Add OK and Cancel button for grid editing
[phpmyadmin/arisferyanto.git] / libraries / sanitizing.lib.php
blob1f3110f305ec4410419363111047c5f8efbafd09
1 <?php
2 /* vim: set expandtab sw=4 ts=4 sts=4: */
3 /**
4 * This is in a separate script because it's called from a number of scripts
6 * @package PhpMyAdmin
7 */
9 /**
10 * Checks whether given link is valid
12 * @param string $url URL to check
13 * @return boolean True if string can be used as link
15 function PMA_checkLink($url)
17 $valid_starts = array(
18 'http://',
19 'https://',
20 './url.php?url=http%3A%2F%2F',
21 './url.php?url=https%3A%2F%2F',
23 if (defined('PMA_SETUP')) {
24 $valid_starts[] = '../Documentation.html';
25 $valid_starts[] = '?page=form&';
26 } else {
27 $valid_starts[] = './Documentation.html';
29 foreach ($valid_starts as $val) {
30 if (substr($url, 0, strlen($val)) == $val) {
31 return true;
34 return false;
37 /**
38 * Callback function for replacing [a@link@target] links in bb code.
40 * @param array $found Array of preg matches
41 * @return string Replaced string
43 function PMA_replaceBBLink($found)
45 /* Check for valid link */
46 if (! PMA_checkLink($found[1])) {
47 return $found[0];
49 /* a-z and _ allowed in target */
50 if (! empty($found[3]) && preg_match('/[^a-z_]+/i', $found[3])) {
51 return $found[0];
54 /* Construct target */
55 $target = '';
56 if (! empty($found[3])) {
57 $target = ' target="' . $found[3] . '"';
60 /* Construct url */
61 if (substr($found[1], 0, 4) == 'http') {
62 $url = PMA_linkURL($found[1]);
63 } else {
64 $url = $found[1];
67 return '<a href="' . $url . '"' . $target . '>';
70 /**
71 * Sanitizes $message, taking into account our special codes
72 * for formatting.
74 * If you want to include result in element attribute, you should escape it.
76 * Examples:
78 * <p><?php echo PMA_sanitize($foo); ?></p>
80 * <a title="<?php echo PMA_sanitize($foo, true); ?>">bar</a>
82 * @param string $message the message
83 * @param boolean $escape whether to escape html in result
84 * @param boolean $safe whether string is safe (can keep < and > chars)
85 * @return string the sanitized message
87 function PMA_sanitize($message, $escape = false, $safe = false)
89 if (!$safe) {
90 $message = strtr($message, array('<' => '&lt;', '>' => '&gt;'));
92 /* Interpret bb code */
93 $replace_pairs = array(
94 '[i]' => '<em>', // deprecated by em
95 '[/i]' => '</em>', // deprecated by em
96 '[em]' => '<em>',
97 '[/em]' => '</em>',
98 '[b]' => '<strong>', // deprecated by strong
99 '[/b]' => '</strong>', // deprecated by strong
100 '[strong]' => '<strong>',
101 '[/strong]' => '</strong>',
102 '[tt]' => '<code>', // deprecated by CODE or KBD
103 '[/tt]' => '</code>', // deprecated by CODE or KBD
104 '[code]' => '<code>',
105 '[/code]' => '</code>',
106 '[kbd]' => '<kbd>',
107 '[/kbd]' => '</kbd>',
108 '[br]' => '<br />',
109 '[/a]' => '</a>',
110 '[sup]' => '<sup>',
111 '[/sup]' => '</sup>',
113 /* Adjust links for setup, which lives in subfolder */
114 if (defined('PMA_SETUP')) {
115 $replace_pairs['[a@Documentation.html'] = '[a@../Documentation.html';
116 } else {
117 $replace_pairs['[a@Documentation.html'] = '[a@./Documentation.html';
119 $message = strtr($message, $replace_pairs);
121 /* Match links in bb code ([a@url@target], where @target is options) */
122 $pattern = '/\[a@([^]"@]*)(@([^]"]*))?\]/';
124 /* Find and replace all links */
125 $message = preg_replace_callback($pattern, 'PMA_replaceBBLink', $message);
127 /* Possibly escape result */
128 if ($escape) {
129 $message = htmlspecialchars($message);
132 return $message;
137 * Sanitize a filename by removing anything besides A-Za-z0-9_.-
139 * Intended usecase:
140 * When using a filename in a Content-Disposition header the value should not contain ; or "
142 * @param string The filename
144 * @return string the sanitized filename
147 function PMA_sanitize_filename($filename) {
148 $filename = preg_replace('/[^A-Za-z0-9_.-]/', '_', $filename);
149 return $filename;