X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=application%2FUtils.php;h=35d652241bb6a5a4c42c7ded7b7381be48dc7f15;hb=7f96d9ec21a95cb85d0292b46e18235b20efbcb2;hp=f84f70e44a7f8662f136bd19909b35f338796cbd;hpb=90e5bd65c9d4a5d3d5cedfeaa1314f2a15df5227;p=github%2Fshaarli%2FShaarli.git diff --git a/application/Utils.php b/application/Utils.php index f84f70e4..35d65224 100644 --- a/application/Utils.php +++ b/application/Utils.php @@ -3,6 +3,24 @@ * Shaarli utilities */ +/** + * Logs a message to a text file + * + * The log format is compatible with fail2ban. + * + * @param string $logFile where to write the logs + * @param string $clientIp the client's remote IPv4/IPv6 address + * @param string $message the message to log + */ +function logm($logFile, $clientIp, $message) +{ + file_put_contents( + $logFile, + date('Y/m/d H:i:s').' - '.$clientIp.' - '.strval($message).PHP_EOL, + FILE_APPEND + ); +} + /** * Returns the small hash of a string, using RFC 4648 base64url format * @@ -13,7 +31,15 @@ * - are NOT cryptographically secure (they CAN be forged) * * In Shaarli, they are used as a tinyurl-like link to individual entries, - * e.g. smallHash('20111006_131924') --> yZH23w + * built once with the combination of the date and item ID. + * e.g. smallHash('20111006_131924' . 142) --> eaWxtQ + * + * @warning before v0.8.1, smallhashes were built only with the date, + * and their value has been preserved. + * + * @param string $text Create a hash from this text. + * + * @return string generated small hash. */ function smallHash($text) { @@ -23,8 +49,14 @@ function smallHash($text) /** * Tells if a string start with a substring + * + * @param string $haystack Given string. + * @param string $needle String to search at the beginning of $haystack. + * @param bool $case Case sensitive. + * + * @return bool True if $haystack starts with $needle. */ -function startsWith($haystack, $needle, $case=true) +function startsWith($haystack, $needle, $case = true) { if ($case) { return (strcmp(substr($haystack, 0, strlen($needle)), $needle) === 0); @@ -34,8 +66,14 @@ function startsWith($haystack, $needle, $case=true) /** * Tells if a string ends with a substring + * + * @param string $haystack Given string. + * @param string $needle String to search at the end of $haystack. + * @param bool $case Case sensitive. + * + * @return bool True if $haystack ends with $needle. */ -function endsWith($haystack, $needle, $case=true) +function endsWith($haystack, $needle, $case = true) { if ($case) { return (strcmp(substr($haystack, strlen($haystack) - strlen($needle)), $needle) === 0); @@ -44,23 +82,41 @@ function endsWith($haystack, $needle, $case=true) } /** - * Same as nl2br(), but escapes < and > + * Htmlspecialchars wrapper + * Support multidimensional array of strings. + * + * @param mixed $input Data to escape: a single string or an array of strings. + * + * @return string escaped. */ -function nl2br_escaped($html) +function escape($input) { - return str_replace('>', '>', str_replace('<', '<', nl2br($html))); + if (is_array($input)) { + $out = array(); + foreach($input as $key => $value) { + $out[$key] = escape($value); + } + return $out; + } + return htmlspecialchars($input, ENT_COMPAT, 'UTF-8', false); } /** - * htmlspecialchars wrapper + * Reverse the escape function. + * + * @param string $str the string to unescape. + * + * @return string unescaped string. */ -function escape($str) +function unescape($str) { - return htmlspecialchars($str, ENT_COMPAT, 'UTF-8', false); + return htmlspecialchars_decode($str); } /** - * Link sanitization before templating + * Sanitize link before rendering. + * + * @param array $link Link to escape. */ function sanitizeLink(&$link) { @@ -72,12 +128,14 @@ function sanitizeLink(&$link) /** * Checks if a string represents a valid date + + * @param string $format The expected DateTime format of the string + * @param string $string A string-formatted date * - * @param string a string-formatted date - * @param format the expected DateTime format of the string - * @return whether the string is a valid date - * @see http://php.net/manual/en/class.datetime.php - * @see http://php.net/manual/en/datetime.createfromformat.php + * @return bool whether the string is a valid date + * + * @see http://php.net/manual/en/class.datetime.php + * @see http://php.net/manual/en/datetime.createfromformat.php */ function checkDateFormat($format, $string) { @@ -150,54 +208,65 @@ function is_session_id_valid($sessionId) } /** - * In a string, converts URLs to clickable links. - * - * @param string $text input string. - * @param string $redirector if a redirector is set, use it to gerenate links. + * Sniff browser language to set the locale automatically. + * Note that is may not work on your server if the corresponding locale is not installed. * - * @return string returns $text with all links converted to HTML links. - * - * @see Function inspired from http://www.php.net/manual/en/function.preg-replace.php#85722 - */ -function text2clickable($text, $redirector) + * @param string $headerLocale Locale send in HTTP headers (e.g. "fr,fr-fr;q=0.8,en;q=0.5,en-us;q=0.3"). + **/ +function autoLocale($headerLocale) { - $regex = '!(((?:https?|ftp|file)://|apt:|magnet:)\S+[[:alnum:]]/?)!si'; - - if (empty($redirector)) { - return preg_replace($regex, '$1', $text); + // Default if browser does not send HTTP_ACCEPT_LANGUAGE + $attempts = array('en_US'); + if (isset($headerLocale)) { + // (It's a bit crude, but it works very well. Preferred language is always presented first.) + if (preg_match('/([a-z]{2})-?([a-z]{2})?/i', $headerLocale, $matches)) { + $loc = $matches[1] . (!empty($matches[2]) ? '_' . strtoupper($matches[2]) : ''); + $attempts = array( + $loc.'.UTF-8', $loc, str_replace('_', '-', $loc).'.UTF-8', str_replace('_', '-', $loc), + $loc . '_' . strtoupper($loc).'.UTF-8', $loc . '_' . strtoupper($loc), + $loc . '_' . $loc.'.UTF-8', $loc . '_' . $loc, $loc . '-' . strtoupper($loc).'.UTF-8', + $loc . '-' . strtoupper($loc), $loc . '-' . $loc.'.UTF-8', $loc . '-' . $loc + ); + } } - // Redirector is set, urlencode the final URL. - return preg_replace_callback( - $regex, - function ($matches) use ($redirector) { - return ''. $matches[1] .''; - }, - $text - ); + setlocale(LC_ALL, $attempts); } /** - * This function inserts where relevant so that multiple spaces are properly displayed in HTML - * even in the absence of
(This is used in description to keep text formatting). + * Generates a default API secret. * - * @param string $text input text. + * Note that the random-ish methods used in this function are predictable, + * which makes them NOT suitable for crypto. + * BUT the random string is salted with the salt and hashed with the username. + * It makes the generated API secret secured enough for Shaarli. + * + * PHP 7 provides random_int(), designed for cryptography. + * More info: http://stackoverflow.com/questions/4356289/php-random-string-generator + + * @param string $username Shaarli login username + * @param string $salt Shaarli password hash salt * - * @return string formatted text. + * @return string|bool Generated API secret, 12 char length. + * Or false if invalid parameters are provided (which will make the API unusable). */ -function space2nbsp($text) +function generate_api_secret($username, $salt) { - return preg_replace('/(^| ) /m', '$1 ', $text); + if (empty($username) || empty($salt)) { + return false; + } + + return str_shuffle(substr(hash_hmac('sha512', uniqid($salt), $username), 10, 12)); } /** - * Format Shaarli's description - * TODO: Move me to ApplicationUtils when it's ready. + * Trim string, replace sequences of whitespaces by a single space. + * PHP equivalent to `normalize-space` XSLT function. * - * @param string $description shaare's description. - * @param string $redirector if a redirector is set, use it to gerenate links. + * @param string $string Input string. * - * @return string formatted description. + * @return mixed Normalized string. */ -function format_description($description, $redirector) { - return nl2br(space2nbsp(text2clickable($description, $redirector))); +function normalize_spaces($string) +{ + return preg_replace('/\s{2,}/', ' ', trim($string)); }