Issues in url_helper.php (develop) - Issues in develop - ci-bonfire/Sprint - Measure and Improve Code Quality continuously with Scrutinizer

Issues (423)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

system/helpers/url_helper.php (1 issue)

Labels

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

/**
 * CodeIgniter
 *
 * An open source application development framework for PHP
 *
 * This content is released under the MIT License (MIT)
 *
 * Copyright (c) 2014 - 2015, British Columbia Institute of Technology
 *
 * Permission is hereby granted, free of charge, to any person obtaining a copy
 * of this software and associated documentation files (the "Software"), to deal
 * in the Software without restriction, including without limitation the rights
 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 * copies of the Software, and to permit persons to whom the Software is
 * furnished to do so, subject to the following conditions:
 *
 * The above copyright notice and this permission notice shall be included in
 * all copies or substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 * THE SOFTWARE.
 *
 * @package	CodeIgniter
 * @author	EllisLab Dev Team
 * @copyright	Copyright (c) 2008 - 2014, EllisLab, Inc. (http://ellislab.com/)
 * @copyright	Copyright (c) 2014 - 2015, British Columbia Institute of Technology (http://bcit.ca/)
 * @license	http://opensource.org/licenses/MIT	MIT License
 * @link	http://codeigniter.com
 * @since	Version 1.0.0
 * @filesource
 */
defined('BASEPATH') OR exit('No direct script access allowed');

/**
 * CodeIgniter URL Helpers
 *
 * @package		CodeIgniter
 * @subpackage	Helpers
 * @category	Helpers
 * @author		EllisLab Dev Team
 * @link		http://codeigniter.com/user_guide/helpers/url_helper.html
 */

// ------------------------------------------------------------------------

if ( ! function_exists('site_url'))
{
	/**
	 * Site URL
	 *
	 * Create a local URL based on your basepath. Segments can be passed via the
	 * first parameter either as a string or an array.
	 *
	 * @param	string	$uri
	 * @param	string	$protocol
	 * @return	string
	 */
	function site_url($uri = '', $protocol = NULL)
	{
		return get_instance()->config->site_url($uri, $protocol);
	}
}

// ------------------------------------------------------------------------

if ( ! function_exists('base_url'))
{
	/**
	 * Base URL
	 *
	 * Create a local URL based on your basepath.
	 * Segments can be passed in as a string or an array, same as site_url
	 * or a URL to a file can be passed in, e.g. to an image file.
	 *
	 * @param	string	$uri
	 * @param	string	$protocol
	 * @return	string
	 */
	function base_url($uri = '', $protocol = NULL)
	{
		return get_instance()->config->base_url($uri, $protocol);
	}
}

// ------------------------------------------------------------------------

if ( ! function_exists('current_url'))
{
	/**
	 * Current URL
	 *
	 * Returns the full URL (including segments) of the page where this
	 * function is placed
	 *
	 * @return	string
	 */
	function current_url()
	{
		$CI =& get_instance();
		return $CI->config->site_url($CI->uri->uri_string());
	}
}

// ------------------------------------------------------------------------

if ( ! function_exists('uri_string'))
{
	/**
	 * URL String
	 *
	 * Returns the URI segments.
	 *
	 * @return	string
	 */
	function uri_string()
	{
		return get_instance()->uri->uri_string();
	}
}

// ------------------------------------------------------------------------

if ( ! function_exists('index_page'))
{
	/**
	 * Index page
	 *
	 * Returns the "index_page" from your config file
	 *
	 * @return	string
	 */
	function index_page()
	{
		return get_instance()->config->item('index_page');
	}
}

// ------------------------------------------------------------------------

if ( ! function_exists('anchor'))
{
	/**
	 * Anchor Link
	 *
	 * Creates an anchor based on the local URL.
	 *
	 * @param	string	the URL
	 * @param	string	the link title
	 * @param	mixed	any attributes
	 * @return	string
	 */
	function anchor($uri = '', $title = '', $attributes = '')
	{
		$title = (string) $title;

		$site_url = is_array($uri)
			? site_url($uri)
			: (preg_match('#^(\w+:)?//#i', $uri) ? $uri : site_url($uri));

		if ($title === '')
		{
			$title = $site_url;
		}

		if ($attributes !== '')
		{
			$attributes = _stringify_attributes($attributes);
		}

		return '<a href="'.$site_url.'"'.$attributes.'>'.$title.'</a>';
	}
}

// ------------------------------------------------------------------------

if ( ! function_exists('anchor_popup'))
{
	/**
	 * Anchor Link - Pop-up version
	 *
	 * Creates an anchor based on the local URL. The link
	 * opens a new window based on the attributes specified.
	 *
	 * @param	string	the URL
	 * @param	string	the link title
	 * @param	mixed	any attributes
	 * @return	string
	 */
	function anchor_popup($uri = '', $title = '', $attributes = FALSE)
	{
		$title = (string) $title;
		$site_url = preg_match('#^(\w+:)?//#i', $uri) ? $uri : site_url($uri);

		if ($title === '')
		{
			$title = $site_url;
		}

		if ($attributes === FALSE)
		{
			return '<a href="'.$site_url.'" onclick="window.open(\''.$site_url."', '_blank'); return false;\">".$title.'</a>';
		}

		if ( ! is_array($attributes))
		{
			$attributes = array($attributes);

			// Ref: http://www.w3schools.com/jsref/met_win_open.asp
			$window_name = '_blank';
		}
		elseif ( ! empty($attributes['window_name']))
		{
			$window_name = $attributes['window_name'];
			unset($attributes['window_name']);
		}
		else
		{
			$window_name = '_blank';
		}

		foreach (array('width' => '800', 'height' => '600', 'scrollbars' => 'yes', 'menubar' => 'no', 'status' => 'yes', 'resizable' => 'yes', 'screenx' => '0', 'screeny' => '0') as $key => $val)
		{
			$atts[$key] = isset($attributes[$key]) ? $attributes[$key] : $val;
			unset($attributes[$key]);
		}

		$attributes = _stringify_attributes($attributes);

		return '<a href="'.$site_url
			.'" onclick="window.open(\''.$site_url."', '".$window_name."', '"._stringify_attributes($atts, TRUE)."'); return false;\""
			.$attributes.'>'.$title.'</a>';
	}
}

// ------------------------------------------------------------------------

if ( ! function_exists('mailto'))
{
	/**
	 * Mailto Link
	 *
	 * @param	string	the email address
	 * @param	string	the link title
	 * @param	mixed	any attributes
	 * @return	string
	 */
	function mailto($email, $title = '', $attributes = '')
	{
		$title = (string) $title;

		if ($title === '')
		{
			$title = $email;
		}

		return '<a href="mailto:'.$email.'"'._stringify_attributes($attributes).'>'.$title.'</a>';
	}
}

// ------------------------------------------------------------------------

if ( ! function_exists('safe_mailto'))
{
	/**
	 * Encoded Mailto Link
	 *
	 * Create a spam-protected mailto link written in Javascript
	 *
	 * @param	string	the email address
	 * @param	string	the link title
	 * @param	mixed	any attributes
	 * @return	string
	 */
	function safe_mailto($email, $title = '', $attributes = '')
	{
		$title = (string) $title;

		if ($title === '')
		{
			$title = $email;
		}

		$x = str_split('<a href="mailto:', 1);

		for ($i = 0, $l = strlen($email); $i < $l; $i++)
		{
			$x[] = '|'.ord($email[$i]);
		}

		$x[] = '"';

		if ($attributes !== '')
		{
			if (is_array($attributes))
			{
				foreach ($attributes as $key => $val)
				{
					$x[] = ' '.$key.'="';
					for ($i = 0, $l = strlen($val); $i < $l; $i++)
					{
						$x[] = '|'.ord($val[$i]);
					}
					$x[] = '"';
				}
			}
			else
			{
				for ($i = 0, $l = strlen($attributes); $i < $l; $i++)
				{
					$x[] = $attributes[$i];
				}
			}
		}

		$x[] = '>';

		$temp = array();
		for ($i = 0, $l = strlen($title); $i < $l; $i++)
		{
			$ordinal = ord($title[$i]);

			if ($ordinal < 128)
			{
				$x[] = '|'.$ordinal;
			}
			else
			{
				if (count($temp) === 0)
				{
					$count = ($ordinal < 224) ? 2 : 3;
				}

				$temp[] = $ordinal;
				if (count($temp) === $count)
				{
					$number = ($count === 3)
							? (($temp[0] % 16) * 4096) + (($temp[1] % 64) * 64) + ($temp[2] % 64)
							: (($temp[0] % 32) * 64) + ($temp[1] % 64);
					$x[] = '|'.$number;
					$count = 1;
					$temp = array();
				}
			}
		}

		$x[] = '<'; $x[] = '/'; $x[] = 'a'; $x[] = '>';

		$x = array_reverse($x);

		$output = "<script type=\"text/javascript\">\n"
			."\t//<![CDATA[\n"
			."\tvar l=new Array();\n";

		for ($i = 0, $c = count($x); $i < $c; $i++)
		{
			$output .= "\tl[".$i."] = '".$x[$i]."';\n";
		}

		$output .= "\n\tfor (var i = l.length-1; i >= 0; i=i-1) {\n"
			."\t\tif (l[i].substring(0, 1) === '|') document.write(\"&#\"+unescape(l[i].substring(1))+\";\");\n"
			."\t\telse document.write(unescape(l[i]));\n"
			."\t}\n"
			."\t//]]>\n"
			.'</script>';

		return $output;
	}
}

// ------------------------------------------------------------------------

if ( ! function_exists('auto_link'))
{
	/**
	 * Auto-linker
	 *
	 * Automatically links URL and Email addresses.
	 * Note: There's a bit of extra code here to deal with
	 * URLs or emails that end in a period. We'll strip these
	 * off and add them after the link.
	 *
	 * @param	string	the string
	 * @param	string	the type: email, url, or both
	 * @param	bool	whether to create pop-up links
	 * @return	string
	 */
	function auto_link($str, $type = 'both', $popup = FALSE)
	{
		// Find and replace any URLs.
		if ($type !== 'email' && preg_match_all('#(\w*://|www\.)[^\s()<>;]+\w#i', $str, $matches, PREG_OFFSET_CAPTURE | PREG_SET_ORDER))
		{
			// Set our target HTML if using popup links.
			$target = ($popup) ? ' target="_blank"' : '';

			// We process the links in reverse order (last -> first) so that
			// the returned string offsets from preg_match_all() are not
			// moved as we add more HTML.
			foreach (array_reverse($matches) as $match)
			{
				// $match[0] is the matched string/link
				// $match[1] is either a protocol prefix or 'www.'
				//
				// With PREG_OFFSET_CAPTURE, both of the above is an array,
				// where the actual value is held in [0] and its offset at the [1] index.
				$a = '<a href="'.(strpos($match[1][0], '/') ? '' : 'http://').$match[0][0].'"'.$target.'>'.$match[0][0].'</a>';
				$str = substr_replace($str, $a, $match[0][1], strlen($match[0][0]));
			}
		}

		// Find and replace any emails.
		if ($type !== 'url' && preg_match_all('#([\w\.\-\+]+@[a-z0-9\-]+\.[a-z0-9\-\.]+[^[:punct:]\s])#i', $str, $matches, PREG_OFFSET_CAPTURE))
		{
			foreach (array_reverse($matches[0]) as $match)
			{
				if (filter_var($match[0], FILTER_VALIDATE_EMAIL) !== FALSE)
				{
					$str = substr_replace($str, safe_mailto($match[0]), $match[1], strlen($match[0]));
				}
			}
		}

		return $str;
	}
}

// ------------------------------------------------------------------------

if ( ! function_exists('prep_url'))
{
	/**
	 * Prep URL
	 *
	 * Simply adds the http:// part if no scheme is included
	 *
	 * @param	string	the URL
	 * @return	string
	 */
	function prep_url($str = '')
	{
		if ($str === 'http://' OR $str === '')
		{
			return '';
		}

		$url = parse_url($str);

		if ( ! $url OR ! isset($url['scheme']))
		{
			return 'http://'.$str;
		}

		return $str;
	}
}

// ------------------------------------------------------------------------

if ( ! function_exists('url_title'))
{
	/**
	 * Create URL Title
	 *
	 * Takes a "title" string as input and creates a
	 * human-friendly URL string with a "separator" string
	 * as the word separator.
	 *
	 * @todo	Remove old 'dash' and 'underscore' usage in 3.1+.
	 * @param	string	$str		Input string
	 * @param	string	$separator	Word separator
	 *			(usually '-' or '_')
	 * @param	bool	$lowercase	Whether to transform the output string to lowercase
	 * @return	string
	 */
	function url_title($str, $separator = '-', $lowercase = FALSE)
	{
		if ($separator === 'dash')
		{
			$separator = '-';
		}
		elseif ($separator === 'underscore')
		{
			$separator = '_';
		}

		$q_separator = preg_quote($separator, '#');

		$trans = array(
			'&.+?;'			=> '',
			'[^\w\d _-]'		=> '',
			'\s+'			=> $separator,
			'('.$q_separator.')+'	=> $separator
		);

		$str = strip_tags($str);
		foreach ($trans as $key => $val)
		{
			$str = preg_replace('#'.$key.'#i'.(UTF8_ENABLED ? 'u' : ''), $val, $str);
		}

		if ($lowercase === TRUE)
		{
			$str = strtolower($str);
		}

		return trim(trim($str, $separator));
	}
}

// ------------------------------------------------------------------------

if ( ! function_exists('redirect'))
{
	/**
	 * Header Redirect
	 *
	 * Header redirect in two flavors
	 * For very fine grained control over headers, you could use the Output
	 * Library's set_header() function.
	 *
	 * @param	string	$uri	URL
	 * @param	string	$method	Redirect method
	 *			'auto', 'location' or 'refresh'
	 * @param	int	$code	HTTP Response status code
	 * @return	void
	 */
	function redirect($uri = '', $method = 'auto', $code = NULL)
	{
		if ( ! preg_match('#^(\w+:)?//#i', $uri))
		{
			$uri = site_url($uri);
		}

		// IIS environment likely? Use 'refresh' for better compatibility
		if ($method === 'auto' && isset($_SERVER['SERVER_SOFTWARE']) && strpos($_SERVER['SERVER_SOFTWARE'], 'Microsoft-IIS') !== FALSE)
		{
			$method = 'refresh';
		}
		elseif ($method !== 'refresh' && (empty($code) OR ! is_numeric($code)))
		{
			if (isset($_SERVER['SERVER_PROTOCOL'], $_SERVER['REQUEST_METHOD']) && $_SERVER['SERVER_PROTOCOL'] === 'HTTP/1.1')
			{
				$code = ($_SERVER['REQUEST_METHOD'] !== 'GET')
					? 303	// reference: http://en.wikipedia.org/wiki/Post/Redirect/Get
					: 307;
			}
			else
			{
				$code = 302;
			}
		}

		switch ($method)
		{
			case 'refresh':
				header('Refresh:0;url='.$uri);
				break;
			default:
				header('Location: '.$uri, TRUE, $code);
				break;
		}
		exit;
	}
}


GitHub Access Token became invalid

Issues (423)

Security Analysis not enabled

system/helpers/url_helper.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1		<?php
		0 ignored issues – show Coding Style Compatibility introduced 2016-02-16 16:43 UTC by Report Bug Copy Issue Report Show Similar Issues like this For compatibility and reusability of your code, PSR1 recommends that a file should introduce either new symbols (like classes, functions, etc.) or have side-effects (like outputting something, or including other files), but not both at the same time. The first symbol is defined on line 64 and the first side effect is on line 38. The PSR-1: Basic Coding Standard recommends that a file should either introduce new symbols, that is classes, functions, constants or similar, or have side effects. Side effects are anything that executes logic, like for example printing output, changing ini settings or writing to a file. The idea behind this recommendation is that merely auto-loading a class should not change the state of an application. It also promotes a cleaner style of programming and makes your code less prone to errors, because the logic is not spread out all over the place. To learn more about the PSR-1, please see the PHP-FIG site on the PSR-1. Loading history...
2		/**
3		* CodeIgniter
4		*
5		* An open source application development framework for PHP
6		*
7		* This content is released under the MIT License (MIT)
8		*
9		* Copyright (c) 2014 - 2015, British Columbia Institute of Technology
10		*
11		* Permission is hereby granted, free of charge, to any person obtaining a copy
12		* of this software and associated documentation files (the "Software"), to deal
13		* in the Software without restriction, including without limitation the rights
14		* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
15		* copies of the Software, and to permit persons to whom the Software is
16		* furnished to do so, subject to the following conditions:
17		*
18		* The above copyright notice and this permission notice shall be included in
19		* all copies or substantial portions of the Software.
20		*
21		* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
22		* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
23		* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
24		* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
25		* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
26		* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
27		* THE SOFTWARE.
28		*
29		* @package CodeIgniter
30		* @author EllisLab Dev Team
31		* @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (http://ellislab.com/)
32		* @copyright Copyright (c) 2014 - 2015, British Columbia Institute of Technology (http://bcit.ca/)
33		* @license http://opensource.org/licenses/MIT MIT License
34		* @link http://codeigniter.com
35		* @since Version 1.0.0
36		* @filesource
37		*/
38		defined('BASEPATH') OR exit('No direct script access allowed');
39
40		/**
41		* CodeIgniter URL Helpers
42		*
43		* @package CodeIgniter
44		* @subpackage Helpers
45		* @category Helpers
46		* @author EllisLab Dev Team
47		* @link http://codeigniter.com/user_guide/helpers/url_helper.html
48		*/
49
50		// ------------------------------------------------------------------------
51
52	View Code Duplication	if ( ! function_exists('site_url'))
53		{
54		/**
55		* Site URL
56		*
57		* Create a local URL based on your basepath. Segments can be passed via the
58		* first parameter either as a string or an array.
59		*
60		* @param string $uri
61		* @param string $protocol
62		* @return string
63		*/
64		function site_url($uri = '', $protocol = NULL)
65		{
66		return get_instance()->config->site_url($uri, $protocol);
67		}
68		}
69
70		// ------------------------------------------------------------------------
71
72	View Code Duplication	if ( ! function_exists('base_url'))
73		{
74		/**
75		* Base URL
76		*
77		* Create a local URL based on your basepath.
78		* Segments can be passed in as a string or an array, same as site_url
79		* or a URL to a file can be passed in, e.g. to an image file.
80		*
81		* @param string $uri
82		* @param string $protocol
83		* @return string
84		*/
85		function base_url($uri = '', $protocol = NULL)
86		{
87		return get_instance()->config->base_url($uri, $protocol);
88		}
89		}
90
91		// ------------------------------------------------------------------------
92
93		if ( ! function_exists('current_url'))
94		{
95		/**
96		* Current URL
97		*
98		* Returns the full URL (including segments) of the page where this
99		* function is placed
100		*
101		* @return string
102		*/
103		function current_url()
104		{
105		$CI =& get_instance();
106		return $CI->config->site_url($CI->uri->uri_string());
107		}
108		}
109
110		// ------------------------------------------------------------------------
111
112		if ( ! function_exists('uri_string'))
113		{
114		/**
115		* URL String
116		*
117		* Returns the URI segments.
118		*
119		* @return string
120		*/
121		function uri_string()
122		{
123		return get_instance()->uri->uri_string();
124		}
125		}
126
127		// ------------------------------------------------------------------------
128
129		if ( ! function_exists('index_page'))
130		{
131		/**
132		* Index page
133		*
134		* Returns the "index_page" from your config file
135		*
136		* @return string
137		*/
138		function index_page()
139		{
140		return get_instance()->config->item('index_page');
141		}
142		}
143
144		// ------------------------------------------------------------------------
145
146		if ( ! function_exists('anchor'))
147		{
148		/**
149		* Anchor Link
150		*
151		* Creates an anchor based on the local URL.
152		*
153		* @param string the URL
154		* @param string the link title
155		* @param mixed any attributes
156		* @return string
157		*/
158		function anchor($uri = '', $title = '', $attributes = '')
159		{
160		$title = (string) $title;
161
162		$site_url = is_array($uri)
163		? site_url($uri)
164		: (preg_match('#^(\w+:)?//#i', $uri) ? $uri : site_url($uri));
165
166		if ($title === '')
167		{
168		$title = $site_url;
169		}
170
171		if ($attributes !== '')
172		{
173		$attributes = _stringify_attributes($attributes);
174		}
175
176		return '<a href="'.$site_url.'"'.$attributes.'>'.$title.'</a>';
177		}
178		}
179
180		// ------------------------------------------------------------------------
181
182		if ( ! function_exists('anchor_popup'))
183		{
184		/**
185		* Anchor Link - Pop-up version
186		*
187		* Creates an anchor based on the local URL. The link
188		* opens a new window based on the attributes specified.
189		*
190		* @param string the URL
191		* @param string the link title
192		* @param mixed any attributes
193		* @return string
194		*/
195		function anchor_popup($uri = '', $title = '', $attributes = FALSE)
196		{
197		$title = (string) $title;
198		$site_url = preg_match('#^(\w+:)?//#i', $uri) ? $uri : site_url($uri);
199
200		if ($title === '')
201		{
202		$title = $site_url;
203		}
204
205		if ($attributes === FALSE)
206		{
207		return '<a href="'.$site_url.'" onclick="window.open(\''.$site_url."', '_blank'); return false;\">".$title.'</a>';
208		}
209
210		if ( ! is_array($attributes))
211		{
212		$attributes = array($attributes);
213
214		// Ref: http://www.w3schools.com/jsref/met_win_open.asp
215		$window_name = '_blank';
216		}
217		elseif ( ! empty($attributes['window_name']))
218		{
219		$window_name = $attributes['window_name'];
220		unset($attributes['window_name']);
221		}
222		else
223		{
224		$window_name = '_blank';
225		}
226
227		foreach (array('width' => '800', 'height' => '600', 'scrollbars' => 'yes', 'menubar' => 'no', 'status' => 'yes', 'resizable' => 'yes', 'screenx' => '0', 'screeny' => '0') as $key => $val)
228		{
229		$atts[$key] = isset($attributes[$key]) ? $attributes[$key] : $val;
230		unset($attributes[$key]);
231		}
232
233		$attributes = _stringify_attributes($attributes);
234
235		return '<a href="'.$site_url
236		.'" onclick="window.open(\''.$site_url."', '".$window_name."', '"._stringify_attributes($atts, TRUE)."'); return false;\""
237		.$attributes.'>'.$title.'</a>';
238		}
239		}
240
241		// ------------------------------------------------------------------------
242
243	View Code Duplication	if ( ! function_exists('mailto'))
244		{
245		/**
246		* Mailto Link
247		*
248		* @param string the email address
249		* @param string the link title
250		* @param mixed any attributes
251		* @return string
252		*/
253		function mailto($email, $title = '', $attributes = '')
254		{
255		$title = (string) $title;
256
257		if ($title === '')
258		{
259		$title = $email;
260		}
261
262		return '<a href="mailto:'.$email.'"'._stringify_attributes($attributes).'>'.$title.'</a>';
263		}
264		}
265
266		// ------------------------------------------------------------------------
267
268		if ( ! function_exists('safe_mailto'))
269		{
270		/**
271		* Encoded Mailto Link
272		*
273		* Create a spam-protected mailto link written in Javascript
274		*
275		* @param string the email address
276		* @param string the link title
277		* @param mixed any attributes
278		* @return string
279		*/
280		function safe_mailto($email, $title = '', $attributes = '')
281		{
282		$title = (string) $title;
283
284		if ($title === '')
285		{
286		$title = $email;
287		}
288
289		$x = str_split('<a href="mailto:', 1);
290
291	View Code Duplication	for ($i = 0, $l = strlen($email); $i < $l; $i++)
292		{
293		$x[] = '\|'.ord($email[$i]);
294		}
295
296		$x[] = '"';
297
298		if ($attributes !== '')
299		{
300		if (is_array($attributes))
301		{
302		foreach ($attributes as $key => $val)
303		{
304		$x[] = ' '.$key.'="';
305	View Code Duplication	for ($i = 0, $l = strlen($val); $i < $l; $i++)
306		{
307		$x[] = '\|'.ord($val[$i]);
308		}
309		$x[] = '"';
310		}
311		}
312		else
313		{
314	View Code Duplication	for ($i = 0, $l = strlen($attributes); $i < $l; $i++)
315		{
316		$x[] = $attributes[$i];
317		}
318		}
319		}
320
321		$x[] = '>';
322
323		$temp = array();
324		for ($i = 0, $l = strlen($title); $i < $l; $i++)
325		{
326		$ordinal = ord($title[$i]);
327
328		if ($ordinal < 128)
329		{
330		$x[] = '\|'.$ordinal;
331		}
332	View Code Duplication	else
333		{
334		if (count($temp) === 0)
335		{
336		$count = ($ordinal < 224) ? 2 : 3;
337		}
338
339		$temp[] = $ordinal;
340		if (count($temp) === $count)
341		{
342		$number = ($count === 3)
343		? (($temp[0] % 16) * 4096) + (($temp[1] % 64) * 64) + ($temp[2] % 64)
344		: (($temp[0] % 32) * 64) + ($temp[1] % 64);
345		$x[] = '\|'.$number;
346		$count = 1;
347		$temp = array();
348		}
349		}
350		}
351
352		$x[] = '<'; $x[] = '/'; $x[] = 'a'; $x[] = '>';
353
354		$x = array_reverse($x);
355
356		$output = "<script type=\"text/javascript\">\n"
357		."\t//<![CDATA[\n"
358		."\tvar l=new Array();\n";
359
360		for ($i = 0, $c = count($x); $i < $c; $i++)
361		{
362		$output .= "\tl[".$i."] = '".$x[$i]."';\n";
363		}
364
365		$output .= "\n\tfor (var i = l.length-1; i >= 0; i=i-1) {\n"
366		."\t\tif (l[i].substring(0, 1) === '\|') document.write(\"&#\"+unescape(l[i].substring(1))+\";\");\n"
367		."\t\telse document.write(unescape(l[i]));\n"
368		."\t}\n"
369		."\t//]]>\n"
370		.'</script>';
371
372		return $output;
373		}
374		}
375
376		// ------------------------------------------------------------------------
377
378		if ( ! function_exists('auto_link'))
379		{
380		/**
381		* Auto-linker
382		*
383		* Automatically links URL and Email addresses.
384		* Note: There's a bit of extra code here to deal with
385		* URLs or emails that end in a period. We'll strip these
386		* off and add them after the link.
387		*
388		* @param string the string
389		* @param string the type: email, url, or both
390		* @param bool whether to create pop-up links
391		* @return string
392		*/
393		function auto_link($str, $type = 'both', $popup = FALSE)
394		{
395		// Find and replace any URLs.
396		if ($type !== 'email' && preg_match_all('#(\w*://\|www\.)[^\s()<>;]+\w#i', $str, $matches, PREG_OFFSET_CAPTURE \| PREG_SET_ORDER))
397		{
398		// Set our target HTML if using popup links.
399		$target = ($popup) ? ' target="_blank"' : '';
400
401		// We process the links in reverse order (last -> first) so that
402		// the returned string offsets from preg_match_all() are not
403		// moved as we add more HTML.
404		foreach (array_reverse($matches) as $match)
405		{
406		// $match[0] is the matched string/link
407		// $match[1] is either a protocol prefix or 'www.'
408		//
409		// With PREG_OFFSET_CAPTURE, both of the above is an array,
410		// where the actual value is held in [0] and its offset at the [1] index.
411		$a = '<a href="'.(strpos($match[1][0], '/') ? '' : 'http://').$match[0][0].'"'.$target.'>'.$match[0][0].'</a>';
412		$str = substr_replace($str, $a, $match[0][1], strlen($match[0][0]));
413		}
414		}
415
416		// Find and replace any emails.
417		if ($type !== 'url' && preg_match_all('#([\w\.\-\+]+@[a-z0-9\-]+\.[a-z0-9\-\.]+[^[:punct:]\s])#i', $str, $matches, PREG_OFFSET_CAPTURE))
418		{
419		foreach (array_reverse($matches[0]) as $match)
420		{
421		if (filter_var($match[0], FILTER_VALIDATE_EMAIL) !== FALSE)
422		{
423		$str = substr_replace($str, safe_mailto($match[0]), $match[1], strlen($match[0]));
424		}
425		}
426		}
427
428		return $str;
429		}
430		}
431
432		// ------------------------------------------------------------------------
433
434		if ( ! function_exists('prep_url'))
435		{
436		/**
437		* Prep URL
438		*
439		* Simply adds the http:// part if no scheme is included
440		*
441		* @param string the URL
442		* @return string
443		*/
444		function prep_url($str = '')
445		{
446		if ($str === 'http://' OR $str === '')
447		{
448		return '';
449		}
450
451		$url = parse_url($str);
452
453		if ( ! $url OR ! isset($url['scheme']))
454		{
455		return 'http://'.$str;
456		}
457
458		return $str;
459		}
460		}
461
462		// ------------------------------------------------------------------------
463
464		if ( ! function_exists('url_title'))
465		{
466		/**
467		* Create URL Title
468		*
469		* Takes a "title" string as input and creates a
470		* human-friendly URL string with a "separator" string
471		* as the word separator.
472		*
473		* @todo Remove old 'dash' and 'underscore' usage in 3.1+.
474		* @param string $str Input string
475		* @param string $separator Word separator
476		* (usually '-' or '_')
477		* @param bool $lowercase Whether to transform the output string to lowercase
478		* @return string
479		*/
480		function url_title($str, $separator = '-', $lowercase = FALSE)
481		{
482		if ($separator === 'dash')
483		{
484		$separator = '-';
485		}
486		elseif ($separator === 'underscore')
487		{
488		$separator = '_';
489		}
490
491		$q_separator = preg_quote($separator, '#');
492
493		$trans = array(
494		'&.+?;' => '',
495		'[^\w\d _-]' => '',
496		'\s+' => $separator,
497		'('.$q_separator.')+' => $separator
498		);
499
500		$str = strip_tags($str);
501		foreach ($trans as $key => $val)
502		{
503		$str = preg_replace('#'.$key.'#i'.(UTF8_ENABLED ? 'u' : ''), $val, $str);
504		}
505
506		if ($lowercase === TRUE)
507		{
508		$str = strtolower($str);
509		}
510
511		return trim(trim($str, $separator));
512		}
513		}
514
515		// ------------------------------------------------------------------------
516
517		if ( ! function_exists('redirect'))
518		{
519		/**
520		* Header Redirect
521		*
522		* Header redirect in two flavors
523		* For very fine grained control over headers, you could use the Output
524		* Library's set_header() function.
525		*
526		* @param string $uri URL
527		* @param string $method Redirect method
528		* 'auto', 'location' or 'refresh'
529		* @param int $code HTTP Response status code
530		* @return void
531		*/
532		function redirect($uri = '', $method = 'auto', $code = NULL)
533		{
534		if ( ! preg_match('#^(\w+:)?//#i', $uri))
535		{
536		$uri = site_url($uri);
537		}
538
539		// IIS environment likely? Use 'refresh' for better compatibility
540		if ($method === 'auto' && isset($_SERVER['SERVER_SOFTWARE']) && strpos($_SERVER['SERVER_SOFTWARE'], 'Microsoft-IIS') !== FALSE)
541		{
542		$method = 'refresh';
543		}
544		elseif ($method !== 'refresh' && (empty($code) OR ! is_numeric($code)))
545		{
546		if (isset($_SERVER['SERVER_PROTOCOL'], $_SERVER['REQUEST_METHOD']) && $_SERVER['SERVER_PROTOCOL'] === 'HTTP/1.1')
547		{
548		$code = ($_SERVER['REQUEST_METHOD'] !== 'GET')
549		? 303 // reference: http://en.wikipedia.org/wiki/Post/Redirect/Get
550		: 307;
551		}
552		else
553		{
554		$code = 302;
555		}
556		}
557
558		switch ($method)
559		{
560		case 'refresh':
561		header('Refresh:0;url='.$uri);
562		break;
563		default:
564		header('Location: '.$uri, TRUE, $code);
565		break;
566		}
567		exit;
568		}
569		}
570

ci-bonfire / Sprint

GitHub Access Token became invalid

Issues (423)

Security Analysis not enabled

system/helpers/url_helper.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like