X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=application%2FUtils.php;h=bcfda65c9ca14cef75aac304396f0512dba500d5;hb=f34554c6c2cd8fe99fe2e8907bfc196a4884416a;hp=2f38a8de2a0f0fccff237619514cd32dd92682fb;hpb=2e6314af312229467ca63b6dc0c337f92eb5ddeb;p=github%2Fshaarli%2FShaarli.git diff --git a/application/Utils.php b/application/Utils.php index 2f38a8de..bcfda65c 100644 --- a/application/Utils.php +++ b/application/Utils.php @@ -87,18 +87,22 @@ function endsWith($haystack, $needle, $case = true) * * @param mixed $input Data to escape: a single string or an array of strings. * - * @return string escaped. + * @return string|array escaped. */ function escape($input) { - if (is_bool($input)) { + if (null === $input) { + return null; + } + + if (is_bool($input) || is_int($input) || is_float($input) || $input instanceof DateTimeInterface) { return $input; } if (is_array($input)) { $out = array(); - foreach($input as $key => $value) { - $out[$key] = escape($value); + foreach ($input as $key => $value) { + $out[escape($key)] = escape($value); } return $out; } @@ -159,10 +163,10 @@ function checkDateFormat($format, $string) */ function generateLocation($referer, $host, $loopTerms = array()) { - $finalReferer = '?'; + $finalReferer = './?'; // No referer if it contains any value in $loopCriteria. - foreach ($loopTerms as $value) { + foreach (array_filter($loopTerms) as $value) { if (strpos($referer, $value) !== false) { return $finalReferer; } @@ -181,36 +185,6 @@ function generateLocation($referer, $host, $loopTerms = array()) return $finalReferer; } -/** - * Validate session ID to prevent Full Path Disclosure. - * - * See #298. - * The session ID's format depends on the hash algorithm set in PHP settings - * - * @param string $sessionId Session ID - * - * @return true if valid, false otherwise. - * - * @see http://php.net/manual/en/function.hash-algos.php - * @see http://php.net/manual/en/session.configuration.php - */ -function is_session_id_valid($sessionId) -{ - if (empty($sessionId)) { - return false; - } - - if (!$sessionId) { - return false; - } - - if (!preg_match('/^[a-zA-Z0-9,-]{2,128}$/', $sessionId)) { - return false; - } - - return true; -} - /** * Sniff browser language to set the locale automatically. * Note that is may not work on your server if the corresponding locale is not installed. @@ -324,15 +298,15 @@ function normalize_spaces($string) * Requires php-intl to display international datetimes, * otherwise default format '%c' will be returned. * - * @param DateTime $date to format. - * @param bool $time Displays time if true. - * @param bool $intl Use international format if true. + * @param DateTimeInterface $date to format. + * @param bool $time Displays time if true. + * @param bool $intl Use international format if true. * * @return bool|string Formatted date, or false if the input is invalid. */ function format_date($date, $time = true, $intl = true) { - if (! $date instanceof DateTime) { + if (! $date instanceof DateTimeInterface) { return false; } @@ -385,10 +359,13 @@ function return_bytes($val) $val = trim($val); $last = strtolower($val[strlen($val)-1]); $val = intval(substr($val, 0, -1)); - switch($last) { - case 'g': $val *= 1024; - case 'm': $val *= 1024; - case 'k': $val *= 1024; + switch ($last) { + case 'g': + $val *= 1024; + case 'm': + $val *= 1024; + case 'k': + $val *= 1024; } return $val; } @@ -482,6 +459,7 @@ function alphabetical_sort(&$data, $reverse = false, $byKeys = false) * * @return string Text translated. */ -function t($text, $nText = '', $nb = 1, $domain = 'shaarli') { +function t($text, $nText = '', $nb = 1, $domain = 'shaarli') +{ return dn__($domain, $text, $nText, $nb); }