123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223 |
- <?php
- /**
- * Shaarli utilities
- */
- /**
- * Logs a message to a text file
- *
- * The log format is compatible with fail2ban.
- *
- * @param string $logFile where to write the logs
- * @param string $clientIp the client's remote IPv4/IPv6 address
- * @param string $message the message to log
- */
- function logm($logFile, $clientIp, $message)
- {
- file_put_contents(
- $logFile,
- date('Y/m/d H:i:s').' - '.$clientIp.' - '.strval($message).PHP_EOL,
- FILE_APPEND
- );
- }
- /**
- * Returns the small hash of a string, using RFC 4648 base64url format
- *
- * Small hashes:
- * - are unique (well, as unique as crc32, at last)
- * - are always 6 characters long.
- * - only use the following characters: a-z A-Z 0-9 - _ @
- * - are NOT cryptographically secure (they CAN be forged)
- *
- * In Shaarli, they are used as a tinyurl-like link to individual entries,
- * e.g. smallHash('20111006_131924') --> yZH23w
- */
- function smallHash($text)
- {
- $t = rtrim(base64_encode(hash('crc32', $text, true)), '=');
- return strtr($t, '+/', '-_');
- }
- /**
- * Tells if a string start with a substring
- */
- function startsWith($haystack, $needle, $case=true)
- {
- if ($case) {
- return (strcmp(substr($haystack, 0, strlen($needle)), $needle) === 0);
- }
- return (strcasecmp(substr($haystack, 0, strlen($needle)), $needle) === 0);
- }
- /**
- * Tells if a string ends with a substring
- */
- function endsWith($haystack, $needle, $case=true)
- {
- if ($case) {
- return (strcmp(substr($haystack, strlen($haystack) - strlen($needle)), $needle) === 0);
- }
- return (strcasecmp(substr($haystack, strlen($haystack) - strlen($needle)), $needle) === 0);
- }
- /**
- * Same as nl2br(), but escapes < and >
- */
- function nl2br_escaped($html)
- {
- return str_replace('>', '>', str_replace('<', '<', nl2br($html)));
- }
- /**
- * htmlspecialchars wrapper
- */
- function escape($str)
- {
- return htmlspecialchars($str, ENT_COMPAT, 'UTF-8', false);
- }
- /**
- * Link sanitization before templating
- */
- function sanitizeLink(&$link)
- {
- $link['url'] = escape($link['url']); // useful?
- $link['title'] = escape($link['title']);
- $link['description'] = escape($link['description']);
- $link['tags'] = escape($link['tags']);
- }
- /**
- * Checks if a string represents a valid date
- * @param string $format The expected DateTime format of the string
- * @param string $string A string-formatted date
- *
- * @return bool whether the string is a valid date
- *
- * @see http://php.net/manual/en/class.datetime.php
- * @see http://php.net/manual/en/datetime.createfromformat.php
- */
- function checkDateFormat($format, $string)
- {
- $date = DateTime::createFromFormat($format, $string);
- return $date && $date->format($string) == $string;
- }
- /**
- * Generate a header location from HTTP_REFERER.
- * Make sure the referer is Shaarli itself and prevent redirection loop.
- *
- * @param string $referer - HTTP_REFERER.
- * @param string $host - Server HOST.
- * @param array $loopTerms - Contains list of term to prevent redirection loop.
- *
- * @return string $referer - final referer.
- */
- function generateLocation($referer, $host, $loopTerms = array())
- {
- $finalReferer = '?';
- // No referer if it contains any value in $loopCriteria.
- foreach ($loopTerms as $value) {
- if (strpos($referer, $value) !== false) {
- return $finalReferer;
- }
- }
- // Remove port from HTTP_HOST
- if ($pos = strpos($host, ':')) {
- $host = substr($host, 0, $pos);
- }
- $refererHost = parse_url($referer, PHP_URL_HOST);
- if (!empty($referer) && (strpos($refererHost, $host) !== false || startsWith('?', $refererHost))) {
- $finalReferer = $referer;
- }
- return $finalReferer;
- }
- /**
- * Validate session ID to prevent Full Path Disclosure.
- *
- * See #298.
- * The session ID's format depends on the hash algorithm set in PHP settings
- *
- * @param string $sessionId Session ID
- *
- * @return true if valid, false otherwise.
- *
- * @see http://php.net/manual/en/function.hash-algos.php
- * @see http://php.net/manual/en/session.configuration.php
- */
- function is_session_id_valid($sessionId)
- {
- if (empty($sessionId)) {
- return false;
- }
- if (!$sessionId) {
- return false;
- }
- if (!preg_match('/^[a-zA-Z0-9,-]{2,128}$/', $sessionId)) {
- return false;
- }
- return true;
- }
- /**
- * In a string, converts URLs to clickable links.
- *
- * @param string $text input string.
- * @param string $redirector if a redirector is set, use it to gerenate links.
- *
- * @return string returns $text with all links converted to HTML links.
- *
- * @see Function inspired from http://www.php.net/manual/en/function.preg-replace.php#85722
- */
- function text2clickable($text, $redirector)
- {
- $regex = '!(((?:https?|ftp|file)://|apt:|magnet:)\S+[[:alnum:]]/?)!si';
- if (empty($redirector)) {
- return preg_replace($regex, '<a href="$1">$1</a>', $text);
- }
- // Redirector is set, urlencode the final URL.
- return preg_replace_callback(
- $regex,
- function ($matches) use ($redirector) {
- return '<a href="' . $redirector . urlencode($matches[1]) .'">'. $matches[1] .'</a>';
- },
- $text
- );
- }
- /**
- * This function inserts where relevant so that multiple spaces are properly displayed in HTML
- * even in the absence of <pre> (This is used in description to keep text formatting).
- *
- * @param string $text input text.
- *
- * @return string formatted text.
- */
- function space2nbsp($text)
- {
- return preg_replace('/(^| ) /m', '$1 ', $text);
- }
- /**
- * Format Shaarli's description
- * TODO: Move me to ApplicationUtils when it's ready.
- *
- * @param string $description shaare's description.
- * @param string $redirector if a redirector is set, use it to gerenate links.
- *
- * @return string formatted description.
- */
- function format_description($description, $redirector) {
- return nl2br(space2nbsp(text2clickable($description, $redirector)));
- }
|