Advisor: mark that 'Rate of reading fixed position' may be wrong, requires further...
[phpmyadmin/thilanka.git] / libraries / sanitizing.lib.php
blobe92015027fef2ca6b6c3b314885231a9aaca8946
1 <?php
2 /* vim: set expandtab sw=4 ts=4 sts=4: */
3 /**
4 * This is in a separate script because it's called from a number of scripts
6 * @package phpMyAdmin
7 */
9 /**
10 * Checks whether given link is valid
12 * @param string $url URL to check
13 * @return boolean True if string can be used as link
15 function PMA_checkLink($url)
17 $valid_starts = array(
18 'http://',
19 'https://',
21 if (defined('PMA_SETUP')) {
22 $valid_starts[] = '../Documentation.html';
23 $valid_starts[] = '?page=form&';
24 } else {
25 $valid_starts[] = './Documentation.html';
27 foreach ($valid_starts as $val) {
28 if (substr($url, 0, strlen($val)) == $val) {
29 return true;
32 return false;
35 /**
36 * Callback function for replacing [a@link@target] links in bb code.
38 * @param array $found Array of preg matches
39 * @return string Replaced string
41 function PMA_replaceBBLink($found)
43 /* Check for valid link */
44 if (! PMA_checkLink($found[1])) {
45 return $found[0];
47 /* a-z and _ allowed in target */
48 if (! empty($found[3]) && preg_match('/[^a-z_]+/i', $found[3])) {
49 return $found[0];
52 /* Construct target */
53 $target = '';
54 if (! empty($found[3])) {
55 $target = ' target="' . $found[3] . '"';
58 /* Construct url */
59 if (substr($found[1], 0, 4) == 'http') {
60 $url = PMA_linkURL($found[1]);
61 } else {
62 $url = $found[1];
65 return '<a href="' . $url . '"' . $target . '>';
68 /**
69 * Sanitizes $message, taking into account our special codes
70 * for formatting.
72 * If you want to include result in element attribute, you should escape it.
74 * Examples:
76 * <p><?php echo PMA_sanitize($foo); ?></p>
78 * <a title="<?php echo PMA_sanitize($foo, true); ?>">bar</a>
80 * @param string $message the message
81 * @param boolean $escape whether to escape html in result
82 * @param boolean $safe whether string is safe (can keep < and > chars)
83 * @return string the sanitized message
85 function PMA_sanitize($message, $escape = false, $safe = false)
87 if (!$safe) {
88 $message = strtr($message, array('<' => '&lt;', '>' => '&gt;'));
90 /* Interpret bb code */
91 $replace_pairs = array(
92 '[i]' => '<em>', // deprecated by em
93 '[/i]' => '</em>', // deprecated by em
94 '[em]' => '<em>',
95 '[/em]' => '</em>',
96 '[b]' => '<strong>', // deprecated by strong
97 '[/b]' => '</strong>', // deprecated by strong
98 '[strong]' => '<strong>',
99 '[/strong]' => '</strong>',
100 '[tt]' => '<code>', // deprecated by CODE or KBD
101 '[/tt]' => '</code>', // deprecated by CODE or KBD
102 '[code]' => '<code>',
103 '[/code]' => '</code>',
104 '[kbd]' => '<kbd>',
105 '[/kbd]' => '</kbd>',
106 '[br]' => '<br />',
107 '[/a]' => '</a>',
108 '[sup]' => '<sup>',
109 '[/sup]' => '</sup>',
111 /* Adjust links for setup, which lives in subfolder */
112 if (defined('PMA_SETUP')) {
113 $replace_pairs['[a@Documentation.html'] = '[a@../Documentation.html';
114 } else {
115 $replace_pairs['[a@Documentation.html'] = '[a@./Documentation.html';
117 $message = strtr($message, $replace_pairs);
119 /* Match links in bb code ([a@url@target], where @target is options) */
120 $pattern = '/\[a@([^]"@]*)(@([^]"]*))?\]/';
122 /* Find and replace all links */
123 $message = preg_replace_callback($pattern, 'PMA_replaceBBLink', $message);
125 /* Possibly escape result */
126 if ($escape) {
127 $message = htmlspecialchars($message);
130 return $message;