common.inc 59.6 KB
Newer Older
Dries's avatar
Dries committed
1
<?php
2
// $Id$
Dries's avatar
Dries committed
3

4 5 6 7 8 9 10 11
/**
 * @file
 * Common functions that many Drupal modules will need to reference.
 *
 * The functions that are critical and need to be available even when serving
 * a cached page are instead located in bootstrap.inc.
 */

12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
/**
 * Return status for saving which involved creating a new item.
 */
define('SAVED_NEW', 1);

/**
 * Return status for saving which involved an update to an existing item.
 */
define('SAVED_UPDATED', 2);

/**
 * Return status for saving which deleted an existing item.
 */
define('SAVED_DELETED', 3);

27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70
/**
 * Set content for a specified region.
 *
 * @param $region
 *   Page region the content is assigned to.
 *
 * @param $data
 *   Content to be set.
 */
function drupal_set_content($region = null, $data = null) {
  static $content = array();

  if (!is_null($region) && !is_null($data)) {
    $content[$region][] = $data;
  }
  return $content;
}

/**
 * Get assigned content.
 *
 * @param $region
 *   A specified region to fetch content for.  If null, all regions will be returned.
 *
 * @param $delimiter
 *   Content to be inserted between exploded array elements.
 */
function drupal_get_content($region = null, $delimiter = ' ') {
  $content = drupal_set_content();
  if (isset($region)) {
    if (is_array($content[$region])) {
      return implode ($delimiter, $content[$region]);
    }
  }
  else {
    foreach (array_keys($content) as $region) {
      if (is_array($content[$region])) {
        $content[$region] = implode ($delimiter, $content[$region]);
      }
    }
    return $content;
  }
}

71
/**
72
 * Set the breadcrumb trail for the current page.
73
 *
74 75 76
 * @param $breadcrumb
 *   Array of links, starting with "home" and proceeding up to but not including
 *   the current page.
77
 */
78 79 80 81 82 83 84 85 86
function drupal_set_breadcrumb($breadcrumb = NULL) {
  static $stored_breadcrumb;

  if (isset($breadcrumb)) {
    $stored_breadcrumb = $breadcrumb;
  }
  return $stored_breadcrumb;
}

87 88 89
/**
 * Get the breadcrumb trail for the current page.
 */
90 91 92 93 94 95 96 97 98 99
function drupal_get_breadcrumb() {
  $breadcrumb = drupal_set_breadcrumb();

  if (!isset($breadcrumb)) {
    $breadcrumb = menu_get_active_breadcrumb();
  }

  return $breadcrumb;
}

Dries's avatar
Dries committed
100
/**
101
 * Add output to the head tag of the HTML page.
102
 * This function can be called as long the headers aren't sent.
Dries's avatar
Dries committed
103 104
 */
function drupal_set_html_head($data = NULL) {
105
  static $stored_head = '';
Dries's avatar
Dries committed
106 107

  if (!is_null($data)) {
108
    $stored_head .= $data ."\n";
Dries's avatar
Dries committed
109 110 111 112
  }
  return $stored_head;
}

113 114 115
/**
 * Retrieve output to be displayed in the head tag of the HTML page.
 */
Dries's avatar
Dries committed
116 117 118
function drupal_get_html_head() {
  global $base_url;

119
  $output = "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />\n";
Dries's avatar
Dries committed
120
  $output .= "<base href=\"$base_url/\" />\n";
121
  $output .= theme('stylesheet_import', 'misc/drupal.css');
Dries's avatar
Dries committed
122 123 124 125

  return $output . drupal_set_html_head();
}

126
/**
127
 * Reset the static variable which holds the aliases mapped for this request.
128
 */
129 130
function drupal_clear_path_cache() {
  drupal_lookup_path('wipe');
131
}
132

133
/**
134
 * Given a path alias, return the internal path it represents.
135 136
 */
function drupal_get_normal_path($path) {
137 138 139
  //drupal_get_path_alias($path);
  if ($src = drupal_lookup_path('alias', $path)) {
    return $src;
140
  }
141
  elseif (function_exists('conf_url_rewrite')) {
142 143 144 145 146 147
    return conf_url_rewrite($path, 'incoming');
  }
  else {
    return $path;
  }
}
148

Dries's avatar
Dries committed
149
/**
150
 * Set an HTTP response header for the current page.
Dries's avatar
Dries committed
151 152
 */
function drupal_set_header($header = NULL) {
153
  // We use an array to guarantee there are no leading or trailing delimiters.
154
  // Otherwise, header('') could get called when serving the page later, which
155 156
  // ends HTTP headers prematurely on some PHP versions.
  static $stored_headers = array();
Dries's avatar
Dries committed
157

158
  if (strlen($header)) {
Dries's avatar
Dries committed
159
    header($header);
160
    $stored_headers[] = $header;
Dries's avatar
Dries committed
161
  }
162
  return implode("\n", $stored_headers);
Dries's avatar
Dries committed
163 164
}

165 166 167
/**
 * Get the HTTP response headers for the current page.
 */
Dries's avatar
Dries committed
168 169 170 171
function drupal_get_headers() {
  return drupal_set_header();
}

172 173 174
/**
 * @name HTTP handling
 * @{
175
 * Functions to properly handle HTTP responses.
176 177
 */

178 179
/**
 * Prepare a destination query string for use in combination with
180 181 182 183 184
 * drupal_goto(). Used to direct the user back to the referring page
 * after completing a form. By default the current URL is returned.
 * If a destination exists in the previous request, that destination
 * is returned.  As such, a destination can persist across multiple
 * pages.
185 186 187 188
 *
 * @see drupal_goto()
 */
function drupal_get_destination() {
189 190 191 192 193 194 195 196 197 198
  if ($_REQUEST['destination']) {
    return 'destination='. urlencode($_REQUEST['destination']);
  }
  else {
    $destination[] = $_GET['q'];
    $params = array('page', 'sort', 'order');
    foreach ($params as $param) {
      if (isset($_GET[$param])) {
        $destination[] = "$param=". $_GET[$param];
      }
199
    }
200
    return 'destination='. urlencode(implode('&', $destination));
201 202 203
  }
}

204
/**
205
 * Send the user to a different Drupal page.
206
 *
207 208
 * This issues an on-site HTTP redirect. The function makes sure the redirected
 * URL is formatted correctly.
209
 *
210 211 212 213 214 215 216 217 218 219
 * Usually the redirected URL is constructed from this function's input
 * parameters.  However you may override that behavior by setting a
 * <em>destination</em> in either the $_REQUEST-array (i.e. by using
 * the query string of an URI) or the $_REQUEST['edit']-array (i.e. by
 * using a hidden form field).  This is used to direct the user back to
 * the proper page after completing a form.  For example, after editing
 * a post on the 'admin/node'-page or after having logged on using the
 * 'user login'-block in a sidebar.  The function drupal_get_destination()
 * can be used to help set the destination URL.
 *
220 221 222 223 224 225 226 227 228 229 230 231 232
 * It is advised to use drupal_goto() instead of PHP's header(), because
 * drupal_goto() will append the user's session ID to the URI when PHP is
 * compiled with "--enable-trans-sid".
 *
 * This function ends the request; use it rather than a print theme('page')
 * statement in your menu callback.
 *
 * @param $path
 *   A Drupal path.
 * @param $query
 *   The query string component, if any.
 * @param $fragment
 *   The destination fragment identifier (named anchor).
233 234
 *
 * @see drupal_get_destination()
235
 */
236
function drupal_goto($path = '', $query = NULL, $fragment = NULL) {
237 238 239 240 241 242 243
  if ($_REQUEST['destination']) {
    extract(parse_url($_REQUEST['destination']));
  }
  else if ($_REQUEST['edit']['destination']) {
    extract(parse_url($_REQUEST['edit']['destination']));
  }

244
  $url = url($path, $query, $fragment, TRUE);
245

246 247
  if (ini_get('session.use_trans_sid') && session_id() && !strstr($url, session_id())) {
    $sid = session_name() . '=' . session_id();
248

249 250
    if (strstr($url, '?') && !strstr($url, $sid)) {
      $url = $url .'&'. $sid;
251 252
    }
    else {
253
      $url = $url .'?'. $sid;
254 255 256
    }
  }

257 258 259 260
  // Before the redirect, allow modules to react to the end of the page request.
  module_invoke_all('exit', $url);

  header('Location: '. $url);
261

262 263 264
  // The "Location" header sends a REDIRECT status code to the http
  // daemon. In some cases this can go wrong, so we make sure none
  // of the code below the drupal_goto() call gets executed when we redirect.
265 266 267 268 269 270
  exit();
}

/**
 * Generates a 404 error if the request can not be handled.
 */
271
function drupal_not_found() {
272
  header('HTTP/1.0 404 Not Found');
273
  watchdog('page not found', t('%page not found.', array('%page' => theme('placeholder', $_GET['q']))), WATCHDOG_WARNING);
274 275

  $path = drupal_get_normal_path(variable_get('site_404', ''));
276
  $status = MENU_NOT_FOUND;
277 278
  if ($path) {
    menu_set_active_item($path);
279
    $return = menu_execute_active_handler();
280 281
  }

282
  if (empty($return)) {
283
    drupal_set_title(t('Page not found'));
284
  }
285
  print theme('page', $return);
286
}
287

288 289 290 291 292
/**
 * Generates a 403 error if the request is not allowed.
 */
function drupal_access_denied() {
  header('HTTP/1.0 403 Forbidden');
293
  watchdog('access denied', t('%page denied access.', array('%page' => theme('placeholder', $_GET['q']))), WATCHDOG_WARNING, l(t('view'), $_GET['q']));
294 295

  $path = drupal_get_normal_path(variable_get('site_403', ''));
296
  $status = MENU_NOT_FOUND;
297 298
  if ($path) {
    menu_set_active_item($path);
299
    $return = menu_execute_active_handler();
300 301
  }

302
  if (empty($return)) {
303
    drupal_set_title(t('Access denied'));
304
    $return = message_access();
305
  }
306
  print theme('page', $return);
307 308
}

309
/**
310
 * Perform an HTTP request.
311
 *
312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328
 * This is a flexible and powerful HTTP client implementation. Correctly handles
 * GET, POST, PUT or any other HTTP requests. Handles redirects.
 *
 * @param $url
 *   A string containing a fully qualified URI.
 * @param $headers
 *   An array containing an HTTP header => value pair.
 * @param $method
 *   A string defining the HTTP request to use.
 * @param $data
 *   A string containing data to include in the request.
 * @param $retry
 *   An integer representing how many times to retry the request in case of a
 *   redirect.
 * @return
 *   An object containing the HTTP request headers, response code, headers,
 *   data, and redirect status.
329 330
 */
function drupal_http_request($url, $headers = array(), $method = 'GET', $data = NULL, $retry = 3) {
331 332
  $result = new StdClass();

333
  // Parse the URL, and make sure we can handle the schema.
334 335 336 337 338 339
  $uri = parse_url($url);
  switch ($uri['scheme']) {
    case 'http':
      $fp = @fsockopen($uri['host'], ($uri['port'] ? $uri['port'] : 80), $errno, $errstr, 15);
      break;
    case 'https':
340 341
      // Note: Only works for PHP 4.3 compiled with OpenSSL.
      $fp = @fsockopen('ssl://'. $uri['host'], ($uri['port'] ? $uri['port'] : 443), $errno, $errstr, 20);
342 343
      break;
    default:
344
      $result->error = 'invalid schema '. $uri['scheme'];
345 346 347
      return $result;
  }

348
  // Make sure the socket opened properly.
349
  if (!$fp) {
350
    $result->error = trim($errno .' '. $errstr);
351 352 353
    return $result;
  }

354
  // Construct the path to act on.
355 356
  $path = $uri['path'] ? $uri['path'] : '/';
  if ($uri['query']) {
357
    $path .= '?'. $uri['query'];
358 359
  }

360
  // Create HTTP request.
361
  $defaults = array(
362
    'Host' => 'Host: '. $uri['host'],
363 364
    'User-Agent' => 'User-Agent: Drupal (+http://www.drupal.org/)',
    'Content-Length' => 'Content-Length: '. strlen($data)
365 366 367
  );

  foreach ($headers as $header => $value) {
368
    $defaults[$header] = $header .': '. $value;
369 370
  }

371
  $request = $method .' '. $path ." HTTP/1.0\r\n";
372 373 374
  $request .= implode("\r\n", $defaults);
  $request .= "\r\n\r\n";
  if ($data) {
375
    $request .= $data ."\r\n";
376 377 378 379 380 381
  }
  $result->request = $request;

  fwrite($fp, $request);

  // Fetch response.
382
  $response = '';
383
  while (!feof($fp) && $data = fread($fp, 1024)) {
384
    $response .= $data;
385 386 387 388
  }
  fclose($fp);

  // Parse response.
389 390 391 392
  list($headers, $result->data) = explode("\r\n\r\n", $response, 2);
  $headers = preg_split("/\r\n|\n|\r/", $headers);

  list($protocol, $code, $text) = explode(' ', trim(array_shift($headers)), 3);
393 394 395
  $result->headers = array();

  // Parse headers.
396
  while ($line = trim(array_shift($headers))) {
397 398 399 400 401 402 403 404 405 406 407 408
    list($header, $value) = explode(':', $line, 2);
    $result->headers[$header] = trim($value);
  }

  $responses = array(
    100 => 'Continue', 101 => 'Switching Protocols',
    200 => 'OK', 201 => 'Created', 202 => 'Accepted', 203 => 'Non-Authoritative Information', 204 => 'No Content', 205 => 'Reset Content', 206 => 'Partial Content',
    300 => 'Multiple Choices', 301 => 'Moved Permanently', 302 => 'Found', 303 => 'See Other', 304 => 'Not Modified', 305 => 'Use Proxy', 307 => 'Temporary Redirect',
    400 => 'Bad Request', 401 => 'Unauthorized', 402 => 'Payment Required', 403 => 'Forbidden', 404 => 'Not Found', 405 => 'Method Not Allowed', 406 => 'Not Acceptable', 407 => 'Proxy Authentication Required', 408 => 'Request Time-out', 409 => 'Conflict', 410 => 'Gone', 411 => 'Length Required', 412 => 'Precondition Failed', 413 => 'Request Entity Too Large', 414 => 'Request-URI Too Large', 415 => 'Unsupported Media Type', 416 => 'Requested range not satisfiable', 417 => 'Expectation Failed',
    500 => 'Internal Server Error', 501 => 'Not Implemented', 502 => 'Bad Gateway', 503 => 'Service Unavailable', 504 => 'Gateway Time-out', 505 => 'HTTP Version not supported'
  );
  // RFC 2616 states that all unknown HTTP codes must be treated the same as
409
  // the base code in their class.
410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436
  if (!isset($responses[$code])) {
    $code = floor($code / 100) * 100;
  }

  switch ($code) {
    case 200: // OK
    case 304: // Not modified
      break;
    case 301: // Moved permanently
    case 302: // Moved temporarily
    case 307: // Moved temporarily
      $location = $result->headers['Location'];

      if ($retry) {
        $result = drupal_http_request($result->headers['Location'], $headers, $method, $data, --$retry);
        $result->redirect_code = $result->code;
      }
      $result->redirect_url = $location;

      break;
    default:
      $result->error = $text;
  }

  $result->code = $code;
  return $result;
}
437 438 439
/**
 * @} End of "HTTP handling".
 */
440

441
/**
442 443 444 445
 * Log errors as defined by administrator
 * Error levels:
 *  1 = Log errors to database.
 *  2 = Log errors to database and to screen.
446
 */
447
function error_handler($errno, $message, $filename, $line) {
448
  if ($errno & (E_ALL ^ E_NOTICE)) {
449 450
    $types = array(1 => 'error', 2 => 'warning', 4 => 'parse error', 8 => 'notice', 16 => 'core error', 32 => 'core warning', 64 => 'compile error', 128 => 'compile warning', 256 => 'user error', 512 => 'user warning', 1024 => 'user notice', 2048 => 'strict warning');
    $entry = $types[$errno] .': '. $message .' in '. $filename .' on line '. $line .'.';
451

452
    if (variable_get('error_level', 1) == 1) {
453
      print '<pre>'. $entry .'</pre>';
Dries's avatar
Dries committed
454
    }
455 456

    watchdog('php', t('%message in %file on line %line.', array('%error' => $types[$errno], '%message' => $message, '%file' => $filename, '%line' => $line)), WATCHDOG_ERROR);
Dries's avatar
Dries committed
457 458 459
  }
}

460
function _fix_gpc_magic(&$item) {
Dries's avatar
Dries committed
461
  if (is_array($item)) {
Kjartan's avatar
Kjartan committed
462 463 464
    array_walk($item, '_fix_gpc_magic');
  }
  else {
Kjartan's avatar
Kjartan committed
465
    $item = stripslashes($item);
466 467 468
  }
}

469 470 471 472
/**
 * Correct double-escaping problems caused by "magic quotes" in some PHP
 * installations.
 */
473 474
function fix_gpc_magic() {
  static $fixed = false;
475
  if (!$fixed && ini_get('magic_quotes_gpc')) {
Dries's avatar
Dries committed
476 477 478 479 480 481
    array_walk($_GET, '_fix_gpc_magic');
    array_walk($_POST, '_fix_gpc_magic');
    array_walk($_COOKIE, '_fix_gpc_magic');
    array_walk($_REQUEST, '_fix_gpc_magic');
    $fixed = true;
  }
482 483
}

484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515
/**
 * An unchecked checkbox is not present in $_POST so we fix it here by
 * proving a default value of 0.  Also, with form_checkboxes() we expect
 * an array, but HTML does not send the empty array.  This is also taken
 * care off.
 */
function fix_checkboxes() {
  if (isset($_POST['form_array'])) {
    $_POST['edit'] = _fix_checkboxes($_POST['edit'], $_POST['form_array'], array());
  }
  if (isset($_POST['form_zero'])) {
    $_POST['edit'] = _fix_checkboxes($_POST['edit'], $_POST['form_zero'], 0);
  }
}

function _fix_checkboxes($array1, $array2, $value) {
  if (is_array($array2) && count($array2)) {
    foreach ($array2 as $k => $v) {
      if (is_array($v) && count($v)) {
        $array1[$k] = _fix_checkboxes($array1[$k], $v, $value);
      }
      else if (!isset($array1[$k])) {
        $array1[$k] = $value;
      }
    }
  }
  else {
    $array1 = $value;
  }
  return $array1;
}

516 517 518
/**
 * @name Conversion
 * @{
519
 * Converts data structures to different types.
520
 */
521 522 523 524

/**
 * Convert an associative array to an anonymous object.
 */
Dries's avatar
Dries committed
525 526
function array2object($array) {
  if (is_array($array)) {
527
    $object = new StdClass();
Dries's avatar
Dries committed
528
    foreach ($array as $key => $value) {
Dries's avatar
Dries committed
529 530 531 532
      $object->$key = $value;
    }
  }
  else {
Dries's avatar
Dries committed
533
    $object = $array;
Dries's avatar
Dries committed
534 535 536 537 538
  }

  return $object;
}

539 540 541
/**
 * Convert an object to an associative array.
 */
Dries's avatar
Dries committed
542 543 544
function object2array($object) {
  if (is_object($object)) {
    foreach ($object as $key => $value) {
Dries's avatar
Dries committed
545 546 547 548
      $array[$key] = $value;
    }
  }
  else {
Dries's avatar
Dries committed
549
    $array = $object;
Dries's avatar
Dries committed
550 551 552 553
  }

  return $array;
}
554 555 556 557

/**
 * @} End of "Conversion".
 */
Dries's avatar
Dries committed
558

559 560 561
/**
 * @name Messages
 * @{
562
 * Frequently used messages.
563
 */
564 565 566 567 568 569 570

/**
 * Return a string with an "access denied" message.
 *
 * Always consider whether to use drupal_access_denied() instead to return a
 * proper (and customizable) 403 error.
 */
Dries's avatar
Dries committed
571
function message_access() {
572
  return t('You are not authorized to access this page.');
Dries's avatar
Dries committed
573 574
}

575 576 577
/**
 * Return a string with a "not applicable" message.
 */
Dries's avatar
Dries committed
578
function message_na() {
579
  return t('n/a');
Dries's avatar
Dries committed
580 581
}

582 583 584
/**
 * @} End of "Messages".
 */
Dries's avatar
Dries committed
585

586 587 588
/**
 * Initialize the localization system.
 */
589 590
function locale_initialize() {
  global $user;
591 592 593 594 595

  if (function_exists('i18n_get_lang')) {
    return i18n_get_lang();
  }

596 597 598 599 600
  if (function_exists('locale')) {
    $languages = locale_supported_languages();
    $languages = $languages['name'];
  }
  else {
601 602 603
    // Ensure the locale/language is correctly returned, even without locale.module.
    // Useful for e.g. XML/HTML 'lang' attributes.
    $languages = array('en' => 'English');
604
  }
605 606 607 608 609 610
  if ($user->uid && $languages[$user->language]) {
    return $user->language;
  }
  else {
    return key($languages);
  }
611 612
}

613
/**
614
 * Translate strings to the current locale.
615
 *
616
 * When using t(), try to put entire sentences and strings in one t() call.
617 618 619 620
 * This makes it easier for translators. HTML markup within translation strings
 * is acceptable, if necessary. The suggested syntax for a link embedded
 * within a translation string is:
 * @code
621 622 623
 *   $msg = t('You must log in below or <a href="%url">create a new
 *             account</a> before viewing the next page.', array('%url'
 *             => url('user/register')));
624
 * @endcode
625 626 627
 * We suggest the same syntax for links to other sites. This makes it easy to
 * change link URLs if needed (which happens often) without requiring updates
 * to translations.
628
 *
629
 * @param $string
630
 *   A string containing the English string to translate.
631 632
 * @param $args
 *   An associative array of replacements to make after translation. Incidences
633
 *   of any key in this array are replaced with the corresponding value.
634 635
 * @return
 *   The translated string.
636
 */
637
function t($string, $args = 0) {
638 639 640 641
  global $locale;
  if (function_exists('locale') && $locale != 'en') {
    $string = locale($string);
  }
642

643 644
  if (!$args) {
    return $string;
Kjartan's avatar
Kjartan committed
645 646
  }
  else {
647 648
    return strtr($string, $args);
  }
649 650
}

651
/**
652
 * Encode special characters in a plain-text string for display as HTML.
653
 */
654
function check_plain($text) {
655
  return htmlspecialchars($text);
656 657
}

658
/**
659
 * @defgroup validation Input validation
660
 * @{
661
 * Functions to validate user input.
662 663
 */

664
/**
665 666 667
 * Verify the syntax of the given e-mail address.
 *
 * Empty e-mail addresses are allowed. See RFC 2822 for details.
668
 *
669 670
 * @param $mail
 *   A string containing an email address.
671
 * @return
672
 *   TRUE if the address is in a valid format.
673
 */
674
function valid_email_address($mail) {
675
  $user = '[a-zA-Z0-9_\-\.\+\^!#\$%&*+\/\=\?\`\|\{\}~\']+';
676
  $domain = '(?:(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.?)+';
677 678 679
  $ipv4 = '[0-9]{1,3}(\.[0-9]{1,3}){3}';
  $ipv6 = '[0-9a-fA-F]{1,4}(\:[0-9a-fA-F]{1,4}){7}';

Dries's avatar
Dries committed
680
  return preg_match("/^$user@($domain|(\[($ipv4|$ipv6)\]))$/", $mail);
681 682
}

683 684 685
/**
 * Verify the syntax of the given URL.
 *
686
 * @param $url
687
 *   The URL to verify.
688
 * @param $absolute
689
 *   Whether the URL is absolute (beginning with a scheme such as "http:").
690
 * @return
691
 *   TRUE if the URL is in a valid format.
692
 */
693
function valid_url($url, $absolute = FALSE) {
694
  $allowed_characters = '[a-z0-9\/:_\-_\.\?\$,~=#&%\+]';
695
  if ($absolute) {
696
    return preg_match("/^(http|https|ftp):\/\/". $allowed_characters ."+$/i", $url);
697 698
  }
  else {
699
    return preg_match("/^". $allowed_characters ."+$/i", $url);
700
  }
701 702
}

703 704 705 706 707 708 709 710 711 712
/**
 * Validate data input by a user.
 *
 * Ensures that user data cannot be used to perform attacks on the site.
 *
 * @param $data
 *   The input to check.
 * @return
 *   TRUE if the input data is acceptable.
 */
713 714
function valid_input_data($data) {
  if (is_array($data) || is_object($data)) {
715
    // Form data can contain a number of nested arrays.
716
    foreach ($data as $key => $value) {
Dries's avatar
Dries committed
717
      if (!valid_input_data($key) || !valid_input_data($value)) {
718
        return FALSE;
719 720 721
      }
    }
  }
Dries's avatar
Dries committed
722
  else if (isset($data)) {
723
    // Detect dangerous input data.
724

725 726 727
    // Decode all normal character entities.
    $data = decode_entities($data, array('<', '&', '"'));

728 729 730 731
    // Check strings:
    $match  = preg_match('/\Wjavascript\s*:/i', $data);
    $match += preg_match('/\Wexpression\s*\(/i', $data);
    $match += preg_match('/\Walert\s*\(/i', $data);
732

733
    // Check attributes:
734 735
    $match += preg_match("/\W(dynsrc|datasrc|data|lowsrc|on[a-z]+)\s*=[^>]+?>/i", $data);

736
    // Check tags:
737 738 739
    $match += preg_match("/<\s*(applet|script|object|style|embed|form|blink|meta|html|frame|iframe|layer|ilayer|head|frameset|xml)/i", $data);

    if ($match) {
740
      watchdog('security', t('Terminated request because of suspicious input data: %data.', array('%data' => theme('placeholder', $data))));
741
      return FALSE;
742 743 744
    }
  }

745
  return TRUE;
746
}
747 748 749
/**
 * @} End of "defgroup validation".
 */
750

751 752 753 754 755 756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 772 773 774 775 776 777
/**
 * Register an event for the current visitor (hostname/IP) to the flood control mechanism.
 *
 * @param $name
 *   The name of the event.
 */
function flood_register_event($name) {
  db_query("INSERT INTO {flood} (event, hostname, timestamp) VALUES ('%s', '%s', %d)", $name, $_SERVER['REMOTE_ADDR'], time());
}

/**
 * Check if the current visitor (hostname/IP) is allowed to proceed with the specified event.
 * The user is allowed to proceed if he did not trigger the specified event more than
 * $threshold times per hour.
 *
 * @param $name
 *   The name of the event.
 * @param $number
 *   The maximum number of the specified event per hour (per visitor).
 * @return
 *   True if the user did not exceed the hourly threshold.  False otherwise.
 */
function flood_is_allowed($name, $threshold) {
  $number = db_num_rows(db_query("SELECT event FROM {flood} WHERE event = '%s' AND hostname = '%s' AND timestamp > %d", $name, $_SERVER['REMOTE_ADDR'], time() - 3600));
  return ($number < $threshold ? TRUE : FALSE);
}

778 779
function check_file($filename) {
  return is_uploaded_file($filename);
Dries's avatar
Dries committed
780 781
}

782
/**
783
 * @defgroup format Formatting
784
 * @{
785
 * Functions to format numbers, strings, dates, etc.
786 787
 */

788 789 790 791 792 793
/**
 * Formats an RSS channel.
 *
 * Arbitrary elements may be added using the $args associative array.
 */
function format_rss_channel($title, $link, $description, $items, $language = 'en', $args = array()) {
Dries's avatar
Dries committed
794 795
  // arbitrary elements may be added using the $args associative array

Dries's avatar
Dries committed
796
  $output = "<channel>\n";
797 798 799 800
  $output .= ' <title>'. check_plain($title) ."</title>\n";
  $output .= ' <link>'. check_url($link) ."</link>\n";
  $output .= ' <description>'. check_plain($description) ."</description>\n";
  $output .= ' <language>'. check_plain($language) ."</language>\n";
Dries's avatar
Dries committed
801
  foreach ($args as $key => $value) {
802
    $output .= ' <'. $key .'>'. check_plain($value) ."</$key>\n";
Dries's avatar
Dries committed
803
  }
Dries's avatar
Dries committed
804 805 806 807 808 809
  $output .= $items;
  $output .= "</channel>\n";

  return $output;
}

810 811 812 813 814
/**
 * Format a single RSS item.
 *
 * Arbitrary elements may be added using the $args associative array.
 */
Dries's avatar
Dries committed
815
function format_rss_item($title, $link, $description, $args = array()) {
Dries's avatar
Dries committed
816
  $output = "<item>\n";
817 818 819
  $output .= ' <title>'. check_plain($title) ."</title>\n";
  $output .= ' <link>'. check_url($link) ."</link>\n";
  $output .= ' <description>'. check_plain($description) ."</description>\n";
Dries's avatar
Dries committed
820
  foreach ($args as $key => $value) {
821 822 823 824 825 826 827 828 829 830 831 832 833 834 835 836
    if (is_array($value)) {
      if ($value['key']) {
        $output .= ' <'. $value['key'];
        if (is_array($value['attributes'])) {
          $output .= drupal_attributes($value['attributes']);
        }

        if ($value['value']) {
          $output .= '>'. $value['value'] .'</'. $value['key'] .">\n";
        }
        else {
          $output .= " />\n";
        }
      }
    }
    else {
837
      $output .= ' <'. $key .'>'. check_plain($value) ."</$key>\n";
838
    }
Dries's avatar
Dries committed
839
  }
Dries's avatar
Dries committed
840 841 842 843 844
  $output .= "</item>\n";

  return $output;
}

845
/**
846
 * Format a string containing a count of items.
847
 *
848 849 850 851 852 853 854 855 856 857 858 859 860 861
 * This function ensures that the string is pluralized correctly. Since t() is
 * called by this function, make sure not to pass already-localized strings to it.
 *
 * @param $count
 *   The item count to display.
 * @param $singular
 *   The string for the singular case. Please make sure it is clear this is
 *   singular, to ease translation (e.g. use "1 new comment" instead of "1 new").
 * @param $plural
 *   The string for the plural case. Please make sure it is clear this is plural,
 *   to ease translation. Use %count in place of the item count, as in "%count
 *   new comments".
 * @return
 *   A translated string.
862
 */
Dries's avatar
Dries committed
863
function format_plural($count, $singular, $plural) {
864
  if ($count == 1) return t($singular, array("%count" => $count));
865 866

  // get the plural index through the gettext formula
867
  $index = (function_exists('locale_get_plural')) ? locale_get_plural($count) : -1;
868 869 870 871 872 873
  if ($index < 0) { // backward compatibility
    return t($plural, array("%count" => $count));
  }
  else {
    switch ($index) {
      case "0":
874
        return t($singular, array("%count" => $count));
875 876 877 878 879 880
      case "1":
        return t($plural, array("%count" => $count));
      default:
        return t(strtr($plural, array("%count" => '%count['. $index .']')), array('%count['. $index .']' => $count));
    }
  }
Dries's avatar
Dries committed
881 882
}

883
/**
884
 * Generate a string representation for the given byte count.
885
 *
886 887 888 889
 * @param $size
 *   The size in bytes.
 * @return
 *   A translated string representation of the size.
890
 */
Dries's avatar
Dries committed
891
function format_size($size) {
892
  $suffix = t('bytes');
893
  if ($size >= 1024) {
Dries's avatar
Dries committed
894
    $size = round($size / 1024, 2);
895
    $suffix = t('KB');
Dries's avatar
Dries committed
896
  }
897
  if ($size >= 1024) {
Dries's avatar
Dries committed
898
    $size = round($size / 1024, 2);
899
    $suffix = t('MB');
Dries's avatar
Dries committed
900
  }
901
  return t('%size %suffix', array('%size' => $size, '%suffix' => $suffix));
Dries's avatar
Dries committed
902 903
}

904
/**
905
 * Format a time interval with the requested granularity.
906
 *
907 908 909 910 911 912
 * @param $timestamp
 *   The length of the interval in seconds.
 * @param $granularity
 *   How many different units to display in the string.
 * @return
 *   A translated string representation of the interval.
913
 */
914
function format_interval($timestamp, $granularity = 2) {
915
  $units = array('1 year|%count years' => 31536000, '1 week|%count weeks' => 604800, '1 day|%count days' => 86400, '1 hour|%count hours' => 3600, '1 min|%count min' => 60, '1 sec|%count sec' => 1);
916
  $output = '';
917
  foreach ($units as $key => $value) {
918
    $key = explode('|', $key);
Dries's avatar
Dries committed
919
    if ($timestamp >= $value) {
920
      $output .= ($output ? ' ' : '') . format_plural(floor($timestamp / $value), $key[0], $key[1]);
Dries's avatar
Dries committed
921
      $timestamp %= $value;
922 923 924 925 926
      $granularity--;
    }

    if ($granularity == 0) {
      break;
Dries's avatar
Dries committed
927 928
    }
  }
929
  return $output ? $output : t('0 sec');
Dries's avatar
Dries committed
930 931
}

932
/**
933 934
 * Format a date with the given configured format or a custom format string.
 *
935 936 937 938
 * Drupal allows administrators to select formatting strings for 'small',
 * 'medium' and 'large' date formats. This function can handle these formats,
 * as well as any custom format.
 *
939 940 941 942 943 944
 * @param $timestamp
 *   The exact date to format, as a UNIX timestamp.
 * @param $type
 *   The format to use. Can be "small", "medium" or "large" for the preconfigured
 *   date formats. If "custom" is specified, then $format is required as well.
 * @param $format
945 946 947
 *   A PHP date format string as required by date(). A backslash should be used
 *   before a character to avoid interpreting the character as part of a date
 *   format.
948 949 950 951
 * @param $timezone
 *   Time zone offset in seconds; if omitted, the user's time zone is used.
 * @return
 *   A translated date string in the requested format.
952
 */
953 954 955
function format_date($timestamp, $type = 'medium', $format = '', $timezone = NULL) {
  if ($timezone === NULL) {
    global $user;
Steven Wittens's avatar
Steven Wittens committed
956 957 958 959 960 961
    if (variable_get('configurable_timezones', 1) && $user->uid && strlen($user->timezone)) {
      $timezone = $user->timezone;
    }
    else {
      $timezone = variable_get('date_default_timezone', 0);
    }
962
  }
Dries's avatar
Dries committed
963

964
  $timestamp += $timezone;
Dries's avatar
Dries committed
965 966

  switch ($type) {
967 968
    case 'small':
      $format = variable_get('date_format_short', 'm/d/Y - H:i');
Dries's avatar
Dries committed
969
      break;
970 971
    case 'large':
      $format = variable_get('date_format_long', 'l, F j, Y - H:i');
Dries's avatar
Dries committed
972
      break;
973
    case 'custom':
974
      // No change to format
Dries's avatar
Dries committed
975
      break;
976
    case 'medium':
Dries's avatar
Dries committed
977
    default:
978
      $format = variable_get('date_format_medium', 'D, m/d/Y - H:i');
979 980
  }

981
  $max = strlen($format);
982
  $date = '';
983 984
  for ($i = 0; $i < $max; $i++) {
    $c = $format{$i};
985
    if (strpos('AaDFlM', $c) !== false) {
986
      $date .= t(gmdate($c, $timestamp));
987
    }
988
    else if (strpos('BdgGhHiIjLmnsStTUwWYyz', $c) !== false) {
989 990 991 992
      $date .= gmdate($c, $timestamp);
    }
    else if ($c == 'r') {
      $date .= format_date($timestamp - $timezone, 'custom', 'D, d M Y H:i:s O', $timezone);
993
    }
994 995 996 997 998
    else if ($c == 'O') {
      $date .= sprintf('%s%02d%02d', ($timezone < 0 ? '-' : '+'), abs($timezone / 3600), abs($timezone % 3600) / 60);
    }
    else if ($c == 'Z') {
      $date .= $timezone;
999
    }
1000 1001 1002
    else if ($c == '\\') {
      $date .= $format[++$i];
    }
1003
    else {
1004
      $date .= $c;
1005
    }
Dries's avatar
Dries committed
1006
  }
1007

Dries's avatar
Dries committed
1008 1009 1010
  return $date;
}

1011 1012 1013
/**
 * @} End of "defgroup format".
 */
Dries's avatar
Dries committed
1014

1015
/**
1016
 * @defgroup form Form generation
1017
 * @{
1018
 * Functions to enable output of HTML forms and form elements.
1019
 *
1020 1021
 * Drupal uses these functions to achieve consistency in its form presentation,
 * while at the same time simplifying code and reducing the amount of HTML that
1022
 * must be explicitly generated by modules.
1023
 */
1024 1025 1026 1027 1028 1029 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039

/**
 * Generate a form from a set of form elements.
 *
 * @param $form
 *   An HTML string containing one or more form elements.
 * @param $method
 *   The query method to use ("post" or "get").
 * @param $action
 *   The URL to send the form contents to, if not the current page.
 * @param $attributes
 *   An associative array of attributes to add to the form tag.
 * @result
 *   An HTML string with the contents of $form wrapped in a form tag.
 */
function form($form, $method = 'post', $action = NULL, $attributes = NULL) {
1040
  if (!$action) {
1041
    $action = request_uri();
1042
  }
1043
  // Anonymous div to satisfy XHTML compliancy.
1044
  return '<form action="'. check_url($action) .'" method="'. $method .'"'. drupal_attributes($attributes) .">\n<div>". $form ."\n</div></form>\n";
Dries's avatar
Dries committed
1045 1046
}

Dries's avatar
Dries committed
1047
/**
1048
 * File an error against the form element with the specified name.
Dries's avatar
Dries committed
1049 1050 1051 1052 1053 1054 1055
 */
function form_set_error($name, $message) {
  $GLOBALS['form'][$name] = $message;
  drupal_set_message($message, 'error');
}

/**
1056
 * Return an associative array of all errors.
Dries's avatar
Dries committed
1057
 */
1058
function form_get_errors() {
1059 1060 1061
  if (array_key_exists('form', $GLOBALS)) {
    return $GLOBALS['form'];
  }
Dries's avatar
Dries committed
1062 1063 1064 1065 1066 1067
}

/**
 * Return the error message filed against the form with the specified name.
 */
function _form_get_error($name) {
1068 1069 1070
  if (array_key_exists('form', $GLOBALS)) {
    return $GLOBALS['form'][$name];
  }
Dries's avatar
Dries committed
1071 1072 1073 1074 1075 1076
}

function _form_get_class($name, $required, $error) {
  return $name. ($required ? ' required' : '') . ($error ? ' error' : '');
}

1077 1078 1079 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 1090 1091 1092 1093 1094
/**
 * Format a general form item.
 *
 * @param $title
 *   The label for the form item.
 * @param $value
 *   The contents of the form item.
 * @param $description
 *   Explanatory text to display after the form item.
 * @param $id
 *   A unique identifier for the form item.
 * @param $required
 *   Whether the user must fill in this form element before submitting the form.
 * @param $error
 *   An error message to display alongside the form element.
 * @return
 *   A themed HTML string representing the form item.
 */
Dries's avatar
Dries committed
1095
function form_item($title, $value, $description = NULL, $id = NULL, $required = FALSE, $error = FALSE) {
1096
  return theme('form_element', $title, $value, $description, $id, $required, $error);
Dries's avatar
Dries committed
1097
}
1098

1099 1100 1101 1102 1103 1104 1105 1106 1107
/**
 * Format a group of form items.
 *
 * @param $legend
 *   The label for the form item group.
 * @param $group
 *   The form items within the group, as an HTML string.
 * @param $description
 *   Explanatory text to display after the form item group.
1108 1109
 * @param $attributes
 *   An associative array of HTML attributes to add to the fieldset tag.
1110 1111 1112
 * @return
 *   A themed HTML string representing the form item group.
 */
1113 1114
function form_group($legend, $group, $description = NULL, $attributes = NULL) {
  return '<fieldset' . drupal_attributes($attributes) .'>' . ($legend ? '<legend>'. $legend .'</legend>' : '') . $group . ($description ? '<div class="description">'. $description .'</div>' : '') . "</fieldset>\n";
1115
}
Dries's avatar
Dries committed
1116

1117 1118 1119 1120 1121 1122 1123 1124 1125 1126 1127 1128 1129 1130 1131 1132 1133 1134 1135 1136 1137 1138 1139 1140 1141 1142 1143
/**
 * Format a group of form items.
 *
 * @param $legend
 *   The label for the form item group.
 * @param $group
 *   The form items within the group, as an HTML string.
 * @param $collapsed
 *   A boolean value decided whether the group starts collapsed.
 * @param $description
 *   Explanatory text to display after the form item group.
 * @param $attributes
 *   An associative array of HTML attributes to add to the fieldset tag.
 * @return
 *   A themed HTML string representing the form item group.
 */
function form_group_collapsible($legend, $group, $collapsed = FALSE, $description = NULL, $attributes = NULL) {
  drupal_add_js('misc/collapse.js');

  $attributes['class'] .= ' collapsible';
  if ($collapsed) {
    $attributes['class'] .= ' collapsed';
  }

  return '<fieldset' . drupal_attributes($attributes) .'>' . ($legend ? '<legend>'. $legend .'</legend>' : '') . $group . ($description ? '<div class="description">'. $description .'</div>' : '') . "</fieldset>\n";
}