MyShaarli/application/Utils.php
ArthurHoaro 775803a05c Prevent redirection loop everytime we rely on HTTP_REFERER:
* search tag
  * delete tag
  * pagination
  * display privates only
  * delete link
  * new/edit/cancel link return page

Move location generation to Utils.php + unit tests.

Fixes #256

ninja
2015-07-12 17:43:13 +02:00

119 lines
3.2 KiB
PHP

<?php
/**
* Shaarli utilities
*/
/**
* Returns the small hash of a string, using RFC 4648 base64url format
*
* Small hashes:
* - are unique (well, as unique as crc32, at last)
* - are always 6 characters long.
* - only use the following characters: a-z A-Z 0-9 - _ @
* - are NOT cryptographically secure (they CAN be forged)
*
* In Shaarli, they are used as a tinyurl-like link to individual entries,
* e.g. smallHash('20111006_131924') --> yZH23w
*/
function smallHash($text)
{
$t = rtrim(base64_encode(hash('crc32', $text, true)), '=');
return strtr($t, '+/', '-_');
}
/**
* Tells if a string start with a substring
*/
function startsWith($haystack, $needle, $case=true)
{
if ($case) {
return (strcmp(substr($haystack, 0, strlen($needle)), $needle) === 0);
}
return (strcasecmp(substr($haystack, 0, strlen($needle)), $needle) === 0);
}
/**
* Tells if a string ends with a substring
*/
function endsWith($haystack, $needle, $case=true)
{
if ($case) {
return (strcmp(substr($haystack, strlen($haystack) - strlen($needle)), $needle) === 0);
}
return (strcasecmp(substr($haystack, strlen($haystack) - strlen($needle)), $needle) === 0);
}
/**
* Same as nl2br(), but escapes < and >
*/
function nl2br_escaped($html)
{
return str_replace('>','&gt;',str_replace('<','&lt;',nl2br($html)));
}
/**
* htmlspecialchars wrapper
*/
function escape($str)
{
return htmlspecialchars($str, ENT_COMPAT, 'UTF-8', false);
}
/**
* Link sanitization before templating
*/
function sanitizeLink(&$link)
{
$link['url'] = escape($link['url']); // useful?
$link['title'] = escape($link['title']);
$link['description'] = escape($link['description']);
$link['tags'] = escape($link['tags']);
}
/**
* Checks if a string represents a valid date
*
* @param string a string-formatted date
* @param format the expected DateTime format of the string
* @return whether the string is a valid date
* @see http://php.net/manual/en/class.datetime.php
* @see http://php.net/manual/en/datetime.createfromformat.php
*/
function checkDateFormat($format, $string)
{
$date = DateTime::createFromFormat($format, $string);
return $date && $date->format($string) == $string;
}
/**
* Generate a header location from HTTP_REFERER.
* Make sure the referer is Shaarli itself and prevent redirection loop.
*
* @param string $referer - HTTP_REFERER.
* @param string $host - Server HOST.
* @param array $loopTerms - Contains list of term to prevent redirection loop.
*
* @return string $referer - final referer.
*/
function generateLocation($referer, $host, $loopTerms = array())
{
$final_referer = '?';
// No referer if it contains any value in $loopCriteria.
foreach ($loopTerms as $value) {
if (strpos($referer, $value) !== false) {
return $final_referer;
}
}
// Remove port from HTTP_HOST
if ($pos = strpos($host, ':')) {
$host = substr($host, 0, $pos);
}
if (!empty($referer) && strpos(parse_url($referer, PHP_URL_HOST), $host) !== false) {
$final_referer = $referer;
}
return $final_referer;
}