/**
* JS concatenation subroutine.
*
* @param string|array $source_filename
* @param string $target_filename
* @return string
*/
public static function concatJS($source_filename, $target_filename)
{
$result = '';
if (!is_array($source_filename)) {
$source_filename = array($source_filename);
}
foreach ($source_filename as $filename) {
// Get the IE condition.
if (is_array($filename) && count($filename) >= 2) {
list($filename, $targetie) = $filename;
} else {
$targetie = null;
}
// Clean the content.
$content = utf8_clean(file_get_contents($filename));
// Wrap the content in an IE condition if there is one.
if ($targetie !== null) {
$content = 'if (' . self::convertIECondition($targetie) . ') {' . "\n\n" . trim($content) . ";\n\n" . '}';
}
// Append to the result string.
$original_filename = starts_with(\RX_BASEDIR, $filename) ? substr($filename, strlen(\RX_BASEDIR)) : $filename;
$result .= '/* Original file: ' . $original_filename . ' */' . "\n\n" . trim($content) . ";\n\n";
}
return $result;
}
/**
* utf8_strtoupper( )
*
* Make a UTF-8 string Upper Case
* @since 1.3
*
* @param string $str The input string
* @return string The string with all lower case chars turned to upper case
*/
function utf8_strtoupper($str)
{
static $table = null;
if (mbstring_loaded()) {
//Auto Removes Invalid UTF-8 Byte Sequances
return mb_strtoupper($str, 'UTF-8');
}
//Fallback
if (empty($table)) {
$table = utf8_case_table();
}
$str = utf8_clean($str);
return strtr($str, $table);
}
/**
* Get data of returned email
*
* @param string Prepared message text (without text after body terminator)
* @param string Full message text
* @param string Headers
* @return array ( 'address', 'errormsg', 'message', 'headers', 'errtype' )
*/
function dre_get_email_data($content, $message_text, $headers)
{
global $servertimenow;
// Extract emails from content:
$emails = utf8_strtolower(dre_get_emails($content));
// Get content between email and body terminator:
$content = dre_get_processing_content($content, $emails);
// Get Error info:
$error_info = dre_get_error_info($content);
$email_returned = array('address' => $emails, 'errormsg' => $error_info['text'], 'timestamp' => date2mysql($servertimenow), 'message' => htmlspecialchars(utf8_clean($message_text)), 'headers' => $headers, 'errtype' => $error_info['type']);
return $email_returned;
}
/**
* Sets a parameter with values from the request or to provided default,
* except if param is already set!
*
* Also removes magic quotes if they are set automatically by PHP.
* Also forces type.
* Priority order: POST, GET, COOKIE, DEFAULT.
*
* @todo when bad_request_die() gets called, the GLOBAL should not be left set to the invalid value!
* fp> Why? if the process dies anyway
*
* @param string Variable to set
* @param string Force value type to one of:
* - integer
* - float, double
* - string (strips (HTML-)Tags, trims whitespace)
* - text like string but allows multiple lines
* - array (it may contains arbitrary array elements) NOTE: If there is one way to avoid and use some other array type then it should not be used
* - array:integer (elements of array must be integer)
* - array:string (strips (HTML-)Tags, trims whitespace of array's elements)
* - array:/regexp/ (elements of array must match to the given regular expression) e.g. 'array:/^[a-z]*$/'
* - array:array:integer (two dimensional array and the elements must be integers)
* - array:array:string (strips (HTML-)Tags, trims whitespace of the two dimensional array's elements)
* - html (does nothing, for now)
* - raw (does nothing)
* - '' (does nothing) -- DEPRECATED, use "raw" instead
* - '/^...$/' check regexp pattern match (string)
* - boolean (will force type to boolean, but you can't use 'true' as a default since it has special meaning. There is no real reason to pass booleans on a URL though. Passing 0 and 1 as integers seems to be best practice).
* - url (like string but dies on illegal urls)
* Value type will be forced only if resulting value (probably from default then) is !== NULL
* @param mixed Default value or TRUE if user input required
* @param boolean Do we need to memorize this to regenerate the URL for this page?
* @param boolean Override if variable already set
* @param boolean Force setting of variable to default if no param is sent and var wasn't set before
* @param mixed true will refuse illegal values,
* false will try to convert illegal to legal values,
* 'allow_empty' will refuse illegal values but will always accept empty values (This helps blocking dirty spambots or borked index bots. Saves a lot of processor time by killing invalid requests)
* @return mixed Final value of Variable, or false if we don't force setting and did not set
*/
function param($var, $type = 'raw', $default = '', $memorize = false, $override = false, $use_default = true, $strict_typing = 'allow_empty')
{
global $Debuglog, $debug, $evo_charset, $io_charset;
// NOTE: we use $GLOBALS[$var] instead of $$var, because otherwise it would conflict with param names which are used as function params ("var", "type", "default", ..)!
/*
* STEP 1 : Set the variable
*
* Check if already set
* WARNING: when PHP register globals is ON, COOKIES get priority over GET and POST with this!!!
* dh> I never understood that comment.. does it refer to "variables_order" php.ini setting?
* fp> I guess
*/
if (!isset($GLOBALS[$var]) || $override) {
if (isset($_POST[$var])) {
$GLOBALS[$var] = remove_magic_quotes($_POST[$var]);
// if( isset($Debuglog) ) $Debuglog->add( 'param(-): '.$var.'='.$GLOBALS[$var].' set by POST', 'params' );
} elseif (isset($_GET[$var])) {
$GLOBALS[$var] = remove_magic_quotes($_GET[$var]);
// if( isset($Debuglog) ) $Debuglog->add( 'param(-): '.$var.'='.$GLOBALS[$var].' set by GET', 'params' );
} elseif (isset($_COOKIE[$var])) {
$GLOBALS[$var] = remove_magic_quotes($_COOKIE[$var]);
// if( isset($Debuglog) ) $Debuglog->add( 'param(-): '.$var.'='.$GLOBALS[$var].' set by COOKIE', 'params' );
} elseif ($default === true) {
bad_request_die(sprintf(T_('Parameter «%s» is required!'), $var));
} elseif ($use_default) {
// We haven't set any value yet and we really want one: use default:
if (in_array($type, array('array', 'array:integer', 'array:string', 'array:array:integer', 'array:array:string')) && $default === '') {
// Change default '' into array() (otherwise there would be a notice with settype() below)
$default = array();
}
$GLOBALS[$var] = $default;
// echo '<br>param(-): '.$var.'='.$GLOBALS[$var].' set by default';
// if( isset($Debuglog) ) $Debuglog->add( 'param(-): '.$var.'='.$GLOBALS[$var].' set by default', 'params' );
} else {
// param not found! don't set the variable.
// Won't be memorized nor type-forced!
return false;
}
} else {
// Variable was already set but we need to remove the auto quotes
$GLOBALS[$var] = remove_magic_quotes($GLOBALS[$var]);
// if( isset($Debuglog) ) $Debuglog->add( 'param(-): '.$var.' already set to ['.var_export($GLOBALS[$var], true).']!', 'params' );
}
if (isset($io_charset) && !empty($evo_charset)) {
$GLOBALS[$var] = convert_charset($GLOBALS[$var], $evo_charset, $io_charset);
}
// Check if the type is the special array or regexp
if (substr($type, 0, 7) == 'array:/') {
// It is an array type param which may contains elements mathcing to the given regular expression
$elements_regexp = substr($type, 6);
$elements_type = 'string';
$type = 'array:regexp';
}
/*
* STEP 2: make sure the data fits the expected type
*
* type will be forced even if it was set before and not overriden
*/
if (!empty($type) && $GLOBALS[$var] !== NULL) {
// Force the type
// echo "forcing type!";
switch ($type) {
case 'html':
// Technically does the same as "raw", but may do more in the future.
// Technically does the same as "raw", but may do more in the future.
case 'raw':
if (!is_scalar($GLOBALS[$var])) {
// This happens if someone uses "foo[]=x" where "foo" is expected as string
debug_die('param(-): <strong>' . $var . '</strong> is not scalar!');
}
// Clean utf8:
$GLOBALS[$var] = utf8_clean($GLOBALS[$var]);
// do nothing
if (isset($Debuglog)) {
$Debuglog->add('param(-): <strong>' . $var . '</strong> as RAW Unsecure HTML', 'params');
}
break;
case 'htmlspecialchars':
if (!is_scalar($GLOBALS[$var])) {
// This happens if someone uses "foo[]=x" where "foo" is expected as string
debug_die('param(-): <strong>' . $var . '</strong> is not scalar!');
}
// convert all html to special characters:
$GLOBALS[$var] = utf8_trim(htmlspecialchars($GLOBALS[$var], ENT_COMPAT, $evo_charset));
// cross-platform newlines:
$GLOBALS[$var] = preg_replace("~(\r\n|\r)~", "\n", $GLOBALS[$var]);
$Debuglog->add('param(-): <strong>' . $var . '</strong> as text with html special chars', 'params');
break;
case 'text':
if (!is_scalar($GLOBALS[$var])) {
// This happens if someone uses "foo[]=x" where "foo" is expected as string
debug_die('param(-): <strong>' . $var . '</strong> is not scalar!');
}
// strip out any html:
$GLOBALS[$var] = utf8_trim(utf8_strip_tags($GLOBALS[$var]));
// cross-platform newlines:
$GLOBALS[$var] = preg_replace("~(\r\n|\r)~", "\n", $GLOBALS[$var]);
$Debuglog->add('param(-): <strong>' . $var . '</strong> as text', 'params');
break;
case 'string':
if (!is_scalar($GLOBALS[$var])) {
// This happens if someone uses "foo[]=x" where "foo" is expected as string
debug_die('param(-): <strong>' . $var . '</strong> is not scalar!');
}
// echo $var, '=', $GLOBALS[$var], '<br />';
// Make sure the string is a single line
$GLOBALS[$var] = preg_replace('~\\r|\\n~', '', $GLOBALS[$var]);
// strip out any html:
$GLOBALS[$var] = utf8_strip_tags($GLOBALS[$var]);
// echo "param $var=".$GLOBALS[$var]."<br />\n";
$GLOBALS[$var] = utf8_trim($GLOBALS[$var]);
// echo "param $var=".$GLOBALS[$var]."<br />\n";
$Debuglog->add('param(-): <strong>' . $var . '</strong> as string', 'params');
break;
case 'url':
if (!is_scalar($GLOBALS[$var])) {
// This happens if someone uses "foo[]=x" where "foo" is expected as string
debug_die('param(-): <strong>' . $var . '</strong> is not scalar!');
}
// Decode url:
$GLOBALS[$var] = urldecode($GLOBALS[$var]);
// strip out any html:
$GLOBALS[$var] = utf8_trim(utf8_strip_tags($GLOBALS[$var]));
// Remove new line chars and double quote from url
$GLOBALS[$var] = preg_replace('~\\r|\\n|"~', '', $GLOBALS[$var]);
if (!empty($GLOBALS[$var]) && !preg_match('#^(/|\\?|https?://)#i', $GLOBALS[$var])) {
// We cannot accept this MISMATCH:
bad_request_die(sprintf(T_('Illegal value received for parameter «%s»!'), $var));
}
$Debuglog->add('param(-): <strong>' . $var . '</strong> as url', 'params');
break;
case 'array:integer':
case 'array:array:integer':
// Set elements type to integer, and set the corresponding regular expression
$elements_type = 'integer';
$elements_regexp = '/^(\\+|-)?[0-9]+$/';
case 'array':
case 'array:string':
case 'array:regexp':
case 'array:array:string':
if (!is_array($GLOBALS[$var])) {
// This param must be array
debug_die('param(-): <strong>' . $var . '</strong> is not array!');
}
// Store current array in temp var for checking and preparing
$globals_var = $GLOBALS[$var];
// Check if the given array type is one dimensional array
$one_dimensional = $type == 'array' || $type == 'array:integer' || $type == 'array:string' || $type == 'array:regexp';
// Check if the given array type should contains string elements
$contains_strings = $type == 'array:string' || $type == 'array:array:string';
if ($one_dimensional) {
// Convert to a two dimensional array to handle one and two dimensional arrays the same way
$globals_var = array($globals_var);
}
foreach ($globals_var as $i => $var_array) {
if (!is_array($var_array)) {
// This param must be array
// Note: In case of one dimensional array params this will never happen
debug_die('param(-): <strong>' . $var . '[' . $i . ']</strong> is not array!');
}
if ($type == 'array') {
// This param may contain any kind of elements we need to check and validate it recursively
$globals_var[$i] = param_check_general_array($var_array);
break;
}
foreach ($var_array as $j => $var_value) {
if (!is_scalar($var_value)) {
// This happens if someone uses "foo[][]=x" where "foo[]" is expected as string
debug_die('param(-): element of array <strong>' . $var . '</strong> is not scalar!');
}
if ($contains_strings) {
// Prepare string elements of array
// Make sure the string is a single line
$var_value = preg_replace('~\\r|\\n~', '', $var_value);
// strip out any html:
$globals_var[$i][$j] = utf8_trim(utf8_strip_tags($var_value));
continue;
}
if (isset($elements_regexp)) {
// Array contains elements which must match to the given regular expression
if (preg_match($elements_regexp, $var_value)) {
// OK match, set the corresponding type
settype($globals_var[$i][$j], $elements_type);
} else {
// No match, cannot accept this MISMATCH
// Note: In case of array:integer or array:regexp we always use strict typing for the array elements
bad_request_die(sprintf(T_('Illegal value received for parameter «%s»!'), $var));
}
}
}
}
if ($one_dimensional) {
// Extract real array from temp array
$globals_var = $globals_var[0];
}
// Restore current array with prepared data
$GLOBALS[$var] = $globals_var;
$Debuglog->add('param(-): <strong>' . $var . '</strong> as ' . $type, 'params');
if ($GLOBALS[$var] === array() && $strict_typing === false && $use_default) {
// We want to consider empty values as invalid and fall back to the default value:
$GLOBALS[$var] = $default;
}
break;
default:
if (utf8_substr($type, 0, 1) == '/') {
// We want to match against a REGEXP:
if (!is_scalar($GLOBALS[$var])) {
// This happens if someone uses "foo[]=x" where "foo" is expected as string
debug_die('param(-): <strong>' . $var . '</strong> is not scalar!');
} elseif (preg_match($type, $GLOBALS[$var])) {
// Okay, match
if (isset($Debuglog)) {
$Debuglog->add('param(-): <strong>' . $var . '</strong> matched against ' . $type, 'params');
}
} elseif ($strict_typing == 'allow_empty' && empty($GLOBALS[$var])) {
// No match but we accept empty value:
if (isset($Debuglog)) {
$Debuglog->add('param(-): <strong>' . $var . '</strong> is empty: ok', 'params');
}
} elseif ($strict_typing) {
// We cannot accept this MISMATCH:
bad_request_die(sprintf(T_('Illegal value received for parameter «%s»!'), $var));
} else {
// Fall back to default:
$GLOBALS[$var] = $default;
if (isset($Debuglog)) {
$Debuglog->add('param(-): <strong>' . $var . '</strong> DID NOT match ' . $type . ' set to default value=' . $GLOBALS[$var], 'params');
}
}
// From now on, consider this as a string: (we need this when memorizing)
$type = 'string';
} elseif ($GLOBALS[$var] === '') {
// Special handling of empty values.
if ($strict_typing === false && $use_default) {
// ADDED BY FP 2006-07-06
// We want to consider empty values as invalid and fall back to the default value:
$GLOBALS[$var] = $default;
} else {
// We memorize the empty value as NULL:
// fplanque> note: there might be side effects to this, but we need
// this to distinguish between 0 and 'no input'
// Note: we do this after regexps because we may or may not want to allow empty strings in regexps
$GLOBALS[$var] = NULL;
if (isset($Debuglog)) {
$Debuglog->add('param(-): <strong>' . $var . '</strong> set to NULL', 'params');
}
}
} else {
if ($strict_typing) {
// We want to make sure the value is valid:
$regexp = '';
switch ($type) {
case 'boolean':
$regexp = '/^(0|1|false|true)$/i';
break;
case 'integer':
$regexp = '/^(\\+|-)?[0-9]+$/';
break;
case 'float':
case 'double':
$regexp = '/^(\\+|-)?[0-9]+(.[0-9]+)?$/';
break;
default:
// Note: other types are not tested and they are not allowed without testing.
debug_die('Invalid parameter type!');
}
if ($strict_typing == 'allow_empty' && empty($GLOBALS[$var])) {
// We have an empty value and we accept it
// ok..
} elseif (!empty($regexp)) {
if ($type == 'boolean' && strtolower($GLOBALS[$var]) == 'false') {
// 'false' string must be interpreted as boolean false value
$GLOBALS[$var] = false;
} elseif (!is_scalar($GLOBALS[$var]) || !preg_match($regexp, $GLOBALS[$var])) {
// Value of scalar var does not match!
bad_request_die(sprintf(T_('Illegal value received for parameter «%s»!'), $var));
}
}
}
// Change the variable type:
settype($GLOBALS[$var], $type);
if (isset($Debuglog)) {
$Debuglog->add('param(-): <strong>' . var_export($var, true) . '</strong> typed to ' . $type . ', new value=' . var_export($GLOBALS[$var], true), 'params');
}
}
}
}
/*
* STEP 3: memorize the value for later url regeneration
*/
if ($memorize) {
// Memorize this parameter
memorize_param($var, $type, $default);
}
// echo $var, '(', gettype($GLOBALS[$var]), ')=', $GLOBALS[$var], '<br />';
return $GLOBALS[$var];
}
