includes/functions.php
changeset 325 e17cc42d77cf
parent 322 5f1cd51bf1be
child 326 ab66d6d1f1f4
child 450 35f9d6c93eec
equal deleted inserted replaced
324:16d0c9f33466 325:e17cc42d77cf
  2416  * @return string Cleaned text
  2416  * @return string Cleaned text
  2417  */
  2417  */
  2418 
  2418 
  2419 function sanitize_page_id($page_id)
  2419 function sanitize_page_id($page_id)
  2420 {
  2420 {
       
  2421   global $db, $session, $paths, $template, $plugins; // Common objects
       
  2422   
       
  2423   if ( isset($paths->nslist['User']) )
       
  2424   {
       
  2425     if ( preg_match('/^' . preg_quote($paths->nslist['User']) . '/', $page_id) )
       
  2426     {
       
  2427       $ip = preg_replace('/^' . preg_quote($paths->nslist['User']) . '/', '', $page_id);
       
  2428       if ( is_valid_ip($ip) )
       
  2429       {
       
  2430         return $page_id;
       
  2431       }
       
  2432     }
       
  2433   }
       
  2434   
  2421   // Remove character escapes
  2435   // Remove character escapes
  2422   $page_id = dirtify_page_id($page_id);
  2436   $page_id = dirtify_page_id($page_id);
  2423 
  2437 
  2424   $pid_clean = preg_replace('/[\w\.\/:;\(\)@\[\]_-]/', 'X', $page_id);
  2438   $pid_clean = preg_replace('/[\w\.\/:;\(\)@\[\]_-]/', 'X', $page_id);
  2425   $pid_dirty = enano_str_split($pid_clean, 1);
  2439   $pid_dirty = enano_str_split($pid_clean, 1);
  2446     if ( $pid_dirty[$id] == 'X' )
  2460     if ( $pid_dirty[$id] == 'X' )
  2447       $page_id_cleaned .= $char;
  2461       $page_id_cleaned .= $char;
  2448     else
  2462     else
  2449       $page_id_cleaned .= $pid_dirty[$id];
  2463       $page_id_cleaned .= $pid_dirty[$id];
  2450   }
  2464   }
  2451 
  2465   
  2452   // global $mime_types;
  2466   // global $mime_types;
  2453 
  2467 
  2454   // $exts = array_keys($mime_types);
  2468   // $exts = array_keys($mime_types);
  2455   // $exts = '(' . implode('|', $exts) . ')';
  2469   // $exts = '(' . implode('|', $exts) . ')';
  2456 
  2470 
  2470   global $db, $session, $paths, $template, $plugins; // Common objects
  2484   global $db, $session, $paths, $template, $plugins; // Common objects
  2471   // First, replace spaces with underscores
  2485   // First, replace spaces with underscores
  2472   $page_id = str_replace(' ', '_', $page_id);
  2486   $page_id = str_replace(' ', '_', $page_id);
  2473 
  2487 
  2474   // Exception for userpages for IP addresses
  2488   // Exception for userpages for IP addresses
  2475   if ( isset($paths->nslist['User']) )
  2489   if ( is_valid_ip($page_id) )
  2476   {
  2490   {
  2477     if ( preg_match('/^' . preg_quote($paths->nslist['User']) . '/', $page_id) )
  2491     return $page_id;
  2478     {
       
  2479       $ip = preg_replace('/^' . preg_quote($paths->nslist['User']) . '/', '', $page_id);
       
  2480       if ( is_valid_ip($ip) )
       
  2481       {
       
  2482         die('valid IP');
       
  2483         return $page_id;
       
  2484       }
       
  2485     }
       
  2486   }
  2492   }
  2487 
  2493 
  2488   preg_match_all('/\.[A-Fa-f0-9][A-Fa-f0-9]/', $page_id, $matches);
  2494   preg_match_all('/\.[A-Fa-f0-9][A-Fa-f0-9]/', $page_id, $matches);
  2489 
  2495 
  2490   foreach ( $matches[0] as $id => $char )
  2496   foreach ( $matches[0] as $id => $char )
  2493     $char = strtolower($char);
  2499     $char = strtolower($char);
  2494     $char = intval(hexdec($char));
  2500     $char = intval(hexdec($char));
  2495     $char = chr($char);
  2501     $char = chr($char);
  2496     $page_id = str_replace($matches[0][$id], $char, $page_id);
  2502     $page_id = str_replace($matches[0][$id], $char, $page_id);
  2497   }
  2503   }
  2498 
  2504   
  2499   return $page_id;
  2505   return $page_id;
  2500 }
  2506 }
  2501 
  2507 
  2502 /**
  2508 /**
  2503  * Inserts commas into a number to make it more human-readable. Floating point-safe and doesn't flirt with the number like number_format() does.
  2509  * Inserts commas into a number to make it more human-readable. Floating point-safe and doesn't flirt with the number like number_format() does.