Common.php 21 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857
  1. <?php
  2. /**
  3. * CodeIgniter
  4. *
  5. * An open source application development framework for PHP
  6. *
  7. * This content is released under the MIT License (MIT)
  8. *
  9. * Copyright (c) 2014 - 2016, British Columbia Institute of Technology
  10. *
  11. * Permission is hereby granted, free of charge, to any person obtaining a copy
  12. * of this software and associated documentation files (the "Software"), to deal
  13. * in the Software without restriction, including without limitation the rights
  14. * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
  15. * copies of the Software, and to permit persons to whom the Software is
  16. * furnished to do so, subject to the following conditions:
  17. *
  18. * The above copyright notice and this permission notice shall be included in
  19. * all copies or substantial portions of the Software.
  20. *
  21. * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
  22. * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  23. * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
  24. * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
  25. * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
  26. * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
  27. * THE SOFTWARE.
  28. *
  29. * @package CodeIgniter
  30. * @author EllisLab Dev Team
  31. * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/)
  32. * @copyright Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/)
  33. * @license http://opensource.org/licenses/MIT MIT License
  34. * @link https://codeigniter.com
  35. * @since Version 1.0.0
  36. * @filesource
  37. */
  38. defined('BASEPATH') OR exit('No direct script access allowed');
  39. /**
  40. * Common Functions
  41. *
  42. * Loads the base classes and executes the request.
  43. *
  44. * @package CodeIgniter
  45. * @subpackage CodeIgniter
  46. * @category Common Functions
  47. * @author EllisLab Dev Team
  48. * @link https://codeigniter.com/user_guide/
  49. */
  50. // ------------------------------------------------------------------------
  51. if ( ! function_exists('is_php'))
  52. {
  53. /**
  54. * Determines if the current version of PHP is equal to or greater than the supplied value
  55. *
  56. * @param string
  57. * @return bool TRUE if the current version is $version or higher
  58. */
  59. function is_php($version)
  60. {
  61. static $_is_php;
  62. $version = (string) $version;
  63. if ( ! isset($_is_php[$version]))
  64. {
  65. $_is_php[$version] = version_compare(PHP_VERSION, $version, '>=');
  66. }
  67. return $_is_php[$version];
  68. }
  69. }
  70. // ------------------------------------------------------------------------
  71. if ( ! function_exists('is_really_writable'))
  72. {
  73. /**
  74. * Tests for file writability
  75. *
  76. * is_writable() returns TRUE on Windows servers when you really can't write to
  77. * the file, based on the read-only attribute. is_writable() is also unreliable
  78. * on Unix servers if safe_mode is on.
  79. *
  80. * @link https://bugs.php.net/bug.php?id=54709
  81. * @param string
  82. * @return bool
  83. */
  84. function is_really_writable($file)
  85. {
  86. // If we're on a Unix server with safe_mode off we call is_writable
  87. if (DIRECTORY_SEPARATOR === '/' && (is_php('5.4') OR ! ini_get('safe_mode')))
  88. {
  89. return is_writable($file);
  90. }
  91. /* For Windows servers and safe_mode "on" installations we'll actually
  92. * write a file then read it. Bah...
  93. */
  94. if (is_dir($file))
  95. {
  96. $file = rtrim($file, '/').'/'.md5(mt_rand());
  97. if (($fp = @fopen($file, 'ab')) === FALSE)
  98. {
  99. return FALSE;
  100. }
  101. fclose($fp);
  102. @chmod($file, 0777);
  103. @unlink($file);
  104. return TRUE;
  105. }
  106. elseif ( ! is_file($file) OR ($fp = @fopen($file, 'ab')) === FALSE)
  107. {
  108. return FALSE;
  109. }
  110. fclose($fp);
  111. return TRUE;
  112. }
  113. }
  114. // ------------------------------------------------------------------------
  115. if ( ! function_exists('load_class'))
  116. {
  117. /**
  118. * Class registry
  119. *
  120. * This function acts as a singleton. If the requested class does not
  121. * exist it is instantiated and set to a static variable. If it has
  122. * previously been instantiated the variable is returned.
  123. *
  124. * @param string the class name being requested
  125. * @param string the directory where the class should be found
  126. * @param string an optional argument to pass to the class constructor
  127. * @return object
  128. */
  129. function &load_class($class, $directory = 'libraries', $param = NULL)
  130. {
  131. static $_classes = array();
  132. // Does the class exist? If so, we're done...
  133. if (isset($_classes[$class]))
  134. {
  135. return $_classes[$class];
  136. }
  137. $name = FALSE;
  138. // Look for the class first in the local application/libraries folder
  139. // then in the native system/libraries folder
  140. foreach (array(APPPATH, BASEPATH) as $path)
  141. {
  142. if (file_exists($path.$directory.'/'.$class.'.php'))
  143. {
  144. $name = 'CI_'.$class;
  145. if (class_exists($name, FALSE) === FALSE)
  146. {
  147. require_once($path.$directory.'/'.$class.'.php');
  148. }
  149. break;
  150. }
  151. }
  152. // Is the request a class extension? If so we load it too
  153. if (file_exists(APPPATH.$directory.'/'.config_item('subclass_prefix').$class.'.php'))
  154. {
  155. $name = config_item('subclass_prefix').$class;
  156. if (class_exists($name, FALSE) === FALSE)
  157. {
  158. require_once(APPPATH.$directory.'/'.$name.'.php');
  159. }
  160. }
  161. // Did we find the class?
  162. if ($name === FALSE)
  163. {
  164. // Note: We use exit() rather than show_error() in order to avoid a
  165. // self-referencing loop with the Exceptions class
  166. set_status_header(503);
  167. echo 'Unable to locate the specified class: '.$class.'.php';
  168. exit(5); // EXIT_UNK_CLASS
  169. }
  170. // Keep track of what we just loaded
  171. is_loaded($class);
  172. $_classes[$class] = isset($param)
  173. ? new $name($param)
  174. : new $name();
  175. return $_classes[$class];
  176. }
  177. }
  178. // --------------------------------------------------------------------
  179. if ( ! function_exists('is_loaded'))
  180. {
  181. /**
  182. * Keeps track of which libraries have been loaded. This function is
  183. * called by the load_class() function above
  184. *
  185. * @param string
  186. * @return array
  187. */
  188. function &is_loaded($class = '')
  189. {
  190. static $_is_loaded = array();
  191. if ($class !== '')
  192. {
  193. $_is_loaded[strtolower($class)] = $class;
  194. }
  195. return $_is_loaded;
  196. }
  197. }
  198. // ------------------------------------------------------------------------
  199. if ( ! function_exists('get_config'))
  200. {
  201. /**
  202. * Loads the main config.php file
  203. *
  204. * This function lets us grab the config file even if the Config class
  205. * hasn't been instantiated yet
  206. *
  207. * @param array
  208. * @return array
  209. */
  210. function &get_config(Array $replace = array())
  211. {
  212. static $config;
  213. if (empty($config))
  214. {
  215. $file_path = APPPATH.'config/config.php';
  216. $found = FALSE;
  217. if (file_exists($file_path))
  218. {
  219. $found = TRUE;
  220. require($file_path);
  221. }
  222. // Is the config file in the environment folder?
  223. if (file_exists($file_path = APPPATH.'config/'.ENVIRONMENT.'/config.php'))
  224. {
  225. require($file_path);
  226. }
  227. elseif ( ! $found)
  228. {
  229. set_status_header(503);
  230. echo 'The configuration file does not exist.';
  231. exit(3); // EXIT_CONFIG
  232. }
  233. // Does the $config array exist in the file?
  234. if ( ! isset($config) OR ! is_array($config))
  235. {
  236. set_status_header(503);
  237. echo 'Your config file does not appear to be formatted correctly.';
  238. exit(3); // EXIT_CONFIG
  239. }
  240. }
  241. // Are any values being dynamically added or replaced?
  242. foreach ($replace as $key => $val)
  243. {
  244. $config[$key] = $val;
  245. }
  246. return $config;
  247. }
  248. }
  249. // ------------------------------------------------------------------------
  250. if ( ! function_exists('config_item'))
  251. {
  252. /**
  253. * Returns the specified config item
  254. *
  255. * @param string
  256. * @return mixed
  257. */
  258. function config_item($item)
  259. {
  260. static $_config;
  261. if (empty($_config))
  262. {
  263. // references cannot be directly assigned to static variables, so we use an array
  264. $_config[0] =& get_config();
  265. }
  266. return isset($_config[0][$item]) ? $_config[0][$item] : NULL;
  267. }
  268. }
  269. // ------------------------------------------------------------------------
  270. if ( ! function_exists('get_mimes'))
  271. {
  272. /**
  273. * Returns the MIME types array from config/mimes.php
  274. *
  275. * @return array
  276. */
  277. function &get_mimes()
  278. {
  279. static $_mimes;
  280. if (empty($_mimes))
  281. {
  282. if (file_exists(APPPATH.'config/'.ENVIRONMENT.'/mimes.php'))
  283. {
  284. $_mimes = include(APPPATH.'config/'.ENVIRONMENT.'/mimes.php');
  285. }
  286. elseif (file_exists(APPPATH.'config/mimes.php'))
  287. {
  288. $_mimes = include(APPPATH.'config/mimes.php');
  289. }
  290. else
  291. {
  292. $_mimes = array();
  293. }
  294. }
  295. return $_mimes;
  296. }
  297. }
  298. // ------------------------------------------------------------------------
  299. if ( ! function_exists('is_https'))
  300. {
  301. /**
  302. * Is HTTPS?
  303. *
  304. * Determines if the application is accessed via an encrypted
  305. * (HTTPS) connection.
  306. *
  307. * @return bool
  308. */
  309. function is_https()
  310. {
  311. if ( ! empty($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) !== 'off')
  312. {
  313. return TRUE;
  314. }
  315. elseif (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) === 'https')
  316. {
  317. return TRUE;
  318. }
  319. elseif ( ! empty($_SERVER['HTTP_FRONT_END_HTTPS']) && strtolower($_SERVER['HTTP_FRONT_END_HTTPS']) !== 'off')
  320. {
  321. return TRUE;
  322. }
  323. return FALSE;
  324. }
  325. }
  326. // ------------------------------------------------------------------------
  327. if ( ! function_exists('is_cli'))
  328. {
  329. /**
  330. * Is CLI?
  331. *
  332. * Test to see if a request was made from the command line.
  333. *
  334. * @return bool
  335. */
  336. function is_cli()
  337. {
  338. return (PHP_SAPI === 'cli' OR defined('STDIN'));
  339. }
  340. }
  341. // ------------------------------------------------------------------------
  342. if ( ! function_exists('show_error'))
  343. {
  344. /**
  345. * Error Handler
  346. *
  347. * This function lets us invoke the exception class and
  348. * display errors using the standard error template located
  349. * in application/views/errors/error_general.php
  350. * This function will send the error page directly to the
  351. * browser and exit.
  352. *
  353. * @param string
  354. * @param int
  355. * @param string
  356. * @return void
  357. */
  358. function show_error($message, $status_code = 500, $heading = 'An Error Was Encountered')
  359. {
  360. $status_code = abs($status_code);
  361. if ($status_code < 100)
  362. {
  363. $exit_status = $status_code + 9; // 9 is EXIT__AUTO_MIN
  364. if ($exit_status > 125) // 125 is EXIT__AUTO_MAX
  365. {
  366. $exit_status = 1; // EXIT_ERROR
  367. }
  368. $status_code = 500;
  369. }
  370. else
  371. {
  372. $exit_status = 1; // EXIT_ERROR
  373. }
  374. $_error =& load_class('Exceptions', 'core');
  375. echo $_error->show_error($heading, $message, 'error_general', $status_code);
  376. exit($exit_status);
  377. }
  378. }
  379. // ------------------------------------------------------------------------
  380. if ( ! function_exists('show_404'))
  381. {
  382. /**
  383. * 404 Page Handler
  384. *
  385. * This function is similar to the show_error() function above
  386. * However, instead of the standard error template it displays
  387. * 404 errors.
  388. *
  389. * @param string
  390. * @param bool
  391. * @return void
  392. */
  393. function show_404($page = '', $log_error = TRUE)
  394. {
  395. $_error =& load_class('Exceptions', 'core');
  396. $_error->show_404($page, $log_error);
  397. exit(4); // EXIT_UNKNOWN_FILE
  398. }
  399. }
  400. // ------------------------------------------------------------------------
  401. if ( ! function_exists('log_message'))
  402. {
  403. /**
  404. * Error Logging Interface
  405. *
  406. * We use this as a simple mechanism to access the logging
  407. * class and send messages to be logged.
  408. *
  409. * @param string the error level: 'error', 'debug' or 'info'
  410. * @param string the error message
  411. * @return void
  412. */
  413. function log_message($level, $message)
  414. {
  415. static $_log;
  416. if ($_log === NULL)
  417. {
  418. // references cannot be directly assigned to static variables, so we use an array
  419. $_log[0] =& load_class('Log', 'core');
  420. }
  421. $_log[0]->write_log($level, $message);
  422. }
  423. }
  424. // ------------------------------------------------------------------------
  425. if ( ! function_exists('set_status_header'))
  426. {
  427. /**
  428. * Set HTTP Status Header
  429. *
  430. * @param int the status code
  431. * @param string
  432. * @return void
  433. */
  434. function set_status_header($code = 200, $text = '')
  435. {
  436. if (is_cli())
  437. {
  438. return;
  439. }
  440. if (empty($code) OR ! is_numeric($code))
  441. {
  442. show_error('Status codes must be numeric', 500);
  443. }
  444. if (empty($text))
  445. {
  446. is_int($code) OR $code = (int) $code;
  447. $stati = array(
  448. 100 => 'Continue',
  449. 101 => 'Switching Protocols',
  450. 200 => 'OK',
  451. 201 => 'Created',
  452. 202 => 'Accepted',
  453. 203 => 'Non-Authoritative Information',
  454. 204 => 'No Content',
  455. 205 => 'Reset Content',
  456. 206 => 'Partial Content',
  457. 300 => 'Multiple Choices',
  458. 301 => 'Moved Permanently',
  459. 302 => 'Found',
  460. 303 => 'See Other',
  461. 304 => 'Not Modified',
  462. 305 => 'Use Proxy',
  463. 307 => 'Temporary Redirect',
  464. 400 => 'Bad Request',
  465. 401 => 'Unauthorized',
  466. 402 => 'Payment Required',
  467. 403 => 'Forbidden',
  468. 404 => 'Not Found',
  469. 405 => 'Method Not Allowed',
  470. 406 => 'Not Acceptable',
  471. 407 => 'Proxy Authentication Required',
  472. 408 => 'Request Timeout',
  473. 409 => 'Conflict',
  474. 410 => 'Gone',
  475. 411 => 'Length Required',
  476. 412 => 'Precondition Failed',
  477. 413 => 'Request Entity Too Large',
  478. 414 => 'Request-URI Too Long',
  479. 415 => 'Unsupported Media Type',
  480. 416 => 'Requested Range Not Satisfiable',
  481. 417 => 'Expectation Failed',
  482. 422 => 'Unprocessable Entity',
  483. 426 => 'Upgrade Required',
  484. 428 => 'Precondition Required',
  485. 429 => 'Too Many Requests',
  486. 431 => 'Request Header Fields Too Large',
  487. 500 => 'Internal Server Error',
  488. 501 => 'Not Implemented',
  489. 502 => 'Bad Gateway',
  490. 503 => 'Service Unavailable',
  491. 504 => 'Gateway Timeout',
  492. 505 => 'HTTP Version Not Supported',
  493. 511 => 'Network Authentication Required',
  494. );
  495. if (isset($stati[$code]))
  496. {
  497. $text = $stati[$code];
  498. }
  499. else
  500. {
  501. show_error('No status text available. Please check your status code number or supply your own message text.', 500);
  502. }
  503. }
  504. if (strpos(PHP_SAPI, 'cgi') === 0)
  505. {
  506. header('Status: '.$code.' '.$text, TRUE);
  507. }
  508. else
  509. {
  510. $server_protocol = isset($_SERVER['SERVER_PROTOCOL']) ? $_SERVER['SERVER_PROTOCOL'] : 'HTTP/1.1';
  511. header($server_protocol.' '.$code.' '.$text, TRUE, $code);
  512. }
  513. }
  514. }
  515. // --------------------------------------------------------------------
  516. if ( ! function_exists('_error_handler'))
  517. {
  518. /**
  519. * Error Handler
  520. *
  521. * This is the custom error handler that is declared at the (relative)
  522. * top of CodeIgniter.php. The main reason we use this is to permit
  523. * PHP errors to be logged in our own log files since the user may
  524. * not have access to server logs. Since this function effectively
  525. * intercepts PHP errors, however, we also need to display errors
  526. * based on the current error_reporting level.
  527. * We do that with the use of a PHP error template.
  528. *
  529. * @param int $severity
  530. * @param string $message
  531. * @param string $filepath
  532. * @param int $line
  533. * @return void
  534. */
  535. function _error_handler($severity, $message, $filepath, $line)
  536. {
  537. $is_error = (((E_ERROR | E_PARSE | E_COMPILE_ERROR | E_CORE_ERROR | E_USER_ERROR) & $severity) === $severity);
  538. // When an error occurred, set the status header to '500 Internal Server Error'
  539. // to indicate to the client something went wrong.
  540. // This can't be done within the $_error->show_php_error method because
  541. // it is only called when the display_errors flag is set (which isn't usually
  542. // the case in a production environment) or when errors are ignored because
  543. // they are above the error_reporting threshold.
  544. if ($is_error)
  545. {
  546. set_status_header(500);
  547. }
  548. // Should we ignore the error? We'll get the current error_reporting
  549. // level and add its bits with the severity bits to find out.
  550. if (($severity & error_reporting()) !== $severity)
  551. {
  552. return;
  553. }
  554. $_error =& load_class('Exceptions', 'core');
  555. $_error->log_exception($severity, $message, $filepath, $line);
  556. // Should we display the error?
  557. if (str_ireplace(array('off', 'none', 'no', 'false', 'null'), '', ini_get('display_errors')))
  558. {
  559. $_error->show_php_error($severity, $message, $filepath, $line);
  560. }
  561. // If the error is fatal, the execution of the script should be stopped because
  562. // errors can't be recovered from. Halting the script conforms with PHP's
  563. // default error handling. See http://www.php.net/manual/en/errorfunc.constants.php
  564. if ($is_error)
  565. {
  566. exit(1); // EXIT_ERROR
  567. }
  568. }
  569. }
  570. // ------------------------------------------------------------------------
  571. if ( ! function_exists('_exception_handler'))
  572. {
  573. /**
  574. * Exception Handler
  575. *
  576. * Sends uncaught exceptions to the logger and displays them
  577. * only if display_errors is On so that they don't show up in
  578. * production environments.
  579. *
  580. * @param Exception $exception
  581. * @return void
  582. */
  583. function _exception_handler($exception)
  584. {
  585. $_error =& load_class('Exceptions', 'core');
  586. $_error->log_exception('error', 'Exception: '.$exception->getMessage(), $exception->getFile(), $exception->getLine());
  587. is_cli() OR set_status_header(500);
  588. // Should we display the error?
  589. if (str_ireplace(array('off', 'none', 'no', 'false', 'null'), '', ini_get('display_errors')))
  590. {
  591. $_error->show_exception($exception);
  592. }
  593. exit(1); // EXIT_ERROR
  594. }
  595. }
  596. // ------------------------------------------------------------------------
  597. if ( ! function_exists('_shutdown_handler'))
  598. {
  599. /**
  600. * Shutdown Handler
  601. *
  602. * This is the shutdown handler that is declared at the top
  603. * of CodeIgniter.php. The main reason we use this is to simulate
  604. * a complete custom exception handler.
  605. *
  606. * E_STRICT is purposively neglected because such events may have
  607. * been caught. Duplication or none? None is preferred for now.
  608. *
  609. * @link http://insomanic.me.uk/post/229851073/php-trick-catching-fatal-errors-e-error-with-a
  610. * @return void
  611. */
  612. function _shutdown_handler()
  613. {
  614. $last_error = error_get_last();
  615. if (isset($last_error) &&
  616. ($last_error['type'] & (E_ERROR | E_PARSE | E_CORE_ERROR | E_CORE_WARNING | E_COMPILE_ERROR | E_COMPILE_WARNING)))
  617. {
  618. _error_handler($last_error['type'], $last_error['message'], $last_error['file'], $last_error['line']);
  619. }
  620. }
  621. }
  622. // --------------------------------------------------------------------
  623. if ( ! function_exists('remove_invisible_characters'))
  624. {
  625. /**
  626. * Remove Invisible Characters
  627. *
  628. * This prevents sandwiching null characters
  629. * between ascii characters, like Java\0script.
  630. *
  631. * @param string
  632. * @param bool
  633. * @return string
  634. */
  635. function remove_invisible_characters($str, $url_encoded = TRUE)
  636. {
  637. $non_displayables = array();
  638. // every control character except newline (dec 10),
  639. // carriage return (dec 13) and horizontal tab (dec 09)
  640. if ($url_encoded)
  641. {
  642. $non_displayables[] = '/%0[0-8bcef]/i'; // url encoded 00-08, 11, 12, 14, 15
  643. $non_displayables[] = '/%1[0-9a-f]/i'; // url encoded 16-31
  644. }
  645. $non_displayables[] = '/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F]+/S'; // 00-08, 11, 12, 14-31, 127
  646. do
  647. {
  648. $str = preg_replace($non_displayables, '', $str, -1, $count);
  649. }
  650. while ($count);
  651. return $str;
  652. }
  653. }
  654. // ------------------------------------------------------------------------
  655. if ( ! function_exists('html_escape'))
  656. {
  657. /**
  658. * Returns HTML escaped variable.
  659. *
  660. * @param mixed $var The input string or array of strings to be escaped.
  661. * @param bool $double_encode $double_encode set to FALSE prevents escaping twice.
  662. * @return mixed The escaped string or array of strings as a result.
  663. */
  664. function html_escape($var, $double_encode = TRUE)
  665. {
  666. if (empty($var))
  667. {
  668. return $var;
  669. }
  670. if (is_array($var))
  671. {
  672. foreach (array_keys($var) as $key)
  673. {
  674. $var[$key] = html_escape($var[$key], $double_encode);
  675. }
  676. return $var;
  677. }
  678. return htmlspecialchars($var, ENT_QUOTES, config_item('charset'), $double_encode);
  679. }
  680. }
  681. // ------------------------------------------------------------------------
  682. if ( ! function_exists('_stringify_attributes'))
  683. {
  684. /**
  685. * Stringify attributes for use in HTML tags.
  686. *
  687. * Helper function used to convert a string, array, or object
  688. * of attributes to a string.
  689. *
  690. * @param mixed string, array, object
  691. * @param bool
  692. * @return string
  693. */
  694. function _stringify_attributes($attributes, $js = FALSE)
  695. {
  696. $atts = NULL;
  697. if (empty($attributes))
  698. {
  699. return $atts;
  700. }
  701. if (is_string($attributes))
  702. {
  703. return ' '.$attributes;
  704. }
  705. $attributes = (array) $attributes;
  706. foreach ($attributes as $key => $val)
  707. {
  708. $atts .= ($js) ? $key.'='.$val.',' : ' '.$key.'="'.$val.'"';
  709. }
  710. return rtrim($atts, ',');
  711. }
  712. }
  713. // ------------------------------------------------------------------------
  714. if ( ! function_exists('function_usable'))
  715. {
  716. /**
  717. * Function usable
  718. *
  719. * Executes a function_exists() check, and if the Suhosin PHP
  720. * extension is loaded - checks whether the function that is
  721. * checked might be disabled in there as well.
  722. *
  723. * This is useful as function_exists() will return FALSE for
  724. * functions disabled via the *disable_functions* php.ini
  725. * setting, but not for *suhosin.executor.func.blacklist* and
  726. * *suhosin.executor.disable_eval*. These settings will just
  727. * terminate script execution if a disabled function is executed.
  728. *
  729. * The above described behavior turned out to be a bug in Suhosin,
  730. * but even though a fix was commited for 0.9.34 on 2012-02-12,
  731. * that version is yet to be released. This function will therefore
  732. * be just temporary, but would probably be kept for a few years.
  733. *
  734. * @link http://www.hardened-php.net/suhosin/
  735. * @param string $function_name Function to check for
  736. * @return bool TRUE if the function exists and is safe to call,
  737. * FALSE otherwise.
  738. */
  739. function function_usable($function_name)
  740. {
  741. static $_suhosin_func_blacklist;
  742. if (function_exists($function_name))
  743. {
  744. if ( ! isset($_suhosin_func_blacklist))
  745. {
  746. $_suhosin_func_blacklist = extension_loaded('suhosin')
  747. ? explode(',', trim(ini_get('suhosin.executor.func.blacklist')))
  748. : array();
  749. }
  750. return ! in_array($function_name, $_suhosin_func_blacklist, TRUE);
  751. }
  752. return FALSE;
  753. }
  754. }