"; $output .= " " . t($type) . ($item["user"] ? " - ". $item["user"] : "") ."". ($item["date"] ? " - ". format_date($item["date"], "small") : "") .""; $output .= "
"; } return $output; } /** * Render a generic search form. * * "Generic" means "universal usable" - that is, usable not only from * 'site.com/search', but also as a simple seach box (without * "Restrict search to", help text, etc) from theme's header etc. * This means: provide options to only conditionally render certain * parts of this form. * * @param $action Form action. Defaults to 'site.com/search'. * @param $keys string containing keywords for the search. * @param $options != 0: Render additional form fields/text * ("Restrict search to", help text, etc). */ function search_form($action = NULL, $keys = NULL, $options = NULL) { if (!$action) { $action = url("search"); } $output .= "
"; $output .= " \n"; if ($options != 0) { $output .= "
"; $output .= t("Restrict search to") .": "; foreach (module_list() as $name) { if (module_hook($name, "search")) { $output .= " ". t($name); } } } $form .= "
"; return form($output, "post", $action); } /* * Collect the search results: */ function search_data($keys = NULL) { $edit = $_POST["edit"]; if (isset($keys)) { foreach (module_list() as $name) { if (module_hook($name, "search") && (!$edit["type"] || $edit["type"][$name]) && ($result = module_invoke($name, "search", $keys))) { if ($name == "node" || $name == "comment") { $output .= "
". t("Matching ". $name ."s ranked in order of relevance") .":
"; } else { $output .= "". t("Matching ". $name ."s") .":
"; } foreach ($result as $entry) { $output .= search_item($entry, $name); } } } } return $output; } /** * Display the search form and the resulting data. * * @param $type If set, search only nodes of this type. * Otherwise, search all types. * @param $action Form action. Defaults to 'site.com/search'. * @param $query Query string. Defaults to global $keys. * @param $options != 0: Render additional form fields/text * ("Restrict search to", help text, etc). */ function search_type($type, $action = NULL, $keys = NULL, $options = NULL) { $_POST["edit"]["type"][$type] = "on"; return search_form($action, $keys, $options) . "". search_data($keys); } function drupal_goto($url) { /* ** Translate & to simply & */ $url = str_replace("&", "&", $url); /* ** It is advised to use "drupal_goto()" instead of PHP's "header()" as ** "drupal_goto()" will append the user's session ID to the URI when PHP ** is compiled with "--enable-trans-sid". */ if (!ini_get("session.use_trans_sid") || !session_id() || strstr($url, session_id())) { header("Location: $url"); } else { $sid = session_name() . "=" . session_id(); if (strstr($url, "?") && !strstr($url, $sid)) { header("Location: $url&". $sid); } else { header("Location: $url?". $sid); } } /* ** The "Location" header sends a REDIRECT status code to the http ** daemon. In some cases this can go wrong, so we make sure none ** of the code /below/ gets executed when we redirect. */ exit(); } /* ** Stores the referer in a persistent variable: */ function referer_save() { if (!strstr(referer_uri(), request_uri())) { $_SESSION["referer"] = referer_uri(); } } /* ** Restores the referer from a persistent variable: */ function referer_load() { if (isset($_SESSION["referer"])) { return $_SESSION["referer"]; } else { return 0; } } function valid_input_data($data) { if (is_array($data) || is_object($data)) { /* ** Form data can contain a number of nested arrays. */ foreach ($data as $key => $value) { if (!valid_input_data($value)) { return 0; } } } else { /* ** Detect evil input data. */ // check strings: $match = preg_match("/\Wjavascript\s*:/i", $data); $match += preg_match("/\Wexpression\s*\(/i", $data); $match += preg_match("/\Walert\s*\(/i", $data); // check attributes: $match += preg_match("/\W(dynsrc|datasrc|data|lowsrc|on[a-z]+)\s*=[^>]+?>/i", $data); // check tags: $match += preg_match("/<\s*(applet|script|object|style|embed|form|blink|meta|html|frame|iframe|layer|ilayer|head|frameset|xml)/i", $data); if ($match) { watchdog("warning", "terminated request because of suspicious input data: ". drupal_specialchars($data)); return 0; } } return 1; } function check_url($uri) { $uri = htmlspecialchars($uri, ENT_QUOTES); /* ** We replace ( and ) with their entity equivalents to prevent XSS ** attacks. */ $uri = strtr($uri, array("(" => "&040;", ")" => "&041;")); return $uri; } function check_form($text) { return drupal_specialchars($text, ENT_QUOTES); } function check_query($text) { return addslashes($text); } function filter($text) { $modules = module_list(); /* ** Make sure the HTML filters that are part of the node module ** are run first. */ if (in_array("node", $modules)) { $text = module_invoke("node", "filter", $text); } foreach ($modules as $name) { if (module_hook($name, "filter") && $name != "node") { $text = module_invoke($name, "filter", $text); } } return $text; } function rewrite_old_urls($text) { global $base_url; $end = substr($base_url, 12); /* ** This is a *temporary* filter to rewrite old-style URLs to new-style ** URLs (clean URLs). Currently, URLs are being rewritten dynamically ** (ie. "on output"), however when these rewrite rules have been tested ** enough, we will use them to permanently rewrite the links in node ** and comment bodies. */ if (variable_get("clean_url", "0") == "0") { /* ** Relative URLs: */ // rewrite 'node.php?id=
![]()
") == $text) {
$text = nl2br($text);
}
}
else {
$text = message_na();
}
return $text;
}
function check_file($filename) {
return is_uploaded_file($filename);
}
function format_rss_channel($title, $link, $description, $items, $language = "en", $args = array()) {
// arbitrary elements may be added using the $args associative array
$output .= "\n";
$output .= " ". drupal_specialchars(strip_tags($title)) ." \n";
$output .= " ". drupal_specialchars(strip_tags($link)) ."\n";
$output .= " ". drupal_specialchars($description) ." \n";
$output .= " ". drupal_specialchars(strip_tags($language)) ." \n";
foreach ($args as $key => $value) {
$output .= " <$key>". drupal_specialchars(strip_tags($value)) ."\n";
}
$output .= $items;
$output .= " \n";
return $output;
}
function format_rss_item($title, $link, $description, $args = array()) {
// arbitrary elements may be added using the $args associative array
$output .= "- \n";
$output .= "
". drupal_specialchars(strip_tags($title)) ." \n";
$output .= " ". drupal_specialchars(strip_tags($link)) ."\n";
$output .= " ". drupal_specialchars(check_output($description)) ." \n";
foreach ($args as $key => $value) {
$output .= "<$key>". drupal_specialchars(strip_tags($value)) ."";
}
$output .= " \n";
return $output;
}
/**
* Formats a string with a count of items so that the string is pluralized
* correctly.
* format_plural calls t() by itself, make sure not to pass already localized
* strings to it.
*
* @param $count The item count to display.
* @param $singular The string for the singular case. Please make sure it's clear
* this is singular, to ease translation. ("1 new comment" instead of
* "1 new").
* @param $plural The string for the plrual case. Please make sure it's clear
* this is plural, to ease translation. Use %count in places of the
* item count, as in "%count new comments".
*/
function format_plural($count, $singular, $plural) {
return t($count == 1 ? $singular : $plural, array("%count" => $count));
}
function format_size($size) {
$suffix = t("bytes");
if ($size > 1024) {
$size = round($size / 1024, 2);
$suffix = t("KB");
}
if ($size > 1024) {
$size = round($size / 1024, 2);
$suffix = t("MB");
}
return t("%size %suffix", array("%size" => $size, "%suffix" => $suffix));
}
function cache_get($key) {
$cache = db_fetch_object(db_query("SELECT data, created FROM {cache} WHERE cid = '%s'", $key));
return $cache->data ? $cache : 0;
}
function cache_set($cid, $data, $expire = 0) {
if (db_fetch_object(db_query("SELECT cid FROM {cache} WHERE cid = '%s'", $cid))) {
db_query("UPDATE {cache} SET data = '%s', created = %d, expire = %d WHERE cid = '%s'", $data, time(), $expire, $cid);
}
else {
db_query("INSERT INTO {cache} (cid, data, created, expire) VALUES('%s', '%s', %d, %d)", $cid, $data, time(), $expire);
}
}
function cache_clear_all($cid = NULL) {
if (empty($cid)) {
db_query("DELETE FROM {cache} WHERE expire <> 0");
}
else {
db_query("DELETE FROM {cache} WHERE cid = '%s'", $cid);
}
}
function page_set_cache() {
global $user;
if (!$user->uid && $_SERVER["REQUEST_METHOD"] == "GET") {
if ($data = ob_get_contents()) {
cache_set(request_uri(), $data, 1);
}
}
}
function page_get_cache() {
global $user;
$cache = NULL;
if (!$user->uid && $_SERVER["REQUEST_METHOD"] == "GET") {
$cache = cache_get(request_uri());
if (empty($cache)) {
ob_start();
}
}
return $cache;
}
function format_interval($timestamp) {
$units = array("1 year|%count years" => 31536000, "1 week|%count weeks" => 604800, "1 day|%count days" => 86400, "1 hour|%count hours" => 3600, "1 min|%count min" => 60, "1 sec|%count sec" => 1);
foreach ($units as $key=>$value) {
$key = explode("|", $key);
if ($timestamp >= $value) {
$output .= ($output ? " " : "") . format_plural(floor($timestamp / $value), $key[0], $key[1]);
$timestamp %= $value;
}
}
return ($output) ? $output : t("0 sec");
}
function format_date($timestamp, $type = "medium", $format = "") {
global $user;
$timestamp += ($user->timezone) ? $user->timezone - date("Z") : 0;
switch ($type) {
case "small":
$format = variable_get("date_format_short", "m/d/Y - H:i");
break;
case "large":
$format = variable_get("date_format_long", "l, F j, Y - H:i");
break;
case "custom":
// No change to format
break;
case "medium":
default:
$format = variable_get("date_format_medium", "D, m/d/Y - H:i");
}
for ($i = strlen($format); $i >= 0; $c = $format[--$i]) {
if (strstr("DFlMSw", $c)) {
$date = t(date($c, $timestamp)) . $date;
}
else if (strstr("AaBdgGhHiIjLmnOrstTUWYyZz", $c)) {
$date = date($c, $timestamp) . $date;
}
else {
$date = $c.$date;
}
}
return $date;
}
function format_name($object) {
if ($object->uid && $object->name) {
/*
** Shorten the name when it is too long or it will break many
** tables.
*/
if (strlen($object->name) > 20) {
$name = substr($object->name, 0, 15) ."...";
}
else {
$name = $object->name;
}
if (arg(0) == "admin") {
$output = l($name, "admin/user/edit/$object->uid", array("title" => t("Administer user profile.")));
}
else {
$output = l($name, "user/view/$object->uid", array("title" => t("View user profile.")));
}
}
else if ($object->name) {
/*
** Sometimes modules display content composed by people who are
** not registers members of the site (i.e. mailing list or news
** aggregator modules). This clause enables modules to display
** the true author of the content.
*/
$output = $object->name;
}
else {
$output = t(variable_get("anonymous", "Anonymous"));
}
return $output;
}
function form($form, $method = "post", $action = 0, $options = 0) {
if (!$action) {
$action = request_uri();
}
return "\n";
}
function form_item($title, $value, $description = 0) {
return "". ($title ? "$title:" : "") . $value . ($description ? "$description" : "") ."\n";
}
function form_radio($title, $name, $value = 1, $checked = 0, $description = 0, $attributes = 0) {
return form_item(0, " $title", $description);
}
function form_checkbox($title, $name, $value = 1, $checked = 0, $description = 0, $attributes = 0) {
return form_hidden($name, 0) . form_item(0, " $title", $description);
}
function form_textfield($title, $name, $value, $size, $maxlength, $description = 0, $attributes = 0) {
$size = $size ? " size=\"$size\"" : "";
return form_item($title, "", $description);
}
function form_password($title, $name, $value, $size, $maxlength, $description = 0, $attributes = 0) {
$size = $size ? " size=\"$size\"" : "";
return form_item($title, "", $description);
}
function form_textarea($title, $name, $value, $cols, $rows, $description = 0, $attributes = 0) {
$cols = $cols ? " cols=\"$cols\"" : "";
module_invoke_all("textarea", $name); // eg. optionally plug in a WYSIWYG editor
return form_item($title, "", $description);
}
function form_select($title, $name, $value, $options, $description = 0, $extra = 0, $multiple = 0) {
if (count($options) > 0) {
foreach ($options as $key=>$choice) {
$select .= "";
}
return form_item($title, "", $description);
}
}
function form_radios($title, $name, $value, $options, $description = 0) {
if (count($options) > 0) {
foreach ($options as $key=>$choice) {
$output .= form_radio($choice, $name, $key, ($key == $value));
}
return form_item($title, $output, $description);
}
}
function form_file($title, $name, $size, $description = 0) {
return form_item($title, "\n", $description);
}
function form_hidden($name, $value) {
return "\n";
}
function form_submit($value, $name = "op", $attributes = 0) {
return "\n";
}
function form_weight($title = NULL, $name = "weight", $value = 0, $delta = 10, $description = 0, $extra = 0) {
for ($n = (-1 * $delta); $n <= $delta; $n++) {
$weights[$n] = $n;
}
return form_select($title, $name, $value, $weights, $description, $extra);
}
function form_allowed_tags_text() {
return variable_get("allowed_html", "") ? (t("Allowed HTML tags") .": ". htmlspecialchars(variable_get("allowed_html", ""))) : "";
}
/**
* Given an old url, return the alias.
*/
function drupal_get_path_alias($path) {
$map = drupal_get_path_map();
if ($map) {
return array_search($path, $map);
}
}
/**
* Given an alias, return the default url.
*/
function drupal_get_normal_path($path) {
$map = drupal_get_path_map();
return $map[$path];
}
function url($url = NULL, $query = NULL) {
global $base_url;
static $script;
if (empty($script)) {
/*
** On some webservers such as IIS we can't omit "index.php". As such we
** generate "index.php?q=foo" instead of "?q=foo" on anything that is not
** Apache.
*/
$script = (strpos($_SERVER["SERVER_SOFTWARE"], "Apache") === false) ? "index.php" : "";
}
if ($alias = drupal_get_path_alias($url)) {
$url = $alias;
}
if (variable_get("clean_url", "0") == "0") {
if (isset($url)) {
if (isset($query)) {
return "$base_url/$script?q=$url&$query";
}
else {
return "$base_url/$script?q=$url";
}
}
else {
if (isset($query)) {
return "$base_url/$script?$query";
}
else {
return "$base_url/";
}
}
}
else {
if (isset($url)) {
if (isset($query)) {
return "$base_url/$url?$query";
}
else {
return "$base_url/$url";
}
}
else {
if (isset($query)) {
return "$base_url/$script?$query";
}
else {
return "$base_url/";
}
}
}
}
function drupal_attributes($attributes = 0) {
if (is_array($attributes)) {
$t = array();
foreach ($attributes as $key => $value) {
$t[] = "$key=\"$value\"";
}
return " ". implode($t, " ");
}
}
function l($text, $url, $attributes = array(), $query = NULL) {
return "$text";
}
function field_get($string, $name) {
ereg(",?$name=([^,]+)", ", $string", $regs);
return $regs[1];
}
function field_set($string, $name, $value) {
$rval = ereg_replace(",$name=[^,]+", "", ",$string");
if (isset($value)) {
$rval .= ($rval == "," ? "" : ",") ."$name=$value";
}
return substr($rval, 1);
}
function link_page() {
global $custom_links;
if (is_array($custom_links)) {
return $custom_links;
}
else {
$links = module_invoke_all("link", "page");
array_unshift($links, l(t("home"), "", array("title" => t("Return to the main page."))));
return $links;
}
}
function link_node($node, $main = 0) {
return module_invoke_all("link", "node", $node, $main);
}
function timer_start() {
global $timer;
list($usec, $sec) = explode(" ", microtime());
$timer = (float)$usec + (float)$sec;
}
function drupal_page_header() {
if (variable_get("dev_timer", 0)) {
timer_start();
}
if (variable_get("cache", 0)) {
if ($cache = page_get_cache()) {
// Set default values:
$date = gmdate("D, d M Y H:i:s", $cache->created) ." GMT";
$etag = '"'. md5($date) .'"';
// Check http headers:
$modified_since = isset($_SERVER["HTTP_IF_MODIFIED_SINCE"]) ? $_SERVER["HTTP_IF_MODIFIED_SINCE"] == $date : NULL;
$none_match = isset($_SERVER["HTTP_IF_NONE_MATCH"]) ? $_SERVER["HTTP_IF_NONE_MATCH"] == $etag : NULL;
// The type checking here is very important, be careful when changing entries.
if (($modified_since !== NULL || $none_match !== NULL) && $modified_since !== false && $none_match !== false) {
header("HTTP/1.0 304 Not Modified");
exit();
}
// Send appropriate response:
header("Last-Modified: $date");
header("ETag: $etag");
print $cache->data;
/*
** A hook for modules where modules may take action at the end of a
** request good uses include setting a cache, page logging, etc.
*/
module_invoke_all("exit");
exit();
}
}
/*
** Putting the check here avoids SQL query overhead in case we are
** serving cached pages. The downside, however, is that the init
** hooks might use unchecked data.
*/
if (!user_access("bypass input data check")) {
if (!valid_input_data($_REQUEST)) {
die("terminated request because of suspicious input data");
}
}
}
function drupal_page_footer() {
if (variable_get("cache", 0)) {
page_set_cache();
}
/*
** A hook for modules where modules may take action at the end of a
** request good uses include setting a cache, page logging, etc.
*/
module_invoke_all("exit");
}
unset($conf);
$config = conf_init();
include_once "includes/$config.php";
include_once "includes/database.inc";
include_once "includes/module.inc";
include_once "includes/theme.inc";
include_once "includes/pager.inc";
include_once "includes/menu.inc";
include_once "includes/xmlrpc.inc";
include_once "includes/tablesort.inc";
// initialize configuration variables, using values from conf.php if available:
$conf = variable_init(isset($conf) ? $conf : array());
// set error handler:
set_error_handler("error_handler");
// spit out the correct charset http header
header("Content-Type: text/html; charset=utf-8");
// initialize the _GET["q"] prior to loading the modules and invoking their 'init' hook:
if (!empty($_GET["q"])) {
if ($path = drupal_get_normal_path(trim($_GET["q"], "/"))) {
$_GET["q"] = $path;
}
}
else {
$_GET["q"] = variable_get("site_frontpage", "node");
}
// initialize installed modules:
module_init();
// initialize localization system:
$locale = locale_init();
// initialize theme:
$theme = theme_init();
?>