Translated using Weblate (Slovenian)
[phpmyadmin.git] / libraries / sanitizing.lib.php
blob92e27ca86bc4a2fc53bd3b3e8af48e5e767118e6
1 <?php
2 /* vim: set expandtab sw=4 ts=4 sts=4: */
3 /**
4 * This is in a separate script because it's called from a number of scripts
6 * @package PhpMyAdmin
7 */
8 if (! defined('PHPMYADMIN')) {
9 exit;
12 /**
13 * Checks whether given link is valid
15 * @param string $url URL to check
17 * @return boolean True if string can be used as link
19 function PMA_checkLink($url)
21 $valid_starts = array(
22 'http://',
23 'https://',
24 './url.php?url=http%3A%2F%2F',
25 './url.php?url=https%3A%2F%2F',
26 './doc/html/',
28 if (defined('PMA_SETUP')) {
29 $valid_starts[] = '?page=form&';
30 $valid_starts[] = '?page=servers&';
32 foreach ($valid_starts as $val) {
33 if (/*overload*/mb_substr($url, 0, /*overload*/mb_strlen($val)) == $val) {
34 return true;
37 return false;
40 /**
41 * Callback function for replacing [a@link@target] links in bb code.
43 * @param array $found Array of preg matches
45 * @return string Replaced string
47 function PMA_replaceBBLink($found)
49 /* Check for valid link */
50 if (! PMA_checkLink($found[1])) {
51 return $found[0];
53 /* a-z and _ allowed in target */
54 if (! empty($found[3]) && preg_match('/[^a-z_]+/i', $found[3])) {
55 return $found[0];
58 /* Construct target */
59 $target = '';
60 if (! empty($found[3])) {
61 $target = ' target="' . $found[3] . '"';
64 /* Construct url */
65 if (substr($found[1], 0, 4) == 'http') {
66 $url = PMA_linkURL($found[1]);
67 } else {
68 $url = $found[1];
71 return '<a href="' . $url . '"' . $target . '>';
74 /**
75 * Callback function for replacing [doc@anchor] links in bb code.
77 * @param array $found Array of preg matches
79 * @return string Replaced string
81 function PMA_replaceDocLink($found)
83 $anchor = $found[1];
84 if (strncmp('faq', $anchor, 3) == 0) {
85 $page = 'faq';
86 } else if (strncmp('cfg', $anchor, 3) == 0) {
87 $page = 'cfg';
88 } else {
89 /* Guess */
90 $page = 'setup';
92 $link = PMA_Util::getDocuLink($page, $anchor);
93 return '<a href="' . $link . '" target="documentation">';
96 /**
97 * Sanitizes $message, taking into account our special codes
98 * for formatting.
100 * If you want to include result in element attribute, you should escape it.
102 * Examples:
104 * <p><?php echo PMA_sanitize($foo); ?></p>
106 * <a title="<?php echo PMA_sanitize($foo, true); ?>">bar</a>
108 * @param string $message the message
109 * @param boolean $escape whether to escape html in result
110 * @param boolean $safe whether string is safe (can keep < and > chars)
112 * @return string the sanitized message
114 function PMA_sanitize($message, $escape = false, $safe = false)
116 if (!$safe) {
117 $message = strtr($message, array('<' => '&lt;', '>' => '&gt;'));
120 /* Interpret bb code */
121 $replace_pairs = array(
122 '[em]' => '<em>',
123 '[/em]' => '</em>',
124 '[strong]' => '<strong>',
125 '[/strong]' => '</strong>',
126 '[code]' => '<code>',
127 '[/code]' => '</code>',
128 '[kbd]' => '<kbd>',
129 '[/kbd]' => '</kbd>',
130 '[br]' => '<br />',
131 '[/a]' => '</a>',
132 '[/doc]' => '</a>',
133 '[sup]' => '<sup>',
134 '[/sup]' => '</sup>',
135 // used in common.inc.php:
136 '[conferr]' => '<iframe src="show_config_errors.php" />',
139 $message = strtr($message, $replace_pairs);
141 /* Match links in bb code ([a@url@target], where @target is options) */
142 $pattern = '/\[a@([^]"@]*)(@([^]"]*))?\]/';
144 /* Find and replace all links */
145 $message = preg_replace_callback($pattern, 'PMA_replaceBBLink', $message);
147 /* Replace documentation links */
148 $message = preg_replace_callback(
149 '/\[doc@([a-zA-Z0-9_-]+)\]/',
150 'PMA_replaceDocLink',
151 $message
154 /* Possibly escape result */
155 if ($escape) {
156 $message = htmlspecialchars($message);
159 return $message;
164 * Sanitize a filename by removing anything besides legit characters
166 * Intended usecase:
167 * When using a filename in a Content-Disposition header
168 * the value should not contain ; or "
170 * When exporting, avoiding generation of an unexpected double-extension file
172 * @param string $filename The filename
173 * @param boolean $replaceDots Whether to also replace dots
175 * @return string the sanitized filename
178 function PMA_sanitizeFilename($filename, $replaceDots = false)
180 $pattern = '/[^A-Za-z0-9_';
181 // if we don't have to replace dots
182 if (! $replaceDots) {
183 // then add the dot to the list of legit characters
184 $pattern .= '.';
186 $pattern .= '-]/';
187 $filename = preg_replace($pattern, '_', $filename);
188 return $filename;