| [ Index ] |
PHP Cross Reference of YOURLS |
[Source view] [Print] [Project Stats]
(no description)
| File Size: | 802 lines (28 kb) |
| Included or required: | 0 times |
| Referenced: | 0 times |
| Includes or requires: | 0 files |
| yourls_int2string($num, $chars = null) X-Ref |
| Convert an integer (1337) to a string (3jk). param: int $num Number to convert param: string $chars Characters to use for conversion return: string Converted number |
| yourls_string2int($string, $chars = null) X-Ref |
| Convert a string (3jk) to an integer (1337) param: string $string String to convert param: string $chars Characters to use for conversion return: string Number (as a string) |
| yourls_unique_element_id($prefix = 'yid', $initial_val = 1) X-Ref |
| Return a unique string to be used as a valid HTML id param: string $prefix Optional prefix param: int $initial_val The initial counter value (defaults to one) return: string The unique string since: 1.8.3 |
| yourls_sanitize_keyword( $keyword, $restrict_to_shorturl_charset = false ) X-Ref |
| Make sure a link keyword (ie "1fv" as in "http://sho.rt/1fv") is acceptable If we are ADDING or EDITING a short URL, the keyword must comply to the short URL charset: every character that doesn't belong to it will be removed. But otherwise we must have a more conservative approach: we could be checking for a keyword that was once valid but now the short URL charset has changed. In such a case, we are treating the keyword for what it is: just a part of a URL, hence sanitize it as a URL. param: string $keyword short URL keyword param: bool $restrict_to_shorturl_charset Optional, default false. True if we want the keyword to comply to short URL charset return: string The sanitized keyword |
| yourls_sanitize_title( $unsafe_title, $fallback = '' ) X-Ref |
| Sanitize a page title. No HTML per W3C http://www.w3.org/TR/html401/struct/global.html#h-7.4.2 param: string $unsafe_title Title, potentially unsafe param: string $fallback Optional fallback if after sanitization nothing remains return: string Safe title since: 1.5 |
| yourls_sanitize_url( $unsafe_url, $protocols = array() X-Ref |
| A few sanity checks on the URL. Used for redirection or DB. For redirection when you don't trust the URL ($_SERVER variable, query string), see yourls_sanitize_url_safe() For display purpose, see yourls_esc_url() param: string $unsafe_url unsafe URL param: array $protocols Optional allowed protocols, default to global $yourls_allowedprotocols return: string Safe URL |
| yourls_sanitize_url_safe( $unsafe_url, $protocols = array() X-Ref |
| A few sanity checks on the URL, including CRLF. Used for redirection when URL to be sanitized is critical and cannot be trusted. Use when critical URL comes from user input or environment variable. In such a case, this function will sanitize it like yourls_sanitize_url() but will also remove %0A and %0D to prevent CRLF injection. Still, some legit URLs contain %0A or %0D (see issue 2056, and for extra fun 1694, 1707, 2030, and maybe others) so we're not using this function unless it's used for internal redirection when the target location isn't hardcoded, to avoid XSS via CRLF param: string $unsafe_url unsafe URL param: array $protocols Optional allowed protocols, default to global $yourls_allowedprotocols return: string Safe URL since: 1.7.2 |
| yourls_deep_replace($search, $subject ) X-Ref |
| Perform a replacement while a string is found, eg $subject = '%0%0%0DDD', $search ='%0D' -> $result ='' Stolen from WP's _deep_replace param: string|array $search Needle, or array of needles. param: string $subject Haystack. return: string The string with the replaced values. |
| yourls_sanitize_int($int ) X-Ref |
| Make sure an integer is a valid integer (PHP's intval() limits to too small numbers) param: int $int Integer to check return: string Integer as a string |
| yourls_sanitize_ip($ip ) X-Ref |
| Sanitize an IP address No check on validity, just return a sanitized string param: string $ip IP address return: string IP address |
| yourls_sanitize_date($date ) X-Ref |
| Make sure a date is m(m)/d(d)/yyyy, return false otherwise param: string $date Date to check return: false|mixed Date in format m(m)/d(d)/yyyy or false if invalid |
| yourls_sanitize_date_for_sql($date) X-Ref |
| Sanitize a date for SQL search. Return false if malformed input. param: string $date Date return: false|string String in Y-m-d format for SQL search or false if malformed input |
| yourls_trim_long_string($string, $length = 60, $append = '[...]') X-Ref |
| Return trimmed string, optionally append '[...]' if string is too long param: string $string String to trim param: int $length Maximum length of string param: string $append String to append if trimmed return: string Trimmed string |
| yourls_sanitize_version( $version ) X-Ref |
| Sanitize a version number (1.4.1-whatever-RC1 -> 1.4.1) The regexp searches for the first digits, then a period, then more digits and periods, and discards all the rest. For instance, 'mysql-5.5-beta' and '5.5-RC1' return '5.5' param: string $version Version number return: string Sanitized version number since: 1.4.1 |
| yourls_sanitize_filename($file) X-Ref |
| Sanitize a filename (no Win32 stuff) param: string $file File name return: string|null Sanitized file name (or null if it's just backslashes, ok...) |
| yourls_seems_utf8($str) X-Ref |
| Check if a string seems to be UTF-8. Stolen from WP. param: string $str String to check return: bool Whether string seems valid UTF-8 |
| yourls_supports_pcre_u() X-Ref |
| Check for PCRE /u modifier support. Stolen from WP. Just in case "PCRE is not compiled with PCRE_UTF8" which seems to happen on some distros return: bool whether there's /u support or not since: 1.7.1 |
| yourls_check_invalid_utf8( $string, $strip = false ) X-Ref |
| Checks for invalid UTF8 in a string. Stolen from WP param: string $string The text which is to be checked. param: boolean $strip Optional. Whether to attempt to strip out invalid UTF8. Default is false. return: string The checked text. since: 1.6 |
| yourls_specialchars( $string, $quote_style = ENT_NOQUOTES, $double_encode = false ) X-Ref |
| Converts a number of special characters into their HTML entities. Stolen from WP. Specifically deals with: &, <, >, ", and '. $quote_style can be set to ENT_COMPAT to encode " to ", or ENT_QUOTES to do both. Default is ENT_NOQUOTES where no quotes are encoded. param: string $string The text which is to be encoded. param: mixed $quote_style Optional. Converts double quotes if set to ENT_COMPAT, both single and double if set to ENT_QUOTES or none if set to ENT_NOQUOTES. Also compatible with old values; converting single quotes if set to 'single', double if set to 'double' or both if otherwise set. Default is ENT_NOQUOTES. param: boolean $double_encode Optional. Whether to encode existing html entities. Default is false. return: string The encoded text with HTML entities. since: 1.6 |
| yourls_specialchars_decode( $string, $quote_style = ENT_NOQUOTES ) X-Ref |
| Converts a number of HTML entities into their special characters. Stolen from WP. Specifically deals with: &, <, >, ", and '. $quote_style can be set to ENT_COMPAT to decode " entities, or ENT_QUOTES to do both " and '. Default is ENT_NOQUOTES where no quotes are decoded. param: string $string The text which is to be decoded. param: mixed $quote_style Optional. Converts double quotes if set to ENT_COMPAT, both single and double if set to ENT_QUOTES or none if set to ENT_NOQUOTES. Also compatible with old _wp_specialchars() values; converting single quotes if set to 'single', double if set to 'double' or both if otherwise set. Default is ENT_NOQUOTES. return: string The decoded text without HTML entities. since: 1.6 |
| yourls_esc_html( $text ) X-Ref |
| Escaping for HTML blocks. Stolen from WP param: string $text return: string since: 1.6 |
| yourls_esc_attr( $text ) X-Ref |
| Escaping for HTML attributes. Stolen from WP param: string $text return: string since: 1.6 |
| yourls_esc_url( $url, $context = 'display', $protocols = array() X-Ref |
| Checks and cleans a URL before printing it. Stolen from WP. A number of characters are removed from the URL. If the URL is for displaying (the default behaviour) ampersands are also replaced. This function by default "escapes" URL for display purpose (param $context = 'display') but can take extra steps in URL sanitization. See yourls_sanitize_url() and yourls_sanitize_url_safe() param: string $url The URL to be cleaned. param: string $context 'display' or something else. Use yourls_sanitize_url() for database or redirection usage. param: array $protocols Optional. Array of allowed protocols, defaults to global $yourls_allowedprotocols return: string The cleaned $url since: 1.6 |
| yourls_normalize_uri( $url ) X-Ref |
| Normalize a URI : lowercase scheme and domain, convert IDN to UTF8 All in one example: 'HTTP://XN--mgbuq0c.Com/AbCd' -> 'http://طارق.com/AbCd' See issues 591, 1630, 1889, 2691 This function is trickier than what seems to be needed at first First, we need to handle several URI types: http://example.com, mailto:[email protected], facetime:[email protected], and so on, see yourls_kses_allowed_protocols() in functions-kses.php The general rule is that the scheme ("stuff://" or "stuff:") is case insensitive and should be lowercase. But then, depending on the scheme, parts of what follows the scheme may or may not be case sensitive. Second, simply using parse_url() and its opposite http_build_url() is a pretty unsafe process: - parse_url() can easily trip up on malformed or weird URLs - exploding a URL with parse_url(), lowercasing some stuff, and glueing things back with http_build_url() does not handle well "stuff:"-like URI [1] and can result in URLs ending modified [2][3]. We don't want to *validate* URI, we just want to lowercase what is supposed to be lowercased. So, to be conservative, this function: - lowercases the scheme - does not lowercase anything else on "stuff:" URI - tries to lowercase only scheme and domain of "stuff://" URI [1] http_build_url(parse_url("mailto:ozh")) == "mailto:///ozh" [2] http_build_url(parse_url("http://blah#omg")) == "http://blah/#omg" [3] http_build_url(parse_url("http://blah?#")) == "http://blah/" param: string $url URL return: string URL with lowercase scheme and protocol since: 1.7.1 |
| yourls_esc_js( $text ) X-Ref |
| Escape single quotes, htmlspecialchar " < > &, and fix line endings. Stolen from WP. Escapes text strings for echoing in JS. It is intended to be used for inline JS (in a tag attribute, for example onclick="..."). Note that the strings have to be in single quotes. The filter 'js_escape' is also applied here. param: string $text The text to be escaped. return: string Escaped text. since: 1.6 |
| yourls_esc_textarea( $text ) X-Ref |
| Escaping for textarea values. Stolen from WP. param: string $text return: string since: 1.6 |
| yourls_backslashit($string) X-Ref |
| Adds backslashes before letters and before a number at the start of a string. Stolen from WP. param: string $string Value to which backslashes will be added. return: string String with backslashes inserted. since: 1.6 |
| yourls_is_rawurlencoded( $string ) X-Ref |
| Check if a string seems to be urlencoded We use rawurlencode instead of urlencode to avoid messing with '+' param: string $string return: bool since: 1.7 |
| yourls_rawurldecode_while_encoded( $string ) X-Ref |
| rawurldecode a string till it's not encoded anymore Deals with multiple encoding (eg "%2521" => "%21" => "!"). See https://github.com/YOURLS/YOURLS/issues/1303 param: string $string return: string since: 1.7 |
| yourls_make_bookmarklet( $code ) X-Ref |
| Converts readable Javascript code into a valid bookmarklet link Uses https://github.com/ozh/bookmarkletgen param: string $code Javascript code return: string Bookmarklet link since: 1.7.1 |
| yourls_get_timestamp( $timestamp ) X-Ref |
| Return a timestamp, plus or minus the time offset if defined param: string|int $timestamp a timestamp return: int a timestamp, plus or minus offset if defined since: 1.7.10 |
| yourls_get_time_offset() X-Ref |
| Get time offset, as defined in config, filtered return: int Time offset since: 1.7.10 |
| yourls_get_datetime_format( $format ) X-Ref |
| Return a date() format for a full date + time, filtered param: string $format Date format string return: string Date format string since: 1.7.10 |
| yourls_get_date_format( $format ) X-Ref |
| Return a date() format for date (no time), filtered param: string $format Date format string return: string Date format string since: 1.7.10 |
| yourls_get_time_format( $format ) X-Ref |
| Return a date() format for a time (no date), filtered param: string $format Date format string return: string Date format string since: 1.7.10 |
| Generated: Fri Mar 28 05:10:25 2025 | Cross-referenced by PHPXref 0.7.1 |