Procedural File: _param.funcs.php
Source Location: /blogs/inc/_core/_param.funcs.php
Page Details
This file implements parameter handling functions.
This includes:
- sanity checking of inputs
- removing PHP's stupid "magic" quotes
- validating specific inputs (urls, regexps...)
- memorizing params
- regenerating urls with the memorized params
- manually reconstructing urls
This file is part of the evoCore framework - http://evocore.net/ See also http://sourceforge.net/projects/evocms/.
Functions
string balance_tags(
string $text
)
|
|
Balances Tags of string using a modified stack.
Parameters:
|
string |
$text: |
HTML to be balanced |
API Tags:
check_html_sanity [line 1819]
boolean|string check_html_sanity(
string $content, [string $context = 'posting'], [integer $autobr = false], [string $encoding = NULL]
)
|
|
Check raw HTML input for different levels of sanity including:
- XHTML validation
- Javascript injection
- antispam
Also cleans up the content on some levels: WARNING: this does *NOT* (necessarilly) make the HTML code safe. It only checks on it and produces error messages. It is NOT (necessarily) safe to use the output.
Parameters:
|
string |
$content: |
The content to format |
|
string |
$context: |
|
|
integer |
$autobr: |
Create automated
tags? |
|
string |
$encoding: |
Encoding (used for XHTML_Validator only!); defaults to $io_charset |
check_is_decimal [line 487]
string check_is_decimal(
string $decimal
)
|
|
Checks if the param is a decimal number
Parameters:
|
string |
$decimal: |
decimal to check |
API Tags:
| Return: | error message if decimal is not valid |
check_is_email [line 554]
string check_is_email(
string $email
)
|
|
Check that email address looks valid.
Parameters:
|
string |
$email: |
email address to check |
API Tags:
| Return: | error message if address is not valid |
check_is_login [line 579]
string check_is_login(
string $login
)
|
|
Check that login is valid.
Parameters:
|
string |
$login: |
login to check |
API Tags:
| Return: | error message if login is not valid |
check_is_number [line 459]
string check_is_number(
string $number
)
|
|
Checks if the param is an integer (no float, e.g. 3.14).
Parameters:
|
string |
$number: |
number to check |
API Tags:
| Return: | error message if number is not valid |
check_is_phone [line 1122]
string check_is_phone(
string $phone
)
|
|
Checks if the phone number is valid
Parameters:
|
string |
$phone: |
phone number to check |
API Tags:
| Return: | error message if phone number is not valid |
string check_is_url(
string $url
)
|
|
Checks if the url is valid
Parameters:
|
string |
$url: |
url to check |
API Tags:
| Return: | error message if url is not valid |
check_is_word [line 1182]
string check_is_word(
string $word
)
|
|
Checks if the word is valid
Parameters:
|
string |
$word: |
word to check |
API Tags:
| Return: | error message if word is not valid |
void forget_param(
string $var
)
|
|
Forget a param so that is will not get included in subsequent regenerate_url() calls.
Parameters:
format_to_post [line 1786]
void format_to_post(
$content, [ $autobr = 0], [ $is_comment = 0], [ $encoding = NULL]
)
|
|
DEPRECATED Stub for plugin compatibility:
Parameters:
|
|
$content: |
|
|
|
$autobr: |
|
|
|
$is_comment: |
|
|
|
$encoding: |
|
get_memorized [line 1426]
void get_memorized(
[mixed $ignore = '']
)
|
|
Construct an array of memorized params which are not in the ignore list
Parameters:
|
mixed |
$ignore: |
string or array of ignore params |
NULL|mixed get_param(
$var
)
|
|
Get the value of a param.
Parameters:
API Tags:
| Return: | The value of the param, if set. NULL otherwise. |
get_param_urlencoded [line 1585]
string get_param_urlencoded(
$var, $value, [ $glue = '&']
)
|
|
Get URL param, urlencoded.
This handles arrays, recursively.
Parameters:
boolean is_regexp(
string $reg_exp, [boolean $includes_delim = false]
)
|
|
Checks if a given regular expression is valid.
It changes the error_handler and restores it.
Parameters:
|
string |
$reg_exp: |
the regular expression to test |
|
boolean |
$includes_delim: |
does the regular expression includes delimiters (and optionally modifiers)? |
Information Tags:
memorize_param [line 1342]
void memorize_param(
string $var, string $type, mixed $default, [mixed $value = NULL]
)
|
|
Set a param (global) & Memorize it for automatic future use in regenerate_url()
Parameters:
|
string |
$var: |
Variable to memorize |
|
string |
$type: |
Type of the variable |
|
mixed |
$default: |
Default value to compare to when regenerating url |
|
mixed |
$value: |
Value to set |
mixed param(
string $var, [string $type = 'raw'], [mixed $default = ''], [boolean $memorize = false], [boolean $override = false], [boolean $use_default = true], [mixed $strict_typing = 'allow_empty']
)
|
|
Sets a parameter with values from the request or to provided default, except if param is already set!
Also removes magic quotes if they are set automatically by PHP. Also forces type. Priority order: POST, GET, COOKIE, DEFAULT.
Parameters:
|
string |
$var: |
Variable to set |
|
string |
$type: |
Force value type to one of: - integer
- float, double
- string (strips (HTML-)Tags, trims whitespace)
- text like string but allows multiple lines
- array (TODO: array/integer , array/array/string )
- html (does nothing, for now)
- raw (does nothing)
- '' (does nothing) -- DEPRECATED, use "raw" instead
- '/^...$/' check regexp pattern match (string)
- boolean (will force type to boolean, but you can't use 'true' as a default since it has special meaning. There is no real reason to pass booleans on a URL though. Passing 0 and 1 as integers seems to be best practice).
Value type will be forced only if resulting value (probably from default then) is !== NULL |
|
mixed |
$default: |
Default value or TRUE if user input required |
|
boolean |
$memorize: |
Do we need to memorize this to regenerate the URL for this page? |
|
boolean |
$override: |
Override if variable already set |
|
boolean |
$use_default: |
Force setting of variable to default if no param is sent and var wasn't set before |
|
mixed |
$strict_typing: |
true will refuse illegal values, false will try to convert illegal to legal values, 'allow_empty' will refuse illegal values but will always accept empty values (This helps blocking dirty spambots or borked index bots. Saves a lot of processor time by killing invalid requests) |
API Tags:
| Return: | Final value of Variable, or false if we don't force setting and did not set |
| Usedby: | param_cookie() |
Information Tags:
| Todo: | when bad_request_die() gets called, the GLOBAL should not be left set to the invalid value! fp> Why? if the process dies anyway |
params_check_at_least_one [line 1012]
boolean params_check_at_least_one(
array $vars, string $err_msg, [string|NULL $field_err_msg = NULL]
)
|
|
Parameters:
|
array |
$vars: |
of param names |
|
string |
$err_msg: |
error message |
|
string|NULL |
$field_err_msg: |
error message for form field ($err_msg gets used if === NULL). |
API Tags:
string param_action(
[mixed $default = ''], [ $memorize = false]
)
|
|
Get the action from params.
If we got no "action" param, we'll check for an "actionArray" param ( <input type="submit" name="actionArray[real_action]" ...> ). And the real $action will be found in the first key... When there are multiple submit buttons, this is smarter than checking the value which is a translated string. When there is an image button, this allows to work around IE not sending the value (it only sends X & Y coords of the click).
Parameters:
|
mixed |
$default: |
Default to use. |
|
|
$memorize: |
|
param_add_message_to_Log [line 1302]
void param_add_message_to_Log(
string $var, string $err_msg, [ $log_category = 'error']
)
|
|
This function is used by param_error() and param_error_multiple().
If $link_param_err_messages_to_field_IDs is true, it will link those parts of the error message that are not already links, to the html IDs of the fields with errors.
Parameters:
|
string |
$var: |
param name |
|
string |
$err_msg: |
error message |
|
|
$log_category: |
|
param_arrayindex [line 308]
string param_arrayindex(
string $param_name, [mixed $default = '']
)
|
|
Get the param from an array param's first index instead of the value.
E.g., for "param[value]" as a submit button you can get the value with
Request::param_arrayindex( 'param' )
.
Parameters:
|
string |
$param_name: |
Param name |
|
mixed |
$default: |
Default to use |
API Tags:
param_check_date [line 725]
boolean|string param_check_date(
string $var, string $err_msg, [boolean $required = false], [string $date_format = NULL]
)
|
|
Check if param is an ISO date.
NOTE: for tokens like e.g. "D" (abbr. weekday), T_() gets used and it uses the current locale!
Parameters:
|
string |
$var: |
param name |
|
string |
$err_msg: |
error message |
|
boolean |
$required: |
Is a non-empty date required? |
|
string |
$date_format: |
date format (php format) |
API Tags:
| Return: | false if not OK, ISO date if OK |
param_check_decimal [line 475]
boolean param_check_decimal(
string $var, string $err_msg, [ $required = false]
)
|
|
Checks if the param is a decimal number
Parameters:
|
string |
$var: |
param name |
|
string |
$err_msg: |
error message |
|
|
$required: |
|
API Tags:
param_check_email [line 542]
boolean param_check_email(
string $var, [ $required = false]
)
|
|
Parameters:
|
string |
$var: |
param name |
|
|
$required: |
|
API Tags:
param_check_filename [line 633]
boolean param_check_filename(
string $var, string $err_msg
)
|
|
Check if the value is a file name
Parameters:
|
string |
$var: |
param name |
|
string |
$err_msg: |
error message |
API Tags:
param_check_html [line 1755]
boolean|string param_check_html(
string $var, [string $err_msg = '#'], [ $field_err_msg = '#'], [ $autobr = 0]
)
|
|
Checks for sanitized code.
WARNING: this does *NOT* (necessarilly) make the HTML code safe. It only checks on it and produces error messages. It is NOT (necessarily) safe to use the output.
Parameters:
|
string |
$var: |
param name |
|
string |
$err_msg: |
error message |
|
|
$field_err_msg: |
|
|
|
$autobr: |
|
param_check_isregexp [line 652]
boolean param_check_isregexp(
string $var, string $err_msg, [string|NULL $field_err_msg = NULL]
)
|
|
Check if the value of a param is a regular expression (syntax).
Parameters:
|
string |
$var: |
param name |
|
string |
$err_msg: |
error message |
|
string|NULL |
$field_err_msg: |
error message for form field ($err_msg gets used if === NULL). |
API Tags:
param_check_login [line 567]
boolean param_check_login(
string $var, [ $required = false]
)
|
|
Parameters:
|
string |
$var: |
param name |
|
|
$required: |
|
API Tags:
param_check_not_empty [line 423]
boolean param_check_not_empty(
string $var, [string $err_msg = NULL], [string|NULL $field_err_msg = NULL]
)
|
|
Parameters:
|
string |
$var: |
param name |
|
string |
$err_msg: |
error message |
|
string|NULL |
$field_err_msg: |
error message for form field ($err_msg gets used if === NULL). |
API Tags:
param_check_number [line 447]
boolean param_check_number(
string $var, string $err_msg, [ $required = false]
)
|
|
Checks if the param is an integer (no float, e.g. 3.14).
Parameters:
|
string |
$var: |
param name |
|
string |
$err_msg: |
error message |
|
|
$required: |
|
API Tags:
param_check_passwords [line 1138]
boolean param_check_passwords(
string $var1, string $var2, [boolean $required = false], [integer $min_length = 6]
)
|
|
Parameters:
|
string |
$var1: |
param name |
|
string |
$var2: |
param name |
|
boolean |
$required: |
Is a password required? (non-empty) |
|
integer |
$min_length: |
Minimum password length |
API Tags:
param_check_phone [line 1094]
boolean param_check_phone(
string $var, [ $required = false]
)
|
|
Parameters:
|
string |
$var: |
param name |
|
|
$required: |
|
API Tags:
param_check_range [line 522]
boolean param_check_range(
string $var, integer $min, integer $max, string $err_msg, [boolean $required = true]
)
|
|
Checks if the param is a decimal number (no float, e.g. 3.14) in a given range.
Parameters:
|
string |
$var: |
param name |
|
integer |
$min: |
min value |
|
integer |
$max: |
max value |
|
string |
$err_msg: |
error message (gets printf'ed with $min and $max) |
|
boolean |
$required: |
Is the param required? |
API Tags:
param_check_regexp [line 672]
boolean param_check_regexp(
string $var, string $regexp, string $err_msg, [string|NULL $field_err_msg = NULL], [ $required = true]
)
|
|
Check if the value of a param MATCHES a regular expression (syntax).
Parameters:
|
string |
$var: |
param name |
|
string |
$regexp: |
regexp |
|
string |
$err_msg: |
error message |
|
string|NULL |
$field_err_msg: |
error message for form field ($err_msg gets used if === NULL). |
|
|
$required: |
|
API Tags:
param_check_url [line 593]
boolean param_check_url(
string $var, string $context, [ $field_err_msg = NULL]
)
|
|
Parameters:
|
string |
$var: |
param name |
|
string |
$context: |
|
|
|
$field_err_msg: |
|
API Tags:
param_child_select_value [line 1072]
void param_child_select_value(
string $var
)
|
|
set a parameter with the second part(X2) of the value from request ( X1-X2 )
Parameters:
|
string |
$var: |
Variable to set |
string param_combo(
string $var, mixed $default, boolean $allow_none, [string $err_msg = '']
)
|
|
Sets a combo parameter with values from the request, => the value of the select option and the input text value if new is selected Display an error if the new value is selected that the input text has a value
Parameters:
|
string |
$var: |
Variable to set |
|
mixed |
$default: |
Default value or TRUE if user input required |
|
boolean |
$allow_none: |
true: allows to select new without entring a value in the input combo text |
|
string |
$err_msg: |
error message |
API Tags:
| Return: | position status ID or 'new' or '' if new is seleted but not input text value |
param_compact_date [line 846]
string param_compact_date(
string $var, [mixed $default = ''], [boolean $memorize = false], string $err_msg, [boolean $required = false]
)
|
|
Sets a date parameter with values from the request or to provided default, And check we have a compact date (numbers only) ( used for URL filtering )
Parameters:
|
string |
$var: |
Variable to set |
|
mixed |
$default: |
Default value or TRUE if user input required |
|
boolean |
$memorize: |
memorize ( see param() ) |
|
string |
$err_msg: |
error message |
|
boolean |
$required: |
'required': Is non-empty date required? Default: true. |
API Tags:
| Return: | the compact date value ( yyyymmdd ) |
param_compile_cat_array [line 989]
void param_compile_cat_array(
[ $restrict_to_blog = 0], [ $cat_default = NULL], [ $catsel_default = array()]
)
|
|
Compiles the cat array from $cat (recursive + optional modifiers) and $catsel[] (non recursive)
and keeps those values available for future reference (category widget)
Parameters:
|
|
$restrict_to_blog: |
|
|
|
$cat_default: |
|
|
|
$catsel_default: |
|
void param_cookie(
$var, [ $type = ''], [ $default = ''], [ $memorize = false], [ $override = false], [ $use_default = true], [ $strict_typing = 'allow_empty']
)
|
|
Get a param from cookie.
Parameters:
|
|
$var: |
|
|
|
$type: |
|
|
|
$default: |
|
|
|
$memorize: |
|
|
|
$override: |
|
|
|
$use_default: |
|
|
|
$strict_typing: |
|
API Tags:
void param_date(
string $var, string $err_msg, boolean $required, [string $default = ''], [string $date_format = NULL]
)
|
|
Sets a date parameter by converting locale date (if valid) to ISO date.
If the date is not valid, it is set to the param unchanged (unconverted).
Parameters:
|
string |
$var: |
param name |
|
string |
$err_msg: |
error message |
|
boolean |
$required: |
Is a non-empty date required? |
|
string |
$default: |
Default (in the format of $date_format) |
|
string |
$date_format: |
date format (php format), defaults to locale_datefmt() |
param_duration [line 389]
integer param_duration(
string $var
)
|
|
Get total seconds from the following fields: months, days, hours, minutes, seconds
Parameters:
API Tags:
void param_error(
string $var, string|NULL $err_msg, [string|NULL $field_err_msg = NULL]
)
|
|
Add an error for a variable, either to the Form's field and/or the global $Messages object.
Parameters:
|
string |
$var: |
param name |
|
string|NULL |
$err_msg: |
error message (by using NULL you can only add an error to the field, but not the $Message object) |
|
string|NULL |
$field_err_msg: |
error message for form field ($err_msg gets used if === NULL). |
param_errors_detected [line 1198]
integer param_errors_detected(
)
|
|
Check if there have been validation errors
We play it safe here and check for all kind of errors, not just those from this particular class.
param_error_multiple [line 1269]
void param_error_multiple(
array $vars, string|NULL $err_msg, [string|NULL $field_err_msg = NULL]
)
|
|
Add an error for multiple variables, either to the Form's field and/or the global $Messages object.
Parameters:
|
array |
$vars: |
of param names |
|
string|NULL |
$err_msg: |
error message (by using NULL you can only add an error to the field, but not the $Message object) |
|
string|NULL |
$field_err_msg: |
error message for form fields ($err_msg gets used if === NULL). |
param_extend_list [line 936]
void param_extend_list(
string $var, string $var_ext_array, [boolean $save_prefix = true]
)
|
|
Extend a LIST parameter with an ARRAY param.
Will be used for author/authorsel[], etc. Note: cannot be used for catsel[], because catsel is NON-recursive.
Parameters:
|
string |
$var: |
Variable to extend |
|
string |
$var_ext_array: |
Name of array Variable to use as an extension |
|
boolean |
$save_prefix: |
Save non numeric prefix? ( 1 char -- can be used as a modifier, e-g: - + * ) |
API Tags:
param_get_error_msg [line 1222]
string param_get_error_msg(
$var
)
|
|
Get error message for a param
Parameters:
param_has_error [line 1209]
void param_has_error(
$var
)
|
|
Tell if there is an error on given field.
Parameters:
string param_html(
string $var, [mixed $default = ''], [boolean $memorize = false], string $err_msg
)
|
|
Sets an HTML parameter and checks for sanitized code.
WARNING: this does *NOT* (necessarilly) make the HTML code safe. It only checks on it and produces error messages. It is NOT (necessarily) safe to use the output.
Parameters:
|
string |
$var: |
Variable to set |
|
mixed |
$default: |
Default value or TRUE if user input required |
|
boolean |
$memorize: |
memorize ( see param() ) |
|
string |
$err_msg: |
error message |
Information Tags:
| Todo: | dh> Not implemented?! |
param_integer_range [line 505]
boolean param_integer_range(
string $var, integer $min, integer $max, string $err_msg, [ $required = true]
)
|
|
Gets a param and makes sure it's a decimal number (no float, e.g. 3.14) in a given range.
Parameters:
|
string |
$var: |
param name |
|
integer |
$min: |
min value |
|
integer |
$max: |
max value |
|
string |
$err_msg: |
error message (gets printf'ed with $min and $max) |
|
|
$required: |
|
API Tags:
param_ismemorized [line 1381]
void param_ismemorized(
$var
)
|
|
Has the param already been memorized?
Parameters:
param_string_not_empty [line 410]
boolean param_string_not_empty(
string $var, string $err_msg, [string|NULL $field_err_msg = NULL]
)
|
|
Parameters:
|
string |
$var: |
param name |
|
string |
$err_msg: |
error message |
|
string|NULL |
$field_err_msg: |
error message for form field ($err_msg gets used if === NULL). |
API Tags:
mixed param_time(
string $var, [mixed $default = ''], [boolean $memorize = false], [boolean $override = false], [boolean $forceset = true]
)
|
|
Sets a time parameter with the value from the request of the var argument or of the concat of the var argument_h: var argument_mn: var argument_s , except if param is already set!
Parameters:
|
string |
$var: |
Variable to set |
|
mixed |
$default: |
Default value or TRUE if user input required |
|
boolean |
$memorize: |
Do we need to memorize this to regenerate the URL for this page? |
|
boolean |
$override: |
Override if variable already set |
|
boolean |
$forceset: |
Force setting of variable to default? |
API Tags:
| Return: | Final value of Variable, or false if we don't force setting and did not set |
regenerate_url [line 1469]
void regenerate_url(
[mixed|string $ignore = ''], [array|string $set = ''], [mixed|string $pagefileurl = ''], [string $glue = '&amp;']
)
|
|
Regenerate current URL from parameters This may clean it up But it is also useful when generating static pages: you cannot rely on $_REQUEST[]
Parameters:
|
mixed|string |
$ignore: |
(delimited by commas) or array of params to ignore (can be regexps in /.../) |
|
array|string |
$set: |
Param(s) to set |
|
mixed|string |
$pagefileurl: |
Alternative URL we want to point to if not the current URL (may be absolute if BASE tag gets used) |
|
string |
$glue: |
Delimiter to use for multiple params (typically '&' or '&') |
remove_magic_quotes [line 1689]
mixed remove_magic_quotes(
mixed $mixed
)
|
|
Remove quotes from input.
This handles magic_quotes_gpc and magic_quotes_sybase PHP settings/variants.
NOTE: you should not use it directly, but one of the param-functions!
Parameters:
|
mixed |
$mixed: |
string or array (function is recursive) |
API Tags:
| Return: | Value, with magic quotes removed |
mixed set_param(
string $var, mixed $value
)
|
|
Set the value of a param (by force! :P)
Same as setting a global, except you don't need a global declaration in your function.
Parameters:
|
string |
$var: |
Param name |
|
mixed |
$value: |
Value |
API Tags:
integer _trapError(
[ $reset = 1]
)
|
|
Meant to replace error handler temporarily.
Parameters:
API Tags:
