[ Index ]

PHP Cross Reference of YOURLS

title

Body

[close]

/includes/ -> functions-formatting.php (summary)

(no description)

File Size: 798 lines (27 kb)
Included or required:0 times
Referenced: 0 times
Includes or requires: 0 files

Defines 35 functions

  yourls_int2string()
  yourls_string2int()
  yourls_unique_element_id()
  yourls_sanitize_keyword()
  yourls_sanitize_title()
  yourls_sanitize_url()
  yourls_sanitize_url_safe()
  yourls_deep_replace()
  yourls_sanitize_int()
  yourls_sanitize_ip()
  yourls_sanitize_date()
  yourls_sanitize_date_for_sql()
  yourls_trim_long_string()
  yourls_sanitize_version()
  yourls_sanitize_filename()
  yourls_seems_utf8()
  yourls_supports_pcre_u()
  yourls_check_invalid_utf8()
  yourls_specialchars()
  yourls_specialchars_decode()
  yourls_esc_html()
  yourls_esc_attr()
  yourls_esc_url()
  yourls_normalize_uri()
  yourls_esc_js()
  yourls_esc_textarea()
  yourls_backslashit()
  yourls_is_rawurlencoded()
  yourls_rawurldecode_while_encoded()
  yourls_make_bookmarklet()
  yourls_get_timestamp()
  yourls_get_time_offset()
  yourls_get_datetime_format()
  yourls_get_date_format()
  yourls_get_time_format()

Functions
Functions that are not part of a class:

yourls_int2string($num, $chars = null)   X-Ref
Convert an integer (1337) to a string (3jk).

return: string        Converted number
param: int $num       Number to convert
param: string $chars  Characters to use for conversion

yourls_string2int($string, $chars = null)   X-Ref
Convert a string (3jk) to an integer (1337)

return: string         Number (as a string)
param: string $string  String to convert
param: string $chars   Characters to use for conversion

yourls_unique_element_id($prefix = 'yid')   X-Ref
Return a unique string to be used as a valid HTML id

since: 1.8.3
return: string           The unique string
param: string $prefix   Optional prefix

yourls_sanitize_keyword( $keyword, $restrict_to_shorturl_charset = false )   X-Ref
Make sure a link keyword (ie "1fv" as in "http://sho.rt/1fv") is acceptable

If we are ADDING or EDITING a short URL, the keyword must comply to the short URL charset: every
character that doesn't belong to it will be removed.
But otherwise we must have a more conservative approach: we could be checking for a keyword that
was once valid but now the short URL charset has changed. In such a case, we are treating the keyword for what
it is: just a part of a URL, hence sanitize it as a URL.

return: string                                 The sanitized keyword
param: string $keyword                        short URL keyword
param: bool   $restrict_to_shorturl_charset   Optional, default false. True if we want the keyword to comply to short URL charset

yourls_sanitize_title( $unsafe_title, $fallback = '' )   X-Ref
Sanitize a page title. No HTML per W3C http://www.w3.org/TR/html401/struct/global.html#h-7.4.2

since: 1.5
return: string               Safe title
param: string $unsafe_title  Title, potentially unsafe
param: string $fallback      Optional fallback if after sanitization nothing remains

yourls_sanitize_url( $unsafe_url, $protocols = array()   X-Ref
A few sanity checks on the URL. Used for redirection or DB.
For redirection when you don't trust the URL ($_SERVER variable, query string), see yourls_sanitize_url_safe()
For display purpose, see yourls_esc_url()

return: string Safe URL
param: string $unsafe_url unsafe URL
param: array $protocols Optional allowed protocols, default to global $yourls_allowedprotocols

yourls_sanitize_url_safe( $unsafe_url, $protocols = array()   X-Ref
A few sanity checks on the URL, including CRLF. Used for redirection when URL to be sanitized is critical and cannot be trusted.

Use when critical URL comes from user input or environment variable. In such a case, this function will sanitize
it like yourls_sanitize_url() but will also remove %0A and %0D to prevent CRLF injection.
Still, some legit URLs contain %0A or %0D (see issue 2056, and for extra fun 1694, 1707, 2030, and maybe others)
so we're not using this function unless it's used for internal redirection when the target location isn't
hardcoded, to avoid XSS via CRLF

since: 1.7.2
return: string Safe URL
param: string $unsafe_url unsafe URL
param: array $protocols Optional allowed protocols, default to global $yourls_allowedprotocols

yourls_deep_replace($search, $subject )   X-Ref
Perform a replacement while a string is found, eg $subject = '%0%0%0DDD', $search ='%0D' -> $result =''

Stolen from WP's _deep_replace

return: string                The string with the replaced values.
param: string|array $search   Needle, or array of needles.
param: string       $subject  Haystack.

yourls_sanitize_int($int )   X-Ref
Make sure an integer is a valid integer (PHP's intval() limits to too small numbers)

return: string   Integer as a string
param: int $int  Integer to check

yourls_sanitize_ip($ip )   X-Ref
Sanitize an IP address
No check on validity, just return a sanitized string

return: string     IP address
param: string $ip  IP address

yourls_sanitize_date($date )   X-Ref
Make sure a date is m(m)/d(d)/yyyy, return false otherwise

return: false|mixed  Date in format m(m)/d(d)/yyyy or false if invalid
param: string $date  Date to check

yourls_sanitize_date_for_sql($date)   X-Ref
Sanitize a date for SQL search. Return false if malformed input.

return: false|string  String in Y-m-d format for SQL search or false if malformed input
param: string $date   Date

yourls_trim_long_string($string, $length = 60, $append = '[...]')   X-Ref
Return trimmed string, optionally append '[...]' if string is too long

return: string         Trimmed string
param: string $string  String to trim
param: int $length     Maximum length of string
param: string $append  String to append if trimmed

yourls_sanitize_version( $version )   X-Ref
Sanitize a version number (1.4.1-whatever-RC1 -> 1.4.1)

The regexp searches for the first digits, then a period, then more digits and periods, and discards
all the rest.
For instance, 'mysql-5.5-beta' and '5.5-RC1' return '5.5'

since: 1.4.1
return: string           Sanitized version number
param: string $version  Version number

yourls_sanitize_filename($file)   X-Ref
Sanitize a filename (no Win32 stuff)

return: string|null  Sanitized file name (or null if it's just backslashes, ok...)
param: string $file  File name

yourls_seems_utf8($str)   X-Ref
Check if a string seems to be UTF-8. Stolen from WP.

return: bool        Whether string seems valid UTF-8
param: string $str  String to check

yourls_supports_pcre_u()   X-Ref
Check for PCRE /u modifier support. Stolen from WP.

Just in case "PCRE is not compiled with PCRE_UTF8" which seems to happen
on some distros

since: 1.7.1
return: bool whether there's /u support or not

yourls_check_invalid_utf8( $string, $strip = false )   X-Ref
Checks for invalid UTF8 in a string. Stolen from WP

since: 1.6
return: string The checked text.
param: string $string The text which is to be checked.
param: boolean $strip Optional. Whether to attempt to strip out invalid UTF8. Default is false.

yourls_specialchars( $string, $quote_style = ENT_NOQUOTES, $double_encode = false )   X-Ref
Converts a number of special characters into their HTML entities. Stolen from WP.

Specifically deals with: &, <, >, ", and '.

$quote_style can be set to ENT_COMPAT to encode " to
&quot;, or ENT_QUOTES to do both. Default is ENT_NOQUOTES where no quotes are encoded.

since: 1.6
return: string The encoded text with HTML entities.
param: string $string The text which is to be encoded.
param: mixed $quote_style Optional. Converts double quotes if set to ENT_COMPAT, both single and double if set to ENT_QUOTES or none if set to ENT_NOQUOTES. Also compatible with old values; converting single quotes if set to 'single', double if set to 'double' or both if otherwise set. Default is ENT_NOQUOTES.
param: boolean $double_encode Optional. Whether to encode existing html entities. Default is false.

yourls_specialchars_decode( $string, $quote_style = ENT_NOQUOTES )   X-Ref
Converts a number of HTML entities into their special characters. Stolen from WP.

Specifically deals with: &, <, >, ", and '.

$quote_style can be set to ENT_COMPAT to decode " entities,
or ENT_QUOTES to do both " and '. Default is ENT_NOQUOTES where no quotes are decoded.

since: 1.6
return: string The decoded text without HTML entities.
param: string $string The text which is to be decoded.
param: mixed $quote_style Optional. Converts double quotes if set to ENT_COMPAT, both single and double if set to ENT_QUOTES or none if set to ENT_NOQUOTES. Also compatible with old _wp_specialchars() values; converting single quotes if set to 'single', double if set to 'double' or both if otherwise set. Default is ENT_NOQUOTES.

yourls_esc_html( $text )   X-Ref
Escaping for HTML blocks. Stolen from WP

since: 1.6
return: string
param: string $text

yourls_esc_attr( $text )   X-Ref
Escaping for HTML attributes.  Stolen from WP

since: 1.6
return: string
param: string $text

yourls_esc_url( $url, $context = 'display', $protocols = array()   X-Ref
Checks and cleans a URL before printing it. Stolen from WP.

A number of characters are removed from the URL. If the URL is for displaying
(the default behaviour) ampersands are also replaced.

This function by default "escapes" URL for display purpose (param $context = 'display') but can
take extra steps in URL sanitization. See yourls_sanitize_url() and yourls_sanitize_url_safe()

since: 1.6
return: string The cleaned $url
param: string $url The URL to be cleaned.
param: string $context 'display' or something else. Use yourls_sanitize_url() for database or redirection usage.
param: array $protocols Optional. Array of allowed protocols, defaults to global $yourls_allowedprotocols

yourls_normalize_uri( $url )   X-Ref
Normalize a URI : lowercase scheme and domain, convert IDN to UTF8

All in one example: 'HTTP://XN--mgbuq0c.Com/AbCd' -> 'http://طارق.com/AbCd'
See issues 591, 1630, 1889, 2691

This function is trickier than what seems to be needed at first

First, we need to handle several URI types: http://example.com, mailto:ozh@ozh.ozh, facetime:user@example.com, and so on, see
yourls_kses_allowed_protocols() in functions-kses.php
The general rule is that the scheme ("stuff://" or "stuff:") is case insensitive and should be lowercase. But then, depending on the
scheme, parts of what follows the scheme may or may not be case sensitive.

Second, simply using parse_url() and its opposite http_build_url() is a pretty unsafe process:
- parse_url() can easily trip up on malformed or weird URLs
- exploding a URL with parse_url(), lowercasing some stuff, and glueing things back with http_build_url() does not handle well
"stuff:"-like URI [1] and can result in URLs ending modified [2][3]. We don't want to *validate* URI, we just want to lowercase
what is supposed to be lowercased.

So, to be conservative, this function:
- lowercases the scheme
- does not lowercase anything else on "stuff:" URI
- tries to lowercase only scheme and domain of "stuff://" URI

[1] http_build_url(parse_url("mailto:ozh")) == "mailto:///ozh"
[2] http_build_url(parse_url("http://blah#omg")) == "http://blah/#omg"
[3] http_build_url(parse_url("http://blah?#")) == "http://blah/"

since: 1.7.1
return: string URL with lowercase scheme and protocol
param: string $url URL

yourls_esc_js( $text )   X-Ref
Escape single quotes, htmlspecialchar " < > &, and fix line endings. Stolen from WP.

Escapes text strings for echoing in JS. It is intended to be used for inline JS
(in a tag attribute, for example onclick="..."). Note that the strings have to
be in single quotes. The filter 'js_escape' is also applied here.

since: 1.6
return: string Escaped text.
param: string $text The text to be escaped.

yourls_esc_textarea( $text )   X-Ref
Escaping for textarea values. Stolen from WP.

since: 1.6
return: string
param: string $text

yourls_backslashit($string)   X-Ref
Adds backslashes before letters and before a number at the start of a string. Stolen from WP.

since: 1.6
return: string String with backslashes inserted.
param: string $string Value to which backslashes will be added.

yourls_is_rawurlencoded( $string )   X-Ref
Check if a string seems to be urlencoded

We use rawurlencode instead of urlencode to avoid messing with '+'

since: 1.7
return: bool
param: string $string

yourls_rawurldecode_while_encoded( $string )   X-Ref
rawurldecode a string till it's not encoded anymore

Deals with multiple encoding (eg "%2521" => "%21" => "!").
See https://github.com/YOURLS/YOURLS/issues/1303

since: 1.7
return: string
param: string $string

yourls_make_bookmarklet( $code )   X-Ref
Converts readable Javascript code into a valid bookmarklet link

Uses https://github.com/ozh/bookmarkletgen

since: 1.7.1
return: string        Bookmarklet link
param: string $code  Javascript code

yourls_get_timestamp( $timestamp )   X-Ref
Return a timestamp, plus or minus the time offset if defined

since: 1.7.10
return: int                    a timestamp, plus or minus offset if defined
param: string|int $timestamp  a timestamp

yourls_get_time_offset()   X-Ref
Get time offset, as defined in config, filtered

since: 1.7.10
return: int       Time offset

yourls_get_datetime_format( $format )   X-Ref
Return a date() format for a full date + time, filtered

since: 1.7.10
return: string          Date format string
param: string $format  Date format string

yourls_get_date_format( $format )   X-Ref
Return a date() format for date (no time), filtered

since: 1.7.10
return: string          Date format string
param: string $format  Date format string

yourls_get_time_format( $format )   X-Ref
Return a date() format for a time (no date), filtered

since: 1.7.10
return: string          Date format string
param: string $format  Date format string



Generated: Wed Sep 28 05:10:02 2022 Cross-referenced by PHPXref 0.7.1