replace)
* @return string substituted string
*/
function replace_macros($s,$r) {
$a = get_app();
$t = $a->template_engine();
$output = $t->replace_macros($s,$r);
return $output;
}
// random string, there are 86 characters max in text mode, 128 for hex
// output is urlsafe
define('RANDOM_STRING_HEX', 0x00 );
define('RANDOM_STRING_TEXT', 0x01 );
function random_string($size = 64,$type = RANDOM_STRING_HEX) {
// generate a bit of entropy and run it through the whirlpool
$s = hash('whirlpool', (string) rand() . uniqid(rand(),true) . (string) rand(),(($type == RANDOM_STRING_TEXT) ? true : false));
$s = (($type == RANDOM_STRING_TEXT) ? str_replace("\n","",base64url_encode($s,true)) : $s);
return(substr($s,0,$size));
}
/**
* This is our primary input filter.
*
* The high bit hack only involved some old IE browser, forget which (IE5/Mac?)
* that had an XSS attack vector due to stripping the high-bit on an 8-bit character
* after cleansing, and angle chars with the high bit set could get through as markup.
*
* This is now disabled because it was interfering with some legitimate unicode sequences
* and hopefully there aren't a lot of those browsers left.
*
* Use this on any text input where angle chars are not valid or permitted
* They will be replaced with safer brackets. This may be filtered further
* if these are not allowed either.
*
* @param string $string Input string
* @return string Filtered string
*/
function notags($string) {
return(str_replace(array("<",">"), array('[',']'), $string));
// High-bit filter no longer used
// return(str_replace(array("<",">","\xBA","\xBC","\xBE"), array('[',']','','',''), $string));
}
// use this on "body" or "content" input where angle chars shouldn't be removed,
// and allow them to be safely displayed.
/**
* use this on "body" or "content" input where angle chars shouldn't be removed,
* and allow them to be safely displayed.
* @param string $string
* @return string
*/
function escape_tags($string) {
return(htmlspecialchars($string, ENT_COMPAT, 'UTF-8', false));
}
function z_input_filter($channel_id,$s,$type = 'text/bbcode') {
if($type === 'text/bbcode')
return escape_tags($s);
if($type === 'text/markdown')
return escape_tags($s);
if($type == 'text/plain')
return escape_tags($s);
$r = q("select account_id, account_roles from account left join channel on channel_account_id = account_id where channel_id = %d limit 1",
intval($channel_id)
);
if($r && ($r[0]['account_roles'] & ACCOUNT_ROLE_ALLOWCODE)) {
if(local_user() && (get_account_id() == $r[0]['account_id'])) {
return $s;
}
}
if($type === 'text/html')
return purify_html($s);
return escape_tags($s);
}
function purify_html($s) {
require_once('library/HTMLPurifier.auto.php');
require_once('include/html2bbcode.php');
// FIXME this function has html output, not bbcode - so safely purify these
// $s = html2bb_video($s);
// $s = oembed_html2bbcode($s);
$config = HTMLPurifier_Config::createDefault();
$config->set('Cache.DefinitionImpl', null);
$purifier = new HTMLPurifier($config);
return $purifier->purify($s);
}
// generate a string that's random, but usually pronounceable.
// used to generate initial passwords
/**
* generate a string that's random, but usually pronounceable.
* used to generate initial passwords
* @param int $len
* @return string
*/
function autoname($len) {
if($len <= 0)
return '';
$vowels = array('a','a','ai','au','e','e','e','ee','ea','i','ie','o','ou','u');
if(mt_rand(0,5) == 4)
$vowels[] = 'y';
$cons = array(
'b','bl','br',
'c','ch','cl','cr',
'd','dr',
'f','fl','fr',
'g','gh','gl','gr',
'h',
'j',
'k','kh','kl','kr',
'l',
'm',
'n',
'p','ph','pl','pr',
'qu',
'r','rh',
's','sc','sh','sm','sp','st',
't','th','tr',
'v',
'w','wh',
'x',
'z','zh'
);
$midcons = array('ck','ct','gn','ld','lf','lm','lt','mb','mm', 'mn','mp',
'nd','ng','nk','nt','rn','rp','rt');
$noend = array('bl', 'br', 'cl','cr','dr','fl','fr','gl','gr',
'kh', 'kl','kr','mn','pl','pr','rh','tr','qu','wh');
$start = mt_rand(0,2);
if($start == 0)
$table = $vowels;
else
$table = $cons;
$word = '';
for ($x = 0; $x < $len; $x ++) {
$r = mt_rand(0,count($table) - 1);
$word .= $table[$r];
if($table == $vowels)
$table = array_merge($cons,$midcons);
else
$table = $vowels;
}
$word = substr($word,0,$len);
foreach($noend as $noe) {
if((strlen($word) > 2) && (substr($word,-2) == $noe)) {
$word = substr($word,0,-1);
break;
}
}
if(substr($word,-1) == 'q')
$word = substr($word,0,-1);
return $word;
}
// escape text ($str) for XML transport
// returns escaped text.
/**
* escape text ($str) for XML transport
* @param string $str
* @return string Escaped text.
*/
function xmlify($str) {
$buffer = '';
$len = mb_strlen($str);
for($x = 0; $x < $len; $x ++) {
$char = mb_substr($str,$x,1);
switch( $char ) {
case "\r" :
break;
case "&" :
$buffer .= '&';
break;
case "'" :
$buffer .= ''';
break;
case "\"" :
$buffer .= '"';
break;
case '<' :
$buffer .= '<';
break;
case '>' :
$buffer .= '>';
break;
case "\n" :
$buffer .= "\n";
break;
default :
$buffer .= $char;
break;
}
}
$buffer = trim($buffer);
return($buffer);
}
// undo an xmlify
// pass xml escaped text ($s), returns unescaped text
function unxmlify($s) {
$ret = str_replace('&','&', $s);
$ret = str_replace(array('<','>','"','''),array('<','>','"',"'"),$ret);
return $ret;
}
// convenience wrapper, reverse the operation "bin2hex"
// This is a built-in function in php >= 5.4
if(! function_exists('hex2bin')) {
function hex2bin($s) {
if(! (is_string($s) && strlen($s)))
return '';
if(! ctype_xdigit($s)) {
return($s);
}
return(pack("H*",$s));
}}
// Automatic pagination.
// To use, get the count of total items.
// Then call $a->set_pager_total($number_items);
// Optionally call $a->set_pager_itemspage($n) to the number of items to display on each page
// Then call paginate($a) after the end of the display loop to insert the pager block on the page
// (assuming there are enough items to paginate).
// When using with SQL, the setting LIMIT %d, %d => $a->pager['start'],$a->pager['itemspage']
// will limit the results to the correct items for the current page.
// The actual page handling is then accomplished at the application layer.
function paginate(&$a) {
$o = '';
$stripped = preg_replace('/(&page=[0-9]*)/','',$a->query_string);
// $stripped = preg_replace('/&zid=(.*?)([\?&]|$)/ism','',$stripped);
$stripped = str_replace('q=','',$stripped);
$stripped = trim($stripped,'/');
$pagenum = $a->pager['page'];
$url = $a->get_baseurl() . '/' . $stripped;
if($a->pager['total'] > $a->pager['itemspage']) {
$o .= '
(.*?)<\/pre>/ism','smile_decode',$s);
$s = preg_replace_callback('/(.*?)<\/code>/ism','smile_decode',$s);
return $s;
}
function smile_encode($m) {
return(str_replace($m[1],base64url_encode($m[1]),$m[0]));
}
function smile_decode($m) {
return(str_replace($m[1],base64url_decode($m[1]),$m[0]));
}
// expand <3333 to the correct number of hearts
function preg_heart($x) {
$a = get_app();
if(strlen($x[1]) == 1)
return $x[0];
$t = '';
for($cnt = 0; $cnt < strlen($x[1]); $cnt ++)
$t .= '';
$r = str_replace($x[0],$t,$x[0]);
return $r;
}
function day_translate($s) {
$ret = str_replace(array('Monday','Tuesday','Wednesday','Thursday','Friday','Saturday','Sunday'),
array( t('Monday'), t('Tuesday'), t('Wednesday'), t('Thursday'), t('Friday'), t('Saturday'), t('Sunday')),
$s);
$ret = str_replace(array('January','February','March','April','May','June','July','August','September','October','November','December'),
array( t('January'), t('February'), t('March'), t('April'), t('May'), t('June'), t('July'), t('August'), t('September'), t('October'), t('November'), t('December')),
$ret);
return $ret;
}
function normalise_link($url) {
$ret = str_replace(array('https:','//www.'), array('http:','//'), $url);
return(rtrim($ret,'/'));
}
/**
*
* Compare two URLs to see if they are the same, but ignore
* slight but hopefully insignificant differences such as if one
* is https and the other isn't, or if one is www.something and
* the other isn't - and also ignore case differences.
*
* Return true if the URLs match, otherwise false.
*
*/
function link_compare($a,$b) {
if(strcasecmp(normalise_link($a),normalise_link($b)) === 0)
return true;
return false;
}
// Given an item array, convert the body element from bbcode to html and add smilie icons.
// If attach is true, also add icons for item attachments
function unobscure(&$item) {
if(array_key_exists('item_flags',$item) && ($item['item_flags'] & ITEM_OBSCURED)) {
$key = get_config('system','prvkey');
if($item['title'])
$item['title'] = aes_unencapsulate(json_decode_plus($item['title']),$key);
if($item['body'])
$item['body'] = aes_unencapsulate(json_decode_plus($item['body']),$key);
}
}
function theme_attachments(&$item) {
$arr = json_decode_plus($item['attach']);
if(is_array($arr) && count($arr)) {
$attaches = array();
foreach($arr as $r) {
$icon = '';
$icontype = substr($r['type'],0,strpos($r['type'],'/'));
switch($icontype) {
case 'video':
$icon = 'icon-facetime-video';
break;
case 'audio':
$icon = 'icon-volume-up';
break;
case 'image':
$icon = 'icon-camera';
break;
case 'text':
$icon = 'icon-align-justify';
break;
default:
$icon = 'icon-question';
break;
}
$title = htmlentities($r['title'], ENT_COMPAT,'UTF-8');
if(! $title)
$title = t('unknown.???');
$title .= ' ' . $r['length'] . ' ' . t('bytes');
$url = z_root() . '/magic?f=&hash=' . $item['author_xchan'] . '&dest=' . $r['href'] . '/' . $r['revision'];
$s .= '' . $icon . '';
$attaches[] = array('title' => $title, 'url' => $url, 'icon' => $icon );
}
}
$s = replace_macros(get_markup_template('item_attach.tpl'), array(
'$attaches' => $attaches
));
return $s;
}
function prepare_body(&$item,$attach = false) {
$a = get_app();
call_hooks('prepare_body_init', $item);
unobscure($item);
$s = prepare_text($item['body'],$item['mimetype']);
$prep_arr = array('item' => $item, 'html' => $s);
call_hooks('prepare_body', $prep_arr);
$s = $prep_arr['html'];
if(! $attach) {
return $s;
}
$s .= theme_attachments($item);
// At some point in time, posttags were removed from the threaded conversation templates, but remained in the search_item template.
// Code to put them back was added into include/conversation.php and/or include/ItemObject.php but under new class names
// Then it was discovered that the following bits remained of the old code.
// Commented out, but we may decide to use this instead of the other version and put all the tag rendering in one place. In the other
// location it is more theme-able.
// if(is_array($item['term']) && count($item['term'])) {
// $tstr = '';
// foreach($item['term'] as $t) {
// $t1 = format_term_for_display($t);
// if($t1) {
// if($tstr)
// $tstr .= ' ';
// $tstr .= $t1;
// }
// }
// if($tstr)
// $s .= '