common.inc 62.7 KB
Newer Older
Dries's avatar
   
Dries committed
1
<?php
2
// $Id$
Dries's avatar
   
Dries committed
3

Dries's avatar
   
Dries committed
4
5
6
7
8
9
10
11
/**
 * @file
 * Common functions that many Drupal modules will need to reference.
 *
 * The functions that are critical and need to be available even when serving
 * a cached page are instead located in bootstrap.inc.
 */

12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
/**
 * Return status for saving which involved creating a new item.
 */
define('SAVED_NEW', 1);

/**
 * Return status for saving which involved an update to an existing item.
 */
define('SAVED_UPDATED', 2);

/**
 * Return status for saving which deleted an existing item.
 */
define('SAVED_DELETED', 3);

27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
/**
 * Set content for a specified region.
 *
 * @param $region
 *   Page region the content is assigned to.
 *
 * @param $data
 *   Content to be set.
 */
function drupal_set_content($region = null, $data = null) {
  static $content = array();

  if (!is_null($region) && !is_null($data)) {
    $content[$region][] = $data;
  }
  return $content;
}

/**
 * Get assigned content.
 *
 * @param $region
 *   A specified region to fetch content for.  If null, all regions will be returned.
 *
 * @param $delimiter
 *   Content to be inserted between exploded array elements.
 */
function drupal_get_content($region = null, $delimiter = ' ') {
  $content = drupal_set_content();
  if (isset($region)) {
    if (is_array($content[$region])) {
      return implode ($delimiter, $content[$region]);
    }
  }
  else {
    foreach (array_keys($content) as $region) {
      if (is_array($content[$region])) {
        $content[$region] = implode ($delimiter, $content[$region]);
      }
    }
    return $content;
  }
}

Dries's avatar
   
Dries committed
71
/**
Dries's avatar
   
Dries committed
72
 * Set the breadcrumb trail for the current page.
Dries's avatar
   
Dries committed
73
 *
Dries's avatar
   
Dries committed
74
75
76
 * @param $breadcrumb
 *   Array of links, starting with "home" and proceeding up to but not including
 *   the current page.
Kjartan's avatar
Kjartan committed
77
 */
Dries's avatar
   
Dries committed
78
79
80
81
82
83
84
85
86
function drupal_set_breadcrumb($breadcrumb = NULL) {
  static $stored_breadcrumb;

  if (isset($breadcrumb)) {
    $stored_breadcrumb = $breadcrumb;
  }
  return $stored_breadcrumb;
}

Dries's avatar
   
Dries committed
87
88
89
/**
 * Get the breadcrumb trail for the current page.
 */
Dries's avatar
   
Dries committed
90
91
92
93
94
95
96
97
98
99
function drupal_get_breadcrumb() {
  $breadcrumb = drupal_set_breadcrumb();

  if (!isset($breadcrumb)) {
    $breadcrumb = menu_get_active_breadcrumb();
  }

  return $breadcrumb;
}

Dries's avatar
Dries committed
100
/**
Dries's avatar
   
Dries committed
101
 * Add output to the head tag of the HTML page.
Dries's avatar
   
Dries committed
102
 * This function can be called as long the headers aren't sent.
Dries's avatar
Dries committed
103
104
 */
function drupal_set_html_head($data = NULL) {
Dries's avatar
   
Dries committed
105
  static $stored_head = '';
Dries's avatar
Dries committed
106
107

  if (!is_null($data)) {
Dries's avatar
   
Dries committed
108
    $stored_head .= $data ."\n";
Dries's avatar
Dries committed
109
110
111
112
  }
  return $stored_head;
}

Dries's avatar
   
Dries committed
113
114
115
/**
 * Retrieve output to be displayed in the head tag of the HTML page.
 */
Dries's avatar
Dries committed
116
117
118
function drupal_get_html_head() {
  global $base_url;

Dries's avatar
   
Dries committed
119
  $output = "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />\n";
Dries's avatar
Dries committed
120
  $output .= "<base href=\"$base_url/\" />\n";
Dries's avatar
   
Dries committed
121
  $output .= theme('stylesheet_import', 'misc/drupal.css');
Dries's avatar
Dries committed
122
123
124
125

  return $output . drupal_set_html_head();
}

Dries's avatar
   
Dries committed
126
/**
127
 * Reset the static variable which holds the aliases mapped for this request.
Dries's avatar
   
Dries committed
128
 */
129
130
function drupal_clear_path_cache() {
  drupal_lookup_path('wipe');
Dries's avatar
   
Dries committed
131
}
Kjartan's avatar
Kjartan committed
132

Dries's avatar
   
Dries committed
133
/**
Dries's avatar
   
Dries committed
134
 * Given a path alias, return the internal path it represents.
Dries's avatar
   
Dries committed
135
136
 */
function drupal_get_normal_path($path) {
137
138
139
  $result = $path;
  if ($src = drupal_lookup_path('source', $path)) {
    $result = $src;
Dries's avatar
   
Dries committed
140
  }
141
142
  if (function_exists('custom_url_rewrite')) {
    $result = custom_url_rewrite('source', $result, $path);
Dries's avatar
   
Dries committed
143
  }
144
  return $result;
Dries's avatar
   
Dries committed
145
}
Kjartan's avatar
Kjartan committed
146

Dries's avatar
Dries committed
147
/**
Dries's avatar
   
Dries committed
148
 * Set an HTTP response header for the current page.
Dries's avatar
Dries committed
149
150
 */
function drupal_set_header($header = NULL) {
151
  // We use an array to guarantee there are no leading or trailing delimiters.
Dries's avatar
   
Dries committed
152
  // Otherwise, header('') could get called when serving the page later, which
153
154
  // ends HTTP headers prematurely on some PHP versions.
  static $stored_headers = array();
Dries's avatar
Dries committed
155

156
  if (strlen($header)) {
Dries's avatar
Dries committed
157
    header($header);
158
    $stored_headers[] = $header;
Dries's avatar
Dries committed
159
  }
160
  return implode("\n", $stored_headers);
Dries's avatar
Dries committed
161
162
}

Dries's avatar
   
Dries committed
163
164
165
/**
 * Get the HTTP response headers for the current page.
 */
Dries's avatar
Dries committed
166
167
168
169
function drupal_get_headers() {
  return drupal_set_header();
}

Dries's avatar
   
Dries committed
170
171
172
/**
 * @name HTTP handling
 * @{
Dries's avatar
   
Dries committed
173
 * Functions to properly handle HTTP responses.
Dries's avatar
   
Dries committed
174
175
 */

176
177
/**
 * Prepare a destination query string for use in combination with
178
179
180
181
182
 * drupal_goto(). Used to direct the user back to the referring page
 * after completing a form. By default the current URL is returned.
 * If a destination exists in the previous request, that destination
 * is returned.  As such, a destination can persist across multiple
 * pages.
183
184
185
186
 *
 * @see drupal_goto()
 */
function drupal_get_destination() {
187
188
189
190
191
192
193
194
195
196
  if ($_REQUEST['destination']) {
    return 'destination='. urlencode($_REQUEST['destination']);
  }
  else {
    $destination[] = $_GET['q'];
    $params = array('page', 'sort', 'order');
    foreach ($params as $param) {
      if (isset($_GET[$param])) {
        $destination[] = "$param=". $_GET[$param];
      }
197
    }
198
    return 'destination='. urlencode(implode('&', $destination));
199
200
201
  }
}

Kjartan's avatar
Kjartan committed
202
/**
Dries's avatar
   
Dries committed
203
 * Send the user to a different Drupal page.
Kjartan's avatar
Kjartan committed
204
 *
Dries's avatar
   
Dries committed
205
206
 * This issues an on-site HTTP redirect. The function makes sure the redirected
 * URL is formatted correctly.
Kjartan's avatar
Kjartan committed
207
 *
208
209
210
211
212
213
214
215
216
217
 * Usually the redirected URL is constructed from this function's input
 * parameters.  However you may override that behavior by setting a
 * <em>destination</em> in either the $_REQUEST-array (i.e. by using
 * the query string of an URI) or the $_REQUEST['edit']-array (i.e. by
 * using a hidden form field).  This is used to direct the user back to
 * the proper page after completing a form.  For example, after editing
 * a post on the 'admin/node'-page or after having logged on using the
 * 'user login'-block in a sidebar.  The function drupal_get_destination()
 * can be used to help set the destination URL.
 *
Dries's avatar
   
Dries committed
218
219
220
221
222
223
224
225
226
227
228
229
230
 * It is advised to use drupal_goto() instead of PHP's header(), because
 * drupal_goto() will append the user's session ID to the URI when PHP is
 * compiled with "--enable-trans-sid".
 *
 * This function ends the request; use it rather than a print theme('page')
 * statement in your menu callback.
 *
 * @param $path
 *   A Drupal path.
 * @param $query
 *   The query string component, if any.
 * @param $fragment
 *   The destination fragment identifier (named anchor).
231
232
 *
 * @see drupal_get_destination()
Kjartan's avatar
Kjartan committed
233
 */
Dries's avatar
   
Dries committed
234
function drupal_goto($path = '', $query = NULL, $fragment = NULL) {
235
236
237
238
239
240
241
  if ($_REQUEST['destination']) {
    extract(parse_url($_REQUEST['destination']));
  }
  else if ($_REQUEST['edit']['destination']) {
    extract(parse_url($_REQUEST['edit']['destination']));
  }

242
  $url = url($path, $query, $fragment, TRUE);
Kjartan's avatar
Kjartan committed
243

Dries's avatar
   
Dries committed
244
245
246
247
  // Before the redirect, allow modules to react to the end of the page request.
  module_invoke_all('exit', $url);

  header('Location: '. $url);
Kjartan's avatar
Kjartan committed
248

Dries's avatar
   
Dries committed
249
250
251
  // The "Location" header sends a REDIRECT status code to the http
  // daemon. In some cases this can go wrong, so we make sure none
  // of the code below the drupal_goto() call gets executed when we redirect.
Kjartan's avatar
Kjartan committed
252
253
254
255
256
257
  exit();
}

/**
 * Generates a 404 error if the request can not be handled.
 */
Dries's avatar
   
Dries committed
258
function drupal_not_found() {
Dries's avatar
   
Dries committed
259
  header('HTTP/1.0 404 Not Found');
260
  watchdog('page not found', t('%page not found.', array('%page' => theme('placeholder', $_GET['q']))), WATCHDOG_WARNING);
Dries's avatar
   
Dries committed
261
262

  $path = drupal_get_normal_path(variable_get('site_404', ''));
Dries's avatar
   
Dries committed
263
  $status = MENU_NOT_FOUND;
Dries's avatar
   
Dries committed
264
265
  if ($path) {
    menu_set_active_item($path);
266
    $return = menu_execute_active_handler();
Dries's avatar
   
Dries committed
267
268
  }

269
  if (empty($return)) {
270
    drupal_set_title(t('Page not found'));
Dries's avatar
   
Dries committed
271
  }
272
  print theme('page', $return);
Dries's avatar
   
Dries committed
273
}
Dries's avatar
   
Dries committed
274

Dries's avatar
   
Dries committed
275
276
277
278
279
/**
 * Generates a 403 error if the request is not allowed.
 */
function drupal_access_denied() {
  header('HTTP/1.0 403 Forbidden');
280
  watchdog('access denied', t('%page denied access.', array('%page' => theme('placeholder', $_GET['q']))), WATCHDOG_WARNING, l(t('view'), $_GET['q']));
Dries's avatar
   
Dries committed
281
282

  $path = drupal_get_normal_path(variable_get('site_403', ''));
Dries's avatar
   
Dries committed
283
  $status = MENU_NOT_FOUND;
Dries's avatar
   
Dries committed
284
285
  if ($path) {
    menu_set_active_item($path);
286
    $return = menu_execute_active_handler();
Dries's avatar
   
Dries committed
287
288
  }

289
  if (empty($return)) {
290
    drupal_set_title(t('Access denied'));
291
    $return = t('You are not authorized to access this page.');
Dries's avatar
   
Dries committed
292
  }
293
  print theme('page', $return);
Dries's avatar
   
Dries committed
294
295
}

Dries's avatar
   
Dries committed
296
/**
Dries's avatar
   
Dries committed
297
 * Perform an HTTP request.
Dries's avatar
   
Dries committed
298
 *
Dries's avatar
   
Dries committed
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
 * This is a flexible and powerful HTTP client implementation. Correctly handles
 * GET, POST, PUT or any other HTTP requests. Handles redirects.
 *
 * @param $url
 *   A string containing a fully qualified URI.
 * @param $headers
 *   An array containing an HTTP header => value pair.
 * @param $method
 *   A string defining the HTTP request to use.
 * @param $data
 *   A string containing data to include in the request.
 * @param $retry
 *   An integer representing how many times to retry the request in case of a
 *   redirect.
 * @return
 *   An object containing the HTTP request headers, response code, headers,
 *   data, and redirect status.
Dries's avatar
   
Dries committed
316
317
 */
function drupal_http_request($url, $headers = array(), $method = 'GET', $data = NULL, $retry = 3) {
Dries's avatar
   
Dries committed
318
319
  $result = new StdClass();

Dries's avatar
   
Dries committed
320
  // Parse the URL, and make sure we can handle the schema.
Dries's avatar
   
Dries committed
321
322
323
  $uri = parse_url($url);
  switch ($uri['scheme']) {
    case 'http':
324
325
      $port = $uri['port'] ? $uri['port'] : 80;
      $fp = @fsockopen($uri['host'], $port, $errno, $errstr, 15);
Dries's avatar
   
Dries committed
326
327
      break;
    case 'https':
Dries's avatar
   
Dries committed
328
      // Note: Only works for PHP 4.3 compiled with OpenSSL.
329
330
      $port = $uri['port'] ? $uri['port'] : 443;
      $fp = @fsockopen('ssl://'. $uri['host'], $port, $errno, $errstr, 20);
Dries's avatar
   
Dries committed
331
332
      break;
    default:
Dries's avatar
   
Dries committed
333
      $result->error = 'invalid schema '. $uri['scheme'];
Dries's avatar
   
Dries committed
334
335
336
      return $result;
  }

Dries's avatar
   
Dries committed
337
  // Make sure the socket opened properly.
Dries's avatar
   
Dries committed
338
  if (!$fp) {
Dries's avatar
   
Dries committed
339
    $result->error = trim($errno .' '. $errstr);
Dries's avatar
   
Dries committed
340
341
342
    return $result;
  }

Dries's avatar
   
Dries committed
343
  // Construct the path to act on.
Dries's avatar
   
Dries committed
344
345
  $path = $uri['path'] ? $uri['path'] : '/';
  if ($uri['query']) {
Dries's avatar
   
Dries committed
346
    $path .= '?'. $uri['query'];
Dries's avatar
   
Dries committed
347
348
  }

Dries's avatar
   
Dries committed
349
  // Create HTTP request.
Dries's avatar
   
Dries committed
350
  $defaults = array(
351
352
    // RFC 2616: "non-standard ports MUST, default ports MAY be included". We always add it.
    'Host' => "Host: $uri[host]:$port",
353
354
    'User-Agent' => 'User-Agent: Drupal (+http://www.drupal.org/)',
    'Content-Length' => 'Content-Length: '. strlen($data)
Dries's avatar
   
Dries committed
355
356
357
  );

  foreach ($headers as $header => $value) {
Dries's avatar
   
Dries committed
358
    $defaults[$header] = $header .': '. $value;
Dries's avatar
   
Dries committed
359
360
  }

Dries's avatar
   
Dries committed
361
  $request = $method .' '. $path ." HTTP/1.0\r\n";
Dries's avatar
   
Dries committed
362
363
364
  $request .= implode("\r\n", $defaults);
  $request .= "\r\n\r\n";
  if ($data) {
Dries's avatar
   
Dries committed
365
    $request .= $data ."\r\n";
Dries's avatar
   
Dries committed
366
367
368
369
370
371
  }
  $result->request = $request;

  fwrite($fp, $request);

  // Fetch response.
372
  $response = '';
373
  while (!feof($fp) && $data = fread($fp, 1024)) {
374
    $response .= $data;
Dries's avatar
   
Dries committed
375
376
377
378
  }
  fclose($fp);

  // Parse response.
379
380
381
382
  list($headers, $result->data) = explode("\r\n\r\n", $response, 2);
  $headers = preg_split("/\r\n|\n|\r/", $headers);

  list($protocol, $code, $text) = explode(' ', trim(array_shift($headers)), 3);
Dries's avatar
   
Dries committed
383
384
385
  $result->headers = array();

  // Parse headers.
386
  while ($line = trim(array_shift($headers))) {
Dries's avatar
   
Dries committed
387
    list($header, $value) = explode(':', $line, 2);
388
389
390
391
392
393
394
395
    if (isset($result->headers[$header]) && $header == 'Set-Cookie') {
      // RFC 2109: the Set-Cookie response header comprises the token Set-
      // Cookie:, followed by a comma-separated list of one or more cookies.
      $result->headers[$header] .= ','. trim($value);
    }
    else {
      $result->headers[$header] = trim($value);
    }
Dries's avatar
   
Dries committed
396
397
398
399
400
401
402
403
404
405
  }

  $responses = array(
    100 => 'Continue', 101 => 'Switching Protocols',
    200 => 'OK', 201 => 'Created', 202 => 'Accepted', 203 => 'Non-Authoritative Information', 204 => 'No Content', 205 => 'Reset Content', 206 => 'Partial Content',
    300 => 'Multiple Choices', 301 => 'Moved Permanently', 302 => 'Found', 303 => 'See Other', 304 => 'Not Modified', 305 => 'Use Proxy', 307 => 'Temporary Redirect',
    400 => 'Bad Request', 401 => 'Unauthorized', 402 => 'Payment Required', 403 => 'Forbidden', 404 => 'Not Found', 405 => 'Method Not Allowed', 406 => 'Not Acceptable', 407 => 'Proxy Authentication Required', 408 => 'Request Time-out', 409 => 'Conflict', 410 => 'Gone', 411 => 'Length Required', 412 => 'Precondition Failed', 413 => 'Request Entity Too Large', 414 => 'Request-URI Too Large', 415 => 'Unsupported Media Type', 416 => 'Requested range not satisfiable', 417 => 'Expectation Failed',
    500 => 'Internal Server Error', 501 => 'Not Implemented', 502 => 'Bad Gateway', 503 => 'Service Unavailable', 504 => 'Gateway Time-out', 505 => 'HTTP Version not supported'
  );
  // RFC 2616 states that all unknown HTTP codes must be treated the same as
Dries's avatar
   
Dries committed
406
  // the base code in their class.
Dries's avatar
   
Dries committed
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
  if (!isset($responses[$code])) {
    $code = floor($code / 100) * 100;
  }

  switch ($code) {
    case 200: // OK
    case 304: // Not modified
      break;
    case 301: // Moved permanently
    case 302: // Moved temporarily
    case 307: // Moved temporarily
      $location = $result->headers['Location'];

      if ($retry) {
        $result = drupal_http_request($result->headers['Location'], $headers, $method, $data, --$retry);
        $result->redirect_code = $result->code;
      }
      $result->redirect_url = $location;

      break;
    default:
      $result->error = $text;
  }

  $result->code = $code;
  return $result;
}
Dries's avatar
   
Dries committed
434
435
436
/**
 * @} End of "HTTP handling".
 */
Dries's avatar
   
Dries committed
437

Dries's avatar
   
Dries committed
438
/**
Dries's avatar
   
Dries committed
439
440
 * Log errors as defined by administrator
 * Error levels:
441
442
 *  0 = Log errors to database.
 *  1 = Log errors to database and to screen.
Dries's avatar
   
Dries committed
443
 */
Dries's avatar
   
Dries committed
444
function error_handler($errno, $message, $filename, $line) {
445
  if ($errno & (E_ALL ^ E_NOTICE)) {
Dries's avatar
   
Dries committed
446
447
    $types = array(1 => 'error', 2 => 'warning', 4 => 'parse error', 8 => 'notice', 16 => 'core error', 32 => 'core warning', 64 => 'compile error', 128 => 'compile warning', 256 => 'user error', 512 => 'user warning', 1024 => 'user notice', 2048 => 'strict warning');
    $entry = $types[$errno] .': '. $message .' in '. $filename .' on line '. $line .'.';
Dries's avatar
   
Dries committed
448

Dries's avatar
   
Dries committed
449
    if (variable_get('error_level', 1) == 1) {
Dries's avatar
   
Dries committed
450
      print '<pre>'. $entry .'</pre>';
Dries's avatar
Dries committed
451
    }
452
453

    watchdog('php', t('%message in %file on line %line.', array('%error' => $types[$errno], '%message' => $message, '%file' => $filename, '%line' => $line)), WATCHDOG_ERROR);
Dries's avatar
   
Dries committed
454
455
456
  }
}

Dries's avatar
   
Dries committed
457
function _fix_gpc_magic(&$item) {
Dries's avatar
Dries committed
458
  if (is_array($item)) {
Kjartan's avatar
Kjartan committed
459
460
461
    array_walk($item, '_fix_gpc_magic');
  }
  else {
Kjartan's avatar
Kjartan committed
462
    $item = stripslashes($item);
Dries's avatar
   
Dries committed
463
464
465
  }
}

Dries's avatar
   
Dries committed
466
467
468
469
/**
 * Correct double-escaping problems caused by "magic quotes" in some PHP
 * installations.
 */
Dries's avatar
   
Dries committed
470
471
function fix_gpc_magic() {
  static $fixed = false;
Dries's avatar
   
Dries committed
472
  if (!$fixed && ini_get('magic_quotes_gpc')) {
Dries's avatar
Dries committed
473
474
475
476
477
478
    array_walk($_GET, '_fix_gpc_magic');
    array_walk($_POST, '_fix_gpc_magic');
    array_walk($_COOKIE, '_fix_gpc_magic');
    array_walk($_REQUEST, '_fix_gpc_magic');
    $fixed = true;
  }
Dries's avatar
   
Dries committed
479
480
}

481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
/**
 * An unchecked checkbox is not present in $_POST so we fix it here by
 * proving a default value of 0.  Also, with form_checkboxes() we expect
 * an array, but HTML does not send the empty array.  This is also taken
 * care off.
 */
function fix_checkboxes() {
  if (isset($_POST['form_array'])) {
    $_POST['edit'] = _fix_checkboxes($_POST['edit'], $_POST['form_array'], array());
  }
  if (isset($_POST['form_zero'])) {
    $_POST['edit'] = _fix_checkboxes($_POST['edit'], $_POST['form_zero'], 0);
  }
}

function _fix_checkboxes($array1, $array2, $value) {
  if (is_array($array2) && count($array2)) {
    foreach ($array2 as $k => $v) {
      if (is_array($v) && count($v)) {
        $array1[$k] = _fix_checkboxes($array1[$k], $v, $value);
      }
      else if (!isset($array1[$k])) {
        $array1[$k] = $value;
      }
    }
  }
  else {
    $array1 = $value;
  }
  return $array1;
}

Kjartan's avatar
Kjartan committed
513
514
515
/**
 * @name Conversion
 * @{
Dries's avatar
   
Dries committed
516
 * Converts data structures to different types.
Kjartan's avatar
Kjartan committed
517
 */
Dries's avatar
   
Dries committed
518
519
520
521

/**
 * Convert an associative array to an anonymous object.
 */
Dries's avatar
Dries committed
522
523
function array2object($array) {
  if (is_array($array)) {
Dries's avatar
   
Dries committed
524
    $object = new StdClass();
Dries's avatar
Dries committed
525
    foreach ($array as $key => $value) {
Dries's avatar
   
Dries committed
526
527
528
529
      $object->$key = $value;
    }
  }
  else {
Dries's avatar
Dries committed
530
    $object = $array;
Dries's avatar
   
Dries committed
531
532
533
534
535
  }

  return $object;
}

Dries's avatar
   
Dries committed
536
537
538
/**
 * Convert an object to an associative array.
 */
Dries's avatar
Dries committed
539
540
541
function object2array($object) {
  if (is_object($object)) {
    foreach ($object as $key => $value) {
Dries's avatar
   
Dries committed
542
543
544
545
      $array[$key] = $value;
    }
  }
  else {
Dries's avatar
Dries committed
546
    $array = $object;
Dries's avatar
   
Dries committed
547
548
549
550
  }

  return $array;
}
Dries's avatar
   
Dries committed
551
552
553
554

/**
 * @} End of "Conversion".
 */
Dries's avatar
   
Dries committed
555

Kjartan's avatar
Kjartan committed
556
557
558
/**
 * @name Messages
 * @{
Dries's avatar
   
Dries committed
559
 * Frequently used messages.
Kjartan's avatar
Kjartan committed
560
 */
Dries's avatar
   
Dries committed
561
562
563
564

/**
 * Return a string with a "not applicable" message.
 */
Dries's avatar
   
Dries committed
565
function message_na() {
Dries's avatar
   
Dries committed
566
  return t('n/a');
Dries's avatar
   
Dries committed
567
568
}

Dries's avatar
   
Dries committed
569
570
571
/**
 * @} End of "Messages".
 */
Dries's avatar
   
Dries committed
572

Dries's avatar
   
Dries committed
573
574
575
/**
 * Initialize the localization system.
 */
Dries's avatar
   
Dries committed
576
577
function locale_initialize() {
  global $user;
Dries's avatar
   
Dries committed
578
579
580
581
582

  if (function_exists('i18n_get_lang')) {
    return i18n_get_lang();
  }

Dries's avatar
   
Dries committed
583
584
585
586
587
  if (function_exists('locale')) {
    $languages = locale_supported_languages();
    $languages = $languages['name'];
  }
  else {
588
589
590
    // Ensure the locale/language is correctly returned, even without locale.module.
    // Useful for e.g. XML/HTML 'lang' attributes.
    $languages = array('en' => 'English');
Dries's avatar
   
Dries committed
591
  }
Dries's avatar
   
Dries committed
592
593
594
595
596
597
  if ($user->uid && $languages[$user->language]) {
    return $user->language;
  }
  else {
    return key($languages);
  }
Dries's avatar
   
Dries committed
598
599
}

Kjartan's avatar
Kjartan committed
600
/**
Dries's avatar
   
Dries committed
601
 * Translate strings to the current locale.
Kjartan's avatar
Kjartan committed
602
 *
603
 * When using t(), try to put entire sentences and strings in one t() call.
Dries's avatar
   
Dries committed
604
605
606
607
 * This makes it easier for translators. HTML markup within translation strings
 * is acceptable, if necessary. The suggested syntax for a link embedded
 * within a translation string is:
 * @code
Dries's avatar
   
Dries committed
608
609
610
 *   $msg = t('You must log in below or <a href="%url">create a new
 *             account</a> before viewing the next page.', array('%url'
 *             => url('user/register')));
Dries's avatar
   
Dries committed
611
 * @endcode
612
613
614
 * We suggest the same syntax for links to other sites. This makes it easy to
 * change link URLs if needed (which happens often) without requiring updates
 * to translations.
Kjartan's avatar
Kjartan committed
615
 *
Dries's avatar
   
Dries committed
616
 * @param $string
Dries's avatar
   
Dries committed
617
 *   A string containing the English string to translate.
Dries's avatar
   
Dries committed
618
619
 * @param $args
 *   An associative array of replacements to make after translation. Incidences
Dries's avatar
   
Dries committed
620
 *   of any key in this array are replaced with the corresponding value.
Dries's avatar
   
Dries committed
621
622
 * @return
 *   The translated string.
Kjartan's avatar
Kjartan committed
623
 */
Dries's avatar
   
Dries committed
624
function t($string, $args = 0) {
Dries's avatar
   
Dries committed
625
626
627
628
  global $locale;
  if (function_exists('locale') && $locale != 'en') {
    $string = locale($string);
  }
629

Dries's avatar
   
Dries committed
630
631
  if (!$args) {
    return $string;
Kjartan's avatar
Kjartan committed
632
633
  }
  else {
Dries's avatar
   
Dries committed
634
635
    return strtr($string, $args);
  }
Dries's avatar
   
Dries committed
636
637
}

Dries's avatar
   
Dries committed
638
/**
639
 * Encode special characters in a plain-text string for display as HTML.
Dries's avatar
   
Dries committed
640
 */
641
function check_plain($text) {
642
  return htmlspecialchars($text, ENT_QUOTES);
Dries's avatar
   
Dries committed
643
644
}

Kjartan's avatar
Kjartan committed
645
/**
Dries's avatar
   
Dries committed
646
 * @defgroup validation Input validation
Dries's avatar
   
Dries committed
647
 * @{
Dries's avatar
   
Dries committed
648
 * Functions to validate user input.
Kjartan's avatar
Kjartan committed
649
650
 */

651
/**
Dries's avatar
   
Dries committed
652
653
654
 * Verify the syntax of the given e-mail address.
 *
 * Empty e-mail addresses are allowed. See RFC 2822 for details.
655
 *
Dries's avatar
   
Dries committed
656
657
 * @param $mail
 *   A string containing an email address.
Dries's avatar
   
Dries committed
658
 * @return
Dries's avatar
   
Dries committed
659
 *   TRUE if the address is in a valid format.
660
 */
Dries's avatar
   
Dries committed
661
function valid_email_address($mail) {
662
  $user = '[a-zA-Z0-9_\-\.\+\^!#\$%&*+\/\=\?\`\|\{\}~\']+';
663
  $domain = '(?:(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.?)+';
664
665
666
  $ipv4 = '[0-9]{1,3}(\.[0-9]{1,3}){3}';
  $ipv6 = '[0-9a-fA-F]{1,4}(\:[0-9a-fA-F]{1,4}){7}';

Dries's avatar
Dries committed
667
  return preg_match("/^$user@($domain|(\[($ipv4|$ipv6)\]))$/", $mail);
668
669
}

Dries's avatar
   
Dries committed
670
671
672
/**
 * Verify the syntax of the given URL.
 *
Dries's avatar
   
Dries committed
673
 * @param $url
Dries's avatar
   
Dries committed
674
 *   The URL to verify.
Dries's avatar
   
Dries committed
675
 * @param $absolute
Dries's avatar
   
Dries committed
676
 *   Whether the URL is absolute (beginning with a scheme such as "http:").
Dries's avatar
   
Dries committed
677
 * @return
Dries's avatar
   
Dries committed
678
 *   TRUE if the URL is in a valid format.
Dries's avatar
   
Dries committed
679
 */
Dries's avatar
   
Dries committed
680
function valid_url($url, $absolute = FALSE) {
681
  $allowed_characters = '[a-z0-9\/:_\-_\.\?\$,~=#&%\+]';
682
  if ($absolute) {
683
    return preg_match("/^(http|https|ftp):\/\/". $allowed_characters ."+$/i", $url);
684
685
  }
  else {
686
    return preg_match("/^". $allowed_characters ."+$/i", $url);
687
  }
Dries's avatar
   
Dries committed
688
689
}

Dries's avatar
   
Dries committed
690
691
692
693
694
695
696
697
698
699
/**
 * Validate data input by a user.
 *
 * Ensures that user data cannot be used to perform attacks on the site.
 *
 * @param $data
 *   The input to check.
 * @return
 *   TRUE if the input data is acceptable.
 */
Kjartan's avatar
Kjartan committed
700
701
function valid_input_data($data) {
  if (is_array($data) || is_object($data)) {
Dries's avatar
   
Dries committed
702
    // Form data can contain a number of nested arrays.
Kjartan's avatar
Kjartan committed
703
    foreach ($data as $key => $value) {
Dries's avatar
   
Dries committed
704
      if (!valid_input_data($key) || !valid_input_data($value)) {
Dries's avatar
   
Dries committed
705
        return FALSE;
Kjartan's avatar
Kjartan committed
706
707
708
      }
    }
  }
Dries's avatar
Dries committed
709
  else if (isset($data)) {
Dries's avatar
   
Dries committed
710
    // Detect dangerous input data.
Kjartan's avatar
Kjartan committed
711

712
713
714
    // Decode all normal character entities.
    $data = decode_entities($data, array('<', '&', '"'));

Dries's avatar
   
Dries committed
715
716
717
718
    // Check strings:
    $match  = preg_match('/\Wjavascript\s*:/i', $data);
    $match += preg_match('/\Wexpression\s*\(/i', $data);
    $match += preg_match('/\Walert\s*\(/i', $data);
Kjartan's avatar
Kjartan committed
719

Dries's avatar
   
Dries committed
720
    // Check attributes:
Kjartan's avatar
Kjartan committed
721
722
    $match += preg_match("/\W(dynsrc|datasrc|data|lowsrc|on[a-z]+)\s*=[^>]+?>/i", $data);

Dries's avatar
   
Dries committed
723
    // Check tags:
Kjartan's avatar
Kjartan committed
724
725
726
    $match += preg_match("/<\s*(applet|script|object|style|embed|form|blink|meta|html|frame|iframe|layer|ilayer|head|frameset|xml)/i", $data);

    if ($match) {
727
      watchdog('security', t('Terminated request because of suspicious input data: %data.', array('%data' => theme('placeholder', $data))));
Dries's avatar
   
Dries committed
728
      return FALSE;
Kjartan's avatar
Kjartan committed
729
730
731
    }
  }

Dries's avatar
   
Dries committed
732
  return TRUE;
Kjartan's avatar
Kjartan committed
733
}
Dries's avatar
   
Dries committed
734
735
736
/**
 * @} End of "defgroup validation".
 */
Kjartan's avatar
Kjartan committed
737

Dries's avatar
   
Dries committed
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
/**
 * Register an event for the current visitor (hostname/IP) to the flood control mechanism.
 *
 * @param $name
 *   The name of the event.
 */
function flood_register_event($name) {
  db_query("INSERT INTO {flood} (event, hostname, timestamp) VALUES ('%s', '%s', %d)", $name, $_SERVER['REMOTE_ADDR'], time());
}

/**
 * Check if the current visitor (hostname/IP) is allowed to proceed with the specified event.
 * The user is allowed to proceed if he did not trigger the specified event more than
 * $threshold times per hour.
 *
 * @param $name
 *   The name of the event.
 * @param $number
 *   The maximum number of the specified event per hour (per visitor).
 * @return
 *   True if the user did not exceed the hourly threshold.  False otherwise.
 */
function flood_is_allowed($name, $threshold) {
  $number = db_num_rows(db_query("SELECT event FROM {flood} WHERE event = '%s' AND hostname = '%s' AND timestamp > %d", $name, $_SERVER['REMOTE_ADDR'], time() - 3600));
  return ($number < $threshold ? TRUE : FALSE);
}

765
766
function check_file($filename) {
  return is_uploaded_file($filename);
Dries's avatar
   
Dries committed
767
768
}

Dries's avatar
   
Dries committed
769
/**
Dries's avatar
   
Dries committed
770
 * @defgroup format Formatting
Dries's avatar
   
Dries committed
771
 * @{
Dries's avatar
   
Dries committed
772
 * Functions to format numbers, strings, dates, etc.
Dries's avatar
   
Dries committed
773
774
 */

Dries's avatar
   
Dries committed
775
776
777
778
779
780
/**
 * Formats an RSS channel.
 *
 * Arbitrary elements may be added using the $args associative array.
 */
function format_rss_channel($title, $link, $description, $items, $language = 'en', $args = array()) {
Dries's avatar
   
Dries committed
781
782
  // arbitrary elements may be added using the $args associative array

Dries's avatar
Dries committed
783
  $output = "<channel>\n";
784
785
786
787
  $output .= ' <title>'. check_plain($title) ."</title>\n";
  $output .= ' <link>'. check_url($link) ."</link>\n";
  $output .= ' <description>'. check_plain($description) ."</description>\n";
  $output .= ' <language>'. check_plain($language) ."</language>\n";
Dries's avatar
   
Dries committed
788
  foreach ($args as $key => $value) {
789
    $output .= ' <'. $key .'>'. check_plain($value) ."</$key>\n";
Dries's avatar
   
Dries committed
790
  }
Dries's avatar
   
Dries committed
791
792
793
794
795
796
  $output .= $items;
  $output .= "</channel>\n";

  return $output;
}

Dries's avatar
   
Dries committed
797
798
799
800
801
/**
 * Format a single RSS item.
 *
 * Arbitrary elements may be added using the $args associative array.
 */
Dries's avatar
   
Dries committed
802
function format_rss_item($title, $link, $description, $args = array()) {
Dries's avatar
Dries committed
803
  $output = "<item>\n";
804
805
806
  $output .= ' <title>'. check_plain($title) ."</title>\n";
  $output .= ' <link>'. check_url($link) ."</link>\n";
  $output .= ' <description>'. check_plain($description) ."</description>\n";
Dries's avatar
   
Dries committed
807
  foreach ($args as $key => $value) {
Dries's avatar
   
Dries committed
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
    if (is_array($value)) {
      if ($value['key']) {
        $output .= ' <'. $value['key'];
        if (is_array($value['attributes'])) {
          $output .= drupal_attributes($value['attributes']);
        }

        if ($value['value']) {
          $output .= '>'. $value['value'] .'</'. $value['key'] .">\n";
        }
        else {
          $output .= " />\n";
        }
      }
    }
    else {
824
      $output .= ' <'. $key .'>'. check_plain($value) ."</$key>\n";
Dries's avatar
   
Dries committed
825
    }
Dries's avatar
   
Dries committed
826
  }
Dries's avatar
   
Dries committed
827
828
829
830
831
  $output .= "</item>\n";

  return $output;
}

Dries's avatar
   
Dries committed
832
/**
Dries's avatar
   
Dries committed
833
 * Format a string containing a count of items.
Dries's avatar
   
Dries committed
834
 *
Dries's avatar
   
Dries committed
835
836
837
838
839
840
841
842
843
844
845
846
847
848
 * This function ensures that the string is pluralized correctly. Since t() is
 * called by this function, make sure not to pass already-localized strings to it.
 *
 * @param $count
 *   The item count to display.
 * @param $singular
 *   The string for the singular case. Please make sure it is clear this is
 *   singular, to ease translation (e.g. use "1 new comment" instead of "1 new").
 * @param $plural
 *   The string for the plural case. Please make sure it is clear this is plural,
 *   to ease translation. Use %count in place of the item count, as in "%count
 *   new comments".
 * @return
 *   A translated string.
Dries's avatar
   
Dries committed
849
 */
Dries's avatar
   
Dries committed
850
function format_plural($count, $singular, $plural) {
851
  if ($count == 1) return t($singular, array("%count" => $count));
Dries's avatar
   
Dries committed
852
853

  // get the plural index through the gettext formula
854
  $index = (function_exists('locale_get_plural')) ? locale_get_plural($count) : -1;
Dries's avatar
   
Dries committed
855
856
857
858
859
860
  if ($index < 0) { // backward compatibility
    return t($plural, array("%count" => $count));
  }
  else {
    switch ($index) {
      case "0":
861
        return t($singular, array("%count" => $count));
Dries's avatar
   
Dries committed
862
863
864
865
866
867
      case "1":
        return t($plural, array("%count" => $count));
      default:
        return t(strtr($plural, array("%count" => '%count['. $index .']')), array('%count['. $index .']' => $count));
    }
  }
Dries's avatar
   
Dries committed
868
869
}

Dries's avatar
   
Dries committed
870
/**
Dries's avatar
   
Dries committed
871
 * Generate a string representation for the given byte count.
Dries's avatar
   
Dries committed
872
 *
Dries's avatar
   
Dries committed
873
874
875
876
 * @param $size
 *   The size in bytes.
 * @return
 *   A translated string representation of the size.
Dries's avatar
   
Dries committed
877
 */
Dries's avatar
   
Dries committed
878
function format_size($size) {
Dries's avatar
   
Dries committed
879
  $suffix = t('bytes');
880
  if ($size >= 1024) {
Dries's avatar
   
Dries committed
881
    $size = round($size / 1024, 2);
Dries's avatar
   
Dries committed
882
    $suffix = t('KB');
Dries's avatar
   
Dries committed
883
  }
884
  if ($size >= 1024) {
Dries's avatar
   
Dries committed
885
    $size = round($size / 1024, 2);
Dries's avatar
   
Dries committed
886
    $suffix = t('MB');
Dries's avatar
   
Dries committed
887
  }
Dries's avatar
   
Dries committed
888
  return t('%size %suffix', array('%size' => $size, '%suffix' => $suffix));
Dries's avatar
   
Dries committed
889
890
}

Dries's avatar
   
Dries committed
891
/**
Dries's avatar
   
Dries committed
892
 * Format a time interval with the requested granularity.
Dries's avatar
   
Dries committed
893
 *
Dries's avatar
   
Dries committed
894
895
896
897
898
899
 * @param $timestamp
 *   The length of the interval in seconds.
 * @param $granularity
 *   How many different units to display in the string.
 * @return
 *   A translated string representation of the interval.
Dries's avatar
   
Dries committed
900
 */
Dries's avatar
   
Dries committed
901
function format_interval($timestamp, $granularity = 2) {
Dries's avatar
   
Dries committed
902
  $units = array('1 year|%count years' => 31536000, '1 week|%count weeks' => 604800, '1 day|%count days' => 86400, '1 hour|%count hours' => 3600, '1 min|%count min' => 60, '1 sec|%count sec' => 1);
Dries's avatar
   
Dries committed
903
  $output = '';
Dries's avatar
   
Dries committed
904
  foreach ($units as $key => $value) {
Dries's avatar
   
Dries committed
905
    $key = explode('|', $key);
Dries's avatar
   
Dries committed
906
    if ($timestamp >= $value) {
Dries's avatar
   
Dries committed
907
      $output .= ($output ? ' ' : '') . format_plural(floor($timestamp / $value), $key[0], $key[1]);
Dries's avatar
   
Dries committed
908
      $timestamp %= $value;
Dries's avatar
   
Dries committed
909
910
911
912
913
      $granularity--;
    }

    if ($granularity == 0) {
      break;
Dries's avatar
   
Dries committed
914
915
    }
  }
Dries's avatar
   
Dries committed
916
  return $output ? $output : t('0 sec');
Dries's avatar
   
Dries committed
917
918
}

Dries's avatar
   
Dries committed
919
/**
Dries's avatar
   
Dries committed
920
921
 * Format a date with the given configured format or a custom format string.
 *
Dries's avatar
   
Dries committed
922
923
924
925
 * Drupal allows administrators to select formatting strings for 'small',
 * 'medium' and 'large' date formats. This function can handle these formats,
 * as well as any custom format.
 *
Dries's avatar
   
Dries committed
926
927
928
929
930
931
 * @param $timestamp
 *   The exact date to format, as a UNIX timestamp.
 * @param $type
 *   The format to use. Can be "small", "medium" or "large" for the preconfigured
 *   date formats. If "custom" is specified, then $format is required as well.
 * @param $format
932
933
934
 *   A PHP date format string as required by date(). A backslash should be used
 *   before a character to avoid interpreting the character as part of a date
 *   format.
Dries's avatar
   
Dries committed
935
936
937
938
 * @param $timezone
 *   Time zone offset in seconds; if omitted, the user's time zone is used.
 * @return
 *   A translated date string in the requested format.
Dries's avatar
   
Dries committed
939
 */
940
941
942
function format_date($timestamp, $type = 'medium', $format = '', $timezone = NULL) {
  if ($timezone === NULL) {
    global $user;
Steven Wittens's avatar
Steven Wittens committed
943
944
945
946
947
948
    if (variable_get('configurable_timezones', 1) && $user->uid && strlen($user->timezone)) {
      $timezone = $user->timezone;
    }
    else {
      $timezone = variable_get('date_default_timezone', 0);
    }
949
  }
Dries's avatar
   
Dries committed
950

951
  $timestamp += $timezone;
Dries's avatar
   
Dries committed
952
953

  switch ($type) {
954
955
    case 'small':
      $format = variable_get('date_format_short', 'm/d/Y - H:i');
Dries's avatar
   
Dries committed
956
      break;
957
958
    case 'large':
      $format = variable_get('date_format_long', 'l, F j, Y - H:i');
Dries's avatar
   
Dries committed
959
      break;
960
    case 'custom':
Dries's avatar
   
Dries committed
961
      // No change to format
Dries's avatar
   
Dries committed
962
      break;
963
    case 'medium':
Dries's avatar
   
Dries committed
964
    default:
965
      $format = variable_get('date_format_medium', 'D, m/d/Y - H:i');
Dries's avatar
   
Dries committed
966
967
  }

968
  $max = strlen($format);
Dries's avatar
   
Dries committed
969
  $date = '';
Dries's avatar
   
Dries committed
970
971
  for ($i = 0; $i < $max; $i++) {
    $c = $format{$i};
972
    if (strpos('AaDFlM', $c) !== false) {
973
      $date .= t(gmdate($c, $timestamp));
974
    }
975
    else if (strpos('BdgGhHiIjLmnsStTUwWYyz', $c) !== false) {
976
977
978
979
      $date .= gmdate($c, $timestamp);
    }
    else if ($c == 'r') {
      $date .= format_date($timestamp - $timezone, 'custom', 'D, d M Y H:i:s O', $timezone);
Dries's avatar
   
Dries committed
980
    }
981
982
983
984
985
    else if ($c == 'O') {
      $date .= sprintf('%s%02d%02d', ($timezone < 0 ? '-' : '+'), abs($timezone / 3600), abs($timezone % 3600) / 60);
    }
    else if ($c == 'Z') {
      $date .= $timezone;
Dries's avatar
   
Dries committed
986
    }
987
988
989
    else if ($c == '\\') {
      $date .= $format[++$i];
    }
Dries's avatar
   
Dries committed
990
    else {
991
      $date .= $c;
Dries's avatar
   
Dries committed
992
    }
Dries's avatar
   
Dries committed
993
  }
994

Dries's avatar
   
Dries committed
995
996
997
  return $date;
}

Dries's avatar
   
Dries committed
998
999
1000
/**
 * @} End of "defgroup format".
 */
Dries's avatar
   
Dries committed
1001

Kjartan's avatar
Kjartan committed
1002
/**
Dries's avatar
   
Dries committed
1003
 * @defgroup form Form generation
Kjartan's avatar
Kjartan committed
1004
 * @{
Dries's avatar
   
Dries committed
1005
 * Functions to enable output of HTML forms and form elements.
1006
 *
Dries's avatar
   
Dries committed
1007
1008
 * Drupal uses these functions to achieve consistency in its form presentation,
 * while at the same time simplifying code and reducing the amount of HTML that
1009
 * must be explicitly generated by modules.
Kjartan's avatar
Kjartan committed
1010
 */
Dries's avatar
   
Dries committed
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026

/**
 * Generate a form from a set of form elements.
 *
 * @param $form
 *   An HTML string containing one or more form elements.
 * @param $method
 *   The query method to use ("post" or "get").
 * @param $action
 *   The URL to send the form contents to, if not the current page.
 * @param $attributes
 *   An associative array of attributes to add to the form tag.
 * @result
 *   An HTML string with the contents of $form wrapped in a form tag.
 */
function form($form, $method = 'post', $action = NULL, $attributes = NULL) {
Dries's avatar
   
Dries committed
1027
  if (!$action) {
1028
    $action = request_uri();
Dries's avatar
   
Dries committed
1029
  }
1030
  // Anonymous div to satisfy XHTML compliancy.
1031
  return '<form action="'. check_url($action) .'" method="'. $method .'"'. drupal_attributes($attributes) .">\n<div>". $form ."\n</div></form>\n";
Dries's avatar
   
Dries committed
1032
1033
}

1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
/**
 * Set a hidden 'form_token' field to be included in a form, used to validate
 * that the resulting submission was actually generated by a local form.
 *
 * @param $key
 *   A unique key to identify the form that is currently being displayed.
 *   This identical key is later used to validate that the resulting submission
 *   actually originated with this form.
 * @result
 *   A themed HTML string representing the hidden token field.
 */
function form_token($key) {
  // this private key should always be kept secret
  if (!variable_get('drupal_private_key', '')) {
    variable_set('drupal_private_key', mt_rand());
  }

  // the verification token is an md5 hash of the form key and our private key
1052
  return form_hidden('form_token', md5($_SERVER['REMOTE_ADDR'] . $key . variable_get('drupal_private_key', '')));
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
}

/**
 * Verify that the hidden 'form_token' field was actually generated with our
 * private key.
 *
 * @param $edit
 *  An array containing the form that needs to be validated.
 * @param $key
 *  The same key that was used to generate the 'form_token'.
 * @param $error_message
 *  An optional error message to display if the form does not validate.
 * @result
 *  There is nothing returned from this function, but if the 'form_token' does
 *  not validate an error is generated, preventing the submission.
 */
function form_validate($edit, $key, $error_message = NULL) {
  if ($error_message == NULL) {
    // set a generic default error message
    $error = t('Validation error, please try again.  If this error persists, please contact the site administrator.');
  }

1075
  if ($edit['form_token'] != md5($_SERVER['REMOTE_ADDR'] . $key . variable_get('drupal_private_key', ''))) {
1076
1077
1078
1079
1080
    // setting this error will cause the form to fail validation
    form_set_error('form_token', $error);
  }
}

Dries's avatar
   
Dries committed
1081
/**
Dries's avatar
   
Dries committed
1082
 * File an error against the form element with the specified name.
Dries's avatar
   
Dries committed
1083
1084
1085
1086
1087
1088
1089
 */
function form_set_error($name, $message) {
  $GLOBALS['form'][$name] = $message;
  drupal_set_message($message, 'error');
}

/**
Dries's avatar
   
Dries committed
1090
 * Return an associative array of all errors.
Dries's avatar
   
Dries committed
1091
 */
Dries's avatar
   
Dries committed
1092
function form_get_errors() {
1093
1094
1095
  if (array_key_exists('form', $GLOBALS)) {
    return $GLOBALS['form'];
  }
Dries's avatar
   
Dries committed
1096
1097
1098
1099
1100
1101
}

/**
 * Return the error message filed against the form with the specified name.
 */
function _form_get_error($name) {
Dries's avatar