* - are NOT cryptographically secure (they CAN be forged)
*
* In Shaarli, they are used as a tinyurl-like link to individual entries,
- * e.g. smallHash('20111006_131924') --> yZH23w
+ * built once with the combination of the date and item ID.
+ * e.g. smallHash('20111006_131924' . 142) --> eaWxtQ
+ *
+ * @warning before v0.8.1, smallhashes were built only with the date,
+ * and their value has been preserved.
+ *
+ * @param string $text Create a hash from this text.
+ *
+ * @return string generated small hash.
*/
function smallHash($text)
{
}
/**
- * Link sanitization before templating
+ * Sanitize link before rendering.
+ *
+ * @param array $link Link to escape.
*/
function sanitizeLink(&$link)
{
return true;
}
-/**
- * In a string, converts URLs to clickable links.
- *
- * @param string $text input string.
- * @param string $redirector if a redirector is set, use it to gerenate links.
- *
- * @return string returns $text with all links converted to HTML links.
- *
- * @see Function inspired from http://www.php.net/manual/en/function.preg-replace.php#85722
- */
-function text2clickable($text, $redirector)
-{
- $regex = '!(((?:https?|ftp|file)://|apt:|magnet:)\S+[[:alnum:]]/?)!si';
-
- if (empty($redirector)) {
- return preg_replace($regex, '<a href="$1">$1</a>', $text);
- }
- // Redirector is set, urlencode the final URL.
- return preg_replace_callback(
- $regex,
- function ($matches) use ($redirector) {
- return '<a href="' . $redirector . urlencode($matches[1]) .'">'. $matches[1] .'</a>';
- },
- $text
- );
-}
-
-/**
- * This function inserts where relevant so that multiple spaces are properly displayed in HTML
- * even in the absence of <pre> (This is used in description to keep text formatting).
- *
- * @param string $text input text.
- *
- * @return string formatted text.
- */
-function space2nbsp($text)
-{
- return preg_replace('/(^| ) /m', '$1 ', $text);
-}
-
-/**
- * Format Shaarli's description
- * TODO: Move me to ApplicationUtils when it's ready.
- *
- * @param string $description shaare's description.
- * @param string $redirector if a redirector is set, use it to gerenate links.
- *
- * @return string formatted description.
- */
-function format_description($description, $redirector = false) {
- return nl2br(space2nbsp(text2clickable($description, $redirector)));
-}
-
/**
* Sniff browser language to set the locale automatically.
* Note that is may not work on your server if the corresponding locale is not installed.
}
}
setlocale(LC_ALL, $attempts);
-}
\ No newline at end of file
+}
+
+/**
+ * Generates a default API secret.
+ *
+ * Note that the random-ish methods used in this function are predictable,
+ * which makes them NOT suitable for crypto.
+ * BUT the random string is salted with the salt and hashed with the username.
+ * It makes the generated API secret secured enough for Shaarli.
+ *
+ * PHP 7 provides random_int(), designed for cryptography.
+ * More info: http://stackoverflow.com/questions/4356289/php-random-string-generator
+
+ * @param string $username Shaarli login username
+ * @param string $salt Shaarli password hash salt
+ *
+ * @return string|bool Generated API secret, 12 char length.
+ * Or false if invalid parameters are provided (which will make the API unusable).
+ */
+function generate_api_secret($username, $salt)
+{
+ if (empty($username) || empty($salt)) {
+ return false;
+ }
+
+ return str_shuffle(substr(hash_hmac('sha512', uniqid($salt), $username), 10, 12));
+}
+
+/**
+ * Trim string, replace sequences of whitespaces by a single space.
+ * PHP equivalent to `normalize-space` XSLT function.
+ *
+ * @param string $string Input string.
+ *
+ * @return mixed Normalized string.
+ */
+function normalize_spaces($string)
+{
+ return preg_replace('/\s{2,}/', ' ', trim($string));
+}