| [ Index ] |
PHP Cross Reference of YOURLS |
[Source view] [Print] [Project Stats]
(no description)
| File Size: | 802 lines (28 kb) |
| Included or required: | 0 times |
| Referenced: | 0 times |
| Includes or requires: | 0 files |
| yourls_int2string($num, $chars = null) X-Ref |
| Convert an integer (1337) to a string (3jk). param: int $num Number to convert param: string $chars Characters to use for conversion return: string Converted number |
| yourls_string2int($string, $chars = null) X-Ref |
| Convert a string (3jk) to an integer (1337) param: string $string String to convert param: string $chars Characters to use for conversion return: string Number (as a string) |
| yourls_unique_element_id($prefix = 'yid', $initial_val = 1) X-Ref |
| Return a unique string to be used as a valid HTML id since: 1.8.3 param: string $prefix Optional prefix param: int $initial_val The initial counter value (defaults to one) return: string The unique string |
| yourls_sanitize_keyword( $keyword, $restrict_to_shorturl_charset = false ) X-Ref |
| Make sure a link keyword (ie "1fv" as in "http://sho.rt/1fv") is acceptable If we are ADDING or EDITING a short URL, the keyword must comply to the short URL charset: every character that doesn't belong to it will be removed. But otherwise we must have a more conservative approach: we could be checking for a keyword that was once valid but now the short URL charset has changed. In such a case, we are treating the keyword for what it is: just a part of a URL, hence sanitize it as a URL. param: string $keyword short URL keyword param: bool $restrict_to_shorturl_charset Optional, default false. True if we want the keyword to comply to short URL charset return: string The sanitized keyword |
| yourls_sanitize_title( $unsafe_title, $fallback = '' ) X-Ref |
| Sanitize a page title. No HTML per W3C http://www.w3.org/TR/html401/struct/global.html#h-7.4.2 since: 1.5 param: string $unsafe_title Title, potentially unsafe param: string $fallback Optional fallback if after sanitization nothing remains return: string Safe title |
| yourls_sanitize_url( $unsafe_url, $protocols = array() X-Ref |
| A few sanity checks on the URL. Used for redirection or DB. For redirection when you don't trust the URL ($_SERVER variable, query string), see yourls_sanitize_url_safe() For display purpose, see yourls_esc_url() param: string $unsafe_url unsafe URL param: array $protocols Optional allowed protocols, default to global $yourls_allowedprotocols return: string Safe URL |
| yourls_sanitize_url_safe( $unsafe_url, $protocols = array() X-Ref |
| A few sanity checks on the URL, including CRLF. Used for redirection when URL to be sanitized is critical and cannot be trusted. Use when critical URL comes from user input or environment variable. In such a case, this function will sanitize it like yourls_sanitize_url() but will also remove %0A and %0D to prevent CRLF injection. Still, some legit URLs contain %0A or %0D (see issue 2056, and for extra fun 1694, 1707, 2030, and maybe others) so we're not using this function unless it's used for internal redirection when the target location isn't hardcoded, to avoid XSS via CRLF since: 1.7.2 param: string $unsafe_url unsafe URL param: array $protocols Optional allowed protocols, default to global $yourls_allowedprotocols return: string Safe URL |
| yourls_deep_replace($search, $subject ) X-Ref |
| Perform a replacement while a string is found, eg $subject = '%0%0%0DDD', $search ='%0D' -> $result ='' Stolen from WP's _deep_replace param: string|array $search Needle, or array of needles. param: string $subject Haystack. return: string The string with the replaced values. |
| yourls_sanitize_int($int ) X-Ref |
| Make sure an integer is a valid integer (PHP's intval() limits to too small numbers) param: int $int Integer to check return: string Integer as a string |
| yourls_sanitize_ip($ip ) X-Ref |
| Sanitize an IP address No check on validity, just return a sanitized string param: string $ip IP address return: string IP address |
| yourls_sanitize_date($date ) X-Ref |
| Make sure a date is m(m)/d(d)/yyyy, return false otherwise param: string $date Date to check return: false|mixed Date in format m(m)/d(d)/yyyy or false if invalid |
| yourls_sanitize_date_for_sql($date) X-Ref |
| Sanitize a date for SQL search. Return false if malformed input. param: string $date Date return: false|string String in Y-m-d format for SQL search or false if malformed input |
| yourls_trim_long_string($string, $length = 60, $append = '[...]') X-Ref |
| Return trimmed string, optionally append '[...]' if string is too long param: string $string String to trim param: int $length Maximum length of string param: string $append String to append if trimmed return: string Trimmed string |
| yourls_sanitize_version( $version ) X-Ref |
| Sanitize a version number (1.4.1-whatever-RC1 -> 1.4.1) The regexp searches for the first digits, then a period, then more digits and periods, and discards all the rest. For instance, 'mysql-5.5-beta' and '5.5-RC1' return '5.5' since: 1.4.1 param: string $version Version number return: string Sanitized version number |
| yourls_sanitize_filename($file) X-Ref |
| Sanitize a filename (no Win32 stuff) param: string $file File name return: string|null Sanitized file name (or null if it's just backslashes, ok...) |
| yourls_seems_utf8($str) X-Ref |
| Check if a string seems to be UTF-8. Stolen from WP. param: string $str String to check return: bool Whether string seems valid UTF-8 |
| yourls_supports_pcre_u() X-Ref |
| Check for PCRE /u modifier support. Stolen from WP. Just in case "PCRE is not compiled with PCRE_UTF8" which seems to happen on some distros since: 1.7.1 return: bool whether there's /u support or not |
| yourls_check_invalid_utf8( $string, $strip = false ) X-Ref |
| Checks for invalid UTF8 in a string. Stolen from WP since: 1.6 param: string $string The text which is to be checked. param: boolean $strip Optional. Whether to attempt to strip out invalid UTF8. Default is false. return: string The checked text. |
| yourls_specialchars( $string, $quote_style = ENT_NOQUOTES, $double_encode = false ) X-Ref |
| Converts a number of special characters into their HTML entities. Stolen from WP. Specifically deals with: &, <, >, ", and '. $quote_style can be set to ENT_COMPAT to encode " to ", or ENT_QUOTES to do both. Default is ENT_NOQUOTES where no quotes are encoded. since: 1.6 param: string $string The text which is to be encoded. param: mixed $quote_style Optional. Converts double quotes if set to ENT_COMPAT, both single and double if set to ENT_QUOTES or none if set to ENT_NOQUOTES. Also compatible with old values; converting single quotes if set to 'single', double if set to 'double' or both if otherwise set. Default is ENT_NOQUOTES. param: boolean $double_encode Optional. Whether to encode existing html entities. Default is false. return: string The encoded text with HTML entities. |
| yourls_specialchars_decode( $string, $quote_style = ENT_NOQUOTES ) X-Ref |
| Converts a number of HTML entities into their special characters. Stolen from WP. Specifically deals with: &, <, >, ", and '. $quote_style can be set to ENT_COMPAT to decode " entities, or ENT_QUOTES to do both " and '. Default is ENT_NOQUOTES where no quotes are decoded. since: 1.6 param: string $string The text which is to be decoded. param: mixed $quote_style Optional. Converts double quotes if set to ENT_COMPAT, both single and double if set to ENT_QUOTES or none if set to ENT_NOQUOTES. Also compatible with old _wp_specialchars() values; converting single quotes if set to 'single', double if set to 'double' or both if otherwise set. Default is ENT_NOQUOTES. return: string The decoded text without HTML entities. |
| yourls_esc_html( $text ) X-Ref |
| Escaping for HTML blocks. Stolen from WP since: 1.6 param: string $text return: string |
| yourls_esc_attr( $text ) X-Ref |
| Escaping for HTML attributes. Stolen from WP since: 1.6 param: string $text return: string |
| yourls_esc_url( $url, $context = 'display', $protocols = array() X-Ref |
| Checks and cleans a URL before printing it. Stolen from WP. A number of characters are removed from the URL. If the URL is for displaying (the default behaviour) ampersands are also replaced. This function by default "escapes" URL for display purpose (param $context = 'display') but can take extra steps in URL sanitization. See yourls_sanitize_url() and yourls_sanitize_url_safe() since: 1.6 param: string $url The URL to be cleaned. param: string $context 'display' or something else. Use yourls_sanitize_url() for database or redirection usage. param: array $protocols Optional. Array of allowed protocols, defaults to global $yourls_allowedprotocols return: string The cleaned $url |
| yourls_normalize_uri( $url ) X-Ref |
| Normalize a URI : lowercase scheme and domain, convert IDN to UTF8 All in one example: 'HTTP://XN--mgbuq0c.Com/AbCd' -> 'http://طارق.com/AbCd' See issues 591, 1630, 1889, 2691 This function is trickier than what seems to be needed at first First, we need to handle several URI types: http://example.com, mailto:[email protected], facetime:[email protected], and so on, see yourls_kses_allowed_protocols() in functions-kses.php The general rule is that the scheme ("stuff://" or "stuff:") is case insensitive and should be lowercase. But then, depending on the scheme, parts of what follows the scheme may or may not be case sensitive. Second, simply using parse_url() and its opposite http_build_url() is a pretty unsafe process: - parse_url() can easily trip up on malformed or weird URLs - exploding a URL with parse_url(), lowercasing some stuff, and glueing things back with http_build_url() does not handle well "stuff:"-like URI [1] and can result in URLs ending modified [2][3]. We don't want to *validate* URI, we just want to lowercase what is supposed to be lowercased. So, to be conservative, this function: - lowercases the scheme - does not lowercase anything else on "stuff:" URI - tries to lowercase only scheme and domain of "stuff://" URI [1] http_build_url(parse_url("mailto:ozh")) == "mailto:///ozh" [2] http_build_url(parse_url("http://blah#omg")) == "http://blah/#omg" [3] http_build_url(parse_url("http://blah?#")) == "http://blah/" since: 1.7.1 param: string $url URL return: string URL with lowercase scheme and protocol |
| yourls_esc_js( $text ) X-Ref |
| Escape single quotes, htmlspecialchar " < > &, and fix line endings. Stolen from WP. Escapes text strings for echoing in JS. It is intended to be used for inline JS (in a tag attribute, for example onclick="..."). Note that the strings have to be in single quotes. The filter 'js_escape' is also applied here. since: 1.6 param: string $text The text to be escaped. return: string Escaped text. |
| yourls_esc_textarea( $text ) X-Ref |
| Escaping for textarea values. Stolen from WP. since: 1.6 param: string $text return: string |
| yourls_backslashit($string) X-Ref |
| Adds backslashes before letters and before a number at the start of a string. Stolen from WP. since: 1.6 param: string $string Value to which backslashes will be added. return: string String with backslashes inserted. |
| yourls_is_rawurlencoded( $string ) X-Ref |
| Check if a string seems to be urlencoded We use rawurlencode instead of urlencode to avoid messing with '+' since: 1.7 param: string $string return: bool |
| yourls_rawurldecode_while_encoded( $string ) X-Ref |
| rawurldecode a string till it's not encoded anymore Deals with multiple encoding (eg "%2521" => "%21" => "!"). See https://github.com/YOURLS/YOURLS/issues/1303 since: 1.7 param: string $string return: string |
| yourls_make_bookmarklet( $code ) X-Ref |
| Converts readable Javascript code into a valid bookmarklet link Uses https://github.com/ozh/bookmarkletgen since: 1.7.1 param: string $code Javascript code return: string Bookmarklet link |
| yourls_get_timestamp( $timestamp ) X-Ref |
| Return a timestamp, plus or minus the time offset if defined since: 1.7.10 param: string|int $timestamp a timestamp return: int a timestamp, plus or minus offset if defined |
| yourls_get_time_offset() X-Ref |
| Get time offset, as defined in config, filtered since: 1.7.10 return: int Time offset |
| yourls_get_datetime_format( $format ) X-Ref |
| Return a date() format for a full date + time, filtered since: 1.7.10 param: string $format Date format string return: string Date format string |
| yourls_get_date_format( $format ) X-Ref |
| Return a date() format for date (no time), filtered since: 1.7.10 param: string $format Date format string return: string Date format string |
| yourls_get_time_format( $format ) X-Ref |
| Return a date() format for a time (no date), filtered since: 1.7.10 param: string $format Date format string return: string Date format string |
| Generated: Fri Apr 18 05:10:03 2025 | Cross-referenced by PHPXref 0.7.1 |