|
|
<?php
if(isset(Config::$dbType) && Config::$dbType == 'sqlite') { ORM::configure('sqlite:' . Config::$dbFilePath); } else { ORM::configure('mysql:host=' . Config::$dbHost . ';dbname=' . Config::$dbName); ORM::configure('username', Config::$dbUsername); ORM::configure('password', Config::$dbPassword); }
function render($page, $data) { global $app; return $app->render('layout.php', array_merge($data, array('page' => $page))); };
function partial($template, $data=array(), $debug=false) { global $app;
if($debug) { $tpl = new Savant3(\Slim\Extras\Views\Savant::$savantOptions); echo '<pre>' . $tpl->fetch($template . '.php') . '</pre>'; return ''; }
ob_start(); $tpl = new Savant3(\Slim\Extras\Views\Savant::$savantOptions); foreach($data as $k=>$v) { $tpl->{$k} = $v; } $tpl->display($template . '.php'); return ob_get_clean(); }
function js_bookmarklet($partial, $context) { return str_replace('+','%20',urlencode(str_replace(array("\n"),array(''),partial($partial, $context)))); }
function session($key) { if(array_key_exists($key, $_SESSION)) return $_SESSION[$key]; else return null; }
function profile($key) { if(!session('auth')) { return null; } $auth = session('auth'); if(isset($auth['profile'][$key])) { return $auth['profile'][$key]; } return null; }
function k($a, $k, $default=null) { if(is_array($k)) { $result = true; foreach($k as $key) { $result = $result && array_key_exists($key, $a); } return $result; } else { if(is_array($a) && array_key_exists($k, $a) && $a[$k]) return $a[$k]; elseif(is_object($a) && property_exists($a, $k) && $a->$k) return $a->$k; else return $default; } }
function display_url($url) { $parts = parse_url($url); if(isset($parts['path']) && $parts['path'] != '' && $parts['path'] != '/') { return preg_replace('/^https?:\/\//','', $url); } else { return $parts['host']; } }
if(!function_exists('http_build_url')) { function http_build_url($parsed_url) { $scheme = isset($parsed_url['scheme']) ? $parsed_url['scheme'] . '://' : ''; $host = isset($parsed_url['host']) ? $parsed_url['host'] : ''; $port = isset($parsed_url['port']) ? ':' . $parsed_url['port'] : ''; $user = isset($parsed_url['user']) ? $parsed_url['user'] : ''; $pass = isset($parsed_url['pass']) ? ':' . $parsed_url['pass'] : ''; $pass = ($user || $pass) ? "$pass@" : ''; $path = isset($parsed_url['path']) ? $parsed_url['path'] : ''; $query = isset($parsed_url['query']) ? '?' . $parsed_url['query'] : ''; $fragment = isset($parsed_url['fragment']) ? '#' . $parsed_url['fragment'] : ''; return "$scheme$user$pass$host$port$path$query$fragment"; } }
function micropub_post_for_user(&$user, $params, $file = NULL, $json = false) { // Now send to the micropub endpoint
$r = micropub_post($user->micropub_endpoint, $params, $user->micropub_access_token, $file, $json);
$user->last_micropub_response = substr(json_encode($r), 0, 1024); $user->last_micropub_response_date = date('Y-m-d H:i:s');
// Check the response and look for a "Location" header containing the URL
if($r['response'] && ($r['code'] == 201 || $r['code'] == 202) && isset($r['headers']['Location'])) { $r['location'] = $r['headers']['Location'][0]; $user->micropub_success = 1; } else { $r['location'] = false; }
$user->save();
return $r; }
function micropub_media_post_for_user(&$user, $file) { // Send to the media endpoint
$r = micropub_post($user->micropub_media_endpoint, [], $user->micropub_access_token, $file, true, 'file');
// Check the response and look for a "Location" header containing the URL
if($r['response'] && preg_match('/Location: (.+)/', $r['response'], $match)) { $r['location'] = trim($match[1]); } else { $r['location'] = false; }
return $r; }
function micropub_post($endpoint, $params, $access_token, $file = NULL, $json = false, $file_prop = 'photo') { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $endpoint); curl_setopt($ch, CURLOPT_POST, true);
if($file) { if(is_string($file)) { $file_path = $file; $file_content = file_get_contents($file_path); $filename = 'file'; } else { $file_path = $file['tmp_name']; $file_content = file_get_contents($file_path); $filename = $file['name']; } } else { $file_path = false; }
// Send the access token in both the header and post body to support more clients
// https://github.com/aaronpk/Quill/issues/4
// http://indiewebcamp.com/irc/2015-02-14#t1423955287064
$httpheaders = array('Authorization: Bearer ' . $access_token);
if(!$json) { $params = array_merge(array( 'h' => 'entry', 'access_token' => $access_token ), $params); }
if(!$file_path) { $httpheaders[] = 'Accept: application/json'; if($json) { // $params['access_token'] = $access_token;
$httpheaders[] = 'Content-type: application/json'; $post = json_encode($params); } else { $post = http_build_query($params); $post = preg_replace('/%5B[0-9]+%5D/', '%5B%5D', $post); // change [0] to []
} } else { $finfo = finfo_open(FILEINFO_MIME_TYPE); $mimetype = finfo_file($finfo, $file_path); $multipart = new p3k\Multipart(); $multipart->addArray($params); $multipart->addFile($file_prop, $filename, $mimetype, $file_content); $post = $multipart->data(); $httpheaders[] = 'Content-Type: ' . $multipart->contentType(); }
curl_setopt($ch, CURLOPT_HTTPHEADER, $httpheaders); curl_setopt($ch, CURLOPT_POSTFIELDS, $post); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_HEADER, true); curl_setopt($ch, CURLINFO_HEADER_OUT, true);
$response = curl_exec($ch); $error = curl_error($ch); $sent_headers = curl_getinfo($ch, CURLINFO_HEADER_OUT);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE); $header_str = trim(substr($response, 0, $header_size));
$request = $sent_headers . (is_string($post) ? $post : http_build_query($post)); return array( 'request' => $request, 'response' => $response, 'code' => curl_getinfo($ch, CURLINFO_HTTP_CODE), 'headers' => parse_headers($header_str), 'error' => $error, 'curlinfo' => curl_getinfo($ch) ); }
function micropub_get($endpoint, $params, $access_token) { $url = parse_url($endpoint); if(!k($url, 'query')) { $url['query'] = http_build_query($params); } else { $url['query'] .= '&' . http_build_query($params); } $endpoint = http_build_url($url);
$ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $endpoint); curl_setopt($ch, CURLOPT_HTTPHEADER, array( 'Authorization: Bearer ' . $access_token, 'Accept: application/json' )); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $response = curl_exec($ch); $data = array(); if($response) { $data = json_decode($response, true); } $error = curl_error($ch); return array( 'response' => $response, 'data' => $data, 'error' => $error, 'curlinfo' => curl_getinfo($ch) ); }
function revoke_micropub_token($access_token, $token_endpoint) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $token_endpoint); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query([ 'action' => 'revoke', 'token' => $access_token, ])); curl_exec($ch); }
function parse_headers($headers) { $retVal = array(); $fields = explode("\r\n", preg_replace('/\x0D\x0A[\x09\x20]+/', ' ', $headers)); foreach($fields as $field) { if(preg_match('/([^:]+): (.+)/m', $field, $match)) { $match[1] = preg_replace_callback('/(?<=^|[\x09\x20\x2D])./', function($m) { return strtoupper($m[0]); }, strtolower(trim($match[1]))); // If there's already a value set for the header name being returned, turn it into an array and add the new value
$match[1] = preg_replace_callback('/(?<=^|[\x09\x20\x2D])./', function($m) { return strtoupper($m[0]); }, strtolower(trim($match[1]))); if(isset($retVal[$match[1]])) { $retVal[$match[1]][] = trim($match[2]); } else { $retVal[$match[1]] = [trim($match[2])]; } } } return $retVal; }
function get_micropub_config(&$user, $query=[]) { $targets = [];
$r = micropub_get($user->micropub_endpoint, $query, $user->micropub_access_token); if($r['data'] && is_array($r['data']) && array_key_exists('syndicate-to', $r['data'])) { if(is_array($r['data']['syndicate-to'])) { $data = $r['data']['syndicate-to']; } else { $data = []; }
foreach($data as $t) { if(is_array($t) && array_key_exists('service', $t) && array_key_exists('photo', $t['service'])) { $icon = $t['service']['photo']; } else { $icon = false; }
if(is_array($t) && array_key_exists('uid', $t) && array_key_exists('name', $t)) { $targets[] = [ 'target' => $t['name'], 'uid' => $t['uid'], 'favicon' => $icon ]; } } }
// Reset the values so they can be overwritten
$user->syndication_targets = ''; $user->supported_post_types = ''; $user->supported_visibility = ''; $user->micropub_media_endpoint = '';
if(count($targets)) $user->syndication_targets = json_encode($targets);
$media_endpoint = false; $supported_post_types = false; if($r['data'] && is_array($r['data'])) { if(isset($r['data']['media-endpoint'])) { $media_endpoint = $r['data']['media-endpoint']; $user->micropub_media_endpoint = $media_endpoint; } if(isset($r['data']['post-types'])) { $supported_post_types = json_encode($r['data']['post-types']); $user->supported_post_types = $supported_post_types; } }
if(isset($r['data']['visibility']) && is_array($r['data']['visibility'])) { $user->supported_visibility = json_encode($r['data']['visibility']); }
$user->save();
return [ 'targets' => $targets, 'response' => $r ]; }
function supports_post_type(&$user, $type) { if(!$user->supported_post_types) return true;
$types = json_decode($user->supported_post_types, true); if(!is_array($types)) return true; // syntax error in response, fail safely
foreach($types as $t) { if(is_array($t) && isset($t['type']) && $t['type'] == $type) { return true; } }
return false; }
function get_micropub_source(&$user, $url, $properties) { $r = micropub_get($user->micropub_endpoint, [ 'q' => 'source', 'url' => $url, 'properties' => $properties ], $user->micropub_access_token); if(isset($r['data']) && isset($r['data']['properties'])) { return $r['data']['properties']; } else { return false; } }
function static_map($latitude, $longitude, $height=180, $width=700, $zoom=14) { return 'https://atlas.p3k.io/map/img?marker[]=lat:' . $latitude . ';lng:' . $longitude . ';icon:small-blue-cutout&basemap=gray&width=' . $width . '&height=' . $height . '&zoom=' . $zoom; }
function relative_time($date) { static $rel; if(!isset($rel)) { $config = array( 'language' => '\RelativeTime\Languages\English', 'separator' => ', ', 'suffix' => true, 'truncate' => 1, ); $rel = new \RelativeTime\RelativeTime($config); } return $rel->timeAgo($date); }
function validate_photo(&$file) { try {
if ($_SERVER['REQUEST_METHOD'] == 'POST' && count($_POST) < 1 ) { throw new RuntimeException('File upload size exceeded.'); }
// Undefined | Multiple Files | $_FILES Corruption Attack
// If this request falls under any of them, treat it invalid.
if ( !isset($file['error']) || is_array($file['error']) ) { throw new RuntimeException('Invalid parameters.'); }
// Check $file['error'] value.
switch ($file['error']) { case UPLOAD_ERR_OK: break; case UPLOAD_ERR_NO_FILE: throw new RuntimeException('No file sent.'); case UPLOAD_ERR_INI_SIZE: case UPLOAD_ERR_FORM_SIZE: throw new RuntimeException('Exceeded filesize limit.'); default: throw new RuntimeException('Unknown errors.'); }
// You should also check filesize here.
if ($file['size'] > 4000000) { throw new RuntimeException('Exceeded filesize limit.'); }
// DO NOT TRUST $file['mime'] VALUE !!
// Check MIME Type by yourself.
$finfo = new finfo(FILEINFO_MIME_TYPE); if (false === $ext = array_search( $finfo->file($file['tmp_name']), array( 'jpg' => 'image/jpeg', 'png' => 'image/png', 'gif' => 'image/gif', ), true )) { throw new RuntimeException('Invalid file format.'); }
} catch (RuntimeException $e) {
return $e->getMessage(); } }
// Reads the exif rotation data and actually rotates the photo.
// Only does anything if the exif library is loaded, otherwise is a noop.
function correct_photo_rotation($filename) { if(class_exists('IMagick')) { try { $image = new IMagick($filename); $orientation = $image->getImageOrientation(); switch($orientation) { case IMagick::ORIENTATION_BOTTOMRIGHT: $image->rotateImage(new ImagickPixel('#00000000'), 180); break; case IMagick::ORIENTATION_RIGHTTOP: $image->rotateImage(new ImagickPixel('#00000000'), 90); break; case IMagick::ORIENTATION_LEFTBOTTOM: $image->rotateImage(new ImagickPixel('#00000000'), -90); break; } $image->setImageOrientation(IMagick::ORIENTATION_TOPLEFT); $image->writeImage($filename); } catch(Exception $e){} } }
function sanitize_editor_html($html) { #error_log($html."\n");
$config = HTMLPurifier_Config::createDefault(); $config->autoFinalize = false; $config->set('Cache.DefinitionImpl', null); $config->set('HTML.AllowedElements', [ 'a', 'abbr', 'b', 'br', 'code', 'del', 'em', 'i', 'img', 'q', 'strike', 'strong', 'blockquote', 'pre', 'p', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'ul', 'li', 'ol', 'figcaption', 'figure' ]);
$def = $config->getHTMLDefinition(true); // http://developers.whatwg.org/grouping-content.html
$def->addElement('figure', 'Block', 'Optional: (figcaption, Flow) | (Flow, figcaption) | Flow', 'Common'); $def->addElement('figcaption', 'Inline', 'Flow', 'Common');
// Allow data: URIs
$config->set('URI.AllowedSchemes', array('data' => true, 'http' => true, 'https' => true));
// Strip all classes from elements
$config->set('Attr.AllowedClasses', '');
// $def = $config->getHTMLDefinition(true);
$purifier = new HTMLPurifier($config); $sanitized = $purifier->purify($html); $sanitized = str_replace("
","\r",$sanitized);
# Remove empty paragraphs
$sanitized = str_replace('<p><br /></p>','',$sanitized); $sanitized = str_replace('<p></p>','',$sanitized);
$indenter = new \Gajus\Dindent\Indenter([ 'indentation_character' => ' ' ]); $indenter->setElementType('h1', \Gajus\Dindent\Indenter::ELEMENT_TYPE_INLINE); $indenter->setElementType('h2', \Gajus\Dindent\Indenter::ELEMENT_TYPE_INLINE); $indenter->setElementType('h3', \Gajus\Dindent\Indenter::ELEMENT_TYPE_INLINE); $indenter->setElementType('h4', \Gajus\Dindent\Indenter::ELEMENT_TYPE_INLINE); $indenter->setElementType('h5', \Gajus\Dindent\Indenter::ELEMENT_TYPE_INLINE); $indenter->setElementType('h6', \Gajus\Dindent\Indenter::ELEMENT_TYPE_INLINE); $sanitized = $indenter->indent($sanitized);
#error_log($sanitized."\n");
return $sanitized; }
|