/**\r
* @license http://nucleuscms.org/license.txt GNU General Public License\r
* @copyright Copyright (C) 2002-2012 The Nucleus Group\r
- * @version $Id: globalfunctions.php 1697 2012-03-10 13:15:47Z sakamocchi $\r
+ * @version $Id: globalfunctions.php 1727 2012-04-07 02:54:22Z sakamocchi $\r
*/\r
\r
/* needed if we include globalfunctions from install.php */\r
checkVars(array('nucleus', 'CONF', 'DIR_LIBS', 'MYSQL_HOST', 'MYSQL_USER', 'MYSQL_PASSWORD', 'MYSQL_DATABASE', '$DIR_LOCALES', 'DIR_PLUGINS', 'HTTP_GET_VARS', 'HTTP_POST_VARS', 'HTTP_COOKIE_VARS', 'HTTP_ENV_VARS', 'HTTP_SESSION_VARS', 'HTTP_POST_FILES', 'HTTP_SERVER_VARS', 'GLOBALS', 'argv', 'argc', '_GET', '_POST', '_COOKIE', '_ENV', '_SESSION', '_SERVER', '_FILES'));\r
\r
/* debug mode */\r
-if ( array_key_exists('debug', $CONF) && $CONF['debug'] )\r
+if ( isset($CONF) && array_key_exists('debug', $CONF) && $CONF['debug'] )\r
{\r
/* report all errors! */\r
error_reporting(E_ALL);\r
if ( !$parsed )\r
{\r
/* default implementation */\r
- $data = i18n::explode("/", $virtualpath );\r
+ $data = preg_split("#/#", $virtualpath );\r
for ( $i = 0; $i < sizeof($data); $i++ )\r
{\r
switch ( $data[$i] )\r
return array();\r
}\r
\r
- $aHighlight = i18n::explode(' ', $query);\r
+ $aHighlight = preg_split('# #', $query);\r
\r
for ( $i = 0; $i < count($aHighlight); $i++ )\r
{\r
{\r
$query = "SELECT inumber, ititle FROM %s WHERE itime>'%s' AND itime<='%s' AND idraft=0 AND iblog=%d AND icat=%d ORDER BY itime ASC LIMIT 1";\r
$query = sprintf($query, sql_table('item'), i18n::formatted_datetime('mysql', $timestamp), i18n::formatted_datetime('mysql', $b->getCorrectTime()), $blogid, $catid);\r
- \r
}\r
$res = sql_query($query);\r
\r
\r
$skin = new SKIN($skinid);\r
\r
- if ( !$skin->isValid )\r
+ if ( !$skin->isValid() )\r
{\r
doError(_ERROR_NOSUCHSKIN);\r
}\r
/**\r
* Show error skin with given message. An optional skin-object to use can be given\r
*/\r
-function doError($msg, $skin = '') {\r
- global $errormessage, $CONF, $skinid, $blogid, $manager;\r
-\r
- if ($skin == '') {\r
-\r
- if (SKIN::existsID($skinid) ) {\r
- $skin = new SKIN($skinid);\r
- } elseif ($manager->existsBlogID($blogid) ) {\r
- $blog =& $manager->getBlog($blogid);\r
- $skin = new SKIN($blog->getDefaultSkin() );\r
- } elseif ($CONF['DefaultBlog']) {\r
- $blog =& $manager->getBlog($CONF['DefaultBlog']);\r
- $skin = new SKIN($blog->getDefaultSkin() );\r
- } else {\r
- // this statement should actually never be executed\r
- $skin = new SKIN($CONF['BaseSkin']);\r
- }\r
-\r
- }\r
-\r
- $skinid = $skin->id;\r
- $errormessage = $msg;\r
- $skin->parse('error');\r
- exit;\r
+function doError($msg, $skin = '')\r
+{\r
+ global $errormessage, $CONF, $skinid, $blogid, $manager;\r
+ \r
+ if ( $skin == '' )\r
+ {\r
+ if ( Skin::existsID($skinid) )\r
+ {\r
+ $id = $skinid;\r
+ }\r
+ elseif ( $manager->existsBlogID($blogid) )\r
+ {\r
+ $blog =& $manager->getBlog($blogid);\r
+ $id = $blog->getDefaultSkin();\r
+ }\r
+ elseif ($CONF['DefaultBlog'] )\r
+ {\r
+ $blog =& $manager->getBlog($CONF['DefaultBlog']);\r
+ $id = $blog->getDefaultSkin();\r
+ }\r
+ else\r
+ {\r
+ // this statement should actually never be executed\r
+ $id = $CONF['BaseSkin'];\r
+ }\r
+ $skin = new Skin($id);\r
+ }\r
+ \r
+ $skinid = $skin->getID();\r
+ $errormessage = $msg;\r
+ $skin->parse('error');\r
+ exit;\r
}\r
\r
function getConfig() {\r
}\r
\r
/**\r
- * @param $querystr\r
- * querystring to alter (e.g. foo=1&bar=2&x=y)\r
- * @param $param\r
- * name of parameter to change (e.g. 'foo')\r
- * @param $value\r
- * New value for that parameter (e.g. 3)\r
- * @result\r
- * altered query string (for the examples above: foo=3&bar=2&x=y)\r
+ * alterQueryStr()\r
+ * \r
+ * @param string $querystr querystring to alter (e.g. foo=1&bar=2&x=y)\r
+ * @param string $param name of parameter to change (e.g. 'foo')\r
+ * @param string $value New value for that parameter (e.g. 3)\r
+ * @result string altered query string (for the examples above: foo=3&bar=2&x=y)\r
*/\r
-function alterQueryStr($querystr, $param, $value) {\r
- $vars = i18n::explode('&', $querystr);\r
- $set = false;\r
-\r
- for ($i = 0; $i < count($vars); $i++) {\r
- $v = i18n::explode('=', $vars[$i]);\r
-\r
- if ($v[0] == $param) {\r
- $v[1] = $value;\r
- $vars[$i] = implode('=', $v);\r
- $set = true;\r
- break;\r
- }\r
- }\r
-\r
- if (!$set) {\r
- $vars[] = $param . '=' . $value;\r
- }\r
-\r
- return ltrim(implode('&', $vars), '&');\r
+function alterQueryStr($querystr, $param, $value)\r
+{\r
+ $vars = preg_split('#&#', $querystr);\r
+ $set = FALSE;\r
+ \r
+ for ( $i = 0; $i < count($vars); $i++ )\r
+ {\r
+ $v = preg_split('#=#', $vars[$i]);\r
+ \r
+ if ( $v[0] == $param )\r
+ {\r
+ $v[1] = $value;\r
+ $vars[$i] = implode('=', $v);\r
+ $set = true;\r
+ break;\r
+ }\r
+ }\r
+ if ( !$set )\r
+ {\r
+ $vars[] = "{$param}={$value}";\r
+ }\r
+ return ltrim(implode('&', $vars), '&');\r
}\r
\r
// passes one variable as hidden input field (multiple fields for arrays)\r
}\r
\r
/**\r
+ * ticketForPlugin()\r
+ * \r
* Check ticket when not checked in plugin's admin page\r
* to avoid CSRF.\r
* Also avoid the access to plugin/index.php by guest user.\r
// Resolve URI and QUERY_STRING\r
if ($uri = serverVar('REQUEST_URI') )\r
{\r
- list($uri, $qstring) = i18n::explode('?', $uri);\r
+ list($uri, $qstring) = preg_split('#\?#', $uri);\r
}\r
else\r
{\r
\r
/* Create new ticket */\r
$ticket=$manager->addTicketToUrl('');\r
- $ticketforplugin['ticket']=i18n::substr($ticket,i18n::strpos($ticket,'ticket=')+7);\r
+ $ticketforplugin['ticket'] = preg_split($ticket, i18n::strpos($ticket, 'ticket=') + 7);\r
+ return;\r
}\r
\r
function _addInputTags(&$keys,$prefix=''){\r
}\r
\r
/**\r
+ * serverStringToArray()\r
* Convert the server string such as $_SERVER['REQUEST_URI']\r
* to arry like arry['blogid']=1 and array['page']=2 etc.\r
+ * \r
+ * @param string $str string\r
+ * @param string $array \r
+ * @param string $frontParam \r
*/\r
function serverStringToArray($str, &$array, &$frontParam)\r
{\r
- // init param\r
- $array = array();\r
- $frontParam = "";\r
-\r
- // split front param, e.g. /index.php, and others, e.g. blogid=1&page=2\r
- if (strstr($str, "?")){\r
- list($frontParam, $args) = preg_split("/\?/", $str, 2);\r
- }\r
- else {\r
- $args = $str;\r
- $frontParam = "";\r
- }\r
-\r
- // If there is no args like blogid=1&page=2, return\r
- if (!strstr($str, "=") && !i18n::strlen($frontParam)) {\r
- $frontParam = $str;\r
- return;\r
- }\r
-\r
- $array = i18n::explode("&", $args);\r
+ // init param\r
+ $array = array();\r
+ $frontParam = "";\r
+ \r
+ // split front param, e.g. /index.php, and others, e.g. blogid=1&page=2\r
+ if ( i18n::strpos($str, "?") > 0 )\r
+ {\r
+ list($frontParam, $args) = preg_split("#\?#", $str, 2);\r
+ }\r
+ else\r
+ {\r
+ $args = $str;\r
+ $frontParam = "";\r
+ }\r
+ \r
+ // If there is no args like blogid=1&page=2, return\r
+ if ( i18n::strpos($str, "=") == FALSE && !i18n::strlen($frontParam) )\r
+ {\r
+ $frontParam = $str;\r
+ return;\r
+ }\r
+ \r
+ $array = preg_split("#&#", $args);\r
+ return;\r
}\r
\r
/**\r
}\r
\r
/**\r
+ * sanitizeArray()\r
* Sanitize array parameters.\r
* This function checks both key and value.\r
* - check key if it inclues " (double quote), remove from array\r
* - check value if it includes \ (escape sequece), remove remaining string\r
+ * \r
+ * @param array &$array \r
+ * @return void\r
*/\r
function sanitizeArray(&$array)\r
{\r
- $excludeListForSanitization = array('query');\r
-// $excludeListForSanitization = array();\r
-\r
- foreach ($array as $k => $v) {\r
-\r
- // split to key and value\r
- list($key, $val) = preg_split("/=/", $v, 2);\r
- if (!isset($val)) {\r
- continue;\r
- }\r
-\r
- // when magic quotes is on, need to use stripslashes,\r
- // and then addslashes\r
- if (get_magic_quotes_gpc()) {\r
- $val = stripslashes($val);\r
- }\r
+ $excludeListForSanitization = array('query');\r
+ \r
+ foreach ( $array as $k => $v )\r
+ {\r
+ // split to key and value\r
+ list($key, $val) = preg_split("#=#", $v, 2);\r
+ if ( !isset($val) )\r
+ {\r
+ continue;\r
+ }\r
+ \r
+ // when magic quotes is on, need to use stripslashes,\r
+ // and then addslashes\r
+ if ( get_magic_quotes_gpc() )\r
+ {\r
+ $val = stripslashes($val);\r
+ }\r
// note that we must use addslashes here because this function is called before the db connection is made\r
// and sql_real_escape_string needs a db connection\r
- $val = addslashes($val);\r
-\r
- // if $key is included in exclude list, skip this param\r
- if (!in_array($key, $excludeListForSanitization)) {\r
-\r
- // check value\r
- if (i18n::strpos($val, '\\')) {\r
- list($val, $tmp) = i18n::explode('\\', $val);\r
- }\r
-\r
- // remove control code etc.\r
- $val = strtr($val, "\0\r\n<>'\"", " ");\r
-\r
- // check key\r
- if (preg_match('/\"/i', $key)) {\r
- unset($array[$k]);\r
- continue;\r
- }\r
-\r
- // set sanitized info\r
- $array[$k] = sprintf("%s=%s", $key, $val);\r
- }\r
- }\r
+ $val = addslashes($val);\r
+ \r
+ // if $key is included in exclude list, skip this param\r
+ if ( !in_array($key, $excludeListForSanitization) )\r
+ {\r
+ // check value\r
+ if ( i18n::strpos($val, '\\') )\r
+ {\r
+ list($val, $tmp) = preg_split('#\\\\#', $val);\r
+ }\r
+ \r
+ // remove control code etc.\r
+ $val = strtr($val, "\0\r\n<>'\"", " ");\r
+ \r
+ // check key\r
+ if ( preg_match('#\"#', $key) )\r
+ {\r
+ unset($array[$k]);\r
+ continue;\r
+ }\r
+ \r
+ // set sanitized info\r
+ $array[$k] = sprintf("%s=%s", $key, $val);\r
+ }\r
+ }\r
+ return;\r
}\r
\r
/**\r
function mysqldate($timestamp)\r
{\r
return '"' . i18n::formatted_datetime('mysql', $timestamp) . '"';\r
-}\r
+ }\r
/**\r
* Centralisation of the functions that generate links\r
* Deprecated since 4.0:\r