Merge branch 'master' into skinnable-master

[nucleus-jp/nucleus-next.git] / nucleus / libs / globalfunctions.php

diff --git a/nucleus/libs/globalfunctions.php b/nucleus/libs/globalfunctions.php
index 6676a54..e104f67 100644 (file)
--- a/nucleus/libs/globalfunctions.php
+++ b/nucleus/libs/globalfunctions.php
@@ -13,7 +13,7 @@
 /**\r
  * @license http://nucleuscms.org/license.txt GNU General Public License\r
  * @copyright Copyright (C) 2002-2012 The Nucleus Group\r
- * @version $Id: globalfunctions.php 1697 2012-03-10 13:15:47Z sakamocchi $\r
+ * @version $Id: globalfunctions.php 1727 2012-04-07 02:54:22Z sakamocchi $\r
  */\r
 \r
 /* needed if we include globalfunctions from install.php */\r
@@ -26,7 +26,7 @@ $nucleus['codename'] = '';
 checkVars(array('nucleus', 'CONF', 'DIR_LIBS', 'MYSQL_HOST', 'MYSQL_USER', 'MYSQL_PASSWORD', 'MYSQL_DATABASE', '$DIR_LOCALES', 'DIR_PLUGINS', 'HTTP_GET_VARS', 'HTTP_POST_VARS', 'HTTP_COOKIE_VARS', 'HTTP_ENV_VARS', 'HTTP_SESSION_VARS', 'HTTP_POST_FILES', 'HTTP_SERVER_VARS', 'GLOBALS', 'argv', 'argc', '_GET', '_POST', '_COOKIE', '_ENV', '_SESSION', '_SERVER', '_FILES'));\r
 \r
 /* debug mode */\r
-if ( array_key_exists('debug', $CONF) && $CONF['debug'] )\r
+if ( isset($CONF) && array_key_exists('debug', $CONF) && $CONF['debug'] )\r
 {\r
        /* report all errors! */\r
        error_reporting(E_ALL);\r
@@ -420,7 +420,7 @@ if ( $CONF['URLMode'] == 'pathinfo' )
        if ( !$parsed )\r
        {\r
                /* default implementation */\r
-               $data = i18n::explode("/", $virtualpath );\r
+               $data = preg_split("#/#", $virtualpath );\r
                for ( $i = 0; $i < sizeof($data); $i++ )\r
                {\r
                        switch ( $data[$i] )\r
@@ -800,7 +800,7 @@ $manager->notify(
                        return array();\r
                }\r
                \r
-               $aHighlight = i18n::explode(' ', $query);\r
+               $aHighlight = preg_split('# #', $query);\r
                \r
                for ( $i = 0; $i < count($aHighlight); $i++ )\r
                {\r
@@ -1028,7 +1028,6 @@ function selector()
                {\r
                        $query = "SELECT inumber, ititle FROM %s WHERE itime>'%s' AND itime<='%s' AND idraft=0 AND iblog=%d AND icat=%d ORDER BY itime ASC LIMIT 1";\r
                        $query = sprintf($query, sql_table('item'), i18n::formatted_datetime('mysql', $timestamp), i18n::formatted_datetime('mysql', $b->getCorrectTime()), $blogid, $catid);\r
-                       \r
                }\r
                $res = sql_query($query);\r
                \r
@@ -1255,7 +1254,7 @@ function selector()
        \r
        $skin = new SKIN($skinid);\r
        \r
-       if ( !$skin->isValid )\r
+       if ( !$skin->isValid() )\r
        {\r
                doError(_ERROR_NOSUCHSKIN);\r
        }\r
@@ -1275,30 +1274,38 @@ function selector()
 /**\r
   * Show error skin with given message. An optional skin-object to use can be given\r
   */\r
-function doError($msg, $skin = '') {\r
-    global $errormessage, $CONF, $skinid, $blogid, $manager;\r
-\r
-    if ($skin == '') {\r
-\r
-        if (SKIN::existsID($skinid) ) {\r
-            $skin = new SKIN($skinid);\r
-        } elseif ($manager->existsBlogID($blogid) ) {\r
-            $blog =& $manager->getBlog($blogid);\r
-            $skin = new SKIN($blog->getDefaultSkin() );\r
-        } elseif ($CONF['DefaultBlog']) {\r
-            $blog =& $manager->getBlog($CONF['DefaultBlog']);\r
-            $skin = new SKIN($blog->getDefaultSkin() );\r
-        } else {\r
-            // this statement should actually never be executed\r
-            $skin = new SKIN($CONF['BaseSkin']);\r
-        }\r
-\r
-    }\r
-\r
-    $skinid = $skin->id;\r
-    $errormessage = $msg;\r
-    $skin->parse('error');\r
-    exit;\r
+function doError($msg, $skin = '')\r
+{\r
+       global $errormessage, $CONF, $skinid, $blogid, $manager;\r
+       \r
+       if ( $skin == '' )\r
+       {\r
+               if ( Skin::existsID($skinid) )\r
+               {\r
+                       $id = $skinid;\r
+               }\r
+               elseif ( $manager->existsBlogID($blogid) )\r
+               {\r
+                       $blog =& $manager->getBlog($blogid);\r
+                       $id = $blog->getDefaultSkin();\r
+               }\r
+               elseif ($CONF['DefaultBlog'] )\r
+               {\r
+                       $blog =& $manager->getBlog($CONF['DefaultBlog']);\r
+                       $id = $blog->getDefaultSkin();\r
+               }\r
+               else\r
+               {\r
+                       // this statement should actually never be executed\r
+                       $id = $CONF['BaseSkin'];\r
+               }\r
+               $skin = new Skin($id);\r
+       }\r
+       \r
+       $skinid = $skin->getID();\r
+       $errormessage = $msg;\r
+       $skin->parse('error');\r
+       exit;\r
 }\r
 \r
 function getConfig() {\r
@@ -1513,35 +1520,35 @@ function checkPlugin($plug) {
 }\r
 \r
 /**\r
- * @param $querystr\r
- *             querystring to alter (e.g. foo=1&bar=2&x=y)\r
- * @param $param\r
- *             name of parameter to change (e.g. 'foo')\r
- * @param $value\r
- *             New value for that parameter (e.g. 3)\r
- * @result\r
- *             altered query string (for the examples above: foo=3&bar=2&x=y)\r
+ * alterQueryStr()\r
+ * \r
+ * @param      string  $querystr       querystring to alter (e.g. foo=1&bar=2&x=y)\r
+ * @param      string  $param  name of parameter to change (e.g. 'foo')\r
+ * @param      string  $value  New value for that parameter (e.g. 3)\r
+ * @result     string  altered query string (for the examples above: foo=3&bar=2&x=y)\r
  */\r
-function alterQueryStr($querystr, $param, $value) {\r
-    $vars = i18n::explode('&', $querystr);\r
-    $set  = false;\r
-\r
-    for ($i = 0; $i < count($vars); $i++) {\r
-        $v = i18n::explode('=', $vars[$i]);\r
-\r
-        if ($v[0] == $param) {\r
-            $v[1] = $value;\r
-            $vars[$i] = implode('=', $v);\r
-            $set = true;\r
-            break;\r
-        }\r
-    }\r
-\r
-    if (!$set) {\r
-        $vars[] = $param . '=' . $value;\r
-    }\r
-\r
-    return ltrim(implode('&', $vars), '&');\r
+function alterQueryStr($querystr, $param, $value)\r
+{\r
+       $vars = preg_split('#&#', $querystr);\r
+       $set = FALSE;\r
+       \r
+       for ( $i = 0; $i < count($vars); $i++ )\r
+       {\r
+               $v = preg_split('#=#', $vars[$i]);\r
+               \r
+               if ( $v[0] == $param )\r
+               {\r
+                       $v[1] = $value;\r
+                       $vars[$i] = implode('=', $v);\r
+                       $set = true;\r
+                       break;\r
+               }\r
+       }\r
+       if ( !$set )\r
+       {\r
+               $vars[] = "{$param}={$value}";\r
+       }\r
+       return ltrim(implode('&', $vars), '&');\r
 }\r
 \r
 // passes one variable as hidden input field (multiple fields for arrays)\r
@@ -1644,6 +1651,8 @@ function sanitizeParams()
 }\r
 \r
 /**\r
+ * ticketForPlugin()\r
+ * \r
  * Check ticket when not checked in plugin's admin page\r
  * to avoid CSRF.\r
  * Also avoid the access to plugin/index.php by guest user.\r
@@ -1773,7 +1782,7 @@ function ticketForPlugin()
                // Resolve URI and QUERY_STRING\r
                if ($uri = serverVar('REQUEST_URI') )\r
                {\r
-                       list($uri, $qstring) = i18n::explode('?', $uri);\r
+                       list($uri, $qstring) = preg_split('#\?#', $uri);\r
                }\r
                else\r
                {\r
@@ -1817,7 +1826,8 @@ function ticketForPlugin()
        \r
        /* Create new ticket */\r
        $ticket=$manager->addTicketToUrl('');\r
-       $ticketforplugin['ticket']=i18n::substr($ticket,i18n::strpos($ticket,'ticket=')+7);\r
+       $ticketforplugin['ticket'] = preg_split($ticket, i18n::strpos($ticket, 'ticket=') + 7);\r
+       return;\r
 }\r
 \r
 function _addInputTags(&$keys,$prefix=''){\r
@@ -1834,31 +1844,40 @@ function _addInputTags(&$keys,$prefix=''){
 }\r
 \r
 /**\r
+ * serverStringToArray()\r
  * Convert the server string such as $_SERVER['REQUEST_URI']\r
  * to arry like arry['blogid']=1 and array['page']=2 etc.\r
+ * \r
+ * @param      string  $str            string\r
+ * @param      string  $array          \r
+ * @param      string  $frontParam     \r
  */\r
 function serverStringToArray($str, &$array, &$frontParam)\r
 {\r
-    // init param\r
-    $array = array();\r
-    $frontParam = "";\r
-\r
-    // split front param, e.g. /index.php, and others, e.g. blogid=1&page=2\r
-    if (strstr($str, "?")){\r
-        list($frontParam, $args) = preg_split("/\?/", $str, 2);\r
-    }\r
-    else {\r
-        $args = $str;\r
-        $frontParam = "";\r
-    }\r
-\r
-    // If there is no args like blogid=1&page=2, return\r
-    if (!strstr($str, "=") && !i18n::strlen($frontParam)) {\r
-        $frontParam = $str;\r
-        return;\r
-    }\r
-\r
-    $array = i18n::explode("&", $args);\r
+       // init param\r
+       $array = array();\r
+       $frontParam = "";\r
+       \r
+       // split front param, e.g. /index.php, and others, e.g. blogid=1&page=2\r
+       if ( i18n::strpos($str, "?") > 0 )\r
+       {\r
+               list($frontParam, $args) = preg_split("#\?#", $str, 2);\r
+       }\r
+       else\r
+       {\r
+               $args = $str;\r
+               $frontParam = "";\r
+       }\r
+       \r
+       // If there is no args like blogid=1&page=2, return\r
+       if ( i18n::strpos($str, "=") == FALSE && !i18n::strlen($frontParam) )\r
+       {\r
+               $frontParam = $str;\r
+               return;\r
+       }\r
+       \r
+       $array = preg_split("#&#", $args);\r
+       return;\r
 }\r
 \r
 /**\r
@@ -1878,54 +1897,62 @@ function arrayToServerString($array, $frontParam, &$str)
 }\r
 \r
 /**\r
+ * sanitizeArray()\r
  * Sanitize array parameters.\r
  * This function checks both key and value.\r
  * - check key if it inclues " (double quote),  remove from array\r
  * - check value if it includes \ (escape sequece), remove remaining string\r
+ * \r
+ * @param      array   &$array \r
+ * @return     void\r
  */\r
 function sanitizeArray(&$array)\r
 {\r
-    $excludeListForSanitization = array('query');\r
-//     $excludeListForSanitization = array();\r
-\r
-    foreach ($array as $k => $v) {\r
-\r
-        // split to key and value\r
-        list($key, $val) = preg_split("/=/", $v, 2);\r
-        if (!isset($val)) {\r
-            continue;\r
-        }\r
-\r
-        // when magic quotes is on, need to use stripslashes,\r
-        // and then addslashes\r
-        if (get_magic_quotes_gpc()) {\r
-            $val = stripslashes($val);\r
-        }\r
+       $excludeListForSanitization = array('query');\r
+       \r
+       foreach ( $array as $k => $v )\r
+       {\r
+               // split to key and value\r
+               list($key, $val) = preg_split("#=#", $v, 2);\r
+               if ( !isset($val) )\r
+               {\r
+                       continue;\r
+               }\r
+               \r
+               // when magic quotes is on, need to use stripslashes,\r
+               // and then addslashes\r
+               if ( get_magic_quotes_gpc() )\r
+               {\r
+                       $val = stripslashes($val);\r
+               }\r
                // note that we must use addslashes here because this function is called before the db connection is made\r
                // and sql_real_escape_string needs a db connection\r
-        $val = addslashes($val);\r
-\r
-        // if $key is included in exclude list, skip this param\r
-        if (!in_array($key, $excludeListForSanitization)) {\r
-\r
-            // check value\r
-            if (i18n::strpos($val, '\\')) {\r
-                list($val, $tmp) = i18n::explode('\\', $val);\r
-            }\r
-\r
-            // remove control code etc.\r
-            $val = strtr($val, "\0\r\n<>'\"", "       ");\r
-\r
-            // check key\r
-            if (preg_match('/\"/i', $key)) {\r
-                unset($array[$k]);\r
-                continue;\r
-            }\r
-\r
-            // set sanitized info\r
-            $array[$k] = sprintf("%s=%s", $key, $val);\r
-        }\r
-    }\r
+               $val = addslashes($val);\r
+               \r
+               // if $key is included in exclude list, skip this param\r
+               if ( !in_array($key, $excludeListForSanitization) )\r
+               {\r
+                       // check value\r
+                       if ( i18n::strpos($val, '\\') )\r
+                       {\r
+                               list($val, $tmp) = preg_split('#\\\\#', $val);\r
+                       }\r
+                       \r
+                       // remove control code etc.\r
+                       $val = strtr($val, "\0\r\n<>'\"", "       ");\r
+                       \r
+                       // check key\r
+                       if ( preg_match('#\"#', $key) )\r
+                       {\r
+                               unset($array[$k]);\r
+                               continue;\r
+                       }\r
+                       \r
+                       // set sanitized info\r
+                       $array[$k] = sprintf("%s=%s", $key, $val);\r
+               }\r
+       }\r
+       return;\r
 }\r
 \r
 /**\r
@@ -2115,7 +2142,7 @@ function formatDate($format, $timestamp, $default_format, &$blog)
 function mysqldate($timestamp)\r
 {\r
        return '"' . i18n::formatted_datetime('mysql', $timestamp) . '"';\r
-}\r
+ }\r
 /**\r
  * Centralisation of the functions that generate links\r
  * Deprecated since 4.0:\r