4 * Function library for anything related to formatting / validating / sanitizing
\r
7 // function to convert an integer (1337) to a string (3jk).
\r
8 function yourls_int2string( $num, $chars = null ) {
\r
10 $chars = yourls_get_shorturl_charset();
\r
12 $len = strlen( $chars );
\r
13 while( $num >= $len ) {
\r
14 $mod = bcmod( $num, $len );
\r
15 $num = bcdiv( $num, $len );
\r
16 $string = $chars[ $mod ] . $string;
\r
18 $string = $chars[ $num ] . $string;
\r
20 return yourls_apply_filter( 'int2string', $string, $num, $chars );
\r
23 // function to convert a string (3jk) to an integer (1337)
\r
24 function yourls_string2int( $string, $chars = null ) {
\r
25 if( $chars == null )
\r
26 $chars = yourls_get_shorturl_charset();
\r
28 $string = strrev( $string );
\r
29 $baselen = strlen( $chars );
\r
30 $inputlen = strlen( $string );
\r
31 for ($i = 0; $i < $inputlen; $i++) {
\r
32 $index = strpos( $chars, $string[$i] );
\r
33 $integer = bcadd( $integer, bcmul( $index, bcpow( $baselen, $i ) ) );
\r
36 return yourls_apply_filter( 'string2int', $integer, $string, $chars );
\r
39 // return a unique(ish) hash for a string to be used as a valid HTML id
\r
40 function yourls_string2htmlid( $string ) {
\r
41 return yourls_apply_filter( 'string2htmlid', 'y'.abs( crc32( $string ) ) );
\r
44 // Make sure a link keyword (ie "1fv" as in "site.com/1fv") is valid.
\r
45 function yourls_sanitize_string( $string ) {
\r
46 // make a regexp pattern with the shorturl charset, and remove everything but this
\r
47 $pattern = yourls_make_regexp_pattern( yourls_get_shorturl_charset() );
\r
48 $valid = substr( preg_replace( '![^'.$pattern.']!', '', $string ), 0, 199 );
\r
50 return yourls_apply_filter( 'sanitize_string', $valid, $string );
\r
53 // Alias function. I was always getting it wrong.
\r
54 function yourls_sanitize_keyword( $keyword ) {
\r
55 return yourls_sanitize_string( $keyword );
\r
58 // Sanitize a page title. No HTML per W3C http://www.w3.org/TR/html401/struct/global.html#h-7.4.2
\r
59 function yourls_sanitize_title( $title ) {
\r
60 // TODO: make stronger Implement KSES?
\r
61 $title = strip_tags( $title );
\r
62 // Remove extra white space
\r
63 $title = preg_replace( "/\s+/", ' ', trim( $title ) );
\r
67 // A few sanity checks on the URL
\r
68 function yourls_sanitize_url( $unsafe_url, $force_protocol = true, $force_lowercase = true ) {
\r
69 // make sure there's only one 'http://' at the beginning (prevents pasting a URL right after the default 'http://')
\r
70 $url = str_replace(
\r
71 array( 'http://http://', 'http://https://' ),
\r
72 array( 'http://', 'https://' ),
\r
76 if( $force_protocol ) {
\r
77 // make sure there's a protocol, add http:// if not
\r
78 if ( !preg_match('!^([a-zA-Z]+://)!', $url ) )
\r
79 $url = 'http://'.$url;
\r
82 if( $force_lowercase ) {
\r
83 // force scheme and domain to lowercase - see issue 591
\r
84 preg_match( '!^([a-zA-Z]+://([^/]+))(.*)$!', $url, $matches );
\r
85 if( isset( $matches[1] ) && isset( $matches[3] ) )
\r
86 $url = strtolower( $matches[1] ) . $matches[3];
\r
90 $url = yourls_clean_url( $url );
\r
91 $url = substr( $url, 0, 1999 );
\r
93 return yourls_apply_filter( 'sanitize_url', $url, $unsafe_url, $force_protocol, $force_lowercase );
\r
96 // Function to filter all invalid characters from a URL. Stolen from WP's clean_url()
\r
97 function yourls_clean_url( $url ) {
\r
98 $url = preg_replace( '|[^a-z0-9-~+_.?\[\]\^#=!&;,/:%@$\|*`\'<>"()\\x80-\\xff\{\}]|i', '', $url );
\r
99 $strip = array( '%0d', '%0a', '%0D', '%0A' );
\r
100 $url = yourls_deep_replace( $strip, $url );
\r
101 $url = str_replace( ';//', '://', $url );
\r
102 $url = str_replace( '&', '&', $url ); // Revert & not to break query strings
\r
107 // Perform a replacement while a string is found, eg $subject = '%0%0%0DDD', $search ='%0D' -> $result =''
\r
108 // Stolen from WP's _deep_replace
\r
109 function yourls_deep_replace( $search, $subject ){
\r
113 foreach( (array) $search as $val ) {
\r
114 while( strpos( $subject, $val ) !== false ) {
\r
116 $subject = str_replace( $val, '', $subject );
\r
124 // Make sure an integer is a valid integer (PHP's intval() limits to too small numbers)
\r
125 // TODO FIXME FFS: unused ?
\r
126 function yourls_sanitize_int( $in ) {
\r
127 return ( substr( preg_replace( '/[^0-9]/', '', strval( $in ) ), 0, 20 ) );
\r
130 // Make sure a integer is safe
\r
131 // Note: this is not checking for integers, since integers on 32bits system are way too limited
\r
132 // TODO: find a way to validate as integer
\r
133 function yourls_intval( $in ) {
\r
134 return yourls_escape( $in );
\r
138 function yourls_escape( $in ) {
\r
139 return mysql_real_escape_string( $in );
\r
142 // Sanitize an IP address
\r
143 function yourls_sanitize_ip( $ip ) {
\r
144 return preg_replace( '/[^0-9a-fA-F:., ]/', '', $ip );
\r
147 // Make sure a date is m(m)/d(d)/yyyy, return false otherwise
\r
148 function yourls_sanitize_date( $date ) {
\r
149 if( !preg_match( '!^\d{1,2}/\d{1,2}/\d{4}$!' , $date ) ) {
\r
155 // Sanitize a date for SQL search. Return false if malformed input.
\r
156 function yourls_sanitize_date_for_sql( $date ) {
\r
157 if( !yourls_sanitize_date( $date ) )
\r
159 return date( 'Y-m-d', strtotime( $date ) );
\r
162 // Return word or words if more than one
\r
163 function yourls_plural( $word, $count=1 ) {
\r
164 return $word . ($count > 1 ? 's' : '');
\r
167 // Return trimmed string
\r
168 function yourls_trim_long_string( $string, $length = 60, $append = '[...]' ) {
\r
169 $newstring = $string;
\r
170 if( function_exists( 'mb_substr' ) ) {
\r
171 if ( mb_strlen( $newstring ) > $length ) {
\r
172 $newstring = mb_substr( $newstring, 0, $length - mb_strlen( $append ), 'UTF-8' ) . $append;
\r
175 if ( strlen( $newstring ) > $length ) {
\r
176 $newstring = substr( $newstring, 0, $length - strlen( $append ) ) . $append;
\r
179 return yourls_apply_filter( 'trim_long_string', $newstring, $string, $length, $append );
\r
182 // Sanitize a version number (1.4.1-whatever -> 1.4.1)
\r
183 function yourls_sanitize_version( $ver ) {
\r
184 return preg_replace( '/[^0-9.]/', '', $ver );
\r
187 // Sanitize a filename (no Win32 stuff)
\r
188 function yourls_sanitize_filename( $file ) {
\r
189 $file = str_replace( '\\', '/', $file ); // sanitize for Win32 installs
\r
190 $file = preg_replace( '|/+|' ,'/', $file ); // remove any duplicate slash
\r
194 // Check if a string seems to be UTF-8. Stolen from WP.
\r
195 function yourls_seems_utf8( $str ) {
\r
196 $length = strlen( $str );
\r
197 for ( $i=0; $i < $length; $i++ ) {
\r
198 $c = ord( $str[ $i ] );
\r
199 if ( $c < 0x80 ) $n = 0; # 0bbbbbbb
\r
200 elseif (($c & 0xE0) == 0xC0) $n=1; # 110bbbbb
\r
201 elseif (($c & 0xF0) == 0xE0) $n=2; # 1110bbbb
\r
202 elseif (($c & 0xF8) == 0xF0) $n=3; # 11110bbb
\r
203 elseif (($c & 0xFC) == 0xF8) $n=4; # 111110bb
\r
204 elseif (($c & 0xFE) == 0xFC) $n=5; # 1111110b
\r
205 else return false; # Does not match any model
\r
206 for ($j=0; $j<$n; $j++) { # n bytes matching 10bbbbbb follow ?
\r
207 if ((++$i == $length) || ((ord($str[$i]) & 0xC0) != 0x80))
\r