common.inc 39.5 KB
Newer Older
Dries's avatar
Dries committed
1
<?php
2
// $Id$
Dries's avatar
Dries committed
3

4 5 6 7 8 9 10 11
/**
 * @file
 * Common functions that many Drupal modules will need to reference.
 *
 * The functions that are critical and need to be available even when serving
 * a cached page are instead located in bootstrap.inc.
 */

12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
/**
 * Return status for saving which involved creating a new item.
 */
define('SAVED_NEW', 1);

/**
 * Return status for saving which involved an update to an existing item.
 */
define('SAVED_UPDATED', 2);

/**
 * Return status for saving which deleted an existing item.
 */
define('SAVED_DELETED', 3);

27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55
/**
 * Set content for a specified region.
 *
 * @param $region
 *   Page region the content is assigned to.
 *
 * @param $data
 *   Content to be set.
 */
function drupal_set_content($region = null, $data = null) {
  static $content = array();

  if (!is_null($region) && !is_null($data)) {
    $content[$region][] = $data;
  }
  return $content;
}

/**
 * Get assigned content.
 *
 * @param $region
 *   A specified region to fetch content for.  If null, all regions will be returned.
 *
 * @param $delimiter
 *   Content to be inserted between exploded array elements.
 */
function drupal_get_content($region = null, $delimiter = ' ') {
  $content = drupal_set_content();
56
  if (isset($region) && isset($content[$region]) && is_array($content[$region])) {
57 58 59 60 61 62 63 64 65 66 67 68
      return implode ($delimiter, $content[$region]);
  }
  else {
    foreach (array_keys($content) as $region) {
      if (is_array($content[$region])) {
        $content[$region] = implode ($delimiter, $content[$region]);
      }
    }
    return $content;
  }
}

69
/**
70
 * Set the breadcrumb trail for the current page.
71
 *
72 73 74
 * @param $breadcrumb
 *   Array of links, starting with "home" and proceeding up to but not including
 *   the current page.
75
 */
76 77 78
function drupal_set_breadcrumb($breadcrumb = NULL) {
  static $stored_breadcrumb;

79
  if (!is_null($breadcrumb)) {
80 81 82 83 84
    $stored_breadcrumb = $breadcrumb;
  }
  return $stored_breadcrumb;
}

85 86 87
/**
 * Get the breadcrumb trail for the current page.
 */
88 89 90
function drupal_get_breadcrumb() {
  $breadcrumb = drupal_set_breadcrumb();

91
  if (is_null($breadcrumb)) {
92 93 94 95 96 97
    $breadcrumb = menu_get_active_breadcrumb();
  }

  return $breadcrumb;
}

Dries's avatar
Dries committed
98
/**
99
 * Add output to the head tag of the HTML page.
100
 * This function can be called as long the headers aren't sent.
Dries's avatar
Dries committed
101 102
 */
function drupal_set_html_head($data = NULL) {
103
  static $stored_head = '';
Dries's avatar
Dries committed
104 105

  if (!is_null($data)) {
106
    $stored_head .= $data ."\n";
Dries's avatar
Dries committed
107 108 109 110
  }
  return $stored_head;
}

111 112 113
/**
 * Retrieve output to be displayed in the head tag of the HTML page.
 */
Dries's avatar
Dries committed
114 115 116
function drupal_get_html_head() {
  global $base_url;

117
  $output = "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />\n";
Dries's avatar
Dries committed
118
  $output .= "<base href=\"$base_url/\" />\n";
119
  $output .= theme('stylesheet_import', 'misc/drupal.css');
Dries's avatar
Dries committed
120 121 122 123

  return $output . drupal_set_html_head();
}

124
/**
125
 * Reset the static variable which holds the aliases mapped for this request.
126
 */
127 128
function drupal_clear_path_cache() {
  drupal_lookup_path('wipe');
129
}
130

131
/**
132
 * Given a path alias, return the internal path it represents.
133 134
 */
function drupal_get_normal_path($path) {
135 136 137
  $result = $path;
  if ($src = drupal_lookup_path('source', $path)) {
    $result = $src;
138
  }
139 140
  if (function_exists('custom_url_rewrite')) {
    $result = custom_url_rewrite('source', $result, $path);
141
  }
142
  return $result;
143
}
144

Dries's avatar
Dries committed
145
/**
146
 * Set an HTTP response header for the current page.
Dries's avatar
Dries committed
147 148
 */
function drupal_set_header($header = NULL) {
149
  // We use an array to guarantee there are no leading or trailing delimiters.
150
  // Otherwise, header('') could get called when serving the page later, which
151 152
  // ends HTTP headers prematurely on some PHP versions.
  static $stored_headers = array();
Dries's avatar
Dries committed
153

154
  if (strlen($header)) {
Dries's avatar
Dries committed
155
    header($header);
156
    $stored_headers[] = $header;
Dries's avatar
Dries committed
157
  }
158
  return implode("\n", $stored_headers);
Dries's avatar
Dries committed
159 160
}

161 162 163
/**
 * Get the HTTP response headers for the current page.
 */
Dries's avatar
Dries committed
164 165 166 167
function drupal_get_headers() {
  return drupal_set_header();
}

168 169 170
/**
 * @name HTTP handling
 * @{
171
 * Functions to properly handle HTTP responses.
172 173
 */

174 175
/**
 * Prepare a destination query string for use in combination with
176 177 178 179 180
 * drupal_goto(). Used to direct the user back to the referring page
 * after completing a form. By default the current URL is returned.
 * If a destination exists in the previous request, that destination
 * is returned.  As such, a destination can persist across multiple
 * pages.
181 182 183 184
 *
 * @see drupal_goto()
 */
function drupal_get_destination() {
185 186 187 188 189 190 191 192 193 194
  if ($_REQUEST['destination']) {
    return 'destination='. urlencode($_REQUEST['destination']);
  }
  else {
    $destination[] = $_GET['q'];
    $params = array('page', 'sort', 'order');
    foreach ($params as $param) {
      if (isset($_GET[$param])) {
        $destination[] = "$param=". $_GET[$param];
      }
195
    }
196
    return 'destination='. urlencode(implode('&', $destination));
197 198 199
  }
}

200
/**
201
 * Send the user to a different Drupal page.
202
 *
203 204
 * This issues an on-site HTTP redirect. The function makes sure the redirected
 * URL is formatted correctly.
205
 *
206 207 208 209 210 211 212 213 214 215
 * Usually the redirected URL is constructed from this function's input
 * parameters.  However you may override that behavior by setting a
 * <em>destination</em> in either the $_REQUEST-array (i.e. by using
 * the query string of an URI) or the $_REQUEST['edit']-array (i.e. by
 * using a hidden form field).  This is used to direct the user back to
 * the proper page after completing a form.  For example, after editing
 * a post on the 'admin/node'-page or after having logged on using the
 * 'user login'-block in a sidebar.  The function drupal_get_destination()
 * can be used to help set the destination URL.
 *
216 217 218 219 220 221 222 223 224 225 226 227 228
 * It is advised to use drupal_goto() instead of PHP's header(), because
 * drupal_goto() will append the user's session ID to the URI when PHP is
 * compiled with "--enable-trans-sid".
 *
 * This function ends the request; use it rather than a print theme('page')
 * statement in your menu callback.
 *
 * @param $path
 *   A Drupal path.
 * @param $query
 *   The query string component, if any.
 * @param $fragment
 *   The destination fragment identifier (named anchor).
229 230
 *
 * @see drupal_get_destination()
231
 */
232
function drupal_goto($path = '', $query = NULL, $fragment = NULL) {
233 234 235 236 237 238 239
  if ($_REQUEST['destination']) {
    extract(parse_url($_REQUEST['destination']));
  }
  else if ($_REQUEST['edit']['destination']) {
    extract(parse_url($_REQUEST['edit']['destination']));
  }

240
  $url = url($path, $query, $fragment, TRUE);
241

242 243 244 245
  // Before the redirect, allow modules to react to the end of the page request.
  module_invoke_all('exit', $url);

  header('Location: '. $url);
246

247 248 249
  // The "Location" header sends a REDIRECT status code to the http
  // daemon. In some cases this can go wrong, so we make sure none
  // of the code below the drupal_goto() call gets executed when we redirect.
250 251 252
  exit();
}

253 254 255 256 257 258 259 260 261 262 263

/**
 * Generates a site offline message
 */
function drupal_site_offline() {
  header('HTTP/1.0 503 Service unavailable');
  drupal_set_title(t('Site offline'));
  print theme('maintenance_page', variable_get('site_offline_message',
    t('%site is currently under maintenance. We should be back shortly. Thank you for your patience.', array('%site' => variable_get('site_name', t('This drupal site'))))));
}

264 265 266
/**
 * Generates a 404 error if the request can not be handled.
 */
267
function drupal_not_found() {
268
  header('HTTP/1.0 404 Not Found');
269
  watchdog('page not found', t('%page not found.', array('%page' => theme('placeholder', $_GET['q']))), WATCHDOG_WARNING);
270 271

  $path = drupal_get_normal_path(variable_get('site_404', ''));
272
  $status = MENU_NOT_FOUND;
273 274
  if ($path) {
    menu_set_active_item($path);
275
    $return = menu_execute_active_handler();
276 277
  }

278
  if (empty($return)) {
279
    drupal_set_title(t('Page not found'));
280
  }
281
  print theme('page', $return);
282
}
283

284 285 286 287 288
/**
 * Generates a 403 error if the request is not allowed.
 */
function drupal_access_denied() {
  header('HTTP/1.0 403 Forbidden');
289
  watchdog('access denied', t('%page denied access.', array('%page' => theme('placeholder', $_GET['q']))), WATCHDOG_WARNING, l(t('view'), $_GET['q']));
290 291

  $path = drupal_get_normal_path(variable_get('site_403', ''));
292
  $status = MENU_NOT_FOUND;
293 294
  if ($path) {
    menu_set_active_item($path);
295
    $return = menu_execute_active_handler();
296 297
  }

298
  if (empty($return)) {
299
    drupal_set_title(t('Access denied'));
300
    $return = t('You are not authorized to access this page.');
301
  }
302
  print theme('page', $return);
303 304
}

305
/**
306
 * Perform an HTTP request.
307
 *
308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324
 * This is a flexible and powerful HTTP client implementation. Correctly handles
 * GET, POST, PUT or any other HTTP requests. Handles redirects.
 *
 * @param $url
 *   A string containing a fully qualified URI.
 * @param $headers
 *   An array containing an HTTP header => value pair.
 * @param $method
 *   A string defining the HTTP request to use.
 * @param $data
 *   A string containing data to include in the request.
 * @param $retry
 *   An integer representing how many times to retry the request in case of a
 *   redirect.
 * @return
 *   An object containing the HTTP request headers, response code, headers,
 *   data, and redirect status.
325 326
 */
function drupal_http_request($url, $headers = array(), $method = 'GET', $data = NULL, $retry = 3) {
327 328
  $result = new StdClass();

329
  // Parse the URL, and make sure we can handle the schema.
330 331 332
  $uri = parse_url($url);
  switch ($uri['scheme']) {
    case 'http':
333 334
      $port = $uri['port'] ? $uri['port'] : 80;
      $fp = @fsockopen($uri['host'], $port, $errno, $errstr, 15);
335 336
      break;
    case 'https':
337
      // Note: Only works for PHP 4.3 compiled with OpenSSL.
338 339
      $port = $uri['port'] ? $uri['port'] : 443;
      $fp = @fsockopen('ssl://'. $uri['host'], $port, $errno, $errstr, 20);
340 341
      break;
    default:
342
      $result->error = 'invalid schema '. $uri['scheme'];
343 344 345
      return $result;
  }

346
  // Make sure the socket opened properly.
347
  if (!$fp) {
348
    $result->error = trim($errno .' '. $errstr);
349 350 351
    return $result;
  }

352
  // Construct the path to act on.
353 354
  $path = $uri['path'] ? $uri['path'] : '/';
  if ($uri['query']) {
355
    $path .= '?'. $uri['query'];
356 357
  }

358
  // Create HTTP request.
359
  $defaults = array(
360 361
    // RFC 2616: "non-standard ports MUST, default ports MAY be included". We always add it.
    'Host' => "Host: $uri[host]:$port",
362 363
    'User-Agent' => 'User-Agent: Drupal (+http://www.drupal.org/)',
    'Content-Length' => 'Content-Length: '. strlen($data)
364 365 366
  );

  foreach ($headers as $header => $value) {
367
    $defaults[$header] = $header .': '. $value;
368 369
  }

370
  $request = $method .' '. $path ." HTTP/1.0\r\n";
371 372 373
  $request .= implode("\r\n", $defaults);
  $request .= "\r\n\r\n";
  if ($data) {
374
    $request .= $data ."\r\n";
375 376 377 378 379 380
  }
  $result->request = $request;

  fwrite($fp, $request);

  // Fetch response.
381
  $response = '';
382
  while (!feof($fp) && $data = fread($fp, 1024)) {
383
    $response .= $data;
384 385 386 387
  }
  fclose($fp);

  // Parse response.
388 389 390 391
  list($headers, $result->data) = explode("\r\n\r\n", $response, 2);
  $headers = preg_split("/\r\n|\n|\r/", $headers);

  list($protocol, $code, $text) = explode(' ', trim(array_shift($headers)), 3);
392 393 394
  $result->headers = array();

  // Parse headers.
395
  while ($line = trim(array_shift($headers))) {
396
    list($header, $value) = explode(':', $line, 2);
397 398 399 400 401 402 403 404
    if (isset($result->headers[$header]) && $header == 'Set-Cookie') {
      // RFC 2109: the Set-Cookie response header comprises the token Set-
      // Cookie:, followed by a comma-separated list of one or more cookies.
      $result->headers[$header] .= ','. trim($value);
    }
    else {
      $result->headers[$header] = trim($value);
    }
405 406 407 408 409 410 411 412 413 414
  }

  $responses = array(
    100 => 'Continue', 101 => 'Switching Protocols',
    200 => 'OK', 201 => 'Created', 202 => 'Accepted', 203 => 'Non-Authoritative Information', 204 => 'No Content', 205 => 'Reset Content', 206 => 'Partial Content',
    300 => 'Multiple Choices', 301 => 'Moved Permanently', 302 => 'Found', 303 => 'See Other', 304 => 'Not Modified', 305 => 'Use Proxy', 307 => 'Temporary Redirect',
    400 => 'Bad Request', 401 => 'Unauthorized', 402 => 'Payment Required', 403 => 'Forbidden', 404 => 'Not Found', 405 => 'Method Not Allowed', 406 => 'Not Acceptable', 407 => 'Proxy Authentication Required', 408 => 'Request Time-out', 409 => 'Conflict', 410 => 'Gone', 411 => 'Length Required', 412 => 'Precondition Failed', 413 => 'Request Entity Too Large', 414 => 'Request-URI Too Large', 415 => 'Unsupported Media Type', 416 => 'Requested range not satisfiable', 417 => 'Expectation Failed',
    500 => 'Internal Server Error', 501 => 'Not Implemented', 502 => 'Bad Gateway', 503 => 'Service Unavailable', 504 => 'Gateway Time-out', 505 => 'HTTP Version not supported'
  );
  // RFC 2616 states that all unknown HTTP codes must be treated the same as
415
  // the base code in their class.
416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442
  if (!isset($responses[$code])) {
    $code = floor($code / 100) * 100;
  }

  switch ($code) {
    case 200: // OK
    case 304: // Not modified
      break;
    case 301: // Moved permanently
    case 302: // Moved temporarily
    case 307: // Moved temporarily
      $location = $result->headers['Location'];

      if ($retry) {
        $result = drupal_http_request($result->headers['Location'], $headers, $method, $data, --$retry);
        $result->redirect_code = $result->code;
      }
      $result->redirect_url = $location;

      break;
    default:
      $result->error = $text;
  }

  $result->code = $code;
  return $result;
}
443 444 445
/**
 * @} End of "HTTP handling".
 */
446

447
/**
448 449
 * Log errors as defined by administrator
 * Error levels:
450 451
 *  0 = Log errors to database.
 *  1 = Log errors to database and to screen.
452
 */
453
function error_handler($errno, $message, $filename, $line) {
454
  if ($errno & (E_ALL ^ E_NOTICE)) {
455 456
    $types = array(1 => 'error', 2 => 'warning', 4 => 'parse error', 8 => 'notice', 16 => 'core error', 32 => 'core warning', 64 => 'compile error', 128 => 'compile warning', 256 => 'user error', 512 => 'user warning', 1024 => 'user notice', 2048 => 'strict warning');
    $entry = $types[$errno] .': '. $message .' in '. $filename .' on line '. $line .'.';
457

458
    if (variable_get('error_level', 1) == 1) {
459
      print '<pre>'. $entry .'</pre>';
Dries's avatar
Dries committed
460
    }
461 462

    watchdog('php', t('%message in %file on line %line.', array('%error' => $types[$errno], '%message' => $message, '%file' => $filename, '%line' => $line)), WATCHDOG_ERROR);
Dries's avatar
Dries committed
463 464 465
  }
}

466
function _fix_gpc_magic(&$item) {
Dries's avatar
Dries committed
467
  if (is_array($item)) {
Kjartan's avatar
Kjartan committed
468 469 470
    array_walk($item, '_fix_gpc_magic');
  }
  else {
Kjartan's avatar
Kjartan committed
471
    $item = stripslashes($item);
472 473 474
  }
}

475 476 477 478
/**
 * Correct double-escaping problems caused by "magic quotes" in some PHP
 * installations.
 */
479 480
function fix_gpc_magic() {
  static $fixed = false;
481
  if (!$fixed && ini_get('magic_quotes_gpc')) {
Dries's avatar
Dries committed
482 483 484 485 486 487
    array_walk($_GET, '_fix_gpc_magic');
    array_walk($_POST, '_fix_gpc_magic');
    array_walk($_COOKIE, '_fix_gpc_magic');
    array_walk($_REQUEST, '_fix_gpc_magic');
    $fixed = true;
  }
488 489
}

490 491 492
/**
 * @name Conversion
 * @{
493
 * Converts data structures to different types.
494
 */
495 496 497 498

/**
 * Convert an associative array to an anonymous object.
 */
Dries's avatar
Dries committed
499 500
function array2object($array) {
  if (is_array($array)) {
501
    $object = new StdClass();
Dries's avatar
Dries committed
502
    foreach ($array as $key => $value) {
Dries's avatar
Dries committed
503 504 505 506
      $object->$key = $value;
    }
  }
  else {
Dries's avatar
Dries committed
507
    $object = $array;
Dries's avatar
Dries committed
508 509 510 511 512
  }

  return $object;
}

513 514 515
/**
 * Convert an object to an associative array.
 */
Dries's avatar
Dries committed
516 517 518
function object2array($object) {
  if (is_object($object)) {
    foreach ($object as $key => $value) {
Dries's avatar
Dries committed
519 520 521 522
      $array[$key] = $value;
    }
  }
  else {
Dries's avatar
Dries committed
523
    $array = $object;
Dries's avatar
Dries committed
524 525 526 527
  }

  return $array;
}
528

529

530 531 532
/**
 * @} End of "Conversion".
 */
Dries's avatar
Dries committed
533

534 535 536
/**
 * @name Messages
 * @{
537
 * Frequently used messages.
538
 */
539 540 541 542

/**
 * Return a string with a "not applicable" message.
 */
Dries's avatar
Dries committed
543
function message_na() {
544
  return t('n/a');
Dries's avatar
Dries committed
545 546
}

547 548 549
/**
 * @} End of "Messages".
 */
Dries's avatar
Dries committed
550

551 552 553
/**
 * Initialize the localization system.
 */
554 555
function locale_initialize() {
  global $user;
556 557 558 559 560

  if (function_exists('i18n_get_lang')) {
    return i18n_get_lang();
  }

561 562 563 564 565
  if (function_exists('locale')) {
    $languages = locale_supported_languages();
    $languages = $languages['name'];
  }
  else {
566 567 568
    // Ensure the locale/language is correctly returned, even without locale.module.
    // Useful for e.g. XML/HTML 'lang' attributes.
    $languages = array('en' => 'English');
569
  }
570
  if ($user->uid && isset($languages[$user->language])) {
571 572 573 574 575
    return $user->language;
  }
  else {
    return key($languages);
  }
576 577
}

578
/**
579
 * Translate strings to the current locale.
580
 *
581
 * When using t(), try to put entire sentences and strings in one t() call.
582 583 584 585
 * This makes it easier for translators. HTML markup within translation strings
 * is acceptable, if necessary. The suggested syntax for a link embedded
 * within a translation string is:
 * @code
586 587 588
 *   $msg = t('You must log in below or <a href="%url">create a new
 *             account</a> before viewing the next page.', array('%url'
 *             => url('user/register')));
589
 * @endcode
590 591 592
 * We suggest the same syntax for links to other sites. This makes it easy to
 * change link URLs if needed (which happens often) without requiring updates
 * to translations.
593
 *
594
 * @param $string
595
 *   A string containing the English string to translate.
596 597
 * @param $args
 *   An associative array of replacements to make after translation. Incidences
598
 *   of any key in this array are replaced with the corresponding value.
599 600
 * @return
 *   The translated string.
601
 */
602
function t($string, $args = 0) {
603 604 605 606
  global $locale;
  if (function_exists('locale') && $locale != 'en') {
    $string = locale($string);
  }
607

608 609
  if (!$args) {
    return $string;
Kjartan's avatar
Kjartan committed
610 611
  }
  else {
612 613
    return strtr($string, $args);
  }
614 615
}

616
/**
617
 * Encode special characters in a plain-text string for display as HTML.
618
 */
619
function check_plain($text) {
620
  return htmlspecialchars($text, ENT_QUOTES);
621 622
}

623
/**
624
 * @defgroup validation Input validation
625
 * @{
626
 * Functions to validate user input.
627 628
 */

629
/**
630 631 632
 * Verify the syntax of the given e-mail address.
 *
 * Empty e-mail addresses are allowed. See RFC 2822 for details.
633
 *
634 635
 * @param $mail
 *   A string containing an email address.
636
 * @return
637
 *   TRUE if the address is in a valid format.
638
 */
639
function valid_email_address($mail) {
640
  $user = '[a-zA-Z0-9_\-\.\+\^!#\$%&*+\/\=\?\`\|\{\}~\']+';
641
  $domain = '(?:(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.?)+';
642 643 644
  $ipv4 = '[0-9]{1,3}(\.[0-9]{1,3}){3}';
  $ipv6 = '[0-9a-fA-F]{1,4}(\:[0-9a-fA-F]{1,4}){7}';

Dries's avatar
Dries committed
645
  return preg_match("/^$user@($domain|(\[($ipv4|$ipv6)\]))$/", $mail);
646 647
}

648 649 650
/**
 * Verify the syntax of the given URL.
 *
651
 * @param $url
652
 *   The URL to verify.
653
 * @param $absolute
654
 *   Whether the URL is absolute (beginning with a scheme such as "http:").
655
 * @return
656
 *   TRUE if the URL is in a valid format.
657
 */
658
function valid_url($url, $absolute = FALSE) {
659
  $allowed_characters = '[a-z0-9\/:_\-_\.\?\$,~=#&%\+]';
660
  if ($absolute) {
661
    return preg_match("/^(http|https|ftp):\/\/". $allowed_characters ."+$/i", $url);
662 663
  }
  else {
664
    return preg_match("/^". $allowed_characters ."+$/i", $url);
665
  }
666 667
}

668 669 670 671 672 673 674 675 676 677
/**
 * Validate data input by a user.
 *
 * Ensures that user data cannot be used to perform attacks on the site.
 *
 * @param $data
 *   The input to check.
 * @return
 *   TRUE if the input data is acceptable.
 */
678 679
function valid_input_data($data) {
  if (is_array($data) || is_object($data)) {
680
    // Form data can contain a number of nested arrays.
681
    foreach ($data as $key => $value) {
Dries's avatar
Dries committed
682
      if (!valid_input_data($key) || !valid_input_data($value)) {
683
        return FALSE;
684 685 686
      }
    }
  }
Dries's avatar
Dries committed
687
  else if (isset($data)) {
688
    // Detect dangerous input data.
689

690 691 692
    // Decode all normal character entities.
    $data = decode_entities($data, array('<', '&', '"'));

693 694 695 696
    // Check strings:
    $match  = preg_match('/\Wjavascript\s*:/i', $data);
    $match += preg_match('/\Wexpression\s*\(/i', $data);
    $match += preg_match('/\Walert\s*\(/i', $data);
697

698
    // Check attributes:
699 700
    $match += preg_match("/\W(dynsrc|datasrc|data|lowsrc|on[a-z]+)\s*=[^>]+?>/i", $data);

701
    // Check tags:
702 703 704
    $match += preg_match("/<\s*(applet|script|object|style|embed|form|blink|meta|html|frame|iframe|layer|ilayer|head|frameset|xml)/i", $data);

    if ($match) {
705
      watchdog('security', t('Terminated request because of suspicious input data: %data.', array('%data' => theme('placeholder', $data))));
706
      return FALSE;
707 708 709
    }
  }

710
  return TRUE;
711
}
712 713 714
/**
 * @} End of "defgroup validation".
 */
715

716 717 718 719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 735 736 737 738 739 740 741 742
/**
 * Register an event for the current visitor (hostname/IP) to the flood control mechanism.
 *
 * @param $name
 *   The name of the event.
 */
function flood_register_event($name) {
  db_query("INSERT INTO {flood} (event, hostname, timestamp) VALUES ('%s', '%s', %d)", $name, $_SERVER['REMOTE_ADDR'], time());
}

/**
 * Check if the current visitor (hostname/IP) is allowed to proceed with the specified event.
 * The user is allowed to proceed if he did not trigger the specified event more than
 * $threshold times per hour.
 *
 * @param $name
 *   The name of the event.
 * @param $number
 *   The maximum number of the specified event per hour (per visitor).
 * @return
 *   True if the user did not exceed the hourly threshold.  False otherwise.
 */
function flood_is_allowed($name, $threshold) {
  $number = db_num_rows(db_query("SELECT event FROM {flood} WHERE event = '%s' AND hostname = '%s' AND timestamp > %d", $name, $_SERVER['REMOTE_ADDR'], time() - 3600));
  return ($number < $threshold ? TRUE : FALSE);
}

743 744
function check_file($filename) {
  return is_uploaded_file($filename);
Dries's avatar
Dries committed
745 746
}

747
/**
748
 * @defgroup format Formatting
749
 * @{
750
 * Functions to format numbers, strings, dates, etc.
751 752
 */

753 754 755 756 757 758
/**
 * Formats an RSS channel.
 *
 * Arbitrary elements may be added using the $args associative array.
 */
function format_rss_channel($title, $link, $description, $items, $language = 'en', $args = array()) {
Dries's avatar
Dries committed
759 760
  // arbitrary elements may be added using the $args associative array

Dries's avatar
Dries committed
761
  $output = "<channel>\n";
762 763 764 765
  $output .= ' <title>'. check_plain($title) ."</title>\n";
  $output .= ' <link>'. check_url($link) ."</link>\n";
  $output .= ' <description>'. check_plain($description) ."</description>\n";
  $output .= ' <language>'. check_plain($language) ."</language>\n";
Dries's avatar
Dries committed
766
  foreach ($args as $key => $value) {
767
    $output .= ' <'. $key .'>'. check_plain($value) ."</$key>\n";
Dries's avatar
Dries committed
768
  }
Dries's avatar
Dries committed
769 770 771 772 773 774
  $output .= $items;
  $output .= "</channel>\n";

  return $output;
}

775 776 777 778 779
/**
 * Format a single RSS item.
 *
 * Arbitrary elements may be added using the $args associative array.
 */
Dries's avatar
Dries committed
780
function format_rss_item($title, $link, $description, $args = array()) {
Dries's avatar
Dries committed
781
  $output = "<item>\n";
782 783 784
  $output .= ' <title>'. check_plain($title) ."</title>\n";
  $output .= ' <link>'. check_url($link) ."</link>\n";
  $output .= ' <description>'. check_plain($description) ."</description>\n";
Dries's avatar
Dries committed
785
  foreach ($args as $key => $value) {
786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801
    if (is_array($value)) {
      if ($value['key']) {
        $output .= ' <'. $value['key'];
        if (is_array($value['attributes'])) {
          $output .= drupal_attributes($value['attributes']);
        }

        if ($value['value']) {
          $output .= '>'. $value['value'] .'</'. $value['key'] .">\n";
        }
        else {
          $output .= " />\n";
        }
      }
    }
    else {
802
      $output .= ' <'. $key .'>'. check_plain($value) ."</$key>\n";
803
    }
Dries's avatar
Dries committed
804
  }
Dries's avatar
Dries committed
805 806 807 808 809
  $output .= "</item>\n";

  return $output;
}

810
/**
811
 * Format a string containing a count of items.
812
 *
813 814 815 816 817 818 819 820 821 822 823 824 825 826
 * This function ensures that the string is pluralized correctly. Since t() is
 * called by this function, make sure not to pass already-localized strings to it.
 *
 * @param $count
 *   The item count to display.
 * @param $singular
 *   The string for the singular case. Please make sure it is clear this is
 *   singular, to ease translation (e.g. use "1 new comment" instead of "1 new").
 * @param $plural
 *   The string for the plural case. Please make sure it is clear this is plural,
 *   to ease translation. Use %count in place of the item count, as in "%count
 *   new comments".
 * @return
 *   A translated string.
827
 */
Dries's avatar
Dries committed
828
function format_plural($count, $singular, $plural) {
829
  if ($count == 1) return t($singular, array("%count" => $count));
830 831

  // get the plural index through the gettext formula
832
  $index = (function_exists('locale_get_plural')) ? locale_get_plural($count) : -1;
833 834 835 836 837 838
  if ($index < 0) { // backward compatibility
    return t($plural, array("%count" => $count));
  }
  else {
    switch ($index) {
      case "0":
839
        return t($singular, array("%count" => $count));
840 841 842 843 844 845
      case "1":
        return t($plural, array("%count" => $count));
      default:
        return t(strtr($plural, array("%count" => '%count['. $index .']')), array('%count['. $index .']' => $count));
    }
  }
Dries's avatar
Dries committed
846 847
}

848
/**
849
 * Generate a string representation for the given byte count.
850
 *
851 852 853 854
 * @param $size
 *   The size in bytes.
 * @return
 *   A translated string representation of the size.
855
 */
Dries's avatar
Dries committed
856
function format_size($size) {
857
  $suffix = t('bytes');
858
  if ($size >= 1024) {
Dries's avatar
Dries committed
859
    $size = round($size / 1024, 2);
860
    $suffix = t('KB');
Dries's avatar
Dries committed
861
  }
862
  if ($size >= 1024) {
Dries's avatar
Dries committed
863
    $size = round($size / 1024, 2);
864
    $suffix = t('MB');
Dries's avatar
Dries committed
865
  }
866
  return t('%size %suffix', array('%size' => $size, '%suffix' => $suffix));
Dries's avatar
Dries committed
867 868
}

869
/**
870
 * Format a time interval with the requested granularity.
871
 *
872 873 874 875 876 877
 * @param $timestamp
 *   The length of the interval in seconds.
 * @param $granularity
 *   How many different units to display in the string.
 * @return
 *   A translated string representation of the interval.
878
 */
879
function format_interval($timestamp, $granularity = 2) {
880
  $units = array('1 year|%count years' => 31536000, '1 week|%count weeks' => 604800, '1 day|%count days' => 86400, '1 hour|%count hours' => 3600, '1 min|%count min' => 60, '1 sec|%count sec' => 1);
881
  $output = '';
882
  foreach ($units as $key => $value) {
883
    $key = explode('|', $key);
Dries's avatar
Dries committed
884
    if ($timestamp >= $value) {
885
      $output .= ($output ? ' ' : '') . format_plural(floor($timestamp / $value), $key[0], $key[1]);
Dries's avatar
Dries committed
886
      $timestamp %= $value;
887 888 889 890 891
      $granularity--;
    }

    if ($granularity == 0) {
      break;
Dries's avatar
Dries committed
892 893
    }
  }
894
  return $output ? $output : t('0 sec');
Dries's avatar
Dries committed
895 896
}

897
/**
898 899
 * Format a date with the given configured format or a custom format string.
 *
900 901 902 903
 * Drupal allows administrators to select formatting strings for 'small',
 * 'medium' and 'large' date formats. This function can handle these formats,
 * as well as any custom format.
 *
904 905 906 907 908 909
 * @param $timestamp
 *   The exact date to format, as a UNIX timestamp.
 * @param $type
 *   The format to use. Can be "small", "medium" or "large" for the preconfigured
 *   date formats. If "custom" is specified, then $format is required as well.
 * @param $format
910 911 912
 *   A PHP date format string as required by date(). A backslash should be used
 *   before a character to avoid interpreting the character as part of a date
 *   format.
913 914 915 916
 * @param $timezone
 *   Time zone offset in seconds; if omitted, the user's time zone is used.
 * @return
 *   A translated date string in the requested format.
917
 */
918 919 920
function format_date($timestamp, $type = 'medium', $format = '', $timezone = NULL) {
  if ($timezone === NULL) {
    global $user;
Steven Wittens's avatar
Steven Wittens committed
921 922 923 924 925 926
    if (variable_get('configurable_timezones', 1) && $user->uid && strlen($user->timezone)) {
      $timezone = $user->timezone;
    }
    else {
      $timezone = variable_get('date_default_timezone', 0);
    }
927
  }
Dries's avatar
Dries committed
928

929
  $timestamp += $timezone;
Dries's avatar
Dries committed
930 931

  switch ($type) {
932 933
    case 'small':
      $format = variable_get('date_format_short', 'm/d/Y - H:i');
Dries's avatar
Dries committed
934
      break;
935 936
    case 'large':
      $format = variable_get('date_format_long', 'l, F j, Y - H:i');
Dries's avatar
Dries committed
937
      break;
938
    case 'custom':
939
      // No change to format
Dries's avatar
Dries committed
940
      break;
941
    case 'medium':
Dries's avatar
Dries committed
942
    default:
943
      $format = variable_get('date_format_medium', 'D, m/d/Y - H:i');
944 945
  }

946
  $max = strlen($format);
947
  $date = '';
948 949
  for ($i = 0; $i < $max; $i++) {
    $c = $format{$i};
950
    if (strpos('AaDFlM', $c) !== false) {
951
      $date .= t(gmdate($c, $timestamp));
952
    }
953
    else if (strpos('BdgGhHiIjLmnsStTUwWYyz', $c) !== false) {
954 955 956 957
      $date .= gmdate($c, $timestamp);
    }
    else if ($c == 'r') {
      $date .= format_date($timestamp - $timezone, 'custom', 'D, d M Y H:i:s O', $timezone);
958
    }
959 960 961 962 963
    else if ($c == 'O') {
      $date .= sprintf('%s%02d%02d', ($timezone < 0 ? '-' : '+'), abs($timezone / 3600), abs($timezone % 3600) / 60);
    }
    else if ($c == 'Z') {
      $date .= $timezone;
964
    }
965 966 967
    else if ($c == '\\') {
      $date .= $format[++$i];
    }
968
    else {
969
      $date .= $c;
970
    }
Dries's avatar
Dries committed
971
  }
972

Dries's avatar
Dries committed
973 974 975
  return $date;
}

976 977 978
/**
 * @} End of "defgroup format".
 */
Dries's avatar
Dries committed
979

980 981 982 983 984 985 986 987 988 989 990 991 992 993 994 995 996 997 998
/**
 * Generate an internal Drupal URL.
 *
 * @param $path
 *   The Drupal path being linked to, such as "admin/node".
 * @param $query
 *   A query string to append to the link.
 * @param $fragment
 *   A fragment identifier (named anchor) to append to the link.
 * @param $absolute
 *   Whether to force the output to be an absolute link (beginning with http:).
 *   Useful for links that will be displayed outside the site, such as in an RSS feed.
 * @return
 *   an HTML string containing a link to the given path.
 *
 * When creating links in modules, consider whether l() could be a better
 * alternative than url().
 */
function url($path = NULL, $query = NULL, $fragment = NULL, $absolute = FALSE) {
999
  global $base_url;
Dries's avatar
Dries committed
1000

1001 1002 1003
  static $script;

  if (empty($script)) {
1004 1005 1006
    // On some web servers, such as IIS, we can't omit "index.php".  So, we
    // generate "index.php?q=foo" instead of "?q=foo" on anything that is not
    // Apache.
1007
    $script = (strpos($_SERVER['SERVER_SOFTWARE'], 'Apache') === false) ? 'index.php' : '';
1008
  }
1009

1010
  $path = drupal_get_path_alias($path);
1011

1012
  if (isset($fragment)) {
1013
    $fragment = '#'. $fragment;
1014 1015
  }

1016
  $base = ($absolute ? $base_url .'/' : '');
Dries's avatar
Dries committed
1017

1018 1019
  if (variable_get('clean_url', '0') == '0') {
    if (isset($path)) {
Dries's avatar
Dries committed
1020
      if (isset($query)) {
1021
        return $base . $script .'?q='. $path .'&'. $query . $fragment;
Dries's avatar
Dries committed
1022 1023
      }
      else {
1024
        return $base . $script .'?q='. $path . $fragment;
Dries's avatar
Dries committed
1025
      }
1026 1027
    }
    else {
Dries's avatar
Dries committed
1028
      if (isset($query)) {
1029
        return $base . $script .'?'. $query . $fragment;
Dries's avatar
Dries committed
1030 1031
      }
      else {
1032
        return $base . $fragment;
Dries's avatar
Dries committed
1033
      }
1034 1035 1036
    }
  }
  else {
1037
    if (isset($path)) {
Dries's avatar
Dries committed
1038
      if (isset($query)) {
1039
        return $base . $path .'?'. $query . $fragment;
Dries's avatar
Dries committed
1040 1041
      }
      else {
1042
        return $base . $path . $fragment;
Dries's avatar
Dries committed
1043
      }
1044
    }
1045
    else {
Dries's avatar
Dries committed
1046
      if (isset($query)) {
1047
        return $base . $script .'?'. $query . $fragment;
Dries's avatar
Dries committed
1048 1049
      }
      else {
1050
        return $base . $fragment;
Dries's avatar
Dries committed
1051
      }
1052
    }
1053
  }
1054 1055
}

1056 1057 1058 1059 1060 1061 1062 1063
/**
 * Format an attribute string to insert in a tag.
 *
 * @param $attributes
 *   An associative array of HTML attributes.
 * @return
 *   An HTML string ready for insertion in a tag.
 */
1064
function drupal_attributes($attributes = array()) {
1065
  if (is_array($attributes)) {