';
}
/**
* Sanitizes $message, taking into account our special codes
* for formatting.
*
* If you want to include result in element attribute, you should escape it.
*
* Examples:
*
*
*
* bar
*
* @param string $message the message
* @param boolean $escape whether to escape html in result
* @param boolean $safe whether string is safe (can keep < and > chars)
* @return string the sanitized message
*/
function PMA_sanitize($message, $escape = false, $safe = false)
{
if (!$safe) {
$message = strtr($message, array('<' => '<', '>' => '>'));
}
/* Interpret bb code */
$replace_pairs = array(
'[i]' => '', // deprecated by em
'[/i]' => '', // deprecated by em
'[em]' => '',
'[/em]' => '',
'[b]' => '', // deprecated by strong
'[/b]' => '', // deprecated by strong
'[strong]' => '',
'[/strong]' => '',
'[tt]' => '', // deprecated by CODE or KBD
'[/tt]' => '', // deprecated by CODE or KBD
'[code]' => '',
'[/code]' => '',
'[kbd]' => '',
'[/kbd]' => '',
'[br]' => '
',
'[/a]' => '',
'[sup]' => '',
'[/sup]' => '',
);
/* Adjust links for setup, which lives in subfolder */
if (defined('PMA_SETUP')) {
$replace_pairs['[a@Documentation.html'] = '[a@../Documentation.html';
} else {
$replace_pairs['[a@Documentation.html'] = '[a@./Documentation.html';
}
$message = strtr($message, $replace_pairs);
/* Match links in bb code ([a@url@target], where @target is options) */
$pattern = '/\[a@([^]"@]*)(@([^]"]*))?\]/';
/* Find and replace all links */
$message = preg_replace_callback($pattern, 'PMA_replaceBBLink', $message);
/* Possibly escape result */
if ($escape) {
$message = htmlspecialchars($message);
}
return $message;
}
/**
* Sanitize a filename by removing anything besides legit characters
*
* Intended usecase:
* When using a filename in a Content-Disposition header the value
* should not contain ; or "
*
* When exporting, avoiding generation of an unexpected double-extension file
*
* @param string The filename
* @param boolean Whether to also replace dots
*
* @return string the sanitized filename
*
*/
function PMA_sanitize_filename($filename, $replaceDots = false) {
$pattern = '/[^A-Za-z0-9_';
// if we don't have to replace dots
if (! $replaceDots) {
// then add the dot to the list of legit characters
$pattern .= '.';
}
$pattern .= '-]/';
$filename = preg_replace($pattern, '_', $filename);
return $filename;
}
?>