search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Bug: Live query chart always zero
[phpmyadmin/tyronm.git] / libraries / sanitizing.lib.php
blobe92015027fef2ca6b6c3b314885231a9aaca8946
1 <?php
2 /* vim: set expandtab sw=4 ts=4 sts=4: */
3 /**
4 * This is in a separate script because it's called from a number of scripts
5 *
6 * @package phpMyAdmin
7 */
8
9 /**
10 * Checks whether given link is valid
11 *
12 * @param string $url URL to check
13 * @return boolean True if string can be used as link
14 */
15 function PMA_checkLink($url)
16 {
17 $valid_starts = array(
18 'http://',
19 'https://',
20 );
21 if (defined('PMA_SETUP')) {
22 $valid_starts[] = '../Documentation.html';
23 $valid_starts[] = '?page=form&';
24 } else {
25 $valid_starts[] = './Documentation.html';
26 }
27 foreach ($valid_starts as $val) {
28 if (substr($url, 0, strlen($val)) == $val) {
29 return true;
30 }
31 }
32 return false;
33 }
34
35 /**
36 * Callback function for replacing [a@link@target] links in bb code.
37 *
38 * @param array $found Array of preg matches
39 * @return string Replaced string
40 */
41 function PMA_replaceBBLink($found)
42 {
43 /* Check for valid link */
44 if (! PMA_checkLink($found[1])) {
45 return $found[0];
46 }
47 /* a-z and _ allowed in target */
48 if (! empty($found[3]) && preg_match('/[^a-z_]+/i', $found[3])) {
49 return $found[0];
50 }
51
52 /* Construct target */
53 $target = '';
54 if (! empty($found[3])) {
55 $target = ' target="' . $found[3] . '"';
56 }
57
58 /* Construct url */
59 if (substr($found[1], 0, 4) == 'http') {
60 $url = PMA_linkURL($found[1]);
61 } else {
62 $url = $found[1];
63 }
64
65 return '<a href="' . $url . '"' . $target . '>';
66 }
67
68 /**
69 * Sanitizes $message, taking into account our special codes
70 * for formatting.
71 *
72 * If you want to include result in element attribute, you should escape it.
73 *
74 * Examples:
75 *
76 * <p><?php echo PMA_sanitize($foo); ?></p>
77 *
78 * <a title="<?php echo PMA_sanitize($foo, true); ?>">bar</a>
79 *
80 * @param string $message the message
81 * @param boolean $escape whether to escape html in result
82 * @param boolean $safe whether string is safe (can keep < and > chars)
83 * @return string the sanitized message
84 */
85 function PMA_sanitize($message, $escape = false, $safe = false)
86 {
87 if (!$safe) {
88 $message = strtr($message, array('<' => '&lt;', '>' => '&gt;'));
89 }
90 /* Interpret bb code */
91 $replace_pairs = array(
92 '[i]' => '<em>', // deprecated by em
93 '[/i]' => '</em>', // deprecated by em
94 '[em]' => '<em>',
95 '[/em]' => '</em>',
96 '[b]' => '<strong>', // deprecated by strong
97 '[/b]' => '</strong>', // deprecated by strong
98 '[strong]' => '<strong>',
99 '[/strong]' => '</strong>',
100 '[tt]' => '<code>', // deprecated by CODE or KBD
101 '[/tt]' => '</code>', // deprecated by CODE or KBD
102 '[code]' => '<code>',
103 '[/code]' => '</code>',
104 '[kbd]' => '<kbd>',
105 '[/kbd]' => '</kbd>',
106 '[br]' => '<br />',
107 '[/a]' => '</a>',
108 '[sup]' => '<sup>',
109 '[/sup]' => '</sup>',
110 );
111 /* Adjust links for setup, which lives in subfolder */
112 if (defined('PMA_SETUP')) {
113 $replace_pairs['[a@Documentation.html'] = '[a@../Documentation.html';
114 } else {
115 $replace_pairs['[a@Documentation.html'] = '[a@./Documentation.html';
116 }
117 $message = strtr($message, $replace_pairs);
118
119 /* Match links in bb code ([a@url@target], where @target is options) */
120 $pattern = '/\[a@([^]"@]*)(@([^]"]*))?\]/';
121
122 /* Find and replace all links */
123 $message = preg_replace_callback($pattern, 'PMA_replaceBBLink', $message);
124
125 /* Possibly escape result */
126 if ($escape) {
127 $message = htmlspecialchars($message);
128 }
129
130 return $message;
131 }
132 ?>
New status page project for GSoC2011