BUG FIX! - fixes error that could allow ANY file on the system to be read!
[moodle.git] / lib / weblib.php
CommitLineData
f9903ed0 1<?PHP // $Id$
2
3// weblib.php
4//
5// Library of useful PHP functions related to web pages.
6//
7//
8
8553b700 9function s($var) {
f9903ed0 10// returns $var with HTML characters (like "<", ">", etc.) properly quoted,
11// or if $var is empty, will return an empty string.
12
13 return empty($var) ? "" : htmlSpecialChars(stripslashes($var));
14}
15
16function p($var) {
17// prints $var with HTML characters (like "<", ">", etc.) properly quoted,
18// or if $var is empty, will print an empty string.
19
20 echo empty($var) ? "" : htmlSpecialChars(stripslashes($var));
21}
22
8553b700 23function nvl(&$var, $default="") {
24// if $var is undefined, return $default, otherwise return $var
25
26 return isset($var) ? $var : $default;
27}
f9903ed0 28
29function strip_querystring($url) {
30// takes a URL and returns it without the querystring portion
31
32 if ($commapos = strpos($url, '?')) {
33 return substr($url, 0, $commapos);
34 } else {
35 return $url;
36 }
37}
38
39function get_referer() {
40// returns the URL of the HTTP_REFERER, less the querystring portion
41
8553b700 42 $HTTP_REFERER = getenv("HTTP_REFERER");
43 return strip_querystring(nvl($HTTP_REFERER));
f9903ed0 44}
45
f9903ed0 46function me() {
47// returns the name of the current script, WITH the querystring portion.
48// this function is necessary because PHP_SELF and REQUEST_URI and PATH_INFO
49// return different things depending on a lot of things like your OS, Web
50// server, and the way PHP is compiled (ie. as a CGI, module, ISAPI, etc.)
51
52 if (getenv("REQUEST_URI")) {
53 $me = getenv("REQUEST_URI");
54
55 } elseif (getenv("PATH_INFO")) {
56 $me = getenv("PATH_INFO");
57
58 } elseif ($GLOBALS["PHP_SELF"]) {
59 $me = $GLOBALS["PHP_SELF"];
60 }
61
62 return $me;
63}
64
65
66
67function qualified_me() {
68// like me() but returns a full URL
69
70 $HTTPS = getenv("HTTPS");
71 $SERVER_PROTOCOL = getenv("SERVER_PROTOCOL");
72 $HTTP_HOST = getenv("HTTP_HOST");
73
74 $protocol = (isset($HTTPS) && $HTTPS == "on") ? "https://" : "http://";
75 $url_prefix = "$protocol$HTTP_HOST";
76 return $url_prefix . me();
77}
78
79
80function match_referer($good_referer = "") {
81// returns true if the referer is the same as the good_referer. If
82// good_refer is not specified, use qualified_me as the good_referer
83
84 if ($good_referer == "") { $good_referer = qualified_me(); }
85 return $good_referer == get_referer();
86}
87
88
89function read_template($filename, &$var) {
90// return a (big) string containing the contents of a template file with all
91// the variables interpolated. all the variables must be in the $var[] array or
92// object (whatever you decide to use).
93//
94// WARNING: do not use this on big files!!
95
96 $temp = str_replace("\\", "\\\\", implode(file($filename), ""));
97 $temp = str_replace('"', '\"', $temp);
98 eval("\$template = \"$temp\";");
99 return $template;
100}
101
102function checked(&$var, $set_value = 1, $unset_value = 0) {
103// if variable is set, set it to the set_value otherwise set it to the
104// unset_value. used to handle checkboxes when you are expecting them from
105// a form
106
107 if (empty($var)) {
108 $var = $unset_value;
109 } else {
110 $var = $set_value;
111 }
112}
113
114function frmchecked(&$var, $true_value = "checked", $false_value = "") {
115// prints the word "checked" if a variable is true, otherwise prints nothing,
116// used for printing the word "checked" in a checkbox form input
117
118 if ($var) {
119 echo $true_value;
120 } else {
121 echo $false_value;
122 }
123}
124
125
65cf9fc3 126function link_to_popup_window ($url, $name="popup", $linkname="click here", $height=400, $width=500, $title="Popup window") {
f9903ed0 127// This will create a HTML link that will work on both
128// Javascript and non-javascript browsers.
129// Relies on the Javascript function openpopup in javascript.php
130// $url must be relative to home page eg /mod/survey/stuff.php
131
132 echo "\n<SCRIPT language=\"Javascript\">";
133 echo "\n<!--";
65cf9fc3 134 echo "\ndocument.write('<A TITLE=\"$title\" HREF=javascript:openpopup(\"$url\",\"$name\",\"$height\",\"$width\") >$linkname</A>');";
f9903ed0 135 echo "\n//-->";
136 echo "\n</SCRIPT>";
65cf9fc3 137 echo "\n<NOSCRIPT>\n<A TARGET=\"$name\" TITLE=\"$title\" HREF=\"$url\">$linkname</A>\n</NOSCRIPT>\n";
f9903ed0 138
139}
140
141function close_window_button() {
142 echo "<FORM><CENTER>";
143 echo "<INPUT TYPE=button onClick=\"self.close();\" VALUE=\"Close this window\">";
144 echo "</CENTER></FORM>";
145}
146
147
618b22c5 148function choose_from_menu ($options, $name, $selected="", $nothing="choose", $script="", $nothingvalue="0") {
f9903ed0 149// $options["value"]["label"]
150
618b22c5 151 if ($nothing == "choose") {
152 $nothing = get_string("choose")."...";
153 }
154
f9903ed0 155 if ($script) {
156 $javascript = "onChange=\"$script\"";
157 }
158 echo "<SELECT NAME=$name $javascript>\n";
bda8d43a 159 if ($nothing) {
160 echo " <OPTION VALUE=\"$nothingvalue\"\n";
161 if ($nothingvalue == $selected) {
162 echo " SELECTED";
163 }
164 echo ">$nothing</OPTION>\n";
873960de 165 }
f9903ed0 166 foreach ($options as $value => $label) {
167 echo " <OPTION VALUE=\"$value\"";
168 if ($value == $selected) {
169 echo " SELECTED";
170 }
171 if ($label) {
172 echo ">$label</OPTION>\n";
173 } else {
174 echo ">$value</OPTION>\n";
175 }
176 }
177 echo "</SELECT>\n";
178}
179
618b22c5 180function popup_form ($common, $options, $formname, $selected="", $nothing="choose") {
f9903ed0 181// Implements a complete little popup form
182// $common = the URL up to the point of the variable that changes
183// $options = A list of value-label pairs for the popup list
184// $formname = name must be unique on the page
185// $selected = the option that is already selected
186// $nothing = The label for the "no choice" option
187
618b22c5 188 if ($nothing == "choose") {
189 $nothing = get_string("choose")."...";
190 }
191
f9903ed0 192 echo "<FORM NAME=$formname>";
193 echo "<SELECT NAME=popup onChange=\"window.location=document.$formname.popup.options[document.$formname.popup.selectedIndex].value\">\n";
194
195 if ($nothing != "") {
196 echo " <OPTION VALUE=\"javascript:void(0)\">$nothing</OPTION>\n";
197 }
198
199 foreach ($options as $value => $label) {
200 echo " <OPTION VALUE=\"$common$value\"";
201 if ($value == $selected) {
202 echo " SELECTED";
203 }
204 if ($label) {
205 echo ">$label</OPTION>\n";
206 } else {
207 echo ">$value</OPTION>\n";
208 }
209 }
210 echo "</SELECT></FORM>\n";
211}
212
213
214
215function formerr($error) {
216 if (!empty($error)) {
217 echo "<font color=#ff0000>$error</font>";
218 }
219}
220
221
222function validate_email ($address) {
223// Validates an email to make it makes sense.
224 return (ereg('^[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+'.
225 '@'.
226 '[-!#$%&\'*+\\/0-9=?A-Z^_`a-z{|}~]+\.'.
227 '[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+$',
228 $address));
229}
230
231
232function get_slash_arguments($i=0) {
233// Extracts arguments from "/foo/bar/something"
234// eg http://mysite.com/script.php/foo/bar/something
235// Might only work on Apache
236
237 global $PATH_INFO;
238
239 if (!isset($PATH_INFO)) {
240 return false;
241 }
242
e2d89725 243 if (strpos($PATH_INFO, "..")) { // check for funny business
244 return false;
245 }
246
f9903ed0 247 $args = explode("/", $PATH_INFO);
248
249 if ($i) { // return just the required argument
250 return $args[$i];
251
252 } else { // return the whole array
253 array_shift($args); // get rid of the empty first one
254 return $args;
255 }
256}
257
258
b7a3cf49 259function cleantext($text) {
260// Given raw text (eg typed in by a user), this function cleans it up
261// and removes any nasty tags that could mess up Moodle pages.
262
8c7dc440 263 return strip_tags($text, '<b><i><u><font><ol><ul><li>');
b7a3cf49 264}
f9903ed0 265
b7a3cf49 266
909f539d 267function text_to_html($text, $smiley=true, $para=true) {
f9903ed0 268// Given plain text, makes it into HTML as nicely as possible.
269
b7a3cf49 270 global $CFG;
271
7b3be1b1 272 // Remove any whitespace that may be between HTML tags
273 $text = eregi_replace(">([[:space:]]+)<", "><", $text);
274
275 // Remove any returns that precede or follow HTML tags
0eae8049 276 $text = eregi_replace("([\n\r])<", " <", $text);
277 $text = eregi_replace(">([\n\r])", "> ", $text);
7b3be1b1 278
f9903ed0 279 // Make URLs into links. eg http://moodle.com/
280 $text = eregi_replace("([[:alnum:]]+)://([^[:space:]]*)([[:alnum:]#?/&=])",
281 "<A HREF=\"\\1://\\2\\3\" TARGET=\"newpage\">\\1://\\2\\3</A>", $text);
282
283 // eg www.moodle.com
284 $text = eregi_replace("([[:space:]])www.([^[:space:]]*)([[:alnum:]#?/&=])",
285 "\\1<A HREF=\"http://www.\\2\\3\" TARGET=\"newpage\">www.\\2\\3</A>", $text);
286
287 // Make returns into HTML newlines.
288 $text = nl2br($text);
289
290 // Turn smileys into images.
291
d69cb7f4 292 if ($smiley) {
293 $text = ereg_replace(":)", "<IMG ALT=\"{smile}\" SRC=\"$CFG->wwwroot/pix/s/smiley.gif\">", $text);
294 $text = ereg_replace(":-)", "<IMG ALT=\"{smile}\" SRC=\"$CFG->wwwroot/pix/s/smiley.gif\">", $text);
295 $text = ereg_replace(":-D", "<IMG ALT=\"{grin}\" SRC=\"$CFG->wwwroot/pix/s/biggrin.gif\">", $text);
296 $text = ereg_replace(";-)", "<IMG ALT=\"{wink}\" SRC=\"$CFG->wwwroot/pix/s/wink.gif\">", $text);
297 $text = ereg_replace("8-)", "<IMG ALT=\"{wide-eyed}\" SRC=\"$CFG->wwwroot/pix/s/wideeyes.gif\">", $text);
298 $text = ereg_replace(":-\(","<IMG ALT=\"{sad}\" SRC=\"$CFG->wwwroot/pix/s/sad.gif\">", $text);
299 $text = ereg_replace(":-P", "<IMG ALT=\"{tongue-out}\" SRC=\"$CFG->wwwroot/pix/s/tongueout.gif\">", $text);
300 $text = ereg_replace(":-/", "<IMG ALT=\"{mixed}\" SRC=\"$CFG->wwwroot/pix/s/mixed.gif\">", $text);
301 $text = ereg_replace(":-o", "<IMG ALT=\"{surprised}\" SRC=\"$CFG->wwwroot/pix/s/surprise.gif\">", $text);
302 $text = ereg_replace("B-)", "<IMG ALT=\"{cool}\" SRC=\"$CFG->wwwroot/pix/s/cool.gif\">", $text);
303 }
f9903ed0 304
909f539d 305 if ($para) {
306 return "<P>".$text."</P>";
307 } else {
308 return $text;
309 }
f9903ed0 310}
311
5af78ed2 312function highlight($needle, $haystack) {
313// This function will highlight instances of $needle in $haystack
314
315 $parts = explode(strtolower($needle), strtolower($haystack));
316
317 $pos = 0;
318
319 foreach ($parts as $key => $part) {
320 $parts[$key] = substr($haystack, $pos, strlen($part));
321 $pos += strlen($part);
322
323 $parts[$key] .= "<SPAN CLASS=highlight>".substr($haystack, $pos, strlen($needle))."</SPAN>";
324 $pos += strlen($needle);
325 }
326
327 return (join('', $parts));
328}
329
f9903ed0 330
331?>