2 /* vim: set expandtab sw=4 ts=4 sts=4: */
4 * This is in a separate script because it's called from a number of scripts
8 if (! defined('PHPMYADMIN')) {
13 * Checks whether given link is valid
15 * @param string $url URL to check
17 * @return boolean True if string can be used as link
19 function PMA_checkLink($url)
21 $valid_starts = array(
24 './url.php?url=http%3A%2F%2F',
25 './url.php?url=https%3A%2F%2F',
28 if (defined('PMA_SETUP')) {
29 $valid_starts[] = '?page=form&';
30 $valid_starts[] = '?page=servers&';
32 foreach ($valid_starts as $val) {
33 if (substr($url, 0, strlen($val)) == $val) {
41 * Callback function for replacing [a@link@target] links in bb code.
43 * @param array $found Array of preg matches
45 * @return string Replaced string
47 function PMA_replaceBBLink($found)
49 /* Check for valid link */
50 if (! PMA_checkLink($found[1])) {
53 /* a-z and _ allowed in target */
54 if (! empty($found[3]) && preg_match('/[^a-z_]+/i', $found[3])) {
58 /* Construct target */
60 if (! empty($found[3])) {
61 $target = ' target="' . $found[3] . '"';
65 if (substr($found[1], 0, 4) == 'http') {
66 $url = PMA_linkURL($found[1]);
71 return '<a href="' . $url . '"' . $target . '>';
75 * Callback function for replacing [doc@anchor] links in bb code.
77 * @param array $found Array of preg matches
79 * @return string Replaced string
81 function PMA_replaceDocLink($found)
84 if (strncmp('faq', $anchor, 3) == 0) {
86 } else if (strncmp('cfg', $anchor, 3) == 0) {
92 $link = PMA_Util
::getDocuLink($page, $anchor);
93 return '<a href="' . $link . '" target="documentation">';
97 * Sanitizes $message, taking into account our special codes
100 * If you want to include result in element attribute, you should escape it.
104 * <p><?php echo PMA_sanitize($foo); ?></p>
106 * <a title="<?php echo PMA_sanitize($foo, true); ?>">bar</a>
108 * @param string $message the message
109 * @param boolean $escape whether to escape html in result
110 * @param boolean $safe whether string is safe (can keep < and > chars)
112 * @return string the sanitized message
114 function PMA_sanitize($message, $escape = false, $safe = false)
117 $message = strtr($message, array('<' => '<', '>' => '>'));
120 /* Interpret bb code */
121 $replace_pairs = array(
124 '[strong]' => '<strong>',
125 '[/strong]' => '</strong>',
126 '[code]' => '<code>',
127 '[/code]' => '</code>',
129 '[/kbd]' => '</kbd>',
134 '[/sup]' => '</sup>',
135 // used in common.inc.php:
136 '[conferr]' => '<iframe src="show_config_errors.php" />',
139 $message = strtr($message, $replace_pairs);
141 /* Match links in bb code ([a@url@target], where @target is options) */
142 $pattern = '/\[a@([^]"@]*)(@([^]"]*))?\]/';
144 /* Find and replace all links */
145 $message = preg_replace_callback($pattern, 'PMA_replaceBBLink', $message);
147 /* Replace documentation links */
148 $message = preg_replace_callback(
149 '/\[doc@([a-zA-Z0-9_-]+)\]/',
150 'PMA_replaceDocLink',
154 /* Possibly escape result */
156 $message = htmlspecialchars($message);
164 * Sanitize a filename by removing anything besides legit characters
167 * When using a filename in a Content-Disposition header
168 * the value should not contain ; or "
170 * When exporting, avoiding generation of an unexpected double-extension file
172 * @param string $filename The filename
173 * @param boolean $replaceDots Whether to also replace dots
175 * @return string the sanitized filename
178 function PMA_sanitizeFilename($filename, $replaceDots = false)
180 $pattern = '/[^A-Za-z0-9_';
181 // if we don't have to replace dots
182 if (! $replaceDots) {
183 // then add the dot to the list of legit characters
187 $filename = preg_replace($pattern, '_', $filename);