X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=application%2FUtils.php;h=35d652241bb6a5a4c42c7ded7b7381be48dc7f15;hb=7f96d9ec21a95cb85d0292b46e18235b20efbcb2;hp=3d819716316e78f1a884cb662723668a1529560d;hpb=10269bc8c9dfe87eb213c09a44308ce64ae0c12d;p=github%2Fshaarli%2FShaarli.git diff --git a/application/Utils.php b/application/Utils.php index 3d819716..35d65224 100644 --- a/application/Utils.php +++ b/application/Utils.php @@ -31,7 +31,15 @@ function logm($logFile, $clientIp, $message) * - are NOT cryptographically secure (they CAN be forged) * * In Shaarli, they are used as a tinyurl-like link to individual entries, - * e.g. smallHash('20111006_131924') --> yZH23w + * built once with the combination of the date and item ID. + * e.g. smallHash('20111006_131924' . 142) --> eaWxtQ + * + * @warning before v0.8.1, smallhashes were built only with the date, + * and their value has been preserved. + * + * @param string $text Create a hash from this text. + * + * @return string generated small hash. */ function smallHash($text) { @@ -41,8 +49,14 @@ function smallHash($text) /** * Tells if a string start with a substring + * + * @param string $haystack Given string. + * @param string $needle String to search at the beginning of $haystack. + * @param bool $case Case sensitive. + * + * @return bool True if $haystack starts with $needle. */ -function startsWith($haystack, $needle, $case=true) +function startsWith($haystack, $needle, $case = true) { if ($case) { return (strcmp(substr($haystack, 0, strlen($needle)), $needle) === 0); @@ -52,8 +66,14 @@ function startsWith($haystack, $needle, $case=true) /** * Tells if a string ends with a substring + * + * @param string $haystack Given string. + * @param string $needle String to search at the end of $haystack. + * @param bool $case Case sensitive. + * + * @return bool True if $haystack ends with $needle. */ -function endsWith($haystack, $needle, $case=true) +function endsWith($haystack, $needle, $case = true) { if ($case) { return (strcmp(substr($haystack, strlen($haystack) - strlen($needle)), $needle) === 0); @@ -63,14 +83,22 @@ function endsWith($haystack, $needle, $case=true) /** * Htmlspecialchars wrapper + * Support multidimensional array of strings. * - * @param string $str the string to escape. + * @param mixed $input Data to escape: a single string or an array of strings. * * @return string escaped. */ -function escape($str) +function escape($input) { - return htmlspecialchars($str, ENT_COMPAT, 'UTF-8', false); + if (is_array($input)) { + $out = array(); + foreach($input as $key => $value) { + $out[$key] = escape($value); + } + return $out; + } + return htmlspecialchars($input, ENT_COMPAT, 'UTF-8', false); } /** @@ -86,7 +114,9 @@ function unescape($str) } /** - * Link sanitization before templating + * Sanitize link before rendering. + * + * @param array $link Link to escape. */ function sanitizeLink(&$link) { @@ -177,59 +207,6 @@ function is_session_id_valid($sessionId) return true; } -/** - * In a string, converts URLs to clickable links. - * - * @param string $text input string. - * @param string $redirector if a redirector is set, use it to gerenate links. - * - * @return string returns $text with all links converted to HTML links. - * - * @see Function inspired from http://www.php.net/manual/en/function.preg-replace.php#85722 - */ -function text2clickable($text, $redirector) -{ - $regex = '!(((?:https?|ftp|file)://|apt:|magnet:)\S+[[:alnum:]]/?)!si'; - - if (empty($redirector)) { - return preg_replace($regex, '$1', $text); - } - // Redirector is set, urlencode the final URL. - return preg_replace_callback( - $regex, - function ($matches) use ($redirector) { - return ''. $matches[1] .''; - }, - $text - ); -} - -/** - * This function inserts where relevant so that multiple spaces are properly displayed in HTML - * even in the absence of
(This is used in description to keep text formatting). - * - * @param string $text input text. - * - * @return string formatted text. - */ -function space2nbsp($text) -{ - return preg_replace('/(^| ) /m', '$1 ', $text); -} - -/** - * Format Shaarli's description - * TODO: Move me to ApplicationUtils when it's ready. - * - * @param string $description shaare's description. - * @param string $redirector if a redirector is set, use it to gerenate links. - * - * @return string formatted description. - */ -function format_description($description, $redirector) { - return nl2br(space2nbsp(text2clickable($description, $redirector))); -} - /** * Sniff browser language to set the locale automatically. * Note that is may not work on your server if the corresponding locale is not installed. @@ -253,4 +230,43 @@ function autoLocale($headerLocale) } } setlocale(LC_ALL, $attempts); -} \ No newline at end of file +} + +/** + * Generates a default API secret. + * + * Note that the random-ish methods used in this function are predictable, + * which makes them NOT suitable for crypto. + * BUT the random string is salted with the salt and hashed with the username. + * It makes the generated API secret secured enough for Shaarli. + * + * PHP 7 provides random_int(), designed for cryptography. + * More info: http://stackoverflow.com/questions/4356289/php-random-string-generator + + * @param string $username Shaarli login username + * @param string $salt Shaarli password hash salt + * + * @return string|bool Generated API secret, 12 char length. + * Or false if invalid parameters are provided (which will make the API unusable). + */ +function generate_api_secret($username, $salt) +{ + if (empty($username) || empty($salt)) { + return false; + } + + return str_shuffle(substr(hash_hmac('sha512', uniqid($salt), $username), 10, 12)); +} + +/** + * Trim string, replace sequences of whitespaces by a single space. + * PHP equivalent to `normalize-space` XSLT function. + * + * @param string $string Input string. + * + * @return mixed Normalized string. + */ +function normalize_spaces($string) +{ + return preg_replace('/\s{2,}/', ' ', trim($string)); +}