Common.php 21 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849
  1. <?php
  2. /**
  3. * CodeIgniter
  4. *
  5. * An open source application development framework for PHP
  6. *
  7. * This content is released under the MIT License (MIT)
  8. *
  9. * Copyright (c) 2014 - 2019, British Columbia Institute of Technology
  10. *
  11. * Permission is hereby granted, free of charge, to any person obtaining a copy
  12. * of this software and associated documentation files (the "Software"), to deal
  13. * in the Software without restriction, including without limitation the rights
  14. * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
  15. * copies of the Software, and to permit persons to whom the Software is
  16. * furnished to do so, subject to the following conditions:
  17. *
  18. * The above copyright notice and this permission notice shall be included in
  19. * all copies or substantial portions of the Software.
  20. *
  21. * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
  22. * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  23. * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
  24. * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
  25. * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
  26. * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
  27. * THE SOFTWARE.
  28. *
  29. * @package CodeIgniter
  30. * @author EllisLab Dev Team
  31. * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/)
  32. * @copyright Copyright (c) 2014 - 2019, British Columbia Institute of Technology (https://bcit.ca/)
  33. * @license https://opensource.org/licenses/MIT MIT License
  34. * @link https://codeigniter.com
  35. * @since Version 1.0.0
  36. * @filesource
  37. */
  38. defined('BASEPATH') OR exit('No direct script access allowed');
  39. /**
  40. * Common Functions
  41. *
  42. * Loads the base classes and executes the request.
  43. *
  44. * @package CodeIgniter
  45. * @subpackage CodeIgniter
  46. * @category Common Functions
  47. * @author EllisLab Dev Team
  48. * @link https://codeigniter.com/user_guide/
  49. */
  50. // ------------------------------------------------------------------------
  51. if ( ! function_exists('is_php'))
  52. {
  53. /**
  54. * Determines if the current version of PHP is equal to or greater than the supplied value
  55. *
  56. * @param string
  57. * @return bool TRUE if the current version is $version or higher
  58. */
  59. function is_php($version)
  60. {
  61. static $_is_php;
  62. $version = (string) $version;
  63. if ( ! isset($_is_php[$version]))
  64. {
  65. $_is_php[$version] = version_compare(PHP_VERSION, $version, '>=');
  66. }
  67. return $_is_php[$version];
  68. }
  69. }
  70. // ------------------------------------------------------------------------
  71. if ( ! function_exists('is_really_writable'))
  72. {
  73. /**
  74. * Tests for file writability
  75. *
  76. * is_writable() returns TRUE on Windows servers when you really can't write to
  77. * the file, based on the read-only attribute. is_writable() is also unreliable
  78. * on Unix servers if safe_mode is on.
  79. *
  80. * @link https://bugs.php.net/bug.php?id=54709
  81. * @param string
  82. * @return bool
  83. */
  84. function is_really_writable($file)
  85. {
  86. // If we're on a Unix server with safe_mode off we call is_writable
  87. if (DIRECTORY_SEPARATOR === '/' && (is_php('5.4') OR ! ini_get('safe_mode')))
  88. {
  89. return is_writable($file);
  90. }
  91. /* For Windows servers and safe_mode "on" installations we'll actually
  92. * write a file then read it. Bah...
  93. */
  94. if (is_dir($file))
  95. {
  96. $file = rtrim($file, '/').'/'.md5(mt_rand());
  97. if (($fp = @fopen($file, 'ab')) === FALSE)
  98. {
  99. return FALSE;
  100. }
  101. fclose($fp);
  102. @chmod($file, 0777);
  103. @unlink($file);
  104. return TRUE;
  105. }
  106. elseif ( ! is_file($file) OR ($fp = @fopen($file, 'ab')) === FALSE)
  107. {
  108. return FALSE;
  109. }
  110. fclose($fp);
  111. return TRUE;
  112. }
  113. }
  114. // ------------------------------------------------------------------------
  115. if ( ! function_exists('load_class'))
  116. {
  117. /**
  118. * Class registry
  119. *
  120. * This function acts as a singleton. If the requested class does not
  121. * exist it is instantiated and set to a static variable. If it has
  122. * previously been instantiated the variable is returned.
  123. *
  124. * @param string the class name being requested
  125. * @param string the directory where the class should be found
  126. * @param mixed an optional argument to pass to the class constructor
  127. * @return object
  128. */
  129. function &load_class($class, $directory = 'libraries', $param = NULL)
  130. {
  131. static $_classes = array();
  132. // Does the class exist? If so, we're done...
  133. if (isset($_classes[$class]))
  134. {
  135. return $_classes[$class];
  136. }
  137. $name = FALSE;
  138. // Look for the class first in the local application/libraries folder
  139. // then in the native system/libraries folder
  140. foreach (array(APPPATH, BASEPATH) as $path)
  141. {
  142. if (file_exists($path.$directory.'/'.$class.'.php'))
  143. {
  144. $name = 'CI_'.$class;
  145. if (class_exists($name, FALSE) === FALSE)
  146. {
  147. require_once($path.$directory.'/'.$class.'.php');
  148. }
  149. break;
  150. }
  151. }
  152. // Is the request a class extension? If so we load it too
  153. if (file_exists(APPPATH.$directory.'/'.config_item('subclass_prefix').$class.'.php'))
  154. {
  155. $name = config_item('subclass_prefix').$class;
  156. if (class_exists($name, FALSE) === FALSE)
  157. {
  158. require_once(APPPATH.$directory.'/'.$name.'.php');
  159. }
  160. }
  161. // Did we find the class?
  162. if ($name === FALSE)
  163. {
  164. // Note: We use exit() rather than show_error() in order to avoid a
  165. // self-referencing loop with the Exceptions class
  166. set_status_header(503);
  167. echo 'Unable to locate the specified class: '.$class.'.php';
  168. exit(5); // EXIT_UNK_CLASS
  169. }
  170. // Keep track of what we just loaded
  171. is_loaded($class);
  172. $_classes[$class] = isset($param)
  173. ? new $name($param)
  174. : new $name();
  175. return $_classes[$class];
  176. }
  177. }
  178. // --------------------------------------------------------------------
  179. if ( ! function_exists('is_loaded'))
  180. {
  181. /**
  182. * Keeps track of which libraries have been loaded. This function is
  183. * called by the load_class() function above
  184. *
  185. * @param string
  186. * @return array
  187. */
  188. function &is_loaded($class = '')
  189. {
  190. static $_is_loaded = array();
  191. if ($class !== '')
  192. {
  193. $_is_loaded[strtolower($class)] = $class;
  194. }
  195. return $_is_loaded;
  196. }
  197. }
  198. // ------------------------------------------------------------------------
  199. if ( ! function_exists('get_config'))
  200. {
  201. /**
  202. * Loads the main config.php file
  203. *
  204. * This function lets us grab the config file even if the Config class
  205. * hasn't been instantiated yet
  206. *
  207. * @param array
  208. * @return array
  209. */
  210. function &get_config(Array $replace = array())
  211. {
  212. static $config;
  213. if (empty($config))
  214. {
  215. $file_path = APPPATH.'config/config.php';
  216. $found = FALSE;
  217. if (file_exists($file_path))
  218. {
  219. $found = TRUE;
  220. require($file_path);
  221. }
  222. // Is the config file in the environment folder?
  223. if (file_exists($file_path = APPPATH.'config/'.ENVIRONMENT.'/config.php'))
  224. {
  225. require($file_path);
  226. }
  227. elseif ( ! $found)
  228. {
  229. set_status_header(503);
  230. echo 'The configuration file does not exist.';
  231. exit(3); // EXIT_CONFIG
  232. }
  233. // Does the $config array exist in the file?
  234. if ( ! isset($config) OR ! is_array($config))
  235. {
  236. set_status_header(503);
  237. echo 'Your config file does not appear to be formatted correctly.';
  238. exit(3); // EXIT_CONFIG
  239. }
  240. }
  241. // Are any values being dynamically added or replaced?
  242. foreach ($replace as $key => $val)
  243. {
  244. $config[$key] = $val;
  245. }
  246. return $config;
  247. }
  248. }
  249. // ------------------------------------------------------------------------
  250. if ( ! function_exists('config_item'))
  251. {
  252. /**
  253. * Returns the specified config item
  254. *
  255. * @param string
  256. * @return mixed
  257. */
  258. function config_item($item)
  259. {
  260. static $_config;
  261. if (empty($_config))
  262. {
  263. // references cannot be directly assigned to static variables, so we use an array
  264. $_config[0] =& get_config();
  265. }
  266. return isset($_config[0][$item]) ? $_config[0][$item] : NULL;
  267. }
  268. }
  269. // ------------------------------------------------------------------------
  270. if ( ! function_exists('get_mimes'))
  271. {
  272. /**
  273. * Returns the MIME types array from config/mimes.php
  274. *
  275. * @return array
  276. */
  277. function &get_mimes()
  278. {
  279. static $_mimes;
  280. if (empty($_mimes))
  281. {
  282. $_mimes = file_exists(APPPATH.'config/mimes.php')
  283. ? include(APPPATH.'config/mimes.php')
  284. : array();
  285. if (file_exists(APPPATH.'config/'.ENVIRONMENT.'/mimes.php'))
  286. {
  287. $_mimes = array_merge($_mimes, include(APPPATH.'config/'.ENVIRONMENT.'/mimes.php'));
  288. }
  289. }
  290. return $_mimes;
  291. }
  292. }
  293. // ------------------------------------------------------------------------
  294. if ( ! function_exists('is_https'))
  295. {
  296. /**
  297. * Is HTTPS?
  298. *
  299. * Determines if the application is accessed via an encrypted
  300. * (HTTPS) connection.
  301. *
  302. * @return bool
  303. */
  304. function is_https()
  305. {
  306. if ( ! empty($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) !== 'off')
  307. {
  308. return TRUE;
  309. }
  310. elseif (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) === 'https')
  311. {
  312. return TRUE;
  313. }
  314. elseif ( ! empty($_SERVER['HTTP_FRONT_END_HTTPS']) && strtolower($_SERVER['HTTP_FRONT_END_HTTPS']) !== 'off')
  315. {
  316. return TRUE;
  317. }
  318. return FALSE;
  319. }
  320. }
  321. // ------------------------------------------------------------------------
  322. if ( ! function_exists('is_cli'))
  323. {
  324. /**
  325. * Is CLI?
  326. *
  327. * Test to see if a request was made from the command line.
  328. *
  329. * @return bool
  330. */
  331. function is_cli()
  332. {
  333. return (PHP_SAPI === 'cli' OR defined('STDIN'));
  334. }
  335. }
  336. // ------------------------------------------------------------------------
  337. if ( ! function_exists('show_error'))
  338. {
  339. /**
  340. * Error Handler
  341. *
  342. * This function lets us invoke the exception class and
  343. * display errors using the standard error template located
  344. * in application/views/errors/error_general.php
  345. * This function will send the error page directly to the
  346. * browser and exit.
  347. *
  348. * @param string
  349. * @param int
  350. * @param string
  351. * @return void
  352. */
  353. function show_error($message, $status_code = 500, $heading = 'An Error Was Encountered')
  354. {
  355. $status_code = abs($status_code);
  356. if ($status_code < 100)
  357. {
  358. $exit_status = $status_code + 9; // 9 is EXIT__AUTO_MIN
  359. $status_code = 500;
  360. }
  361. else
  362. {
  363. $exit_status = 1; // EXIT_ERROR
  364. }
  365. $_error =& load_class('Exceptions', 'core');
  366. echo $_error->show_error($heading, $message, 'error_general', $status_code);
  367. exit($exit_status);
  368. }
  369. }
  370. // ------------------------------------------------------------------------
  371. if ( ! function_exists('show_404'))
  372. {
  373. /**
  374. * 404 Page Handler
  375. *
  376. * This function is similar to the show_error() function above
  377. * However, instead of the standard error template it displays
  378. * 404 errors.
  379. *
  380. * @param string
  381. * @param bool
  382. * @return void
  383. */
  384. function show_404($page = '', $log_error = TRUE)
  385. {
  386. $_error =& load_class('Exceptions', 'core');
  387. $_error->show_404($page, $log_error);
  388. exit(4); // EXIT_UNKNOWN_FILE
  389. }
  390. }
  391. // ------------------------------------------------------------------------
  392. if ( ! function_exists('log_message'))
  393. {
  394. /**
  395. * Error Logging Interface
  396. *
  397. * We use this as a simple mechanism to access the logging
  398. * class and send messages to be logged.
  399. *
  400. * @param string the error level: 'error', 'debug' or 'info'
  401. * @param string the error message
  402. * @return void
  403. */
  404. function log_message($level, $message)
  405. {
  406. static $_log;
  407. if ($_log === NULL)
  408. {
  409. // references cannot be directly assigned to static variables, so we use an array
  410. $_log[0] =& load_class('Log', 'core');
  411. }
  412. $_log[0]->write_log($level, $message);
  413. }
  414. }
  415. // ------------------------------------------------------------------------
  416. if ( ! function_exists('set_status_header'))
  417. {
  418. /**
  419. * Set HTTP Status Header
  420. *
  421. * @param int the status code
  422. * @param string
  423. * @return void
  424. */
  425. function set_status_header($code = 200, $text = '')
  426. {
  427. if (is_cli())
  428. {
  429. return;
  430. }
  431. if (empty($code) OR ! is_numeric($code))
  432. {
  433. show_error('Status codes must be numeric', 500);
  434. }
  435. if (empty($text))
  436. {
  437. is_int($code) OR $code = (int) $code;
  438. $stati = array(
  439. 100 => 'Continue',
  440. 101 => 'Switching Protocols',
  441. 200 => 'OK',
  442. 201 => 'Created',
  443. 202 => 'Accepted',
  444. 203 => 'Non-Authoritative Information',
  445. 204 => 'No Content',
  446. 205 => 'Reset Content',
  447. 206 => 'Partial Content',
  448. 300 => 'Multiple Choices',
  449. 301 => 'Moved Permanently',
  450. 302 => 'Found',
  451. 303 => 'See Other',
  452. 304 => 'Not Modified',
  453. 305 => 'Use Proxy',
  454. 307 => 'Temporary Redirect',
  455. 400 => 'Bad Request',
  456. 401 => 'Unauthorized',
  457. 402 => 'Payment Required',
  458. 403 => 'Forbidden',
  459. 404 => 'Not Found',
  460. 405 => 'Method Not Allowed',
  461. 406 => 'Not Acceptable',
  462. 407 => 'Proxy Authentication Required',
  463. 408 => 'Request Timeout',
  464. 409 => 'Conflict',
  465. 410 => 'Gone',
  466. 411 => 'Length Required',
  467. 412 => 'Precondition Failed',
  468. 413 => 'Request Entity Too Large',
  469. 414 => 'Request-URI Too Long',
  470. 415 => 'Unsupported Media Type',
  471. 416 => 'Requested Range Not Satisfiable',
  472. 417 => 'Expectation Failed',
  473. 422 => 'Unprocessable Entity',
  474. 426 => 'Upgrade Required',
  475. 428 => 'Precondition Required',
  476. 429 => 'Too Many Requests',
  477. 431 => 'Request Header Fields Too Large',
  478. 500 => 'Internal Server Error',
  479. 501 => 'Not Implemented',
  480. 502 => 'Bad Gateway',
  481. 503 => 'Service Unavailable',
  482. 504 => 'Gateway Timeout',
  483. 505 => 'HTTP Version Not Supported',
  484. 511 => 'Network Authentication Required',
  485. );
  486. if (isset($stati[$code]))
  487. {
  488. $text = $stati[$code];
  489. }
  490. else
  491. {
  492. show_error('No status text available. Please check your status code number or supply your own message text.', 500);
  493. }
  494. }
  495. if (strpos(PHP_SAPI, 'cgi') === 0)
  496. {
  497. header('Status: '.$code.' '.$text, TRUE);
  498. return;
  499. }
  500. $server_protocol = (isset($_SERVER['SERVER_PROTOCOL']) && in_array($_SERVER['SERVER_PROTOCOL'], array('HTTP/1.0', 'HTTP/1.1', 'HTTP/2'), TRUE))
  501. ? $_SERVER['SERVER_PROTOCOL'] : 'HTTP/1.1';
  502. header($server_protocol.' '.$code.' '.$text, TRUE, $code);
  503. }
  504. }
  505. // --------------------------------------------------------------------
  506. if ( ! function_exists('_error_handler'))
  507. {
  508. /**
  509. * Error Handler
  510. *
  511. * This is the custom error handler that is declared at the (relative)
  512. * top of CodeIgniter.php. The main reason we use this is to permit
  513. * PHP errors to be logged in our own log files since the user may
  514. * not have access to server logs. Since this function effectively
  515. * intercepts PHP errors, however, we also need to display errors
  516. * based on the current error_reporting level.
  517. * We do that with the use of a PHP error template.
  518. *
  519. * @param int $severity
  520. * @param string $message
  521. * @param string $filepath
  522. * @param int $line
  523. * @return void
  524. */
  525. function _error_handler($severity, $message, $filepath, $line)
  526. {
  527. $is_error = (((E_ERROR | E_PARSE | E_COMPILE_ERROR | E_CORE_ERROR | E_USER_ERROR) & $severity) === $severity);
  528. // When an error occurred, set the status header to '500 Internal Server Error'
  529. // to indicate to the client something went wrong.
  530. // This can't be done within the $_error->show_php_error method because
  531. // it is only called when the display_errors flag is set (which isn't usually
  532. // the case in a production environment) or when errors are ignored because
  533. // they are above the error_reporting threshold.
  534. if ($is_error)
  535. {
  536. set_status_header(500);
  537. }
  538. // Should we ignore the error? We'll get the current error_reporting
  539. // level and add its bits with the severity bits to find out.
  540. if (($severity & error_reporting()) !== $severity)
  541. {
  542. return;
  543. }
  544. $_error =& load_class('Exceptions', 'core');
  545. $_error->log_exception($severity, $message, $filepath, $line);
  546. // Should we display the error?
  547. if (str_ireplace(array('off', 'none', 'no', 'false', 'null'), '', ini_get('display_errors')))
  548. {
  549. $_error->show_php_error($severity, $message, $filepath, $line);
  550. }
  551. // If the error is fatal, the execution of the script should be stopped because
  552. // errors can't be recovered from. Halting the script conforms with PHP's
  553. // default error handling. See http://www.php.net/manual/en/errorfunc.constants.php
  554. if ($is_error)
  555. {
  556. exit(1); // EXIT_ERROR
  557. }
  558. }
  559. }
  560. // ------------------------------------------------------------------------
  561. if ( ! function_exists('_exception_handler'))
  562. {
  563. /**
  564. * Exception Handler
  565. *
  566. * Sends uncaught exceptions to the logger and displays them
  567. * only if display_errors is On so that they don't show up in
  568. * production environments.
  569. *
  570. * @param Exception $exception
  571. * @return void
  572. */
  573. function _exception_handler($exception)
  574. {
  575. $_error =& load_class('Exceptions', 'core');
  576. $_error->log_exception('error', 'Exception: '.$exception->getMessage(), $exception->getFile(), $exception->getLine());
  577. is_cli() OR set_status_header(500);
  578. // Should we display the error?
  579. if (str_ireplace(array('off', 'none', 'no', 'false', 'null'), '', ini_get('display_errors')))
  580. {
  581. $_error->show_exception($exception);
  582. }
  583. exit(1); // EXIT_ERROR
  584. }
  585. }
  586. // ------------------------------------------------------------------------
  587. if ( ! function_exists('_shutdown_handler'))
  588. {
  589. /**
  590. * Shutdown Handler
  591. *
  592. * This is the shutdown handler that is declared at the top
  593. * of CodeIgniter.php. The main reason we use this is to simulate
  594. * a complete custom exception handler.
  595. *
  596. * E_STRICT is purposively neglected because such events may have
  597. * been caught. Duplication or none? None is preferred for now.
  598. *
  599. * @link http://insomanic.me.uk/post/229851073/php-trick-catching-fatal-errors-e-error-with-a
  600. * @return void
  601. */
  602. function _shutdown_handler()
  603. {
  604. $last_error = error_get_last();
  605. if (isset($last_error) &&
  606. ($last_error['type'] & (E_ERROR | E_PARSE | E_CORE_ERROR | E_CORE_WARNING | E_COMPILE_ERROR | E_COMPILE_WARNING)))
  607. {
  608. _error_handler($last_error['type'], $last_error['message'], $last_error['file'], $last_error['line']);
  609. }
  610. }
  611. }
  612. // --------------------------------------------------------------------
  613. if ( ! function_exists('remove_invisible_characters'))
  614. {
  615. /**
  616. * Remove Invisible Characters
  617. *
  618. * This prevents sandwiching null characters
  619. * between ascii characters, like Java\0script.
  620. *
  621. * @param string
  622. * @param bool
  623. * @return string
  624. */
  625. function remove_invisible_characters($str, $url_encoded = TRUE)
  626. {
  627. $non_displayables = array();
  628. // every control character except newline (dec 10),
  629. // carriage return (dec 13) and horizontal tab (dec 09)
  630. if ($url_encoded)
  631. {
  632. $non_displayables[] = '/%0[0-8bcef]/i'; // url encoded 00-08, 11, 12, 14, 15
  633. $non_displayables[] = '/%1[0-9a-f]/i'; // url encoded 16-31
  634. $non_displayables[] = '/%7f/i'; // url encoded 127
  635. }
  636. $non_displayables[] = '/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F]+/S'; // 00-08, 11, 12, 14-31, 127
  637. do
  638. {
  639. $str = preg_replace($non_displayables, '', $str, -1, $count);
  640. }
  641. while ($count);
  642. return $str;
  643. }
  644. }
  645. // ------------------------------------------------------------------------
  646. if ( ! function_exists('html_escape'))
  647. {
  648. /**
  649. * Returns HTML escaped variable.
  650. *
  651. * @param mixed $var The input string or array of strings to be escaped.
  652. * @param bool $double_encode $double_encode set to FALSE prevents escaping twice.
  653. * @return mixed The escaped string or array of strings as a result.
  654. */
  655. function html_escape($var, $double_encode = TRUE)
  656. {
  657. if (empty($var))
  658. {
  659. return $var;
  660. }
  661. if (is_array($var))
  662. {
  663. foreach (array_keys($var) as $key)
  664. {
  665. $var[$key] = html_escape($var[$key], $double_encode);
  666. }
  667. return $var;
  668. }
  669. return htmlspecialchars($var, ENT_QUOTES, config_item('charset'), $double_encode);
  670. }
  671. }
  672. // ------------------------------------------------------------------------
  673. if ( ! function_exists('_stringify_attributes'))
  674. {
  675. /**
  676. * Stringify attributes for use in HTML tags.
  677. *
  678. * Helper function used to convert a string, array, or object
  679. * of attributes to a string.
  680. *
  681. * @param mixed string, array, object
  682. * @param bool
  683. * @return string
  684. */
  685. function _stringify_attributes($attributes, $js = FALSE)
  686. {
  687. $atts = NULL;
  688. if (empty($attributes))
  689. {
  690. return $atts;
  691. }
  692. if (is_string($attributes))
  693. {
  694. return ' '.$attributes;
  695. }
  696. $attributes = (array) $attributes;
  697. foreach ($attributes as $key => $val)
  698. {
  699. $atts .= ($js) ? $key.'='.$val.',' : ' '.$key.'="'.$val.'"';
  700. }
  701. return rtrim($atts, ',');
  702. }
  703. }
  704. // ------------------------------------------------------------------------
  705. if ( ! function_exists('function_usable'))
  706. {
  707. /**
  708. * Function usable
  709. *
  710. * Executes a function_exists() check, and if the Suhosin PHP
  711. * extension is loaded - checks whether the function that is
  712. * checked might be disabled in there as well.
  713. *
  714. * This is useful as function_exists() will return FALSE for
  715. * functions disabled via the *disable_functions* php.ini
  716. * setting, but not for *suhosin.executor.func.blacklist* and
  717. * *suhosin.executor.disable_eval*. These settings will just
  718. * terminate script execution if a disabled function is executed.
  719. *
  720. * The above described behavior turned out to be a bug in Suhosin,
  721. * but even though a fix was committed for 0.9.34 on 2012-02-12,
  722. * that version is yet to be released. This function will therefore
  723. * be just temporary, but would probably be kept for a few years.
  724. *
  725. * @link http://www.hardened-php.net/suhosin/
  726. * @param string $function_name Function to check for
  727. * @return bool TRUE if the function exists and is safe to call,
  728. * FALSE otherwise.
  729. */
  730. function function_usable($function_name)
  731. {
  732. static $_suhosin_func_blacklist;
  733. if (function_exists($function_name))
  734. {
  735. if ( ! isset($_suhosin_func_blacklist))
  736. {
  737. $_suhosin_func_blacklist = extension_loaded('suhosin')
  738. ? explode(',', trim(ini_get('suhosin.executor.func.blacklist')))
  739. : array();
  740. }
  741. return ! in_array($function_name, $_suhosin_func_blacklist, TRUE);
  742. }
  743. return FALSE;
  744. }
  745. }