search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Security fix - html escape sql error messages
[openemr.git] / library / translation.inc.php
blob8ceb0603c869c7874595563e22ca899e39f57cb5
1 <?php
2 include_once(dirname(__FILE__) . '/sql.inc'); // fixes vulnerability with register_globals
3 require_once(dirname(__FILE__) . '/formdata.inc.php');
4
5 // Translation function
6 // This is the translation engine
7 // Note that it is recommended to no longer use the mode, prepend, or append
8 // parameters, since this is not compatible with the htmlspecialchars() php
9 // function.
10 function xl($constant,$mode='r',$prepend='',$append='') {
11 // set language id
12 if (!empty($_SESSION['language_choice'])) {
13 $lang_id = $_SESSION['language_choice'];
14 }
15 else {
16 $lang_id = 1;
17 }
18
19 if ($lang_id == 1 && !empty($GLOBALS['skip_english_translation'])) {
20 // language id = 1, so no need to translate
21 // -- remove comments
22 $string = preg_replace('/\{\{.*\}\}/', '', $constant);
23 }
24 else {
25 // TRANSLATE
26 // first, clean lines
27 // convert new lines to spaces and remove windows end of lines
28 $patterns = array ('/\n/','/\r/');
29 $replace = array (' ','');
30 $constant = preg_replace($patterns, $replace, $constant);
31
32 // second, attempt translation
33 $sql="SELECT * FROM lang_definitions JOIN lang_constants ON " .
34 "lang_definitions.cons_id = lang_constants.cons_id WHERE " .
35 "lang_id='$lang_id' AND constant_name = '" .
36 add_escape_custom($constant) . "' LIMIT 1";
37 $res = sqlStatementNoLog($sql);
38 $row = SqlFetchArray($res);
39 $string = $row['definition'];
40 if ($string == '') { $string = "$constant"; }
41
42 // remove dangerous characters and remove comments
43 $patterns = array ('/\n/','/\r/','/"/',"/'/",'/\{\{.*\}\}/');
44 $replace = array (' ','','`','`','');
45 $string = preg_replace($patterns, $replace, $string);
46 }
47
48 $string = "$prepend" . "$string" . "$append";
49 if ($mode=='e') {
50 echo $string;
51 } else {
52 return $string;
53 }
54 }
55
56 // ----------- xl() function wrappers ------------------------------
57 //
58 // Use above xl() function the majority of time for translations. The
59 // below wrappers are only for specific situations in order to support
60 // granular control of translations in certain parts of OpenEMR.
61 // Wrappers:
62 // xl_list_label()
63 // xl_layout_label()
64 // xl_gacl_group()
65 // xl_form_title()
66 // xl_document_category()
67 // xl_appt_category()
68 //
69 // Added 5-09 by BM for translation of list labels (when applicable)
70 // Only translates if the $GLOBALS['translate_lists'] is set to true.
71 function xl_list_label($constant,$mode='r',$prepend='',$append='') {
72 if ($GLOBALS['translate_lists']) {
73 // TRANSLATE
74 if ($mode == "e") {
75 xl($constant,$mode,$prepend,$append);
76 }
77 else {
78 return xl($constant,$mode,$prepend,$append);
79 }
80 }
81 else {
82 // DO NOT TRANSLATE
83 if ($mode == "e") {
84 echo $prepend.$constant.$append;
85 }
86 else {
87 return $prepend.$constant.$append;
88 }
89 }
90 }
91 // Added 5-09 by BM for translation of layout labels (when applicable)
92 // Only translates if the $GLOBALS['translate_layout'] is set to true.
93 function xl_layout_label($constant,$mode='r',$prepend='',$append='') {
94 if ($GLOBALS['translate_layout']) {
95 // TRANSLATE
96 if ($mode == "e") {
97 xl($constant,$mode,$prepend,$append);
98 }
99 else {
100 return xl($constant,$mode,$prepend,$append);
101 }
102 }
103 else {
104 // DO NOT TRANSLATE
105 if ($mode == "e") {
106 echo $prepend.$constant.$append;
107 }
108 else {
109 return $prepend.$constant.$append;
110 }
111 }
112 }
113 // Added 6-2009 by BM for translation of access control group labels
114 // (when applicable)
115 // Only translates if the $GLOBALS['translate_gacl_groups'] is set to true.
116 function xl_gacl_group($constant,$mode='r',$prepend='',$append='') {
117 if ($GLOBALS['translate_gacl_groups']) {
118 // TRANSLATE
119 if ($mode == "e") {
120 xl($constant,$mode,$prepend,$append);
121 }
122 else {
123 return xl($constant,$mode,$prepend,$append);
124 }
125 }
126 else {
127 // DO NOT TRANSLATE
128 if ($mode == "e") {
129 echo $prepend.$constant.$append;
130 }
131 else {
132 return $prepend.$constant.$append;
133 }
134 }
135 }
136 // Added 6-2009 by BM for translation of patient form (notes) titles
137 // (when applicable)
138 // Only translates if the $GLOBALS['translate_form_titles'] is set to true.
139 function xl_form_title($constant,$mode='r',$prepend='',$append='') {
140 if ($GLOBALS['translate_form_titles']) {
141 // TRANSLATE
142 if ($mode == "e") {
143 xl($constant,$mode,$prepend,$append);
144 }
145 else {
146 return xl($constant,$mode,$prepend,$append);
147 }
148 }
149 else {
150 // DO NOT TRANSLATE
151 if ($mode == "e") {
152 echo $prepend.$constant.$append;
153 }
154 else {
155 return $prepend.$constant.$append;
156 }
157 }
158 }
159 //
160 // Added 6-2009 by BM for translation of document categories
161 // (when applicable)
162 // Only translates if the $GLOBALS['translate_document_categories'] is set to true.
163 function xl_document_category($constant,$mode='r',$prepend='',$append='') {
164 if ($GLOBALS['translate_document_categories']) {
165 // TRANSLATE
166 if ($mode == "e") {
167 xl($constant,$mode,$prepend,$append);
168 }
169 else {
170 return xl($constant,$mode,$prepend,$append);
171 }
172 }
173 else {
174 // DO NOT TRANSLATE
175 if ($mode == "e") {
176 echo $prepend.$constant.$append;
177 }
178 else {
179 return $prepend.$constant.$append;
180 }
181 }
182 }
183 //
184 // Added 6-2009 by BM for translation of appointment categories
185 // (when applicable)
186 // Only translates if the $GLOBALS['translate_appt_categories'] is set to true.
187 function xl_appt_category($constant,$mode='r',$prepend='',$append='') {
188 if ($GLOBALS['translate_appt_categories']) {
189 // TRANSLATE
190 if ($mode == "e") {
191 xl($constant,$mode,$prepend,$append);
192 }
193 else {
194 return xl($constant,$mode,$prepend,$append);
195 }
196 }
197 else {
198 // DO NOT TRANSLATE
199 if ($mode == "e") {
200 echo $prepend.$constant.$append;
201 }
202 else {
203 return $prepend.$constant.$append;
204 }
205 }
206 }
207 // ---------------------------------------------------------------------------
208
209 // ---------------------------------
210 // Miscellaneous language translation functions
211
212 // Function to return the title of a language from the id
213 // @param integer (language id)
214 // return string (language title)
215 function getLanguageTitle($val) {
216
217 // validate language id
218 if (!empty($val)) {
219 $lang_id = $val;
220 }
221 else {
222 $lang_id = 1;
223 }
224
225 // get language title
226 $res = sqlStatement("select lang_description from lang_languages where lang_id = '".$lang_id."'");
227 for ($iter = 0;$row = sqlFetchArray($res);$iter++) $result[$iter] = $row;
228 $languageTitle = $result[0]{"lang_description"};
229 return $languageTitle;
230 }
231
232 //----------------------------------
233
234 // ----------------------------------------------------------------------------
235 /**
236 HEADER HTML
237
238 shows some informations for pages html header
239
240 @param none
241 @return void
242 */
243 function html_header_show() {
244
245 // Below line was commented by the UTF-8 project on 05-2009 by BM.
246 // We commented this out since we are now standardizing encoding
247 // in the globals.php file.
248 // echo '<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> '."\n";
249 }
250
251
252 // ----------------------------------------------------------------------------
253 /**
254 * Returns a string padded to a certain length with another string.
255 *
256 * This method behaves exactly like str_pad but is multibyte safe.
257 *
258 * @param string $input The string to be padded.
259 * @param int $length The length of the resulting string.
260 * @param string $pad The string to pad the input string with. Must
261 * be in the same charset like the input string.
262 * @param const $type The padding type. One of STR_PAD_LEFT,
263 * STR_PAD_RIGHT, or STR_PAD_BOTH.
264 * @param string $charset The charset of the input and the padding
265 * strings.
266 *
267 * @return string The padded string.
268 */
269 function mb_strpad($input, $length, $pad = ' ', $type = STR_PAD_RIGHT, $charset = 'UTF-8') {
270 mb_internal_encoding($charset);
271 $mb_length = mb_strlen($input, $charset);
272 $sb_length = strlen($input);
273 $pad_length = mb_strlen($pad, $charset);
274
275 /* Return if we already have the length. */
276 if ($mb_length >= $length) {
277 return $input;
278 }
279
280 /* Shortcut for single byte strings. */
281 if ($mb_length == $sb_length && $pad_length == strlen($pad)) {
282 return str_pad($input, $length, $pad, $type);
283 }
284
285 switch ($type) {
286 case STR_PAD_LEFT:
287 $left = $length - $mb_length;
288 $output = mb_substr(str_repeat($pad, ceil($left / $pad_length)), 0, $left, $charset) . $input;
289 break;
290 case STR_PAD_BOTH:
291 $left = floor(($length - $mb_length) / 2);
292 $right = ceil(($length - $mb_length) / 2);
293 $output = mb_substr(str_repeat($pad, ceil($left / $pad_length)), 0, $left, $charset) .
294 $input .
295 mb_substr(str_repeat($pad, ceil($right / $pad_length)), 0, $right, $charset);
296 break;
297 case STR_PAD_RIGHT:
298 $right = $length - $mb_length;
299 $output = $input . mb_substr(str_repeat($pad, ceil($right / $pad_length)), 0, $right, $charset);
300 break;
301 }
302
303 return $output;
304 }
305 ?>
Mirror of official OpenEMR Sourceforge repository