, $data = 0) {
  // TODO: extend to support filesystem storage
  if (variable_get("file_save", "database")) {
    if ($data) {
      $file = db_fetch_object(db_query("SELECT * FROM {file} WHERE fid = %d", $fid));
    }
    else {
      $file = db_fetch_object(db_query("SELECT fid, uid, filename, created, type, size, counter, temporary FROM {file} WHERE fid = %d", $fid));
    }

    if ($file->data) {
      $file->data = base64_decode($file->data);
    }
    return $file;
  }
}

/*
** Generate the HTTP headers and dump the data
*/
function drupal_file_send($fid) {
  if (($file = drupal_file_load($fid, 1))) {
    header("Content-type: $file->type");
    header("Content-length: $file->size");
    header("Content-Disposition: inline; filename=$file->filename");
    print $file->data;
  }
}

Dries's avatar
 
Dries committed
551
function valid_input_data($data) {
552

553
  if (is_array($data) || is_object($data)) {
554 555 556 557 558
    /*
    ** Form data can contain a number of nested arrays.
    */

    foreach ($data as $key => $value) {
Dries's avatar
 
Dries committed
559 560 561
      if (!valid_input_data($value)) {
        return 0;
      }
562 563 564 565 566 567 568
    }
  }
  else {
    /*
    ** Detect evil input data.
    */

Dries's avatar
Dries committed
569
    // check strings:
Dries's avatar
Dries committed
570
    $match  = preg_match("/\Wjavascript\s*:/i", $data);
Dries's avatar
Dries committed
571 572 573
    $match += preg_match("/\Wexpression\s*\(/i", $data);
    $match += preg_match("/\Walert\s*\(/i", $data);

574
    // check attributes:
Dries's avatar
Dries committed
575
    $match += preg_match("/\W(dynsrc|datasrc|data|lowsrc|on[a-z]+)\s*=[^>]+?>/i", $data);
Dries's avatar
 
Dries committed
576

577 578

    // check tags:
Dries's avatar
 
Dries committed
579
    $match += preg_match("/<\s*(applet|script|object|style|embed|form|blink|meta|html|frame|iframe|layer|ilayer|head|frameset|xml)/i", $data);
580 581 582

    if ($match) {
      watchdog("warning", "terminated request because of suspicious input data: ". drupal_specialchars($data));
Dries's avatar
 
Dries committed
583
      return 0;
584 585
    }
  }
Dries's avatar
 
Dries committed
586 587

  return 1;
588
}
Dries's avatar
 
Dries committed
589

590
function check_url($uri) {
Dries's avatar
 
Dries committed
591 592 593 594 595 596 597 598 599 600 601 602
  $uri = htmlspecialchars($uri, ENT_QUOTES);

  /*
  ** We replace ( and ) with their entity equivalents to prevent XSS
  ** attacks.
  */

  $uri = strtr($uri, array("(" => "&040;", ")" => "&041;"));

  return $uri;
}

Dries's avatar
 
Dries committed
603
function check_form($text) {
Dries's avatar
 
Dries committed
604
  return drupal_specialchars($text, ENT_QUOTES);
Dries's avatar
 
Dries committed
605 606
}

Dries's avatar
 
Dries committed
607
function check_query($text) {
Dries's avatar
 
Dries committed
608
  return addslashes($text);
Dries's avatar
 
Dries committed
609 610 611
}

function filter($text) {
Dries's avatar
 
Dries committed
612

Dries's avatar
 
Dries committed
613 614 615 616 617 618 619 620 621 622 623 624 625
  $modules = module_list();

  /*
  ** Make sure the HTML filters that are part of the node module
  ** are run first.
  */

  if (in_array("node", $modules)) {
    $text = module_invoke("node", "filter", $text);
  }

  foreach ($modules as $name) {
    if (module_hook($name, "filter") && $name != "node") {
Dries's avatar
 
Dries committed
626 627 628 629 630
      $text = module_invoke($name, "filter", $text);
    }
  }

  return $text;
Dries's avatar
 
Dries committed
631 632
}

Dries's avatar
 
Dries committed
633 634
function rewrite_old_urls($text) {

Dries's avatar
 
Dries committed
635 636 637 638
  global $base_url;

  $end = substr($base_url, 12);

Dries's avatar
 
Dries committed
639 640 641
  /*
  ** This is a *temporary* filter to rewrite old-style URLs to new-style
  ** URLs (clean URLs).  Currently, URLs are being rewritten dynamically
Dries's avatar
 
Dries committed
642 643
  ** (ie. "on output"), however when these rewrite rules have been tested
  ** enough, we will use them to permanently rewrite the links in node
Dries's avatar
 
Dries committed
644 645 646
  ** and comment bodies.
  */

Dries's avatar
 
Dries committed
647
  if (variable_get("clean_url", "0") == "0") {
Dries's avatar
 
Dries committed
648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663
    /*
    ** Relative URLs:
    */

    // rewrite 'node.php?id=<number>[&cid=<number>]' style URLs:
    $text = eregi_replace("\"(node)\.php\?id=([[:digit:]]+)(&cid=)?([[:digit:]]*)", "\"?q=\\1/view/\\2/\\4", $text);

    // rewrite 'module.php?mod=<name>{&<op>=<value>}' style URLs:
    $text = ereg_replace("\"module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "\"?q=\\2/\\4/\\6" , $text);
    $text = ereg_replace("\"module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "\"?q=\\2/\\4", $text);
    $text = ereg_replace("\"module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))", "\"?q=\\2", $text);

    /*
    ** Absolute URLs:
    */

Dries's avatar
 
Dries committed
664
    // rewrite 'node.php?id=<number>[&cid=<number>]' style URLs:
Dries's avatar
 
Dries committed
665
    $text = eregi_replace("$end/(node)\.php\?id=([[:digit:]]+)(&cid=)?([[:digit:]]*)", "$end/?q=\\1/view/\\2/\\4", $text);
Dries's avatar
 
Dries committed
666

Dries's avatar
 
Dries committed
667
    // rewrite 'module.php?mod=<name>{&<op>=<value>}' style URLs:
Dries's avatar
 
Dries committed
668 669 670
    $text = ereg_replace("$end/module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "$end/?q=\\2/\\4/\\6" , $text);
    $text = ereg_replace("$end/module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "$end/?q=\\2/\\4", $text);
    $text = ereg_replace("$end/module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))", "\"$end/?q=\\2", $text);
Dries's avatar
 
Dries committed
671 672
  }
  else {
Dries's avatar
 
Dries committed
673 674 675 676
    /*
    ** Relative URLs:
    */

Dries's avatar
 
Dries committed
677
    // rewrite 'node.php?id=<number>[&cid=<number>]' style URLs:
Dries's avatar
 
Dries committed
678
    $text = eregi_replace("\"(node)\.php\?id=([[:digit:]]+)(&cid=)?([[:digit:]]*)", "\"\\1/view/\\2/\\4", $text);
Dries's avatar
 
Dries committed
679 680

    // rewrite 'module.php?mod=<name>{&<op>=<value>}' style URLs:
Dries's avatar
 
Dries committed
681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696
    $text = ereg_replace("\"module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "\"\\2/\\4/\\6", $text);
    $text = ereg_replace("\"module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "\"\\2/\\4", $text);
    $text = ereg_replace("\"module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))", "\"\\2", $text);

    /*
    ** Absolute URLs:
    */

    // rewrite 'node.php?id=<number>[&cid=<number>]' style URLs:
    $text = eregi_replace("$end/(node)\.php\?id=([[:digit:]]+)(&cid=)?([[:digit:]]*)", "$end/\\1/view/\\2/\\4", $text);

    // rewrite 'module.php?mod=<name>{&<op>=<value>}' style URLs:
    $text = ereg_replace("$end/module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "$end/\\2/\\4/\\6", $text);
    $text = ereg_replace("$end/module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "$end/\\2/\\4", $text);
    $text = ereg_replace("$end/module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))", "$end/\\2", $text);
}
Dries's avatar
 
Dries committed
697

Dries's avatar
 
Dries committed
698 699 700
  return $text;
}

Dries's avatar
 
Dries committed
701
function check_output($text) {
Dries's avatar
 
Dries committed
702
  if (isset($text)) {
Dries's avatar
 
Dries committed
703 704 705 706
    // filter content on output:
    $text = filter($text);

    // get the line breaks right:
Dries's avatar
 
Dries committed
707
    if (strip_tags($text, "<a><i><b><u><tt><code><cite><strong><img>") == $text) {
Dries's avatar
 
Dries committed
708 709 710 711 712 713 714 715
      $text = nl2br($text);
    }
  }
  else {
    $text = message_na();
  }

  return $text;
Dries's avatar
 
Dries committed
716 717
}

718 719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734
/**
* Checks if a file is valid and correct.
*
* @param $name the name of the form_file item
* @param $type restrict to mime types
* @param $size restrict file size
* @param $paranoid flag to make sure file belongs to the current user
*
* @returns mixed file object, or error object, or false if there is no file
*/
function check_file($name, $type = "/.+/", $size = 0) {
  // Make sure we don't have a file stored temporarily
  if ($_POST["edit"]["__file"][$name]) {
    $file = drupal_file_load($_POST["edit"]["__file"][$name]);
    if (!$file->temporary) {
      unset($file);
    }
Dries's avatar
 
Dries committed
735
  }
736 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751 752 753 754 755 756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 772 773

  // make sure $name exists in $_FILES
  if ($_FILES["edit"]["name"][$name]) {

    // populate $file object to make further testing simpler
    $file->filename = $_FILES["edit"]["name"][$name];
    $file->type = $_FILES["edit"]["type"][$name];
    $file->tmp_name = $_FILES["edit"]["tmp_name"][$name];
    $file->error = $_FILES["edit"]["error"][$name];
    $file->size = $_FILES["edit"]["size"][$name];

    if (!valid_input_data($file)) {
      $return->error = t("possible exploit abuse");
    }

    // make sure the file is a valid upload
    if (!is_uploaded_file($file->tmp_name) || $file->error == UPLOAD_ERR_PARTIAL || $file->error == UPLOAD_ERR_NO_FILE) {
      $return->error = t("invalid file upload");
    }

    // validate the file type uploaded
    if (!preg_match($type, $file->filename)) {
      $return->error = t("invalid file type");
    }

    // check the file size to make sure the file isn't too big
    if (($size && $file->size > $size) || $file->error == UPLOAD_ERR_INI_SIZE || $file->error == UPLOAD_ERR_FORM_SIZE) {
      $return->error = t("file size too big");
    }

    if (!$return->error) {
      $file->temporary = 1;
      $file->fid = drupal_file_save($file);
    }
  }

  if ($return->error) {
    return $return;
Dries's avatar
 
Dries committed
774
  }
775 776

  return $file ? $file : false;
Dries's avatar
 
Dries committed
777 778
}

Dries's avatar
 
Dries committed
779 780 781
function format_rss_channel($title, $link, $description, $items, $language = "en", $args = array()) {
  // arbitrary elements may be added using the $args associative array

Dries's avatar
 
Dries committed
782
  $output .= "<channel>\n";
Dries's avatar
 
Dries committed
783 784 785 786
  $output .= " <title>". drupal_specialchars(strip_tags($title)) ."</title>\n";
  $output .= " <link>". drupal_specialchars(strip_tags($link)) ."</link>\n";
  $output .= " <description>". drupal_specialchars($description) ."</description>\n";
  $output .= " <language>". drupal_specialchars(strip_tags($language)) ."</language>\n";
Dries's avatar
 
Dries committed
787
  foreach ($args as $key => $value) {
Dries's avatar
 
Dries committed
788
    $output .= " <$key>". drupal_specialchars(strip_tags($value)) ."</$key>\n";
Dries's avatar
 
Dries committed
789
  }
Dries's avatar
 
Dries committed
790 791 792 793 794 795
  $output .= $items;
  $output .= "</channel>\n";

  return $output;
}

Dries's avatar
 
Dries committed
796 797 798
function format_rss_item($title, $link, $description, $args = array()) {
  // arbitrary elements may be added using the $args associative array

Dries's avatar
 
Dries committed
799
  $output .= "<item>\n";
Dries's avatar
 
Dries committed
800 801 802
  $output .= " <title>". drupal_specialchars(strip_tags($title)) ."</title>\n";
  $output .= " <link>". drupal_specialchars(strip_tags($link)) ."</link>\n";
  $output .= " <description>". drupal_specialchars(check_output($description)) ."</description>\n";
Dries's avatar
 
Dries committed
803
  foreach ($args as $key => $value) {
Dries's avatar
 
Dries committed
804
    $output .= "<$key>". drupal_specialchars(strip_tags($value)) ."</$key>";
Dries's avatar
 
Dries committed
805
  }
Dries's avatar
 
Dries committed
806 807 808 809 810
  $output .= "</item>\n";

  return $output;
}

Dries's avatar
 
Dries committed
811 812 813 814 815 816 817 818 819 820 821 822 823 824
/**
 * Formats a string with a count of items so that the string is pluralized
 * correctly.
 * format_plural calls t() by itself, make sure not to pass already localized
 * strings to it.
 *
 * @param $count    The item count to display.
 * @param $singular The string for the singular case. Please make sure it's clear
 *                  this is singular, to ease translation. ("1 new comment" instead of
 *                  "1 new").
 * @param $plural   The string for the plrual case. Please make sure it's clear
 *                  this is plural, to ease translation. Use %count in places of the
 *                  item count, as in "%count new comments".
 */
Dries's avatar
 
Dries committed
825
function format_plural($count, $singular, $plural) {
Dries's avatar
 
Dries committed
826
  return t($count == 1 ? $singular : $plural, array("%count" => $count));
Dries's avatar
 
Dries committed
827 828 829
}

function format_size($size) {
Dries's avatar
 
Dries committed
830
  $suffix = t("bytes");
Dries's avatar
 
Dries committed
831 832
  if ($size > 1024) {
    $size = round($size / 1024, 2);
Dries's avatar
 
Dries committed
833
    $suffix = t("KB");
Dries's avatar
 
Dries committed
834 835 836
  }
  if ($size > 1024) {
    $size = round($size / 1024, 2);
Dries's avatar
 
Dries committed
837
    $suffix = t("MB");
Dries's avatar
 
Dries committed
838
  }
Dries's avatar
 
Dries committed
839
  return t("%size %suffix", array("%size" => $size, "%suffix" => $suffix));
Dries's avatar
 
Dries committed
840 841
}

Dries's avatar
 
Dries committed
842
function cache_get($key) {
Dries's avatar
 
Dries committed
843
  $cache = db_fetch_object(db_query("SELECT data, created FROM {cache} WHERE cid = '%s'", $key));
Dries's avatar
 
Dries committed
844
  return $cache->data ? $cache : 0;
Dries's avatar
 
Dries committed
845 846 847
}

function cache_set($cid, $data, $expire = 0) {
Dries's avatar
 
Dries committed
848 849
  if (db_fetch_object(db_query("SELECT cid FROM {cache} WHERE cid = '%s'", $cid))) {
    db_query("UPDATE {cache} SET data = '%s', created = %d, expire = %d WHERE cid = '%s'", $data, time(), $expire, $cid);
Dries's avatar
 
Dries committed
850 851
  }
  else {
Dries's avatar
 
Dries committed
852
    db_query("INSERT INTO {cache} (cid, data, created, expire) VALUES('%s', '%s', %d, %d)", $cid, $data, time(), $expire);
Dries's avatar
 
Dries committed
853
  }
Dries's avatar
 
Dries committed
854 855
}

Dries's avatar
 
Dries committed
856 857
function cache_clear_all($cid = NULL) {
  if (empty($cid)) {
Dries's avatar
 
Dries committed
858
    db_query("DELETE FROM {cache} WHERE expire <> 0");
Dries's avatar
 
Dries committed
859 860
  }
  else {
Dries's avatar
 
Dries committed
861
    db_query("DELETE FROM {cache} WHERE cid = '%s'", $cid);
Dries's avatar
 
Dries committed
862
  }
Dries's avatar
 
Dries committed
863 864 865
}

function page_set_cache() {
Dries's avatar
 
Dries committed
866
  global $user;
Dries's avatar
 
Dries committed
867

Dries's avatar
 
Dries committed
868
  if (!$user->uid && $_SERVER["REQUEST_METHOD"] == "GET") {
Dries's avatar
 
Dries committed
869
    if ($data = ob_get_contents()) {
Dries's avatar
 
Dries committed
870
      cache_set(request_uri(), $data, 1);
Dries's avatar
 
Dries committed
871 872 873 874
    }
  }
}

Dries's avatar
 
Dries committed
875
function page_get_cache() {
Dries's avatar
 
Dries committed
876
  global $user;
Dries's avatar
 
Dries committed
877

Dries's avatar
 
Dries committed
878 879
  $cache = NULL;

Dries's avatar
 
Dries committed
880
  if (!$user->uid && $_SERVER["REQUEST_METHOD"] == "GET") {
Dries's avatar
 
Dries committed
881 882 883
    $cache = cache_get(request_uri());

    if (empty($cache)) {
Dries's avatar
 
Dries committed
884
      ob_start();
Dries's avatar
 
Dries committed
885 886
    }
  }
Dries's avatar
 
Dries committed
887

Dries's avatar
 
Dries committed
888
  return $cache;
Dries's avatar
 
Dries committed
889 890 891
}

function format_interval($timestamp) {
Dries's avatar
 
Dries committed
892
  $units = array("1 year|%count years" => 31536000, "1 week|%count weeks" => 604800, "1 day|%count days" => 86400, "1 hour|%count hours" => 3600, "1 min|%count min" => 60, "1 sec|%count sec" => 1);
Kjartan's avatar
Kjartan committed
893
  foreach ($units as $key=>$value) {
Dries's avatar
 
Dries committed
894 895 896 897 898 899
    $key = explode("|", $key);
    if ($timestamp >= $value) {
      $output .= ($output ? " " : "") . format_plural(floor($timestamp / $value), $key[0], $key[1]);
      $timestamp %= $value;
    }
  }
Dries's avatar
 
Dries committed
900
  return ($output) ? $output : t("0 sec");
Dries's avatar
 
Dries committed
901 902 903 904 905
}

function format_date($timestamp, $type = "medium", $format = "") {
  global $user;

Kjartan's avatar
Kjartan committed
906
  $timestamp += ($user->timezone) ? $user->timezone - date("Z") : 0;
Dries's avatar
 
Dries committed
907 908 909

  switch ($type) {
    case "small":
Dries's avatar
 
Dries committed
910
      $date = date(variable_get("date_format_short", "m/d/Y - H:i"), $timestamp);
Dries's avatar
 
Dries committed
911 912
      break;
    case "medium":
913
      $date = date(variable_get("date_format_medium", "D, m/d/Y - H:i"), $timestamp);
Dries's avatar
 
Dries committed
914 915
      break;
    case "large":
916
      $date = date(variable_get("date_format_long", "l, F j, Y - H:i"), $timestamp);
Dries's avatar
 
Dries committed
917 918 919 920
      break;
    case "custom":
      for ($i = strlen($format); $i >= 0; $c = $format[--$i]) {
        if (strstr("DFlMSw", $c)) {
921
          $date = t(date($c, $timestamp)) . $date;
Dries's avatar
 
Dries committed
922
        }
Kjartan's avatar
Kjartan committed
923
        else if (strstr("AaBdgGhHiIjLmnOrstTUWYyZz", $c)) {
924
          $date = date($c, $timestamp) . $date;
Dries's avatar
 
Dries committed
925 926
        }
        else {
Kjartan's avatar
Kjartan committed
927
          $date = $c.$date;
Dries's avatar
 
Dries committed
928 929 930 931
        }
      }
      break;
    default:
932
      $date = date(variable_get("date_format_medium", "l, m/d/Y - H:i"), $timestamp);
Dries's avatar
 
Dries committed
933 934 935 936 937 938 939
  }
  return $date;
}

function format_name($object) {

  if ($object->uid && $object->name) {
Dries's avatar
Dries committed
940 941 942 943 944 945 946 947 948 949 950 951
    /*
    ** Shorten the name when it is too long or it will break many
    ** tables.
    */

    if (strlen($object->name) > 20) {
      $name = substr($object->name, 0, 15) ."...";
    }
    else {
      $name = $object->name;
    }

Dries's avatar
 
Dries committed
952
    if (arg(0) == "admin") {
Dries's avatar
Dries committed
953
      $output = l($name, "admin/user/edit/$object->uid", array("title" => t("Administer user profile.")));
Dries's avatar
 
Dries committed
954 955
    }
    else {
Dries's avatar
Dries committed
956
      $output = l($name, "user/view/$object->uid", array("title" => t("View user profile.")));
Dries's avatar
 
Dries committed
957
    }
Dries's avatar
 
Dries committed
958
  }
Dries's avatar
 
Dries committed
959 960 961 962 963 964 965 966 967 968
  else if ($object->name) {
    /*
    ** Sometimes modules display content composed by people who are
    ** not registers members of the site (i.e. mailing list or news
    ** aggregator modules).  This clause enables modules to display
    ** the true author of the content.
    */

    $output = $object->name;
  }
Dries's avatar
 
Dries committed
969
  else {
Dries's avatar
 
Dries committed
970
    $output = t(variable_get("anonymous", "Anonymous"));
Dries's avatar
 
Dries committed
971 972
  }

Dries's avatar
 
Dries committed
973
  return $output;
Dries's avatar
 
Dries committed
974 975 976
}

function form($form, $method = "post", $action = 0, $options = 0) {
Dries's avatar
 
Dries committed
977 978

  if (!$action) {
979
    $action = request_uri();
Dries's avatar
 
Dries committed
980
  }
981
  return "<form action=\"$action\" method=\"$method\"". drupal_attributes($options) .">\n$form\n</form>\n";
Dries's avatar
 
Dries committed
982 983 984
}

function form_item($title, $value, $description = 0) {
Dries's avatar
 
Dries committed
985
  return "<div class=\"form-item\">". ($title ? "<div class=\"title\">$title:</div>" : "") . $value . ($description ? "<div class=\"description\">$description</div>" : "") ."</div>\n";
Dries's avatar
 
Dries committed
986 987
}

988 989
function form_radio($title, $name, $value = 1, $checked = 0, $description = 0, $attributes = 0) {
  return form_item(0, "<input type=\"radio\" class=\"form-radio\" name=\"edit[$name]\" value=\"". $value ."\"". ($checked ? " checked=\"checked\"" : "") . drupal_attributes($attributes) ." /> $title", $description);
Dries's avatar
 
Dries committed
990 991
}

992 993
function form_checkbox($title, $name, $value = 1, $checked = 0, $description = 0, $attributes = 0) {
  return form_hidden($name, 0) . form_item(0, "<input type=\"checkbox\" class=\"form-checkbox\" name=\"edit[$name]\" value=\"". $value ."\"". ($checked ? " checked=\"checked\"" : "") . drupal_attributes($attributes) ." /> $title", $description);
Dries's avatar
 
Dries committed
994 995
}

996
function form_textfield($title, $name, $value, $size, $maxlength, $description = 0, $attributes = 0) {
Dries's avatar
 
Dries committed
997
  $size = $size ? " size=\"$size\"" : "";
998
  return form_item($title, "<input type=\"text\" maxlength=\"$maxlength\" class=\"form-text\" name=\"edit[$name]\"$size value=\"". check_form($value) ."\"". drupal_attributes($attributes) ." />", $description);
Dries's avatar
 
Dries committed
999 1000
}

1001
function form_password($title, $name, $value, $size, $maxlength, $description = 0, $attributes = 0) {
Dries's avatar
 
Dries committed
1002
  $size = $size ? " size=\"$size\"" : "";
1003
  return form_item($title, "<input type=\"password\" class=\"form-password\" maxlength=\"$maxlength\" name=\"edit[$name]\"$size value=\"". check_form($value) ."\"". drupal_attributes($attributes) ." />", $description);
Dries's avatar
 
Dries committed
1004 1005
}

1006
function form_textarea($title, $name, $value, $cols, $rows, $description = 0, $attributes = 0) {
Dries's avatar
 
Dries committed
1007
  $cols = $cols ? " cols=\"$cols\"" : "";
Dries's avatar
 
Dries committed
1008
  module_invoke_all("textarea", $name);  // eg. optionally plug in a WYSIWYG editor
1009
  return form_item($title, "<textarea wrap=\"virtual\"$cols rows=\"$rows\" name=\"edit[$name]\" id=\"edit[$name]\"". drupal_attributes($attributes) .">". check_form($value) ."</textarea>", $description);
Dries's avatar
 
Dries committed
1010 1011
}

Dries's avatar
 
Dries committed
1012
function form_select($title, $name, $value, $options, $description = 0, $extra = 0, $multiple = 0) {
Dries's avatar
 
Dries committed
1013
  if (count($options) > 0) {
Kjartan's avatar
Kjartan committed
1014
    foreach ($options as $key=>$choice) {
1015
      $select .= "<option value=\"$key\"". (is_array($value) ? (in_array($key, $value) ? " selected=\"selected\"" : "") : ($value == $key ? " selected=\"selected\"" : "")) .">". check_form($choice) ."</option>";
Dries's avatar
 
Dries committed
1016
    }
Kjartan's avatar
Kjartan committed
1017
    return form_item($title, "<select name=\"edit[$name]". ($multiple ? "[]" : "") ."\"". ($multiple ? " multiple " : "") . ($extra ? " $extra" : "") .">$select</select>", $description);
Dries's avatar
 
Dries committed
1018 1019 1020
  }
}

Dries's avatar
 
Dries committed
1021 1022 1023 1024 1025 1026 1027 1028 1029
function form_radios($title, $name, $value, $options, $description = 0) {
  if (count($options) > 0) {
    foreach ($options as $key=>$choice) {
      $output .= form_radio($choice, $name, $key, ($key == $value));
    }
    return form_item($title, $output, $description);
  }
}

1030 1031 1032 1033 1034
function form_file($title, $name, $size, $description = 0, $fid = 0) {
  if ($fid) { // Include file upload in case of preview
    $extra = form_hidden("__file][$name", $fid);
  }
  return $extra . form_item($title, "<input type=\"file\" class=\"form-file\" name=\"edit[$name]\" size=\"$size\" />\n", $description);
Dries's avatar
 
Dries committed
1035 1036 1037 1038 1039 1040
}

function form_hidden($name, $value) {
  return "<input type=\"hidden\" name=\"edit[$name]\" value=\"". check_form($value) ."\" />\n";
}

1041
function form_submit($value, $name = "op", $attributes = 0) {
Dries's avatar
 
Dries committed
1042
  return "<input type=\"submit\" class=\"form-submit\" name=\"$name\" value=\"". check_form($value) ."\" />\n";
Dries's avatar
 
Dries committed
1043 1044
}

Dries's avatar
 
Dries committed
1045
function form_weight($title = NULL, $name = "weight", $value = 0, $delta = 10, $description = 0, $extra = 0) {
Dries's avatar
 
Dries committed
1046
  for ($n = (-1 * $delta); $n <= $delta; $n++) {
Dries's avatar
 
Dries committed
1047 1048 1049 1050 1051 1052
    $weights[$n] = $n;
  }

  return form_select($title, $name, $value, $weights, $description, $extra);
}

Dries's avatar
 
Dries committed
1053 1054 1055 1056
function form_allowed_tags_text() {
  return variable_get("allowed_html", "") ? (t("Allowed HTML tags") .": ". htmlspecialchars(variable_get("allowed_html", ""))) : "";
}

Dries's avatar
 
Dries committed
1057
function url($url = NULL, $query = NULL) {
Dries's avatar
 
Dries committed
1058
  global $base_url;
Dries's avatar
 
Dries committed
1059

Dries's avatar
 
Dries committed
1060 1061 1062 1063 1064 1065 1066 1067 1068 1069 1070
  static $script;

  if (empty($script)) {
    /*
    ** On some webservers such as IIS we can't omit "index.php".  As such we
    ** generate "index.php?q=foo" instead of "?q=foo" on anything that is not
    ** Apache.
    */
    $script = (strpos($_SERVER["SERVER_SOFTWARE"], "Apache") === false) ? "index.php" : "";
  }

Dries's avatar
 
Dries committed
1071
  if (variable_get("clean_url", "0") == "0") {
Dries's avatar
 
Dries committed
1072 1073
    if (isset($url)) {
      if (isset($query)) {
Dries's avatar
 
Dries committed
1074
        return "$base_url/$script?q=$url&amp;$query";
Dries's avatar
 
Dries committed
1075 1076
      }
      else {
Dries's avatar
 
Dries committed
1077
        return "$base_url/$script?q=$url";
Dries's avatar
 
Dries committed
1078
      }
Dries's avatar
 
Dries committed
1079 1080
    }
    else {
Dries's avatar
 
Dries committed
1081
      if (isset($query)) {
Dries's avatar
 
Dries committed
1082
        return "$base_url/$script?$query";
Dries's avatar
 
Dries committed
1083 1084
      }
      else {
Dries's avatar
 
Dries committed
1085
        return "$base_url/";
Dries's avatar
 
Dries committed
1086
      }
Dries's avatar
 
Dries committed
1087 1088 1089
    }
  }
  else {
Dries's avatar
 
Dries committed
1090 1091
    if (isset($url)) {
      if (isset($query)) {
Dries's avatar
 
Dries committed
1092
        return "$base_url/$url?$query";
Dries's avatar
 
Dries committed
1093 1094
      }
      else {
Dries's avatar
 
Dries committed
1095
        return "$base_url/$url";
Dries's avatar
 
Dries committed
1096
      }
Dries's avatar
 
Dries committed
1097
    }
Dries's avatar
 
Dries committed
1098
    else {
Dries's avatar
 
Dries committed
1099
      if (isset($query)) {
Dries's avatar
 
Dries committed
1100
        return "$base_url/$script?$query";
Dries's avatar
 
Dries committed
1101 1102
      }
      else {
Dries's avatar
 
Dries committed
1103
        return "$base_url/";
Dries's avatar
 
Dries committed
1104
      }
Dries's avatar
 
Dries committed
1105
    }
Dries's avatar
 
Dries committed
1106
  }
Dries's avatar
 
Dries committed
1107 1108
}

1109 1110 1111 1112 1113 1114 1115
function drupal_attributes($attributes = 0) {
  if (is_array($attributes)) {
    $t = array();
    foreach ($attributes as $key => $value) {
      $t[] = "$key=\"$value\"";
    }
    return " ". implode($t, " ");
Dries's avatar
 
Dries committed
1116
  }
1117
}
Dries's avatar
 
Dries committed
1118

1119 1120
function l($text, $url, $attributes = array(), $query = NULL) {
  return "<a href=\"". url($url, $query) ."\"". drupal_attributes($attributes) .">$text</a>";
Dries's avatar
 
Dries committed
1121 1122
}

Dries's avatar
 
Dries committed
1123
function field_get($string, $name) {
1124
  ereg(",?$name=([^,]+)", ", $string", $regs);
Dries's avatar
 
Dries committed
1125 1126 1127 1128 1129
  return $regs[1];
}

function field_set($string, $name, $value) {
  $rval = ereg_replace(",$name=[^,]+", "", ",$string");
Dries's avatar
 
Dries committed
1130
  if (isset($value)) {
Kjartan's avatar
Kjartan committed
1131 1132
    $rval .= ($rval == "," ? "" : ",") ."$name=$value";
  }
Dries's avatar
 
Dries committed
1133 1134 1135 1136
  return substr($rval, 1);
}

function link_page() {
1137
  global $custom_links;
Dries's avatar
 
Dries committed
1138

1139
  if (is_array($custom_links)) {
1140 1141 1142
    return $custom_links;
  }
  else {
Dries's avatar
 
Dries committed
1143
    $links = module_invoke_all("link", "page");
1144
    array_unshift($links, l(t("home"), "", array("title" => t("Return to the main page."))));
1145
    return $links;
Dries's avatar
 
Dries committed
1146
  }
Dries's avatar
 
Dries committed
1147
}
Dries's avatar
 
Dries committed
1148 1149

function link_node($node, $main = 0) {
Dries's avatar
 
Dries committed
1150
  return module_invoke_all("link", "node", $node, $main);
Dries's avatar
 
Dries committed
1151 1152 1153 1154
}

function timer_start() {
  global $timer;
Dries's avatar
 
Dries committed
1155 1156
  list($usec, $sec) = explode(" ", microtime());
  $timer = (float)$usec + (float)$sec;
Dries's avatar
 
Dries committed
1157 1158
}

Dries's avatar
 
Dries committed
1159
function drupal_page_header() {
1160

Dries's avatar
 
Dries committed
1161 1162 1163 1164 1165
  if (variable_get("dev_timer", 0)) {
    timer_start();
  }

  if (variable_get("cache", 0)) {
Dries's avatar
 
Dries committed
1166
    if ($cache = page_get_cache()) {
Dries's avatar
 
Dries committed
1167 1168

      // Set default values:
Dries's avatar
 
Dries committed
1169
      $date = gmdate("D, d M Y H:i:s", $cache->created) ." GMT";
Dries's avatar
 
Dries committed
1170 1171 1172
      $etag = '"'. md5($date) .'"';

      // Check http headers:
1173
      $modified_since = isset($_SERVER["HTTP_IF_MODIFIED_SINCE"]) ? $_SERVER["HTTP_IF_MODIFIED_SINCE"] == $date : NULL;
1174
      $none_match = isset($_SERVER["HTTP_IF_NONE_MATCH"]) ? $_SERVER["HTTP_IF_NONE_MATCH"] == $etag : NULL;
Dries's avatar
 
Dries committed
1175

1176 1177
      // The type checking here is very important, be careful when changing entries.
      if (($modified_since !== NULL || $none_match !== NULL) && $modified_since !== false && $none_match !== false) {
Dries's avatar
 
Dries committed
1178 1179
        header("HTTP/1.0 304 Not Modified");
        exit();
Dries's avatar
 
Dries committed
1180
      }
Dries's avatar
 
Dries committed
1181

1182 1183 1184
      // Send appropriate response:
      header("Last-Modified: $date");
      header("ETag: $etag");
Dries's avatar
 
Dries committed
1185
      print $cache->data;
Dries's avatar
 
Dries committed
1186 1187 1188 1189 1190 1191 1192 1193

      /*
      ** A hook for modules where modules may take action at the end of a
      ** request good uses include setting a cache, page logging, etc.
      */

      module_invoke_all("exit");

Dries's avatar
 
Dries committed
1194 1195 1196
      exit();
    }
  }
Dries's avatar
 
Dries committed
1197 1198 1199 1200 1201 1202 1203 1204

  /*
  ** Putting the check here avoids SQL query overhead in case we are
  ** serving cached pages.  The downside, however, is that the init
  ** hooks might use unchecked data.
  */

  if (!user_access("bypass input data check")) {
Dries's avatar
 
Dries committed
1205 1206 1207
    if (!valid_input_data($_REQUEST)) {
      die("terminated request because of suspicious input data");
    }
Dries's avatar
 
Dries committed
1208
  }
Dries's avatar
 
Dries committed
1209 1210
}

Dries's avatar
 
Dries committed
1211
function drupal_page_footer() {
Dries's avatar
 
Dries committed
1212
  if (variable_get("cache", 0)) {
Dries's avatar
 
Dries committed
1213
    page_set_cache();
Dries's avatar
 
Dries committed
1214
  }
Dries's avatar
 
Dries committed
1215

Dries's avatar
 
Dries committed
1216 1217 1218 1219 1220
  /*
  ** A hook for modules where modules may take action at the end of a
  ** request good uses include setting a cache, page logging, etc.
  */

Dries's avatar
 
Dries committed
1221
  module_invoke_all("exit");
Dries's avatar
 
Dries committed
1222 1223 1224
}

unset($conf);
Dries's avatar
 
Dries committed
1225

1226 1227
$config = conf_init();

Dries's avatar
 
Dries committed
1228 1229 1230 1231
include_once "includes/$config.php";
include_once "includes/database.inc";
include_once "includes/module.inc";
include_once "includes/theme.inc";
Dries's avatar
 
Dries committed
1232
include_once "includes/pager.inc";
Dries's avatar
 
Dries committed
1233
include_once "includes/menu.inc";
Dries's avatar
 
Dries committed
1234