X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=application%2FUtils.php;h=bc1c9f5d6133b67eacc321b3d41da57f60b0f38d;hb=820cae27cfcc94af552818f3f1e5342e00478f6c;hp=d6e066102b62a61baf96c4ad5cecd947725a11ac;hpb=e96be632f5a7e8a8d39d99526ddd028084653b2f;p=github%2Fshaarli%2FShaarli.git diff --git a/application/Utils.php b/application/Utils.php index d6e06610..bc1c9f5d 100644 --- a/application/Utils.php +++ b/application/Utils.php @@ -4,21 +4,23 @@ */ /** - * Logs a message to a text file + * Format log using provided data. * - * The log format is compatible with fail2ban. + * @param string $message the message to log + * @param string|null $clientIp the client's remote IPv4/IPv6 address * - * @param string $logFile where to write the logs - * @param string $clientIp the client's remote IPv4/IPv6 address - * @param string $message the message to log + * @return string Formatted message to log */ -function logm($logFile, $clientIp, $message) +function format_log(string $message, string $clientIp = null): string { - file_put_contents( - $logFile, - date('Y/m/d H:i:s').' - '.$clientIp.' - '.strval($message).PHP_EOL, - FILE_APPEND - ); + $out = $message; + + if (!empty($clientIp)) { + // Note: we keep the first dash to avoid breaking fail2ban configs + $out = '- ' . $clientIp . ' - ' . $out; + } + + return $out; } /** @@ -87,14 +89,22 @@ function endsWith($haystack, $needle, $case = true) * * @param mixed $input Data to escape: a single string or an array of strings. * - * @return string escaped. + * @return string|array escaped. */ function escape($input) { + if (null === $input) { + return null; + } + + if (is_bool($input) || is_int($input) || is_float($input) || $input instanceof DateTimeInterface) { + return $input; + } + if (is_array($input)) { $out = array(); - foreach($input as $key => $value) { - $out[$key] = escape($value); + foreach ($input as $key => $value) { + $out[escape($key)] = escape($value); } return $out; } @@ -155,10 +165,10 @@ function checkDateFormat($format, $string) */ function generateLocation($referer, $host, $loopTerms = array()) { - $finalReferer = '?'; + $finalReferer = './?'; // No referer if it contains any value in $loopCriteria. - foreach ($loopTerms as $value) { + foreach (array_filter($loopTerms) as $value) { if (strpos($referer, $value) !== false) { return $finalReferer; } @@ -177,36 +187,6 @@ function generateLocation($referer, $host, $loopTerms = array()) return $finalReferer; } -/** - * Validate session ID to prevent Full Path Disclosure. - * - * See #298. - * The session ID's format depends on the hash algorithm set in PHP settings - * - * @param string $sessionId Session ID - * - * @return true if valid, false otherwise. - * - * @see http://php.net/manual/en/function.hash-algos.php - * @see http://php.net/manual/en/session.configuration.php - */ -function is_session_id_valid($sessionId) -{ - if (empty($sessionId)) { - return false; - } - - if (!$sessionId) { - return false; - } - - if (!preg_match('/^[a-zA-Z0-9,-]{2,128}$/', $sessionId)) { - return false; - } - - return true; -} - /** * Sniff browser language to set the locale automatically. * Note that is may not work on your server if the corresponding locale is not installed. @@ -320,15 +300,15 @@ function normalize_spaces($string) * Requires php-intl to display international datetimes, * otherwise default format '%c' will be returned. * - * @param DateTime $date to format. - * @param bool $time Displays time if true. - * @param bool $intl Use international format if true. + * @param DateTimeInterface $date to format. + * @param bool $time Displays time if true. + * @param bool $intl Use international format if true. * * @return bool|string Formatted date, or false if the input is invalid. */ function format_date($date, $time = true, $intl = true) { - if (! $date instanceof DateTime) { + if (! $date instanceof DateTimeInterface) { return false; } @@ -345,3 +325,152 @@ function format_date($date, $time = true, $intl = true) return $formatter->format($date); } + +/** + * Check if the input is an integer, no matter its real type. + * + * PHP is a bit messy regarding this: + * - is_int returns false if the input is a string + * - ctype_digit returns false if the input is an integer or negative + * + * @param mixed $input value + * + * @return bool true if the input is an integer, false otherwise + */ +function is_integer_mixed($input) +{ + if (is_array($input) || is_bool($input) || is_object($input)) { + return false; + } + $input = strval($input); + return ctype_digit($input) || (startsWith($input, '-') && ctype_digit(substr($input, 1))); +} + +/** + * Convert post_max_size/upload_max_filesize (e.g. '16M') parameters to bytes. + * + * @param string $val Size expressed in string. + * + * @return int Size expressed in bytes. + */ +function return_bytes($val) +{ + if (is_integer_mixed($val) || $val === '0' || empty($val)) { + return $val; + } + $val = trim($val); + $last = strtolower($val[strlen($val)-1]); + $val = intval(substr($val, 0, -1)); + switch ($last) { + case 'g': + $val *= 1024; + case 'm': + $val *= 1024; + case 'k': + $val *= 1024; + } + return $val; +} + +/** + * Return a human readable size from bytes. + * + * @param int $bytes value + * + * @return string Human readable size + */ +function human_bytes($bytes) +{ + if ($bytes === '') { + return t('Setting not set'); + } + if (! is_integer_mixed($bytes)) { + return $bytes; + } + $bytes = intval($bytes); + if ($bytes === 0) { + return t('Unlimited'); + } + + $units = [t('B'), t('kiB'), t('MiB'), t('GiB')]; + for ($i = 0; $i < count($units) && $bytes >= 1024; ++$i) { + $bytes /= 1024; + } + + return round($bytes) . $units[$i]; +} + +/** + * Try to determine max file size for uploads (POST). + * Returns an integer (in bytes) or formatted depending on $format. + * + * @param mixed $limitPost post_max_size PHP setting + * @param mixed $limitUpload upload_max_filesize PHP setting + * @param bool $format Format max upload size to human readable size + * + * @return int|string max upload file size + */ +function get_max_upload_size($limitPost, $limitUpload, $format = true) +{ + $size1 = return_bytes($limitPost); + $size2 = return_bytes($limitUpload); + // Return the smaller of two: + $maxsize = min($size1, $size2); + return $format ? human_bytes($maxsize) : $maxsize; +} + +/** + * Sort the given array alphabetically using php-intl if available. + * Case sensitive. + * + * Note: doesn't support multidimensional arrays + * + * @param array $data Input array, passed by reference + * @param bool $reverse Reverse sort if set to true + * @param bool $byKeys Sort the array by keys if set to true, by value otherwise. + */ +function alphabetical_sort(&$data, $reverse = false, $byKeys = false) +{ + $callback = function ($a, $b) use ($reverse) { + // Collator is part of PHP intl. + if (class_exists('Collator')) { + $collator = new Collator(setlocale(LC_COLLATE, 0)); + if (!intl_is_failure(intl_get_error_code())) { + return $collator->compare($a, $b) * ($reverse ? -1 : 1); + } + } + + return strcasecmp($a, $b) * ($reverse ? -1 : 1); + }; + + if ($byKeys) { + uksort($data, $callback); + } else { + usort($data, $callback); + } +} + +/** + * Wrapper function for translation which match the API + * of gettext()/_() and ngettext(). + * + * @param string $text Text to translate. + * @param string $nText The plural message ID. + * @param int $nb The number of items for plural forms. + * @param string $domain The domain where the translation is stored (default: shaarli). + * + * @return string Text translated. + */ +function t($text, $nText = '', $nb = 1, $domain = 'shaarli') +{ + return dn__($domain, $text, $nText, $nb); +} + +/** + * Converts an exception into a printable stack trace string. + */ +function exception2text(Throwable $e): string +{ + return $e->getMessage() . PHP_EOL . $e->getFile() . $e->getLine() . PHP_EOL . $e->getTraceAsString(); +} +