1. 8.3.x core/includes/bootstrap.inc
  2. 8.0.x core/includes/bootstrap.inc
  3. 8.1.x core/includes/bootstrap.inc
  4. 8.2.x core/includes/bootstrap.inc
  5. 8.4.x core/includes/bootstrap.inc
  6. 4.6.x includes/bootstrap.inc
  7. 4.7.x includes/bootstrap.inc
  8. 5.x includes/bootstrap.inc
  9. 6.x includes/bootstrap.inc
  10. 7.x includes/bootstrap.inc

Functions that need to be loaded on every Drupal request.

File

includes/bootstrap.inc
View source
  1. <?php
  2. /**
  3. * @file
  4. * Functions that need to be loaded on every Drupal request.
  5. */
  6. /**
  7. * Indicates that the item should never be removed unless explicitly told to
  8. * using cache_clear_all() with a cache ID.
  9. */
  10. define('CACHE_PERMANENT', 0);
  11. /**
  12. * Indicates that the item should be removed at the next general cache wipe.
  13. */
  14. define('CACHE_TEMPORARY', -1);
  15. /**
  16. * Indicates that page caching is disabled.
  17. */
  18. define('CACHE_DISABLED', 0);
  19. /**
  20. * Indicates that page caching is enabled, using "normal" mode.
  21. */
  22. define('CACHE_NORMAL', 1);
  23. /**
  24. * Indicates that page caching is using "aggressive" mode. This bypasses
  25. * loading any modules for additional speed, which may break functionality in
  26. * modules that expect to be run on each page load.
  27. */
  28. define('CACHE_AGGRESSIVE', 2);
  29. /**
  30. * Log message severity -- Emergency: system is unusable.
  31. *
  32. * The WATCHDOG_* constant definitions correspond to the logging severity levels
  33. * defined in RFC 3164, section 4.1.1: http://www.faqs.org/rfcs/rfc3164.html
  34. *
  35. * @see watchdog()
  36. * @see watchdog_severity_levels()
  37. */
  38. define('WATCHDOG_EMERG', 0);
  39. /**
  40. * Log message severity -- Alert: action must be taken immediately.
  41. *
  42. * The WATCHDOG_* constant definitions correspond to the logging severity levels
  43. * defined in RFC 3164, section 4.1.1: http://www.faqs.org/rfcs/rfc3164.html
  44. *
  45. * @see watchdog()
  46. * @see watchdog_severity_levels()
  47. */
  48. define('WATCHDOG_ALERT', 1);
  49. /**
  50. * Log message severity -- Critical: critical conditions.
  51. *
  52. * The WATCHDOG_* constant definitions correspond to the logging severity levels
  53. * defined in RFC 3164, section 4.1.1: http://www.faqs.org/rfcs/rfc3164.html
  54. *
  55. * @see watchdog()
  56. * @see watchdog_severity_levels()
  57. */
  58. define('WATCHDOG_CRITICAL', 2);
  59. /**
  60. * Log message severity -- Error: error conditions.
  61. *
  62. * The WATCHDOG_* constant definitions correspond to the logging severity levels
  63. * defined in RFC 3164, section 4.1.1: http://www.faqs.org/rfcs/rfc3164.html
  64. *
  65. * @see watchdog()
  66. * @see watchdog_severity_levels()
  67. */
  68. define('WATCHDOG_ERROR', 3);
  69. /**
  70. * Log message severity -- Warning: warning conditions.
  71. *
  72. * The WATCHDOG_* constant definitions correspond to the logging severity levels
  73. * defined in RFC 3164, section 4.1.1: http://www.faqs.org/rfcs/rfc3164.html
  74. *
  75. * @see watchdog()
  76. * @see watchdog_severity_levels()
  77. */
  78. define('WATCHDOG_WARNING', 4);
  79. /**
  80. * Log message severity -- Notice: normal but significant condition.
  81. *
  82. * The WATCHDOG_* constant definitions correspond to the logging severity levels
  83. * defined in RFC 3164, section 4.1.1: http://www.faqs.org/rfcs/rfc3164.html
  84. *
  85. * @see watchdog()
  86. * @see watchdog_severity_levels()
  87. */
  88. define('WATCHDOG_NOTICE', 5);
  89. /**
  90. * Log message severity -- Informational: informational messages.
  91. *
  92. * The WATCHDOG_* constant definitions correspond to the logging severity levels
  93. * defined in RFC 3164, section 4.1.1: http://www.faqs.org/rfcs/rfc3164.html
  94. *
  95. * @see watchdog()
  96. * @see watchdog_severity_levels()
  97. */
  98. define('WATCHDOG_INFO', 6);
  99. /**
  100. * Log message severity -- Debug: debug-level messages.
  101. *
  102. * The WATCHDOG_* constant definitions correspond to the logging severity levels
  103. * defined in RFC 3164, section 4.1.1: http://www.faqs.org/rfcs/rfc3164.html
  104. *
  105. * @see watchdog()
  106. * @see watchdog_severity_levels()
  107. */
  108. define('WATCHDOG_DEBUG', 7);
  109. /**
  110. * First bootstrap phase: initialize configuration.
  111. */
  112. define('DRUPAL_BOOTSTRAP_CONFIGURATION', 0);
  113. /**
  114. * Second bootstrap phase: try to call a non-database cache
  115. * fetch routine.
  116. */
  117. define('DRUPAL_BOOTSTRAP_EARLY_PAGE_CACHE', 1);
  118. /**
  119. * Third bootstrap phase: initialize database layer.
  120. */
  121. define('DRUPAL_BOOTSTRAP_DATABASE', 2);
  122. /**
  123. * Fourth bootstrap phase: identify and reject banned hosts.
  124. */
  125. define('DRUPAL_BOOTSTRAP_ACCESS', 3);
  126. /**
  127. * Fifth bootstrap phase: initialize session handling.
  128. */
  129. define('DRUPAL_BOOTSTRAP_SESSION', 4);
  130. /**
  131. * Sixth bootstrap phase: load bootstrap.inc and module.inc, start
  132. * the variable system and try to serve a page from the cache.
  133. */
  134. define('DRUPAL_BOOTSTRAP_LATE_PAGE_CACHE', 5);
  135. /**
  136. * Seventh bootstrap phase: find out language of the page.
  137. */
  138. define('DRUPAL_BOOTSTRAP_LANGUAGE', 6);
  139. /**
  140. * Eighth bootstrap phase: set $_GET['q'] to Drupal path of request.
  141. */
  142. define('DRUPAL_BOOTSTRAP_PATH', 7);
  143. /**
  144. * Final bootstrap phase: Drupal is fully loaded; validate and fix
  145. * input data.
  146. */
  147. define('DRUPAL_BOOTSTRAP_FULL', 8);
  148. /**
  149. * Role ID for anonymous users; should match what's in the "role" table.
  150. */
  151. define('DRUPAL_ANONYMOUS_RID', 1);
  152. /**
  153. * Role ID for authenticated users; should match what's in the "role" table.
  154. */
  155. define('DRUPAL_AUTHENTICATED_RID', 2);
  156. /**
  157. * No language negotiation. The default language is used.
  158. */
  159. define('LANGUAGE_NEGOTIATION_NONE', 0);
  160. /**
  161. * Path based negotiation with fallback to default language
  162. * if no defined path prefix identified.
  163. */
  164. define('LANGUAGE_NEGOTIATION_PATH_DEFAULT', 1);
  165. /**
  166. * Path based negotiation with fallback to user preferences
  167. * and browser language detection if no defined path prefix
  168. * identified.
  169. */
  170. define('LANGUAGE_NEGOTIATION_PATH', 2);
  171. /**
  172. * Domain based negotiation with fallback to default language
  173. * if no language identified by domain.
  174. */
  175. define('LANGUAGE_NEGOTIATION_DOMAIN', 3);
  176. /**
  177. * Language written left to right. Possible value of $language->direction.
  178. */
  179. define('LANGUAGE_LTR', 0);
  180. /**
  181. * Language written right to left. Possible value of $language->direction.
  182. */
  183. define('LANGUAGE_RTL', 1);
  184. // Hide E_DEPRECATED messages.
  185. if (defined('E_DEPRECATED')) {
  186. error_reporting(error_reporting() & ~E_DEPRECATED);
  187. }
  188. /**
  189. * Start the timer with the specified name. If you start and stop
  190. * the same timer multiple times, the measured intervals will be
  191. * accumulated.
  192. *
  193. * @param name
  194. * The name of the timer.
  195. */
  196. function timer_start($name) {
  197. global $timers;
  198. list($usec, $sec) = explode(' ', microtime());
  199. $timers[$name]['start'] = (float)$usec + (float)$sec;
  200. $timers[$name]['count'] = isset($timers[$name]['count']) ? ++$timers[$name]['count'] : 1;
  201. }
  202. /**
  203. * Read the current timer value without stopping the timer.
  204. *
  205. * @param name
  206. * The name of the timer.
  207. * @return
  208. * The current timer value in ms.
  209. */
  210. function timer_read($name) {
  211. global $timers;
  212. if (isset($timers[$name]['start'])) {
  213. list($usec, $sec) = explode(' ', microtime());
  214. $stop = (float)$usec + (float)$sec;
  215. $diff = round(($stop - $timers[$name]['start']) * 1000, 2);
  216. if (isset($timers[$name]['time'])) {
  217. $diff += $timers[$name]['time'];
  218. }
  219. return $diff;
  220. }
  221. }
  222. /**
  223. * Stop the timer with the specified name.
  224. *
  225. * @param name
  226. * The name of the timer.
  227. * @return
  228. * A timer array. The array contains the number of times the
  229. * timer has been started and stopped (count) and the accumulated
  230. * timer value in ms (time).
  231. */
  232. function timer_stop($name) {
  233. global $timers;
  234. $timers[$name]['time'] = timer_read($name);
  235. unset($timers[$name]['start']);
  236. return $timers[$name];
  237. }
  238. /**
  239. * Find the appropriate configuration directory.
  240. *
  241. * Try finding a matching configuration directory by stripping the website's
  242. * hostname from left to right and pathname from right to left. The first
  243. * configuration file found will be used; the remaining will ignored. If no
  244. * configuration file is found, return a default value '$confdir/default'.
  245. *
  246. * Example for a fictitious site installed at
  247. * http://www.drupal.org:8080/mysite/test/ the 'settings.php' is searched in
  248. * the following directories:
  249. *
  250. * 1. $confdir/8080.www.drupal.org.mysite.test
  251. * 2. $confdir/www.drupal.org.mysite.test
  252. * 3. $confdir/drupal.org.mysite.test
  253. * 4. $confdir/org.mysite.test
  254. *
  255. * 5. $confdir/8080.www.drupal.org.mysite
  256. * 6. $confdir/www.drupal.org.mysite
  257. * 7. $confdir/drupal.org.mysite
  258. * 8. $confdir/org.mysite
  259. *
  260. * 9. $confdir/8080.www.drupal.org
  261. * 10. $confdir/www.drupal.org
  262. * 11. $confdir/drupal.org
  263. * 12. $confdir/org
  264. *
  265. * 13. $confdir/default
  266. *
  267. * @param $require_settings
  268. * Only configuration directories with an existing settings.php file
  269. * will be recognized. Defaults to TRUE. During initial installation,
  270. * this is set to FALSE so that Drupal can detect a matching directory,
  271. * then create a new settings.php file in it.
  272. * @param reset
  273. * Force a full search for matching directories even if one had been
  274. * found previously.
  275. * @return
  276. * The path of the matching directory.
  277. */
  278. function conf_path($require_settings = TRUE, $reset = FALSE) {
  279. static $conf = '';
  280. if ($conf && !$reset) {
  281. return $conf;
  282. }
  283. $confdir = 'sites';
  284. $uri = explode('/', $_SERVER['SCRIPT_NAME'] ? $_SERVER['SCRIPT_NAME'] : $_SERVER['SCRIPT_FILENAME']);
  285. $server = explode('.', implode('.', array_reverse(explode(':', rtrim($_SERVER['HTTP_HOST'], '.')))));
  286. for ($i = count($uri) - 1; $i > 0; $i--) {
  287. for ($j = count($server); $j > 0; $j--) {
  288. $dir = implode('.', array_slice($server, -$j)) . implode('.', array_slice($uri, 0, $i));
  289. if (file_exists("$confdir/$dir/settings.php") || (!$require_settings && file_exists("$confdir/$dir"))) {
  290. $conf = "$confdir/$dir";
  291. return $conf;
  292. }
  293. }
  294. }
  295. $conf = "$confdir/default";
  296. return $conf;
  297. }
  298. /**
  299. * Unsets all disallowed global variables. See $allowed for what's allowed.
  300. */
  301. function drupal_unset_globals() {
  302. if (ini_get('register_globals')) {
  303. $allowed = array('_ENV' => 1, '_GET' => 1, '_POST' => 1, '_COOKIE' => 1, '_FILES' => 1, '_SERVER' => 1, '_REQUEST' => 1, 'GLOBALS' => 1);
  304. foreach ($GLOBALS as $key => $value) {
  305. if (!isset($allowed[$key])) {
  306. unset($GLOBALS[$key]);
  307. }
  308. }
  309. }
  310. }
  311. /**
  312. * Validate that a hostname (for example $_SERVER['HTTP_HOST']) is safe.
  313. *
  314. * As $_SERVER['HTTP_HOST'] is user input, ensure it only contains characters
  315. * allowed in hostnames. See RFC 952 (and RFC 2181). $_SERVER['HTTP_HOST'] is
  316. * lowercased.
  317. *
  318. * @return
  319. * TRUE if only containing valid characters, or FALSE otherwise.
  320. */
  321. function drupal_valid_http_host($host) {
  322. // Limit the length of the host name to 1000 bytes to prevent DoS attacks with
  323. // long host names.
  324. return strlen($host) <= 1000
  325. // Limit the number of subdomains and port separators to prevent DoS attacks
  326. // in conf_path().
  327. && substr_count($host, '.') <= 100
  328. && substr_count($host, ':') <= 100
  329. && preg_match('/^\[?(?:[a-zA-Z0-9-:\]_]+\.?)+$/', $host);
  330. }
  331. /**
  332. * Loads the configuration and sets the base URL, cookie domain, and
  333. * session name correctly.
  334. */
  335. function conf_init() {
  336. global $base_url, $base_path, $base_root;
  337. // Export the following settings.php variables to the global namespace
  338. global $db_url, $db_prefix, $db_collation, $cookie_domain, $conf, $installed_profile, $update_free_access;
  339. $conf = array();
  340. if (!isset($_SERVER['SERVER_PROTOCOL']) || ($_SERVER['SERVER_PROTOCOL'] != 'HTTP/1.0' && $_SERVER['SERVER_PROTOCOL'] != 'HTTP/1.1')) {
  341. $_SERVER['SERVER_PROTOCOL'] = 'HTTP/1.0';
  342. }
  343. if (isset($_SERVER['HTTP_HOST'])) {
  344. // As HTTP_HOST is user input, ensure it only contains characters allowed
  345. // in hostnames. See RFC 952 (and RFC 2181).
  346. // $_SERVER['HTTP_HOST'] is lowercased here per specifications.
  347. $_SERVER['HTTP_HOST'] = strtolower($_SERVER['HTTP_HOST']);
  348. if (!drupal_valid_http_host($_SERVER['HTTP_HOST'])) {
  349. // HTTP_HOST is invalid, e.g. if containing slashes it may be an attack.
  350. header($_SERVER['SERVER_PROTOCOL'] .' 400 Bad Request');
  351. exit;
  352. }
  353. }
  354. else {
  355. // Some pre-HTTP/1.1 clients will not send a Host header. Ensure the key is
  356. // defined for E_ALL compliance.
  357. $_SERVER['HTTP_HOST'] = '';
  358. }
  359. if (file_exists('./'. conf_path() .'/settings.php')) {
  360. include_once './'. conf_path() .'/settings.php';
  361. }
  362. // Ignore the placeholder URL from default.settings.php.
  363. if (isset($db_url) && $db_url == 'mysql://username:password@localhost/databasename') {
  364. $db_url = '';
  365. }
  366. if (isset($base_url)) {
  367. // Parse fixed base URL from settings.php.
  368. $parts = parse_url($base_url);
  369. if (!isset($parts['path'])) {
  370. $parts['path'] = '';
  371. }
  372. $base_path = $parts['path'] .'/';
  373. // Build $base_root (everything until first slash after "scheme://").
  374. $base_root = substr($base_url, 0, strlen($base_url) - strlen($parts['path']));
  375. }
  376. else {
  377. // Create base URL
  378. $base_root = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? 'https' : 'http';
  379. $base_url = $base_root .= '://'. $_SERVER['HTTP_HOST'];
  380. // $_SERVER['SCRIPT_NAME'] can, in contrast to $_SERVER['PHP_SELF'], not
  381. // be modified by a visitor.
  382. if ($dir = trim(dirname($_SERVER['SCRIPT_NAME']), '\,/')) {
  383. $base_path = "/$dir";
  384. $base_url .= $base_path;
  385. $base_path .= '/';
  386. }
  387. else {
  388. $base_path = '/';
  389. }
  390. }
  391. if ($cookie_domain) {
  392. // If the user specifies the cookie domain, also use it for session name.
  393. $session_name = $cookie_domain;
  394. }
  395. else {
  396. // Otherwise use $base_url as session name, without the protocol
  397. // to use the same session identifiers across HTTP and HTTPS.
  398. list( , $session_name) = explode('://', $base_url, 2);
  399. // We escape the hostname because it can be modified by a visitor.
  400. if (!empty($_SERVER['HTTP_HOST'])) {
  401. $cookie_domain = check_plain($_SERVER['HTTP_HOST']);
  402. // Strip leading periods, www., and port numbers from cookie domain.
  403. $cookie_domain = ltrim($cookie_domain, '.');
  404. if (strpos($cookie_domain, 'www.') === 0) {
  405. $cookie_domain = substr($cookie_domain, 4);
  406. }
  407. $cookie_domain = explode(':', $cookie_domain);
  408. $cookie_domain = '.'. $cookie_domain[0];
  409. }
  410. }
  411. // To prevent session cookies from being hijacked, a user can configure the
  412. // SSL version of their website to only transfer session cookies via SSL by
  413. // using PHP's session.cookie_secure setting. The browser will then use two
  414. // separate session cookies for the HTTPS and HTTP versions of the site. So we
  415. // must use different session identifiers for HTTPS and HTTP to prevent a
  416. // cookie collision.
  417. if (ini_get('session.cookie_secure')) {
  418. $session_name .= 'SSL';
  419. }
  420. // Per RFC 2109, cookie domains must contain at least one dot other than the
  421. // first. For hosts such as 'localhost' or IP Addresses we don't set a cookie domain.
  422. if (count(explode('.', $cookie_domain)) > 2 && !is_numeric(str_replace('.', '', $cookie_domain))) {
  423. ini_set('session.cookie_domain', $cookie_domain);
  424. }
  425. session_name('SESS'. md5($session_name));
  426. }
  427. /**
  428. * Returns and optionally sets the filename for a system item (module,
  429. * theme, etc.). The filename, whether provided, cached, or retrieved
  430. * from the database, is only returned if the file exists.
  431. *
  432. * This function plays a key role in allowing Drupal's resources (modules
  433. * and themes) to be located in different places depending on a site's
  434. * configuration. For example, a module 'foo' may legally be be located
  435. * in any of these three places:
  436. *
  437. * modules/foo/foo.module
  438. * sites/all/modules/foo/foo.module
  439. * sites/example.com/modules/foo/foo.module
  440. *
  441. * Calling drupal_get_filename('module', 'foo') will give you one of
  442. * the above, depending on where the module is located.
  443. *
  444. * @param $type
  445. * The type of the item (i.e. theme, theme_engine, module, profile).
  446. * @param $name
  447. * The name of the item for which the filename is requested.
  448. * @param $filename
  449. * The filename of the item if it is to be set explicitly rather
  450. * than by consulting the database.
  451. *
  452. * @return
  453. * The filename of the requested item.
  454. */
  455. function drupal_get_filename($type, $name, $filename = NULL) {
  456. static $files = array();
  457. if (!isset($files[$type])) {
  458. $files[$type] = array();
  459. }
  460. if (!empty($filename) && file_exists($filename)) {
  461. $files[$type][$name] = $filename;
  462. }
  463. elseif (isset($files[$type][$name])) {
  464. // nothing
  465. }
  466. // Verify that we have an active database connection, before querying
  467. // the database. This is required because this function is called both
  468. // before we have a database connection (i.e. during installation) and
  469. // when a database connection fails.
  470. elseif (db_is_active() && (($file = db_result(db_query("SELECT filename FROM {system} WHERE name = '%s' AND type = '%s'", $name, $type))) && file_exists($file))) {
  471. $files[$type][$name] = $file;
  472. }
  473. else {
  474. // Fallback to searching the filesystem if the database connection is
  475. // not established or the requested file is not found.
  476. $config = conf_path();
  477. $dir = (($type == 'theme_engine') ? 'themes/engines' : "${type}s");
  478. $file = (($type == 'theme_engine') ? "$name.engine" : "$name.$type");
  479. foreach (array("$config/$dir/$file", "$config/$dir/$name/$file", "$dir/$file", "$dir/$name/$file") as $file) {
  480. if (file_exists($file)) {
  481. $files[$type][$name] = $file;
  482. break;
  483. }
  484. }
  485. }
  486. if (isset($files[$type][$name])) {
  487. return $files[$type][$name];
  488. }
  489. }
  490. /**
  491. * Load the persistent variable table.
  492. *
  493. * The variable table is composed of values that have been saved in the table
  494. * with variable_set() as well as those explicitly specified in the configuration
  495. * file.
  496. */
  497. function variable_init($conf = array()) {
  498. // NOTE: caching the variables improves performance by 20% when serving cached pages.
  499. if ($cached = cache_get('variables', 'cache')) {
  500. $variables = $cached->data;
  501. }
  502. else {
  503. $result = db_query('SELECT * FROM {variable}');
  504. while ($variable = db_fetch_object($result)) {
  505. $variables[$variable->name] = unserialize($variable->value);
  506. }
  507. cache_set('variables', $variables);
  508. }
  509. foreach ($conf as $name => $value) {
  510. $variables[$name] = $value;
  511. }
  512. return $variables;
  513. }
  514. /**
  515. * Returns a persistent variable.
  516. *
  517. * Case-sensitivity of the variable_* functions depends on the database
  518. * collation used. To avoid problems, always use lower case for persistent
  519. * variable names.
  520. *
  521. * @param $name
  522. * The name of the variable to return.
  523. * @param $default
  524. * The default value to use if this variable has never been set.
  525. * @return
  526. * The value of the variable.
  527. *
  528. * @see variable_del(), variable_set()
  529. */
  530. function variable_get($name, $default) {
  531. global $conf;
  532. return isset($conf[$name]) ? $conf[$name] : $default;
  533. }
  534. /**
  535. * Sets a persistent variable.
  536. *
  537. * Case-sensitivity of the variable_* functions depends on the database
  538. * collation used. To avoid problems, always use lower case for persistent
  539. * variable names.
  540. *
  541. * @param $name
  542. * The name of the variable to set.
  543. * @param $value
  544. * The value to set. This can be any PHP data type; these functions take care
  545. * of serialization as necessary.
  546. *
  547. * @see variable_del(), variable_get()
  548. */
  549. function variable_set($name, $value) {
  550. global $conf;
  551. $serialized_value = serialize($value);
  552. db_query("UPDATE {variable} SET value = '%s' WHERE name = '%s'", $serialized_value, $name);
  553. if (!db_affected_rows()) {
  554. @db_query("INSERT INTO {variable} (name, value) VALUES ('%s', '%s')", $name, $serialized_value);
  555. }
  556. cache_clear_all('variables', 'cache');
  557. $conf[$name] = $value;
  558. }
  559. /**
  560. * Unsets a persistent variable.
  561. *
  562. * Case-sensitivity of the variable_* functions depends on the database
  563. * collation used. To avoid problems, always use lower case for persistent
  564. * variable names.
  565. *
  566. * @param $name
  567. * The name of the variable to undefine.
  568. *
  569. * @see variable_get(), variable_set()
  570. */
  571. function variable_del($name) {
  572. global $conf;
  573. db_query("DELETE FROM {variable} WHERE name = '%s'", $name);
  574. cache_clear_all('variables', 'cache');
  575. unset($conf[$name]);
  576. }
  577. /**
  578. * Retrieve the current page from the cache.
  579. *
  580. * Note: we do not serve cached pages when status messages are waiting (from
  581. * a redirected form submission which was completed).
  582. *
  583. * @param $status_only
  584. * When set to TRUE, retrieve the status of the page cache only
  585. * (whether it was started in this request or not).
  586. */
  587. function page_get_cache($status_only = FALSE) {
  588. static $status = FALSE;
  589. global $user, $base_root;
  590. if ($status_only) {
  591. return $status;
  592. }
  593. $cache = NULL;
  594. if (!$user->uid && $_SERVER['REQUEST_METHOD'] == 'GET' && count(drupal_set_message()) == 0 && $_SERVER['SERVER_SOFTWARE'] !== 'PHP CLI') {
  595. $cache = cache_get($base_root . request_uri(), 'cache_page');
  596. if (empty($cache)) {
  597. ob_start();
  598. $status = TRUE;
  599. }
  600. }
  601. return $cache;
  602. }
  603. /**
  604. * Call all init or exit hooks without including all modules.
  605. *
  606. * @param $hook
  607. * The name of the bootstrap hook we wish to invoke.
  608. */
  609. function bootstrap_invoke_all($hook) {
  610. foreach (module_list(TRUE, TRUE) as $module) {
  611. drupal_load('module', $module);
  612. module_invoke($module, $hook);
  613. }
  614. }
  615. /**
  616. * Includes a file with the provided type and name. This prevents
  617. * including a theme, engine, module, etc., more than once.
  618. *
  619. * @param $type
  620. * The type of item to load (i.e. theme, theme_engine, module, profile).
  621. * @param $name
  622. * The name of the item to load.
  623. *
  624. * @return
  625. * TRUE if the item is loaded or has already been loaded.
  626. */
  627. function drupal_load($type, $name) {
  628. static $files = array();
  629. if (isset($files[$type][$name])) {
  630. return TRUE;
  631. }
  632. $filename = drupal_get_filename($type, $name);
  633. if ($filename) {
  634. include_once "./$filename";
  635. $files[$type][$name] = TRUE;
  636. return TRUE;
  637. }
  638. return FALSE;
  639. }
  640. /**
  641. * Set HTTP headers in preparation for a page response.
  642. *
  643. * Authenticated users are always given a 'no-cache' header, and will
  644. * fetch a fresh page on every request. This prevents authenticated
  645. * users seeing locally cached pages that show them as logged out.
  646. *
  647. * @see page_set_cache()
  648. */
  649. function drupal_page_header() {
  650. header("Expires: Sun, 19 Nov 1978 05:00:00 GMT");
  651. header("Last-Modified: ". gmdate("D, d M Y H:i:s") ." GMT");
  652. header("Cache-Control: store, no-cache, must-revalidate");
  653. header("Cache-Control: post-check=0, pre-check=0", FALSE);
  654. }
  655. /**
  656. * Set HTTP headers in preparation for a cached page response.
  657. *
  658. * The general approach here is that anonymous users can keep a local
  659. * cache of the page, but must revalidate it on every request. Then,
  660. * they are given a '304 Not Modified' response as long as they stay
  661. * logged out and the page has not been modified.
  662. *
  663. */
  664. function drupal_page_cache_header($cache) {
  665. // Set default values:
  666. $last_modified = gmdate('D, d M Y H:i:s', $cache->created) .' GMT';
  667. $etag = '"'. md5($last_modified) .'"';
  668. // See if the client has provided the required HTTP headers:
  669. $if_modified_since = isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) ? stripslashes($_SERVER['HTTP_IF_MODIFIED_SINCE']) : FALSE;
  670. $if_none_match = isset($_SERVER['HTTP_IF_NONE_MATCH']) ? stripslashes($_SERVER['HTTP_IF_NONE_MATCH']) : FALSE;
  671. if ($if_modified_since && $if_none_match
  672. && $if_none_match == $etag // etag must match
  673. && $if_modified_since == $last_modified) { // if-modified-since must match
  674. header($_SERVER['SERVER_PROTOCOL'] .' 304 Not Modified');
  675. // All 304 responses must send an etag if the 200 response for the same object contained an etag
  676. header("Etag: $etag");
  677. return;
  678. }
  679. // Send appropriate response:
  680. header("Last-Modified: $last_modified");
  681. header("ETag: $etag");
  682. // The following headers force validation of cache:
  683. header("Expires: Sun, 19 Nov 1978 05:00:00 GMT");
  684. header("Cache-Control: must-revalidate");
  685. if (variable_get('page_compression', TRUE) && extension_loaded('zlib')) {
  686. // Determine if the browser accepts gzipped data.
  687. if (isset($_SERVER['HTTP_ACCEPT_ENCODING']) && strpos($_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip') !== FALSE) {
  688. // $cache->data is already gzip'ed, so make sure zlib.output_compression
  689. // does not compress it once more.
  690. ini_set('zlib.output_compression', '0');
  691. header('Content-Encoding: gzip');
  692. }
  693. else {
  694. // The client does not support compression, so unzip the data in the
  695. // cache. Strip the gzip header and run uncompress.
  696. $cache->data = gzinflate(substr(substr($cache->data, 10), 0, -8));
  697. }
  698. }
  699. // Send the original request's headers. We send them one after
  700. // another so PHP's header() function can deal with duplicate
  701. // headers.
  702. $headers = explode("\n", $cache->headers);
  703. foreach ($headers as $header) {
  704. header($header);
  705. }
  706. print $cache->data;
  707. }
  708. /**
  709. * Define the critical hooks that force modules to always be loaded.
  710. */
  711. function bootstrap_hooks() {
  712. return array('boot', 'exit');
  713. }
  714. /**
  715. * Unserializes and appends elements from a serialized string.
  716. *
  717. * @param $obj
  718. * The object to which the elements are appended.
  719. * @param $field
  720. * The attribute of $obj whose value should be unserialized.
  721. */
  722. function drupal_unpack($obj, $field = 'data') {
  723. if ($obj->$field && $data = unserialize($obj->$field)) {
  724. foreach ($data as $key => $value) {
  725. if (!empty($key) && !isset($obj->$key)) {
  726. $obj->$key = $value;
  727. }
  728. }
  729. }
  730. return $obj;
  731. }
  732. /**
  733. * Return the URI of the referring page.
  734. */
  735. function referer_uri() {
  736. if (isset($_SERVER['HTTP_REFERER'])) {
  737. return $_SERVER['HTTP_REFERER'];
  738. }
  739. }
  740. /**
  741. * Encode special characters in a plain-text string for display as HTML.
  742. *
  743. * Also validates strings as UTF-8 to prevent cross site scripting attacks on
  744. * Internet Explorer 6.
  745. *
  746. * @param $text
  747. * The text to be checked or processed.
  748. * @return
  749. * An HTML safe version of $text, or an empty string if $text is not
  750. * valid UTF-8.
  751. *
  752. * @see drupal_validate_utf8().
  753. */
  754. function check_plain($text) {
  755. static $php525;
  756. if (!isset($php525)) {
  757. $php525 = version_compare(PHP_VERSION, '5.2.5', '>=');
  758. }
  759. // We duplicate the preg_match() to validate strings as UTF-8 from
  760. // drupal_validate_utf8() here. This avoids the overhead of an additional
  761. // function call, since check_plain() may be called hundreds of times during
  762. // a request. For PHP 5.2.5+, this check for valid UTF-8 should be handled
  763. // internally by PHP in htmlspecialchars().
  764. // @see http://www.php.net/releases/5_2_5.php
  765. // @todo remove this when support for either IE6 or PHP < 5.2.5 is dropped.
  766. if ($php525) {
  767. return htmlspecialchars($text, ENT_QUOTES, 'UTF-8');
  768. }
  769. return (preg_match('/^./us', $text) == 1) ? htmlspecialchars($text, ENT_QUOTES, 'UTF-8') : '';
  770. }
  771. /**
  772. * Checks whether a string is valid UTF-8.
  773. *
  774. * All functions designed to filter input should use drupal_validate_utf8
  775. * to ensure they operate on valid UTF-8 strings to prevent bypass of the
  776. * filter.
  777. *
  778. * When text containing an invalid UTF-8 lead byte (0xC0 - 0xFF) is presented
  779. * as UTF-8 to Internet Explorer 6, the program may misinterpret subsequent
  780. * bytes. When these subsequent bytes are HTML control characters such as
  781. * quotes or angle brackets, parts of the text that were deemed safe by filters
  782. * end up in locations that are potentially unsafe; An onerror attribute that
  783. * is outside of a tag, and thus deemed safe by a filter, can be interpreted
  784. * by the browser as if it were inside the tag.
  785. *
  786. * This function exploits preg_match behaviour (since PHP 4.3.5) when used
  787. * with the u modifier, as a fast way to find invalid UTF-8. When the matched
  788. * string contains an invalid byte sequence, it will fail silently.
  789. *
  790. * preg_match may not fail on 4 and 5 octet sequences, even though they
  791. * are not supported by the specification.
  792. *
  793. * The specific preg_match behaviour is present since PHP 4.3.5.
  794. *
  795. * @param $text
  796. * The text to check.
  797. * @return
  798. * TRUE if the text is valid UTF-8, FALSE if not.
  799. */
  800. function drupal_validate_utf8($text) {
  801. if (strlen($text) == 0) {
  802. return TRUE;
  803. }
  804. // For performance reasons this logic is duplicated in check_plain().
  805. return (preg_match('/^./us', $text) == 1);
  806. }
  807. /**
  808. * Since $_SERVER['REQUEST_URI'] is only available on Apache, we
  809. * generate an equivalent using other environment variables.
  810. */
  811. function request_uri() {
  812. if (isset($_SERVER['REQUEST_URI'])) {
  813. $uri = $_SERVER['REQUEST_URI'];
  814. }
  815. else {
  816. if (isset($_SERVER['argv'])) {
  817. $uri = $_SERVER['SCRIPT_NAME'] .'?'. $_SERVER['argv'][0];
  818. }
  819. elseif (isset($_SERVER['QUERY_STRING'])) {
  820. $uri = $_SERVER['SCRIPT_NAME'] .'?'. $_SERVER['QUERY_STRING'];
  821. }
  822. else {
  823. $uri = $_SERVER['SCRIPT_NAME'];
  824. }
  825. }
  826. // Prevent multiple slashes to avoid cross site requests via the FAPI.
  827. $uri = '/'. ltrim($uri, '/');
  828. return $uri;
  829. }
  830. /**
  831. * Log a system message.
  832. *
  833. * @param $type
  834. * The category to which this message belongs. Can be any string, but the
  835. * general practice is to use the name of the module calling watchdog().
  836. * The $type parameter is limited to 16 characters; anything longer is
  837. * truncated.
  838. * @param $message
  839. * The message to store in the log. See t() for documentation
  840. * on how $message and $variables interact. Keep $message
  841. * translatable by not concatenating dynamic values into it!
  842. * @param $variables
  843. * Array of variables to replace in the message on display or
  844. * NULL if message is already translated or not possible to
  845. * translate.
  846. * @param $severity
  847. * The severity of the message; one of the following values as defined in
  848. * @link http://www.faqs.org/rfcs/rfc3164.html RFC 3164: @endlink
  849. * - WATCHDOG_EMERGENCY: Emergency, system is unusable.
  850. * - WATCHDOG_ALERT: Alert, action must be taken immediately.
  851. * - WATCHDOG_CRITICAL: Critical conditions.
  852. * - WATCHDOG_ERROR: Error conditions.
  853. * - WATCHDOG_WARNING: Warning conditions.
  854. * - WATCHDOG_NOTICE: (default) Normal but significant conditions.
  855. * - WATCHDOG_INFO: Informational messages.
  856. * - WATCHDOG_DEBUG: Debug-level messages.
  857. * @param $link
  858. * A link to associate with the message.
  859. *
  860. * @see watchdog_severity_levels()
  861. */
  862. function watchdog($type, $message, $variables = array(), $severity = WATCHDOG_NOTICE, $link = NULL) {
  863. global $user, $base_root;
  864. // Prepare the fields to be logged
  865. $log_message = array(
  866. 'type' => $type,
  867. 'message' => $message,
  868. 'variables' => $variables,
  869. 'severity' => $severity,
  870. 'link' => $link,
  871. 'user' => $user,
  872. 'request_uri' => $base_root . request_uri(),
  873. 'referer' => referer_uri(),
  874. 'ip' => ip_address(),
  875. 'timestamp' => time(),
  876. );
  877. // Call the logging hooks to log/process the message
  878. foreach (module_implements('watchdog') as $module) {
  879. module_invoke($module, 'watchdog', $log_message);
  880. }
  881. }
  882. /**
  883. * Set a message which reflects the status of the performed operation.
  884. *
  885. * If the function is called with no arguments, this function returns all set
  886. * messages without clearing them.
  887. *
  888. * @param $message
  889. * The message should begin with a capital letter and always ends with a
  890. * period '.'.
  891. * @param $type
  892. * The type of the message. One of the following values are possible:
  893. * - 'status'
  894. * - 'warning'
  895. * - 'error'
  896. * @param $repeat
  897. * If this is FALSE and the message is already set, then the message won't
  898. * be repeated.
  899. */
  900. function drupal_set_message($message = NULL, $type = 'status', $repeat = TRUE) {
  901. if ($message) {
  902. if (!isset($_SESSION['messages'])) {
  903. $_SESSION['messages'] = array();
  904. }
  905. if (!isset($_SESSION['messages'][$type])) {
  906. $_SESSION['messages'][$type] = array();
  907. }
  908. if ($repeat || !in_array($message, $_SESSION['messages'][$type])) {
  909. $_SESSION['messages'][$type][] = $message;
  910. }
  911. }
  912. // messages not set when DB connection fails
  913. return isset($_SESSION['messages']) ? $_SESSION['messages'] : NULL;
  914. }
  915. /**
  916. * Return all messages that have been set.
  917. *
  918. * @param $type
  919. * (optional) Only return messages of this type.
  920. * @param $clear_queue
  921. * (optional) Set to FALSE if you do not want to clear the messages queue
  922. * @return
  923. * An associative array, the key is the message type, the value an array
  924. * of messages. If the $type parameter is passed, you get only that type,
  925. * or an empty array if there are no such messages. If $type is not passed,
  926. * all message types are returned, or an empty array if none exist.
  927. */
  928. function drupal_get_messages($type = NULL, $clear_queue = TRUE) {
  929. if ($messages = drupal_set_message()) {
  930. if ($type) {
  931. if ($clear_queue) {
  932. unset($_SESSION['messages'][$type]);
  933. }
  934. if (isset($messages[$type])) {
  935. return array($type => $messages[$type]);
  936. }
  937. }
  938. else {
  939. if ($clear_queue) {
  940. unset($_SESSION['messages']);
  941. }
  942. return $messages;
  943. }
  944. }
  945. return array();
  946. }
  947. /**
  948. * Perform an access check for a given mask and rule type. Rules are usually
  949. * created via admin/user/rules page.
  950. *
  951. * If any allow rule matches, access is allowed. Otherwise, if any deny rule
  952. * matches, access is denied. If no rule matches, access is allowed.
  953. *
  954. * @param $type string
  955. * Type of access to check: Allowed values are:
  956. * - 'host': host name or IP address
  957. * - 'mail': e-mail address
  958. * - 'user': username
  959. * @param $mask string
  960. * String or mask to test: '_' matches any character, '%' matches any
  961. * number of characters.
  962. * @return bool
  963. * TRUE if access is denied, FALSE if access is allowed.
  964. */
  965. function drupal_is_denied($type, $mask) {
  966. // Because this function is called for every page request, both cached
  967. // and non-cached pages, we tried to optimize it as much as possible.
  968. // We deny access if the only matching records in the {access} table have
  969. // status 0 (deny). If any have status 1 (allow), or if there are no
  970. // matching records, we allow access.
  971. $sql = "SELECT 1 FROM {access} WHERE type = '%s' AND LOWER('%s') LIKE LOWER(mask) AND status = %d";
  972. return db_result(db_query_range($sql, $type, $mask, 0, 0, 1)) && !db_result(db_query_range($sql, $type, $mask, 1, 0, 1));
  973. }
  974. /**
  975. * Generates a default anonymous $user object.
  976. *
  977. * @return Object - the user object.
  978. */
  979. function drupal_anonymous_user($session = '') {
  980. $user = new stdClass();
  981. $user->uid = 0;
  982. $user->hostname = ip_address();
  983. $user->roles = array();
  984. $user->roles[DRUPAL_ANONYMOUS_RID] = 'anonymous user';
  985. $user->session = $session;
  986. $user->cache = 0;
  987. return $user;
  988. }
  989. /**
  990. * A string describing a phase of Drupal to load. Each phase adds to the
  991. * previous one, so invoking a later phase automatically runs the earlier
  992. * phases too. The most important usage is that if you want to access the
  993. * Drupal database from a script without loading anything else, you can
  994. * include bootstrap.inc, and call drupal_bootstrap(DRUPAL_BOOTSTRAP_DATABASE).
  995. *
  996. * @param $phase
  997. * A constant. Allowed values are:
  998. * DRUPAL_BOOTSTRAP_CONFIGURATION: initialize configuration.
  999. * DRUPAL_BOOTSTRAP_EARLY_PAGE_CACHE: try to call a non-database cache fetch routine.
  1000. * DRUPAL_BOOTSTRAP_DATABASE: initialize database layer.
  1001. * DRUPAL_BOOTSTRAP_ACCESS: identify and reject banned hosts.
  1002. * DRUPAL_BOOTSTRAP_SESSION: initialize session handling.
  1003. * DRUPAL_BOOTSTRAP_LATE_PAGE_CACHE: load bootstrap.inc and module.inc, start
  1004. * the variable system and try to serve a page from the cache.
  1005. * DRUPAL_BOOTSTRAP_LANGUAGE: identify the language used on the page.
  1006. * DRUPAL_BOOTSTRAP_PATH: set $_GET['q'] to Drupal path of request.
  1007. * DRUPAL_BOOTSTRAP_FULL: Drupal is fully loaded, validate and fix input data.
  1008. */
  1009. function drupal_bootstrap($phase) {
  1010. static $phases = array(DRUPAL_BOOTSTRAP_CONFIGURATION, DRUPAL_BOOTSTRAP_EARLY_PAGE_CACHE, DRUPAL_BOOTSTRAP_DATABASE, DRUPAL_BOOTSTRAP_ACCESS, DRUPAL_BOOTSTRAP_SESSION, DRUPAL_BOOTSTRAP_LATE_PAGE_CACHE, DRUPAL_BOOTSTRAP_LANGUAGE, DRUPAL_BOOTSTRAP_PATH, DRUPAL_BOOTSTRAP_FULL), $phase_index = 0;
  1011. while ($phase >= $phase_index && isset($phases[$phase_index])) {
  1012. $current_phase = $phases[$phase_index];
  1013. unset($phases[$phase_index++]);
  1014. _drupal_bootstrap($current_phase);
  1015. }
  1016. }
  1017. function _drupal_bootstrap($phase) {
  1018. global $conf;
  1019. switch ($phase) {
  1020. case DRUPAL_BOOTSTRAP_CONFIGURATION:
  1021. drupal_unset_globals();
  1022. // Start a page timer:
  1023. timer_start('page');
  1024. // Initialize the configuration
  1025. conf_init();
  1026. break;
  1027. case DRUPAL_BOOTSTRAP_EARLY_PAGE_CACHE:
  1028. // Allow specifying special cache handlers in settings.php, like
  1029. // using memcached or files for storing cache information.
  1030. require_once variable_get('cache_inc', './includes/cache.inc');
  1031. // If the page_cache_fastpath is set to TRUE in settings.php and
  1032. // page_cache_fastpath (implemented in the special implementation of
  1033. // cache.inc) printed the page and indicated this with a returned TRUE
  1034. // then we are done.
  1035. if (variable_get('page_cache_fastpath', FALSE) && page_cache_fastpath()) {
  1036. exit;
  1037. }
  1038. break;
  1039. case DRUPAL_BOOTSTRAP_DATABASE:
  1040. // Initialize the default database.
  1041. require_once './includes/database.inc';
  1042. db_set_active();
  1043. // Allow specifying alternate lock implementations in settings.php, like
  1044. // those using APC or memcached.
  1045. require_once variable_get('lock_inc', './includes/lock.inc');
  1046. lock_init();
  1047. break;
  1048. case DRUPAL_BOOTSTRAP_ACCESS:
  1049. // Deny access to hosts which were banned - t() is not yet available.
  1050. if (drupal_is_denied('host', ip_address())) {
  1051. header($_SERVER['SERVER_PROTOCOL'] .' 403 Forbidden');
  1052. print 'Sorry, '. check_plain(ip_address()) .' has been banned.';
  1053. exit();
  1054. }
  1055. break;
  1056. case DRUPAL_BOOTSTRAP_SESSION:
  1057. require_once variable_get('session_inc', './includes/session.inc');
  1058. session_set_save_handler('sess_open', 'sess_close', 'sess_read', 'sess_write', 'sess_destroy_sid', 'sess_gc');
  1059. session_start();
  1060. break;
  1061. case DRUPAL_BOOTSTRAP_LATE_PAGE_CACHE:
  1062. // Initialize configuration variables, using values from settings.php if available.
  1063. $conf = variable_init(isset($conf) ? $conf : array());
  1064. // Sanitize the destination parameter (which is often used for redirects)
  1065. // to prevent open redirect attacks leading to other domains. Sanitize
  1066. // both $_GET['destination'] and $_REQUEST['destination'] to protect code
  1067. // that relies on either, but do not sanitize $_POST to avoid interfering
  1068. // with unrelated form submissions. $_REQUEST['edit']['destination'] is
  1069. // also sanitized since drupal_goto() will sometimes rely on it, and
  1070. // other code might therefore use it too. The sanitization happens here
  1071. // because menu_path_is_external() requires the variable system to be
  1072. // available.
  1073. if (isset($_GET['destination']) || isset($_REQUEST['destination']) || isset($_REQUEST['edit']['destination'])) {
  1074. // If the destination is an external URL, remove it.
  1075. if (isset($_GET['destination']) && menu_path_is_external($_GET['destination'])) {
  1076. unset($_GET['destination']);
  1077. unset($_REQUEST['destination']);
  1078. }
  1079. // If there's still something in $_REQUEST['destination'] that didn't
  1080. // come from $_GET, check it too.
  1081. if (isset($_REQUEST['destination']) && (!isset($_GET['destination']) || $_REQUEST['destination'] != $_GET['destination']) && menu_path_is_external($_REQUEST['destination'])) {
  1082. unset($_REQUEST['destination']);
  1083. }
  1084. // Check $_REQUEST['edit']['destination'] separately.
  1085. if (isset($_REQUEST['edit']['destination']) && menu_path_is_external($_REQUEST['edit']['destination'])) {
  1086. unset($_REQUEST['edit']['destination']);
  1087. }
  1088. }
  1089. $cache_mode = variable_get('cache', CACHE_DISABLED);
  1090. // Get the page from the cache.
  1091. $cache = $cache_mode == CACHE_DISABLED ? '' : page_get_cache();
  1092. // If the skipping of the bootstrap hooks is not enforced, call hook_boot.
  1093. if (!$cache || $cache_mode != CACHE_AGGRESSIVE) {
  1094. // Load module handling.
  1095. require_once './includes/module.inc';
  1096. bootstrap_invoke_all('boot');
  1097. }
  1098. // If there is a cached page, display it.
  1099. if ($cache) {
  1100. drupal_page_cache_header($cache);
  1101. // If the skipping of the bootstrap hooks is not enforced, call hook_exit.
  1102. if ($cache_mode != CACHE_AGGRESSIVE) {
  1103. bootstrap_invoke_all('exit');
  1104. }
  1105. // We are done.
  1106. exit;
  1107. }
  1108. // Prepare for non-cached page workflow.
  1109. drupal_page_header();
  1110. break;
  1111. case DRUPAL_BOOTSTRAP_LANGUAGE:
  1112. drupal_init_language();
  1113. break;
  1114. case DRUPAL_BOOTSTRAP_PATH:
  1115. require_once './includes/path.inc';
  1116. // Initialize $_GET['q'] prior to loading modules and invoking hook_init().
  1117. drupal_init_path();
  1118. break;
  1119. case DRUPAL_BOOTSTRAP_FULL:
  1120. require_once './includes/common.inc';
  1121. _drupal_bootstrap_full();
  1122. break;
  1123. }
  1124. }
  1125. /**
  1126. * Enables use of the theme system without requiring database access.
  1127. *
  1128. * Loads and initializes the theme system for site installs, updates and when
  1129. * the site is in off-line mode. This also applies when the database fails.
  1130. *
  1131. * @see _drupal_maintenance_theme()
  1132. */
  1133. function drupal_maintenance_theme() {
  1134. require_once './includes/theme.maintenance.inc';
  1135. _drupal_maintenance_theme();
  1136. }
  1137. /**
  1138. * Return the name of the localisation function. Use in code that needs to
  1139. * run both during installation and normal operation.
  1140. */
  1141. function get_t() {
  1142. static $t;
  1143. if (is_null($t)) {
  1144. $t = function_exists('install_main') ? 'st' : 't';
  1145. }
  1146. return $t;
  1147. }
  1148. /**
  1149. * Choose a language for the current page, based on site and user preferences.
  1150. */
  1151. function drupal_init_language() {
  1152. global $language, $user;
  1153. // Ensure the language is correctly returned, even without multilanguage support.
  1154. // Useful for eg. XML/HTML 'lang' attributes.
  1155. if (variable_get('language_count', 1) == 1) {
  1156. $language = language_default();
  1157. }
  1158. else {
  1159. include_once './includes/language.inc';
  1160. $language = language_initialize();
  1161. }
  1162. }
  1163. /**
  1164. * Get a list of languages set up indexed by the specified key
  1165. *
  1166. * @param $field The field to index the list with.
  1167. * @param $reset Boolean to request a reset of the list.
  1168. */
  1169. function language_list($field = 'language', $reset = FALSE) {
  1170. static $languages = NULL;
  1171. // Reset language list
  1172. if ($reset) {
  1173. $languages = NULL;
  1174. }
  1175. // Init language list
  1176. if (!isset($languages)) {
  1177. if (variable_get('language_count', 1) > 1 || module_exists('locale')) {
  1178. $result = db_query('SELECT * FROM {languages} ORDER BY weight ASC, name ASC');
  1179. while ($row = db_fetch_object($result)) {
  1180. $languages['language'][$row->language] = $row;
  1181. }
  1182. }
  1183. else {
  1184. // No locale module, so use the default language only.
  1185. $default = language_default();
  1186. $languages['language'][$default->language] = $default;
  1187. }
  1188. }
  1189. // Return the array indexed by the right field
  1190. if (!isset($languages[$field])) {
  1191. $languages[$field] = array();
  1192. foreach ($languages['language'] as $lang) {
  1193. // Some values should be collected into an array
  1194. if (in_array($field, array('enabled', 'weight'))) {
  1195. $languages[$field][$lang->$field][$lang->language] = $lang;
  1196. }
  1197. else {
  1198. $languages[$field][$lang->$field] = $lang;
  1199. }
  1200. }
  1201. }
  1202. return $languages[$field];
  1203. }
  1204. /**
  1205. * Default language used on the site
  1206. *
  1207. * @param $property
  1208. * Optional property of the language object to return
  1209. */
  1210. function language_default($property = NULL) {
  1211. $language = variable_get('language_default', (object) array('language' => 'en', 'name' => 'English', 'native' => 'English', 'direction' => 0, 'enabled' => 1, 'plurals' => 0, 'formula' => '', 'domain' => '', 'prefix' => '', 'weight' => 0, 'javascript' => ''));
  1212. return $property ? $language->$property : $language;
  1213. }
  1214. /**
  1215. * If Drupal is behind a reverse proxy, we use the X-Forwarded-For header
  1216. * instead of $_SERVER['REMOTE_ADDR'], which would be the IP address
  1217. * of the proxy server, and not the client's.
  1218. *
  1219. * @return
  1220. * IP address of client machine, adjusted for reverse proxy.
  1221. */
  1222. function ip_address() {
  1223. static $ip_address = NULL;
  1224. if (!isset($ip_address)) {
  1225. $ip_address = $_SERVER['REMOTE_ADDR'];
  1226. if (variable_get('reverse_proxy', 0) && array_key_exists('HTTP_X_FORWARDED_FOR', $_SERVER)) {
  1227. // If an array of known reverse proxy IPs is provided, then trust
  1228. // the XFF header if request really comes from one of them.
  1229. $reverse_proxy_addresses = variable_get('reverse_proxy_addresses', array());
  1230. if (!empty($reverse_proxy_addresses) && in_array($ip_address, $reverse_proxy_addresses, TRUE)) {
  1231. // If there are several arguments, we need to check the most
  1232. // recently added one, i.e. the last one.
  1233. $ip_address_parts = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
  1234. $ip_address = array_pop($ip_address_parts);
  1235. }
  1236. }
  1237. }
  1238. return $ip_address;
  1239. }
  1240. /**
  1241. * Returns a URL-safe, base64 encoded string of highly randomized bytes (over the full 8-bit range).
  1242. *
  1243. * @param $byte_count
  1244. * The number of random bytes to fetch and base64 encode.
  1245. *
  1246. * @return string
  1247. * The base64 encoded result will have a length of up to 4 * $byte_count.
  1248. */
  1249. function drupal_random_key($byte_count = 32) {
  1250. return drupal_base64_encode(drupal_random_bytes($byte_count));
  1251. }
  1252. /**
  1253. * Returns a URL-safe, base64 encoded version of the supplied string.
  1254. *
  1255. * @param $string
  1256. * The string to convert to base64.
  1257. *
  1258. * @return string
  1259. */
  1260. function drupal_base64_encode($string) {
  1261. $data = base64_encode($string);
  1262. // Modify the output so it's safe to use in URLs.
  1263. return strtr($data, array('+' => '-', '/' => '_', '=' => ''));
  1264. }
  1265. /**
  1266. * Returns a string of highly randomized bytes (over the full 8-bit range).
  1267. *
  1268. * This function is better than simply calling mt_rand() or any other built-in
  1269. * PHP function because it can return a long string of bytes (compared to < 4
  1270. * bytes normally from mt_rand()) and uses the best available pseudo-random
  1271. * source.
  1272. *
  1273. * @param $count
  1274. * The number of characters (bytes) to return in the string.
  1275. */
  1276. function drupal_random_bytes($count) {
  1277. // $random_state does not use drupal_static as it stores random bytes.
  1278. static $random_state, $bytes, $has_openssl, $has_hash;
  1279. $missing_bytes = $count - strlen($bytes);
  1280. if ($missing_bytes > 0) {
  1281. // PHP versions prior 5.3.4 experienced openssl_random_pseudo_bytes()
  1282. // locking on Windows and rendered it unusable.
  1283. if (!isset($has_openssl)) {
  1284. $has_openssl = version_compare(PHP_VERSION, '5.3.4', '>=') && function_exists('openssl_random_pseudo_bytes');
  1285. }
  1286. // openssl_random_pseudo_bytes() will find entropy in a system-dependent
  1287. // way.
  1288. if ($has_openssl) {
  1289. $bytes .= openssl_random_pseudo_bytes($missing_bytes);
  1290. }
  1291. // Else, read directly from /dev/urandom, which is available on many *nix
  1292. // systems and is considered cryptographically secure.
  1293. elseif ($fh = @fopen('/dev/urandom', 'rb')) {
  1294. // PHP only performs buffered reads, so in reality it will always read
  1295. // at least 4096 bytes. Thus, it costs nothing extra to read and store
  1296. // that much so as to speed any additional invocations.
  1297. $bytes .= fread($fh, max(4096, $missing_bytes));
  1298. fclose($fh);
  1299. }
  1300. // If we couldn't get enough entropy, this simple hash-based PRNG will
  1301. // generate a good set of pseudo-random bytes on any system.
  1302. // Note that it may be important that our $random_state is passed
  1303. // through hash() prior to being rolled into $output, that the two hash()
  1304. // invocations are different, and that the extra input into the first one -
  1305. // the microtime() - is prepended rather than appended. This is to avoid
  1306. // directly leaking $random_state via the $output stream, which could
  1307. // allow for trivial prediction of further "random" numbers.
  1308. if (strlen($bytes) < $count) {
  1309. // Initialize on the first call. The contents of $_SERVER includes a mix of
  1310. // user-specific and system information that varies a little with each page.
  1311. if (!isset($random_state)) {
  1312. $random_state = print_r($_SERVER, TRUE);
  1313. if (function_exists('getmypid')) {
  1314. // Further initialize with the somewhat random PHP process ID.
  1315. $random_state .= getmypid();
  1316. }
  1317. // hash() is only available in PHP 5.1.2+ or via PECL.
  1318. $has_hash = function_exists('hash') && in_array('sha256', hash_algos());
  1319. $bytes = '';
  1320. }
  1321. if ($has_hash) {
  1322. do {
  1323. $random_state = hash('sha256', microtime() . mt_rand() . $random_state);
  1324. $bytes .= hash('sha256', mt_rand() . $random_state, TRUE);
  1325. } while (strlen($bytes) < $count);
  1326. }
  1327. else {
  1328. do {
  1329. $random_state = md5(microtime() . mt_rand() . $random_state);
  1330. $bytes .= pack("H*", md5(mt_rand() . $random_state));
  1331. } while (strlen($bytes) < $count);
  1332. }
  1333. }
  1334. }
  1335. $output = substr($bytes, 0, $count);
  1336. $bytes = substr($bytes, $count);
  1337. return $output;
  1338. }
  1339. /**
  1340. * Calculates a hexadecimal encoded sha-1 hmac.
  1341. *
  1342. * @param string $data
  1343. * String to be validated with the hmac.
  1344. * @param string $key
  1345. * A secret string key.
  1346. *
  1347. * See RFC2104 (http://www.ietf.org/rfc/rfc2104.txt). Note, the result of this
  1348. * must be identical to using hash_hmac('sha1', $data, $key); We don't use
  1349. * that function since PHP can be missing it if it was compiled with the
  1350. * --disable-hash switch.
  1351. *
  1352. * @return string
  1353. * A hexadecimal encoded sha-1 hmac.
  1354. */
  1355. function drupal_hash_hmac_sha1($data, $key) {
  1356. // Keys longer than the 64 byte block size must be hashed first.
  1357. if (strlen($key) > 64) {
  1358. $key = pack("H*", sha1($key));
  1359. }
  1360. return sha1((str_pad($key, 64, chr(0x00)) ^ (str_repeat(chr(0x5c), 64))) . pack("H*", sha1((str_pad($key, 64, chr(0x00)) ^ (str_repeat(chr(0x36), 64))) . $data)));
  1361. }
  1362. /**
  1363. * Calculates a base-64 encoded, URL-safe sha-1 hmac.
  1364. *
  1365. * @param string $data
  1366. * String to be validated with the hmac.
  1367. * @param string $key
  1368. * A secret string key.
  1369. *
  1370. * @return string
  1371. * A base-64 encoded sha-1 hmac, with + replaced with -, / with _ and
  1372. * any = padding characters removed.
  1373. */
  1374. function drupal_hmac_base64($data, $key) {
  1375. // Casting $data and $key to strings here is necessary to avoid empty string
  1376. // results of the hash function if they are not scalar values. As this
  1377. // function is used in security-critical contexts like token validation it is
  1378. // important that it never returns an empty string.
  1379. $hmac = base64_encode(pack("H*", drupal_hash_hmac_sha1((string) $data, (string) $key)));
  1380. // Modify the hmac so it's safe to use in URLs.
  1381. return strtr($hmac, array('+' => '-', '/' => '_', '=' => ''));
  1382. }
  1383. /**
  1384. * Returns TRUE if a path is external (e.g. http://example.com).
  1385. *
  1386. * May be used early in bootstrap.
  1387. */
  1388. function menu_path_is_external($path) {
  1389. // Avoid calling filter_xss_bad_protocol() if there is any slash (/),
  1390. // hash (#) or question_mark (?) before the colon (:) occurrence - if any - as
  1391. // this would clearly mean it is not a URL. If the path starts with 2 slashes
  1392. // then it is always considered an external URL without an explicit protocol
  1393. // part. Leading control characters may be ignored or mishandled by browsers,
  1394. // so assume such a path may lead to an external location. The range matches
  1395. // all UTF-8 control characters, class Cc.
  1396. $colonpos = strpos($path, ':');
  1397. // Some browsers treat \ as / so normalize to forward slashes.
  1398. $path = str_replace('\\', '/', $path);
  1399. return (strpos($path, '//') === 0) || (preg_match('/^[\x00-\x1F\x7F-\x9F]/u', $path) !== 0)
  1400. || ($colonpos !== FALSE
  1401. && !preg_match('![/?#]!', substr($path, 0, $colonpos))
  1402. && filter_xss_bad_protocol($path, FALSE) == check_plain($path));
  1403. }
  1404. /**
  1405. * Processes an HTML attribute value and ensures it does not contain an URL
  1406. * with a disallowed protocol (e.g. javascript:)
  1407. *
  1408. * May be used early in bootstrap.
  1409. *
  1410. * @param $string
  1411. * The string with the attribute value.
  1412. * @param $decode
  1413. * Whether to decode entities in the $string. Set to FALSE if the $string
  1414. * is in plain text, TRUE otherwise. Defaults to TRUE.
  1415. * @return
  1416. * Cleaned up and HTML-escaped version of $string.
  1417. */
  1418. function filter_xss_bad_protocol($string, $decode = TRUE) {
  1419. static $allowed_protocols;
  1420. if (!isset($allowed_protocols)) {
  1421. $allowed_protocols = array_flip(variable_get('filter_allowed_protocols', array('http', 'https', 'ftp', 'news', 'nntp', 'tel', 'telnet', 'mailto', 'irc', 'ssh', 'sftp', 'webcal', 'rtsp')));
  1422. }
  1423. // Get the plain text representation of the attribute value (i.e. its meaning).
  1424. if ($decode) {
  1425. $string = decode_entities($string);
  1426. }
  1427. // Iteratively remove any invalid protocol found.
  1428. do {
  1429. $before = $string;
  1430. $colonpos = strpos($string, ':');
  1431. if ($colonpos > 0) {
  1432. // We found a colon, possibly a protocol. Verify.
  1433. $protocol = substr($string, 0, $colonpos);
  1434. // If a colon is preceded by a slash, question mark or hash, it cannot
  1435. // possibly be part of the URL scheme. This must be a relative URL,
  1436. // which inherits the (safe) protocol of the base document.
  1437. if (preg_match('![/?#]!', $protocol)) {
  1438. break;
  1439. }
  1440. // Per RFC2616, section 3.2.3 (URI Comparison) scheme comparison must be case-insensitive
  1441. // Check if this is a disallowed protocol.
  1442. if (!isset($allowed_protocols[strtolower($protocol)])) {
  1443. $string = substr($string, $colonpos + 1);
  1444. }
  1445. }
  1446. } while ($before != $string);
  1447. return check_plain($string);
  1448. }

Functions

Namesort descending Description
bootstrap_hooks Define the critical hooks that force modules to always be loaded.
bootstrap_invoke_all Call all init or exit hooks without including all modules.
check_plain Encode special characters in a plain-text string for display as HTML.
conf_init Loads the configuration and sets the base URL, cookie domain, and session name correctly.
conf_path Find the appropriate configuration directory.
drupal_anonymous_user Generates a default anonymous $user object.
drupal_base64_encode Returns a URL-safe, base64 encoded version of the supplied string.
drupal_bootstrap A string describing a phase of Drupal to load. Each phase adds to the previous one, so invoking a later phase automatically runs the earlier phases too. The most important usage is that if you want to access the Drupal database from a script without…
drupal_get_filename Returns and optionally sets the filename for a system item (module, theme, etc.). The filename, whether provided, cached, or retrieved from the database, is only returned if the file exists.
drupal_get_messages Return all messages that have been set.
drupal_hash_hmac_sha1 Calculates a hexadecimal encoded sha-1 hmac.
drupal_hmac_base64 Calculates a base-64 encoded, URL-safe sha-1 hmac.
drupal_init_language Choose a language for the current page, based on site and user preferences.
drupal_is_denied Perform an access check for a given mask and rule type. Rules are usually created via admin/user/rules page.
drupal_load Includes a file with the provided type and name. This prevents including a theme, engine, module, etc., more than once.
drupal_maintenance_theme Enables use of the theme system without requiring database access.
drupal_page_cache_header Set HTTP headers in preparation for a cached page response.
drupal_page_header Set HTTP headers in preparation for a page response.
drupal_random_bytes Returns a string of highly randomized bytes (over the full 8-bit range).
drupal_random_key Returns a URL-safe, base64 encoded string of highly randomized bytes (over the full 8-bit range).
drupal_set_message Set a message which reflects the status of the performed operation.
drupal_unpack Unserializes and appends elements from a serialized string.
drupal_unset_globals Unsets all disallowed global variables. See $allowed for what's allowed.
drupal_validate_utf8 Checks whether a string is valid UTF-8.
drupal_valid_http_host Validate that a hostname (for example $_SERVER['HTTP_HOST']) is safe.
filter_xss_bad_protocol Processes an HTML attribute value and ensures it does not contain an URL with a disallowed protocol (e.g. javascript:)
get_t Return the name of the localisation function. Use in code that needs to run both during installation and normal operation.
ip_address If Drupal is behind a reverse proxy, we use the X-Forwarded-For header instead of $_SERVER['REMOTE_ADDR'], which would be the IP address of the proxy server, and not the client's.
language_default Default language used on the site
language_list Get a list of languages set up indexed by the specified key
menu_path_is_external Returns TRUE if a path is external (e.g. http://example.com).
page_get_cache Retrieve the current page from the cache.
referer_uri Return the URI of the referring page.
request_uri Since $_SERVER['REQUEST_URI'] is only available on Apache, we generate an equivalent using other environment variables.
timer_read Read the current timer value without stopping the timer.
timer_start Start the timer with the specified name. If you start and stop the same timer multiple times, the measured intervals will be accumulated.
timer_stop Stop the timer with the specified name.
variable_del Unsets a persistent variable.
variable_get Returns a persistent variable.
variable_init Load the persistent variable table.
variable_set Sets a persistent variable.
watchdog Log a system message.
_drupal_bootstrap

Constants

Namesort descending Description
CACHE_AGGRESSIVE Indicates that page caching is using "aggressive" mode. This bypasses loading any modules for additional speed, which may break functionality in modules that expect to be run on each page load.
CACHE_DISABLED Indicates that page caching is disabled.
CACHE_NORMAL Indicates that page caching is enabled, using "normal" mode.
CACHE_PERMANENT Indicates that the item should never be removed unless explicitly told to using cache_clear_all() with a cache ID.
CACHE_TEMPORARY Indicates that the item should be removed at the next general cache wipe.
DRUPAL_ANONYMOUS_RID Role ID for anonymous users; should match what's in the "role" table.
DRUPAL_AUTHENTICATED_RID Role ID for authenticated users; should match what's in the "role" table.
DRUPAL_BOOTSTRAP_ACCESS Fourth bootstrap phase: identify and reject banned hosts.
DRUPAL_BOOTSTRAP_CONFIGURATION First bootstrap phase: initialize configuration.
DRUPAL_BOOTSTRAP_DATABASE Third bootstrap phase: initialize database layer.
DRUPAL_BOOTSTRAP_EARLY_PAGE_CACHE Second bootstrap phase: try to call a non-database cache fetch routine.
DRUPAL_BOOTSTRAP_FULL Final bootstrap phase: Drupal is fully loaded; validate and fix input data.
DRUPAL_BOOTSTRAP_LANGUAGE Seventh bootstrap phase: find out language of the page.
DRUPAL_BOOTSTRAP_LATE_PAGE_CACHE Sixth bootstrap phase: load bootstrap.inc and module.inc, start the variable system and try to serve a page from the cache.
DRUPAL_BOOTSTRAP_PATH Eighth bootstrap phase: set $_GET['q'] to Drupal path of request.
DRUPAL_BOOTSTRAP_SESSION Fifth bootstrap phase: initialize session handling.
LANGUAGE_LTR Language written left to right. Possible value of $language->direction.
LANGUAGE_NEGOTIATION_DOMAIN Domain based negotiation with fallback to default language if no language identified by domain.
LANGUAGE_NEGOTIATION_NONE No language negotiation. The default language is used.
LANGUAGE_NEGOTIATION_PATH Path based negotiation with fallback to user preferences and browser language detection if no defined path prefix identified.
LANGUAGE_NEGOTIATION_PATH_DEFAULT Path based negotiation with fallback to default language if no defined path prefix identified.
LANGUAGE_RTL Language written right to left. Possible value of $language->direction.
WATCHDOG_ALERT Log message severity -- Alert: action must be taken immediately.
WATCHDOG_CRITICAL Log message severity -- Critical: critical conditions.
WATCHDOG_DEBUG Log message severity -- Debug: debug-level messages.
WATCHDOG_EMERG Log message severity -- Emergency: system is unusable.
WATCHDOG_ERROR Log message severity -- Error: error conditions.
WATCHDOG_INFO Log message severity -- Informational: informational messages.
WATCHDOG_NOTICE Log message severity -- Notice: normal but significant condition.
WATCHDOG_WARNING Log message severity -- Warning: warning conditions.