Database queries should use parameter binding

  • Critical
  • Security

More information: https://insight.sensiolabs.com/what-we-analyse/doctrine.database_query_contains_string_and_variable_concatenation

in includes/functions.php, line 1311
  1. $table = YOURLS_DB_TABLE_URL;
  2. $query = "SELECT `keyword` FROM `$table` WHERE `url` = '$longurl'";
  3. // Ensure sort is a column in database (@TODO: update verification array if database changes)
  4. if ( in_array( $sort, array('keyword','title','timestamp','clicks') ) ) {
  5. $query .= " ORDER BY '".$sort."'";

    If provided by the user, the value of $sort may allow an SQL injection attack. Avoid concatenating parameters to SQL query strings, and use parameter binding instead.

    Time to fix: about 1 hour
    Open Issue Permalink
    Last edited by Clayton Daley
  6. if ( in_array( $order, array( 'ASC','DESC' ) ) ) {
  7. $query .= " ".$order;
  8. }
  9. }
  10. return yourls_apply_filter( 'get_longurl_keywords', $ydb->get_col( $query ), $longurl );

PHP debug statements found

  • Critical
  • Security

More information: https://insight.sensiolabs.com/what-we-analyse/php.debug_statements

  1. {
  2. echo "<font color=800080><b>ezSQL</b> (v".EZSQL_VERSION.") <b>Variable Dump..</b></font>\n\n";
  3. }
  4. $var_type = gettype ($mixed);
  5. print_r(($mixed?$mixed:"<font color=red>No Value / False</font>"));

    print_r() should only be used for debug, and not committed to the source code repository.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by ozh
  6. echo "\n\n<b>Type:</b> " . ucfirst($var_type) . "\n";
  7. echo "<b>Last Query</b> [$this->num_queries]<b>:</b> ".($this->last_query?$this->last_query:"NULL")."\n";
  8. echo "<b>Last Function Call:</b> " . ($this->func_call?$this->func_call:"None")."\n";
  9. echo "<b>Last Rows Returned:</b> ".count($this->last_result)."\n";
  10. echo "</font></pre></font></blockquote></td></tr></table>".$this->donation();

Global variable or function should never be used 457

  • Major
  • Architecture

More information: https://insight.sensiolabs.com/what-we-analyse/php.use_global_variable_or_function

  1. /**
  2. * Determine the allowed character set in short URLs
  3. *
  4. */
  5. function yourls_get_shorturl_charset() {

    yourls_get_shorturl_charset() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. static $charset = null;
  7. if( $charset !== null )
  8. return $charset;
  9. if( defined('YOURLS_URL_CONVERT') && in_array( YOURLS_URL_CONVERT, array( 62, 64 ) ) ) {
  1. /**
  2. * Make an optimized regexp pattern from a string of characters
  3. *
  4. */
  5. function yourls_make_regexp_pattern( $string ) {

    yourls_make_regexp_pattern() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. $pattern = preg_quote( $string, '@' ); // add @ as an escaped character because @ is used as the regexp delimiter in yourls-loader.php
  7. // Simple benchmarks show that regexp with smarter sequences (0-9, a-z, A-Z...) are not faster or slower than 0123456789 etc...
  8. return $pattern;
  9. }
  1. /**
  2. * Is a URL a short URL? Accept either 'http://sho.rt/abc' or 'abc'
  3. *
  4. */
  5. function yourls_is_shorturl( $shorturl ) {

    yourls_is_shorturl() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. // TODO: make sure this function evolves with the feature set.
  7. $is_short = false;
  8. // Is $shorturl a URL (http://sho.rt/abc) or a keyword (abc) ?
  1. /**
  2. * Check to see if a given keyword is reserved (ie reserved URL or an existing page). Returns bool
  3. *
  4. */
  5. function yourls_keyword_is_reserved( $keyword ) {

    yourls_keyword_is_reserved() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. global $yourls_reserved_URL;
  7. $keyword = yourls_sanitize_keyword( $keyword );
  8. $reserved = false;
  9. if ( in_array( $keyword, $yourls_reserved_URL)
  1. /**
  2. * Check to see if a given keyword is reserved (ie reserved URL or an existing page). Returns bool
  3. *
  4. */
  5. function yourls_keyword_is_reserved( $keyword ) {
  6. global $yourls_reserved_URL;

    $yourls_reserved_URL adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  7. $keyword = yourls_sanitize_keyword( $keyword );
  8. $reserved = false;
  9. if ( in_array( $keyword, $yourls_reserved_URL)
  10. or file_exists( YOURLS_ABSPATH ."/pages/$keyword.php" )
  1. /**
  2. * Function: Get client IP Address. Returns a DB safe string.
  3. *
  4. */
  5. function yourls_get_IP() {

    yourls_get_IP() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. $ip = '';
  7. // Precedence: if set, X-Forwarded-For > HTTP_X_FORWARDED_FOR > HTTP_CLIENT_IP > HTTP_VIA > REMOTE_ADDR
  8. $headers = array( 'X-Forwarded-For', 'HTTP_X_FORWARDED_FOR', 'HTTP_CLIENT_IP', 'HTTP_VIA', 'REMOTE_ADDR' );
  9. foreach( $headers as $header ) {
in includes/functions.php, line 106
  1. /**
  2. * Get next id a new link will have if no custom keyword provided
  3. *
  4. */
  5. function yourls_get_next_decimal() {

    yourls_get_next_decimal() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. return yourls_apply_filter( 'get_next_decimal', (int)yourls_get_option( 'next_id' ) );
  7. }
  8. /**
  9. * Update id for next link with no custom keyword
in includes/functions.php, line 114
  1. /**
  2. * Update id for next link with no custom keyword
  3. *
  4. */
  5. function yourls_update_next_decimal( $int = '' ) {

    yourls_update_next_decimal() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. $int = ( $int == '' ) ? yourls_get_next_decimal() + 1 : (int)$int ;
  7. $update = yourls_update_option( 'next_id', $int );
  8. yourls_do_action( 'update_next_decimal', $int, $update );
  9. return $update;
  10. }
in includes/functions.php, line 125
  1. /**
  2. * Delete a link in the DB
  3. *
  4. */
  5. function yourls_delete_link_by_keyword( $keyword ) {

    yourls_delete_link_by_keyword() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. // Allow plugins to short-circuit the whole function
  7. $pre = yourls_apply_filter( 'shunt_delete_link_by_keyword', null, $keyword );
  8. if ( null !== $pre )
  9. return $pre;
in includes/functions.php, line 131
  1. // Allow plugins to short-circuit the whole function
  2. $pre = yourls_apply_filter( 'shunt_delete_link_by_keyword', null, $keyword );
  3. if ( null !== $pre )
  4. return $pre;
  5. global $ydb;

    $ydb adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. $table = YOURLS_DB_TABLE_URL;
  7. $keyword = yourls_escape( yourls_sanitize_string( $keyword ) );
  8. $delete = $ydb->query("DELETE FROM `$table` WHERE `keyword` = '$keyword';");
  9. yourls_do_action( 'delete_link', $keyword, $delete );
in includes/functions.php, line 144
  1. /**
  2. * SQL query to insert a new link in the DB. Returns boolean for success or failure of the inserting
  3. *
  4. */
  5. function yourls_insert_link_in_db( $url, $keyword, $title = '' ) {

    yourls_insert_link_in_db() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. global $ydb;
  7. $url = yourls_escape( yourls_sanitize_url( $url ) );
  8. $keyword = yourls_escape( yourls_sanitize_keyword( $keyword ) );
  9. $title = yourls_escape( yourls_sanitize_title( $title ) );
in includes/functions.php, line 145
  1. /**
  2. * SQL query to insert a new link in the DB. Returns boolean for success or failure of the inserting
  3. *
  4. */
  5. function yourls_insert_link_in_db( $url, $keyword, $title = '' ) {
  6. global $ydb;

    $ydb adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  7. $url = yourls_escape( yourls_sanitize_url( $url ) );
  8. $keyword = yourls_escape( yourls_sanitize_keyword( $keyword ) );
  9. $title = yourls_escape( yourls_sanitize_title( $title ) );
in includes/functions.php, line 165
  1. /**
  2. * Check if a URL already exists in the DB. Return NULL (doesn't exist) or an object with URL informations.
  3. *
  4. */
  5. function yourls_url_exists( $url ) {

    yourls_url_exists() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. // Allow plugins to short-circuit the whole function
  7. $pre = yourls_apply_filter( 'shunt_url_exists', false, $url );
  8. if ( false !== $pre )
  9. return $pre;
in includes/functions.php, line 171
  1. // Allow plugins to short-circuit the whole function
  2. $pre = yourls_apply_filter( 'shunt_url_exists', false, $url );
  3. if ( false !== $pre )
  4. return $pre;
  5. global $ydb;

    $ydb adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. $table = YOURLS_DB_TABLE_URL;
  7. $url = yourls_escape( yourls_sanitize_url( $url) );
  8. $url_exists = $ydb->get_row( "SELECT * FROM `$table` WHERE `url` = '".$url."';" );
  9. return yourls_apply_filter( 'url_exists', $url_exists, $url );
in includes/functions.php, line 183
  1. /**
  2. * Add a new link in the DB, either with custom keyword, or find one
  3. *
  4. */
  5. function yourls_add_new_link( $url, $keyword = '', $title = '' ) {

    yourls_add_new_link() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. // Allow plugins to short-circuit the whole function
  7. $pre = yourls_apply_filter( 'shunt_add_new_link', false, $url, $keyword, $title );
  8. if ( false !== $pre )
  9. return $pre;
in includes/functions.php, line 309
  1. /**
  2. * Edit a link
  3. *
  4. */
  5. function yourls_edit_link( $url, $keyword, $newkeyword='', $title='' ) {

    yourls_edit_link() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. // Allow plugins to short-circuit the whole function
  7. $pre = yourls_apply_filter( 'shunt_edit_link', null, $keyword, $url, $keyword, $newkeyword, $title );
  8. if ( null !== $pre )
  9. return $pre;
in includes/functions.php, line 315
  1. // Allow plugins to short-circuit the whole function
  2. $pre = yourls_apply_filter( 'shunt_edit_link', null, $keyword, $url, $keyword, $newkeyword, $title );
  3. if ( null !== $pre )
  4. return $pre;
  5. global $ydb;

    $ydb adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. $table = YOURLS_DB_TABLE_URL;
  7. $url = yourls_escape (yourls_sanitize_url( $url ) );
  8. $keyword = yourls_escape( yourls_sanitize_string( $keyword ) );
  9. $title = yourls_escape( yourls_sanitize_title( $title ) );
in includes/functions.php, line 367
  1. /**
  2. * Update a title link (no checks for duplicates etc..)
  3. *
  4. */
  5. function yourls_edit_link_title( $keyword, $title ) {

    yourls_edit_link_title() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. // Allow plugins to short-circuit the whole function
  7. $pre = yourls_apply_filter( 'shunt_edit_link_title', null, $keyword, $title );
  8. if ( null !== $pre )
  9. return $pre;
in includes/functions.php, line 373
  1. // Allow plugins to short-circuit the whole function
  2. $pre = yourls_apply_filter( 'shunt_edit_link_title', null, $keyword, $title );
  3. if ( null !== $pre )
  4. return $pre;
  5. global $ydb;

    $ydb adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. $keyword = yourls_escape( yourls_sanitize_keyword( $keyword ) );
  7. $title = yourls_escape( yourls_sanitize_title( $title ) );
  8. $table = YOURLS_DB_TABLE_URL;
in includes/functions.php, line 389
  1. /**
  2. * Check if keyword id is free (ie not already taken, and not reserved). Return bool.
  3. *
  4. */
  5. function yourls_keyword_is_free( $keyword ) {

    yourls_keyword_is_free() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. $free = true;
  7. if ( yourls_keyword_is_reserved( $keyword ) or yourls_keyword_is_taken( $keyword ) )
  8. $free = false;
  9. return yourls_apply_filter( 'keyword_is_free', $free, $keyword );
in includes/functions.php, line 401
  1. /**
  2. * Check if a keyword is taken (ie there is already a short URL with this id). Return bool.
  3. *
  4. */
  5. function yourls_keyword_is_taken( $keyword ) {

    yourls_keyword_is_taken() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. // Allow plugins to short-circuit the whole function
  7. $pre = yourls_apply_filter( 'shunt_keyword_is_taken', false, $keyword );
  8. if ( false !== $pre )
  9. return $pre;
in includes/functions.php, line 408
  1. // Allow plugins to short-circuit the whole function
  2. $pre = yourls_apply_filter( 'shunt_keyword_is_taken', false, $keyword );
  3. if ( false !== $pre )
  4. return $pre;
  5. global $ydb;

    $ydb adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. $keyword = yourls_escape( yourls_sanitize_keyword( $keyword ) );
  7. $taken = false;
  8. $table = YOURLS_DB_TABLE_URL;
  9. $already_exists = $ydb->get_var( "SELECT COUNT(`keyword`) FROM `$table` WHERE `keyword` = '$keyword';" );
  10. if ( $already_exists )
in includes/functions.php, line 423
  1. /**
  2. * Return XML output.
  3. *
  4. */
  5. function yourls_xml_encode( $array ) {

    yourls_xml_encode() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. require_once( YOURLS_INC.'/functions-xml.php' );
  7. $converter= new yourls_array2xml;
  8. return $converter->array2xml( $array );
  9. }
in includes/functions.php, line 433
  1. /**
  2. * Return array of all information associated with keyword. Returns false if keyword not found. Set optional $use_cache to false to force fetching from DB
  3. *
  4. */
  5. function yourls_get_keyword_infos( $keyword, $use_cache = true ) {

    yourls_get_keyword_infos() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. global $ydb;
  7. $keyword = yourls_escape( yourls_sanitize_string( $keyword ) );
  8. yourls_do_action( 'pre_get_keyword', $keyword, $use_cache );
in includes/functions.php, line 434
  1. /**
  2. * Return array of all information associated with keyword. Returns false if keyword not found. Set optional $use_cache to false to force fetching from DB
  3. *
  4. */
  5. function yourls_get_keyword_infos( $keyword, $use_cache = true ) {
  6. global $ydb;

    $ydb adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  7. $keyword = yourls_escape( yourls_sanitize_string( $keyword ) );
  8. yourls_do_action( 'pre_get_keyword', $keyword, $use_cache );
  9. if( isset( $ydb->infos[$keyword] ) && $use_cache == true ) {
in includes/functions.php, line 462
  1. /**
  2. * Return (string) selected information associated with a keyword. Optional $notfound = string default message if nothing found
  3. *
  4. */
  5. function yourls_get_keyword_info( $keyword, $field, $notfound = false ) {

    yourls_get_keyword_info() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. // Allow plugins to short-circuit the whole function
  7. $pre = yourls_apply_filter( 'shunt_get_keyword_info', false, $keyword, $field, $notfound );
  8. if ( false !== $pre )
  9. return $pre;
in includes/functions.php, line 483
  1. /**
  2. * Return title associated with keyword. Optional $notfound = string default message if nothing found
  3. *
  4. */
  5. function yourls_get_keyword_title( $keyword, $notfound = false ) {

    yourls_get_keyword_title() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. return yourls_get_keyword_info( $keyword, 'title', $notfound );
  7. }
  8. /**
  9. * Return long URL associated with keyword. Optional $notfound = string default message if nothing found
in includes/functions.php, line 491
  1. /**
  2. * Return long URL associated with keyword. Optional $notfound = string default message if nothing found
  3. *
  4. */
  5. function yourls_get_keyword_longurl( $keyword, $notfound = false ) {

    yourls_get_keyword_longurl() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. return yourls_get_keyword_info( $keyword, 'url', $notfound );
  7. }
  8. /**
  9. * Return number of clicks on a keyword. Optional $notfound = string default message if nothing found
in includes/functions.php, line 499
  1. /**
  2. * Return number of clicks on a keyword. Optional $notfound = string default message if nothing found
  3. *
  4. */
  5. function yourls_get_keyword_clicks( $keyword, $notfound = false ) {

    yourls_get_keyword_clicks() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. return yourls_get_keyword_info( $keyword, 'clicks', $notfound );
  7. }
  8. /**
  9. * Return IP that added a keyword. Optional $notfound = string default message if nothing found
in includes/functions.php, line 507
  1. /**
  2. * Return IP that added a keyword. Optional $notfound = string default message if nothing found
  3. *
  4. */
  5. function yourls_get_keyword_IP( $keyword, $notfound = false ) {

    yourls_get_keyword_IP() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. return yourls_get_keyword_info( $keyword, 'ip', $notfound );
  7. }
  8. /**
  9. * Return timestamp associated with a keyword. Optional $notfound = string default message if nothing found
in includes/functions.php, line 515
  1. /**
  2. * Return timestamp associated with a keyword. Optional $notfound = string default message if nothing found
  3. *
  4. */
  5. function yourls_get_keyword_timestamp( $keyword, $notfound = false ) {

    yourls_get_keyword_timestamp() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. return yourls_get_keyword_info( $keyword, 'timestamp', $notfound );
  7. }
  8. /**
  9. * Update click count on a short URL. Return 0/1 for error/success.
in includes/functions.php, line 523
  1. /**
  2. * Update click count on a short URL. Return 0/1 for error/success.
  3. *
  4. */
  5. function yourls_update_clicks( $keyword, $clicks = false ) {

    yourls_update_clicks() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. // Allow plugins to short-circuit the whole function
  7. $pre = yourls_apply_filter( 'shunt_update_clicks', false, $keyword, $clicks );
  8. if ( false !== $pre )
  9. return $pre;
in includes/functions.php, line 529
  1. // Allow plugins to short-circuit the whole function
  2. $pre = yourls_apply_filter( 'shunt_update_clicks', false, $keyword, $clicks );
  3. if ( false !== $pre )
  4. return $pre;
  5. global $ydb;

    $ydb adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. $keyword = yourls_escape( yourls_sanitize_string( $keyword ) );
  7. $table = YOURLS_DB_TABLE_URL;
  8. if ( $clicks !== false && is_int( $clicks ) && $clicks >= 0 )
  9. $update = $ydb->query( "UPDATE `$table` SET `clicks` = $clicks WHERE `keyword` = '$keyword'" );
  10. else
in includes/functions.php, line 545
  1. /**
  2. * Return array of stats. (string)$filter is 'bottom', 'last', 'rand' or 'top'. (int)$limit is the number of links to return
  3. *
  4. */
  5. function yourls_get_stats( $filter = 'top', $limit = 10, $start = 0 ) {

    yourls_get_stats() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. global $ydb;
  7. switch( $filter ) {
  8. case 'bottom':
  9. $sort_by = 'clicks';
in includes/functions.php, line 546
  1. /**
  2. * Return array of stats. (string)$filter is 'bottom', 'last', 'rand' or 'top'. (int)$limit is the number of links to return
  3. *
  4. */
  5. function yourls_get_stats( $filter = 'top', $limit = 10, $start = 0 ) {
  6. global $ydb;

    $ydb adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  7. switch( $filter ) {
  8. case 'bottom':
  9. $sort_by = 'clicks';
  10. $sort_order = 'asc';
in includes/functions.php, line 603
  1. /**
  2. * Return array of stats. (string)$filter is 'bottom', 'last', 'rand' or 'top'. (int)$limit is the number of links to return
  3. *
  4. */
  5. function yourls_get_link_stats( $shorturl ) {

    yourls_get_link_stats() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. global $ydb;
  7. $table_url = YOURLS_DB_TABLE_URL;
  8. $shorturl = yourls_escape( yourls_sanitize_keyword( $shorturl ) );
in includes/functions.php, line 604
  1. /**
  2. * Return array of stats. (string)$filter is 'bottom', 'last', 'rand' or 'top'. (int)$limit is the number of links to return
  3. *
  4. */
  5. function yourls_get_link_stats( $shorturl ) {
  6. global $ydb;

    $ydb adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  7. $table_url = YOURLS_DB_TABLE_URL;
  8. $shorturl = yourls_escape( yourls_sanitize_keyword( $shorturl ) );
  9. $res = $ydb->get_row( "SELECT * FROM `$table_url` WHERE keyword = '$shorturl';" );
in includes/functions.php, line 643
  1. *
  2. * IMPORTANT NOTE: make sure arguments for the $where clause have been sanitized and yourls_escape()'d
  3. * before calling this function.
  4. *
  5. */
  6. function yourls_get_db_stats( $where = '' ) {

    yourls_get_db_stats() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  7. global $ydb;
  8. $table_url = YOURLS_DB_TABLE_URL;
  9. $totals = $ydb->get_row( "SELECT COUNT(keyword) as count, SUM(clicks) as sum FROM `$table_url` WHERE 1=1 $where" );
  10. $return = array( 'total_links' => $totals->count, 'total_clicks' => $totals->sum );
in includes/functions.php, line 644
  1. * IMPORTANT NOTE: make sure arguments for the $where clause have been sanitized and yourls_escape()'d
  2. * before calling this function.
  3. *
  4. */
  5. function yourls_get_db_stats( $where = '' ) {
  6. global $ydb;

    $ydb adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  7. $table_url = YOURLS_DB_TABLE_URL;
  8. $totals = $ydb->get_row( "SELECT COUNT(keyword) as count, SUM(clicks) as sum FROM `$table_url` WHERE 1=1 $where" );
  9. $return = array( 'total_links' => $totals->count, 'total_clicks' => $totals->sum );
in includes/functions.php, line 657
  1. /**
  2. * Get number of SQL queries performed
  3. *
  4. */
  5. function yourls_get_num_queries() {

    yourls_get_num_queries() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. global $ydb;
  7. return yourls_apply_filter( 'get_num_queries', $ydb->num_queries );
  8. }
in includes/functions.php, line 658
  1. /**
  2. * Get number of SQL queries performed
  3. *
  4. */
  5. function yourls_get_num_queries() {
  6. global $ydb;

    $ydb adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  7. return yourls_apply_filter( 'get_num_queries', $ydb->num_queries );
  8. }
  9. /**
in includes/functions.php, line 667
  1. /**
  2. * Returns a sanitized a user agent string. Given what I found on http://www.user-agents.org/ it should be OK.
  3. *
  4. */
  5. function yourls_get_user_agent() {

    yourls_get_user_agent() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. if ( !isset( $_SERVER['HTTP_USER_AGENT'] ) )
  7. return '-';
  8. $ua = strip_tags( html_entity_decode( $_SERVER['HTTP_USER_AGENT'] ));
  9. $ua = preg_replace('![^0-9a-zA-Z\':., /{}\(\)\[\]\+@&\!\?;_\-=~\*\#]!', '', $ua );
in includes/functions.php, line 681
  1. /**
  2. * Redirect to another page
  3. *
  4. */
  5. function yourls_redirect( $location, $code = 301 ) {

    yourls_redirect() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. yourls_do_action( 'pre_redirect', $location, $code );
  7. $location = yourls_apply_filter( 'redirect_location', $location, $code );
  8. $code = yourls_apply_filter( 'redirect_code', $code, $location );
  9. // Redirect, either properly if possible, or via Javascript otherwise
  10. if( !headers_sent() ) {
in includes/functions.php, line 702
  1. *
  2. * @since 1.4
  3. * @param int $code status header code
  4. * @return bool whether header was sent
  5. */
  6. function yourls_status_header( $code = 200 ) {

    yourls_status_header() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  7. yourls_do_action( 'status_header', $code );
  8. if( headers_sent() )
  9. return false;
in includes/functions.php, line 724
  1. /**
  2. * Redirect to another page using Javascript. Set optional (bool)$dontwait to false to force manual redirection (make sure a message has been read by user)
  3. *
  4. */
  5. function yourls_redirect_javascript( $location, $dontwait = true ) {

    yourls_redirect_javascript() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. yourls_do_action( 'pre_redirect_javascript', $location, $dontwait );
  7. $location = yourls_apply_filter( 'redirect_javascript', $location, $dontwait );
  8. if( $dontwait ) {
  9. $message = yourls_s( 'if you are not redirected after 10 seconds, please <a href="%s">click here</a>', $location );
  10. echo <<<REDIR
in includes/functions.php, line 745
  1. /**
  2. * Return a HTTP status code
  3. *
  4. */
  5. function yourls_get_HTTP_status( $code ) {

    yourls_get_HTTP_status() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. $code = intval( $code );
  7. $headers_desc = array(
  8. 100 => 'Continue',
  9. 101 => 'Switching Protocols',
  10. 102 => 'Processing',
in includes/functions.php, line 821
  1. *
  2. * @since 1.4
  3. * @param string $keyword short URL keyword
  4. * @return mixed Result of the INSERT query (1 on success)
  5. */
  6. function yourls_log_redirect( $keyword ) {

    yourls_log_redirect() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  7. // Allow plugins to short-circuit the whole function
  8. $pre = yourls_apply_filter( 'shunt_log_redirect', false, $keyword );
  9. if ( false !== $pre )
  10. return $pre;
in includes/functions.php, line 830
  1. return $pre;
  2. if ( !yourls_do_log_redirect() )
  3. return true;
  4. global $ydb;

    $ydb adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  5. $table = YOURLS_DB_TABLE_LOG;
  6. $now = date( 'Y-m-d H:i:s' );
  7. $keyword = yourls_escape( yourls_sanitize_string( $keyword ) );
  8. $referrer = ( isset( $_SERVER['HTTP_REFERER'] ) ? yourls_escape( yourls_sanitize_url_safe( $_SERVER['HTTP_REFERER'] ) ) : 'direct' );
in includes/functions.php, line 847
  1. /**
  2. * Check if we want to not log redirects (for stats)
  3. *
  4. */
  5. function yourls_do_log_redirect() {

    yourls_do_log_redirect() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. return ( !defined( 'YOURLS_NOSTATS' ) || YOURLS_NOSTATS != true );
  7. }
  8. /**
  9. * Converts an IP to a 2 letter country code, using GeoIP database if available in includes/geo/
in includes/functions.php, line 859
  1. * @since 1.4
  2. * @param string $ip IP or, if empty string, will be current user IP
  3. * @param string $defaut Default string to return if IP doesn't resolve to a country (malformed, private IP...)
  4. * @return string 2 letter country code (eg 'US') or $default
  5. */
  6. function yourls_geo_ip_to_countrycode( $ip = '', $default = '' ) {

    yourls_geo_ip_to_countrycode() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  7. // Allow plugins to short-circuit the Geo IP API
  8. $location = yourls_apply_filter( 'shunt_geo_ip_to_countrycode', false, $ip, $default ); // at this point $ip can be '', check if your plugin hooks in here
  9. if ( false !== $location )
  10. return $location;
in includes/functions.php, line 899
  1. /**
  2. * Converts a 2 letter country code to long name (ie AU -> Australia)
  3. *
  4. */
  5. function yourls_geo_countrycode_to_countryname( $code ) {

    yourls_geo_countrycode_to_countryname() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. // Allow plugins to short-circuit the Geo IP API
  7. $country = yourls_apply_filter( 'shunt_geo_countrycode_to_countryname', false, $code );
  8. if ( false !== $country )
  9. return $country;
in includes/functions.php, line 924
  1. /**
  2. * Return flag URL from 2 letter country code
  3. *
  4. */
  5. function yourls_geo_get_flag( $code ) {

    yourls_geo_get_flag() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. if( file_exists( YOURLS_INC.'/geo/flags/flag_'.strtolower($code).'.gif' ) ) {
  7. $img = yourls_match_current_protocol( YOURLS_SITE.'/includes/geo/flags/flag_'.( strtolower( $code ) ).'.gif' );
  8. } else {
  9. $img = false;
  10. }
in includes/functions.php, line 938
  1. /**
  2. * Check if an upgrade is needed
  3. *
  4. */
  5. function yourls_upgrade_is_needed() {

    yourls_upgrade_is_needed() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. // check YOURLS_DB_VERSION exist && match values stored in YOURLS_DB_TABLE_OPTIONS
  7. list( $currentver, $currentsql ) = yourls_get_current_version_from_sql();
  8. if( $currentsql < YOURLS_DB_VERSION )
  9. return true;
in includes/functions.php, line 951
  1. /**
  2. * Get current version & db version as stored in the options DB. Prior to 1.4 there's no option table.
  3. *
  4. */
  5. function yourls_get_current_version_from_sql() {

    yourls_get_current_version_from_sql() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. $currentver = yourls_get_option( 'version' );
  7. $currentsql = yourls_get_option( 'db_version' );
  8. // Values if version is 1.3
  9. if( !$currentver )
in includes/functions.php, line 974
  1. * @since 1.4
  2. * @param string $option Option name. Expected to not be SQL-escaped.
  3. * @param mixed $default Optional value to return if option doesn't exist. Default false.
  4. * @return mixed Value set for the option.
  5. */
  6. function yourls_get_option( $option_name, $default = false ) {

    yourls_get_option() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  7. global $ydb;
  8. // Allow plugins to short-circuit options
  9. $pre = yourls_apply_filter( 'shunt_option_'.$option_name, false );
  10. if ( false !== $pre )
in includes/functions.php, line 975
  1. * @param string $option Option name. Expected to not be SQL-escaped.
  2. * @param mixed $default Optional value to return if option doesn't exist. Default false.
  3. * @return mixed Value set for the option.
  4. */
  5. function yourls_get_option( $option_name, $default = false ) {
  6. global $ydb;

    $ydb adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  7. // Allow plugins to short-circuit options
  8. $pre = yourls_apply_filter( 'shunt_option_'.$option_name, false );
  9. if ( false !== $pre )
  10. return $pre;
in includes/functions.php, line 1008
  1. * It's also a simple check whether YOURLS is installed or not (no option = assuming not installed) after
  2. * a check for DB server reachability has been performed
  3. *
  4. * @since 1.4
  5. */
  6. function yourls_get_all_options() {

    yourls_get_all_options() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  7. global $ydb;
  8. // Allow plugins to short-circuit all options. (Note: regular plugins are loaded after all options)
  9. $pre = yourls_apply_filter( 'shunt_all_options', false );
  10. if ( false !== $pre )
in includes/functions.php, line 1009
  1. * a check for DB server reachability has been performed
  2. *
  3. * @since 1.4
  4. */
  5. function yourls_get_all_options() {
  6. global $ydb;

    $ydb adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  7. // Allow plugins to short-circuit all options. (Note: regular plugins are loaded after all options)
  8. $pre = yourls_apply_filter( 'shunt_all_options', false );
  9. if ( false !== $pre )
  10. return $pre;
in includes/functions.php, line 1046
  1. * @since 1.4
  2. * @param string $option Option name. Expected to not be SQL-escaped.
  3. * @param mixed $newvalue Option value. Must be serializable if non-scalar. Expected to not be SQL-escaped.
  4. * @return bool False if value was not updated, true otherwise.
  5. */
  6. function yourls_update_option( $option_name, $newvalue ) {

    yourls_update_option() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  7. global $ydb;
  8. $table = YOURLS_DB_TABLE_OPTIONS;
  9. $option_name = trim( $option_name );
  10. if ( empty( $option_name ) )
in includes/functions.php, line 1047
  1. * @param string $option Option name. Expected to not be SQL-escaped.
  2. * @param mixed $newvalue Option value. Must be serializable if non-scalar. Expected to not be SQL-escaped.
  3. * @return bool False if value was not updated, true otherwise.
  4. */
  5. function yourls_update_option( $option_name, $newvalue ) {
  6. global $ydb;

    $ydb adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  7. $table = YOURLS_DB_TABLE_OPTIONS;
  8. $option_name = trim( $option_name );
  9. if ( empty( $option_name ) )
  10. return false;
in includes/functions.php, line 1094
  1. * @since 1.4
  2. * @param string $option Name of option to add. Expected to not be SQL-escaped.
  3. * @param mixed $value Optional option value. Must be serializable if non-scalar. Expected to not be SQL-escaped.
  4. * @return bool False if option was not added and true otherwise.
  5. */
  6. function yourls_add_option( $name, $value = '' ) {

    yourls_add_option() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  7. global $ydb;
  8. $table = YOURLS_DB_TABLE_OPTIONS;
  9. $name = trim( $name );
  10. if ( empty( $name ) )
in includes/functions.php, line 1095
  1. * @param string $option Name of option to add. Expected to not be SQL-escaped.
  2. * @param mixed $value Optional option value. Must be serializable if non-scalar. Expected to not be SQL-escaped.
  3. * @return bool False if option was not added and true otherwise.
  4. */
  5. function yourls_add_option( $name, $value = '' ) {
  6. global $ydb;

    $ydb adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  7. $table = YOURLS_DB_TABLE_OPTIONS;
  8. $name = trim( $name );
  9. if ( empty( $name ) )
  10. return false;
in includes/functions.php, line 1131
  1. *
  2. * @since 1.4
  3. * @param string $option Option name to delete. Expected to not be SQL-escaped.
  4. * @return bool True, if option is successfully deleted. False on failure.
  5. */
  6. function yourls_delete_option( $name ) {

    yourls_delete_option() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  7. global $ydb;
  8. $table = YOURLS_DB_TABLE_OPTIONS;
  9. $name = yourls_escape( $name );
  10. // Get the ID, if no ID then return
in includes/functions.php, line 1132
  1. * @since 1.4
  2. * @param string $option Option name to delete. Expected to not be SQL-escaped.
  3. * @return bool True, if option is successfully deleted. False on failure.
  4. */
  5. function yourls_delete_option( $name ) {
  6. global $ydb;

    $ydb adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  7. $table = YOURLS_DB_TABLE_OPTIONS;
  8. $name = yourls_escape( $name );
  9. // Get the ID, if no ID then return
  10. $option = $ydb->get_row( "SELECT option_id FROM `$table` WHERE `option_name` = '$name'" );
in includes/functions.php, line 1156
  1. *
  2. * @since 1.4
  3. * @param mixed $data Data that might be serialized.
  4. * @return mixed A scalar data
  5. */
  6. function yourls_maybe_serialize( $data ) {

    yourls_maybe_serialize() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  7. if ( is_array( $data ) || is_object( $data ) )
  8. return serialize( $data );
  9. if ( yourls_is_serialized( $data, false ) )
  10. return serialize( $data );
in includes/functions.php, line 1174
  1. * @since 1.4
  2. * @param mixed $data Value to check to see if was serialized.
  3. * @param bool $strict Optional. Whether to be strict about the end of the string. Defaults true.
  4. * @return bool False if not serialized and true if it was.
  5. */
  6. function yourls_is_serialized( $data, $strict = true ) {

    yourls_is_serialized() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by ozh
  7. // if it isn't a string, it isn't serialized
  8. if ( ! is_string( $data ) )
  9. return false;
  10. $data = trim( $data );
  11. if ( 'N;' == $data )
in includes/functions.php, line 1231
  1. *
  2. * @since 1.4
  3. * @param string $original Maybe unserialized original, if is needed.
  4. * @return mixed Unserialized data can be any type.
  5. */
  6. function yourls_maybe_unserialize( $original ) {

    yourls_maybe_unserialize() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  7. if ( yourls_is_serialized( $original ) ) // don't attempt to unserialize data that wasn't serialized going in
  8. return @unserialize( $original );
  9. return $original;
  10. }
in includes/functions.php, line 1241
  1. /**
  2. * Determine if the current page is private
  3. *
  4. */
  5. function yourls_is_private() {

    yourls_is_private() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. $private = false;
  7. if ( defined('YOURLS_PRIVATE') && YOURLS_PRIVATE == true ) {
  8. // Allow overruling for particular pages:
in includes/functions.php, line 1272
  1. /**
  2. * Show login form if required
  3. *
  4. */
  5. function yourls_maybe_require_auth() {

    yourls_maybe_require_auth() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. if( yourls_is_private() ) {
  7. yourls_do_action( 'require_auth' );
  8. require_once( YOURLS_INC.'/auth.php' );
  9. } else {
  10. yourls_do_action( 'require_no_auth' );
in includes/functions.php, line 1285
  1. /**
  2. * Allow several short URLs for the same long URL ?
  3. *
  4. */
  5. function yourls_allow_duplicate_longurls() {

    yourls_allow_duplicate_longurls() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. // special treatment if API to check for WordPress plugin requests
  7. if( yourls_is_API() ) {
  8. if ( isset($_REQUEST['source']) && $_REQUEST['source'] == 'plugin' )
  9. return false;
  10. }
in includes/functions.php, line 1303
  1. * @param string $longurl long url
  2. * @param string $sort Optional ORDER BY order (can be 'keyword', 'title', 'timestamp' or'clicks')
  3. * @param string $order Optional SORT order (can be 'ASC' or 'DESC')
  4. * @return array array of keywords
  5. */
  6. function yourls_get_longurl_keywords( $longurl, $sort = 'none', $order = 'ASC' ) {

    yourls_get_longurl_keywords() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by Clayton Daley
  7. global $ydb;
  8. $longurl = yourls_escape( yourls_sanitize_url( $longurl ) );
  9. $table = YOURLS_DB_TABLE_URL;
  10. $query = "SELECT `keyword` FROM `$table` WHERE `url` = '$longurl'";
in includes/functions.php, line 1304
  1. * @param string $sort Optional ORDER BY order (can be 'keyword', 'title', 'timestamp' or'clicks')
  2. * @param string $order Optional SORT order (can be 'ASC' or 'DESC')
  3. * @return array array of keywords
  4. */
  5. function yourls_get_longurl_keywords( $longurl, $sort = 'none', $order = 'ASC' ) {
  6. global $ydb;

    $ydb adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  7. $longurl = yourls_escape( yourls_sanitize_url( $longurl ) );
  8. $table = YOURLS_DB_TABLE_URL;
  9. $query = "SELECT `keyword` FROM `$table` WHERE `url` = '$longurl'";
  10. // Ensure sort is a column in database (@TODO: update verification array if database changes)
in includes/functions.php, line 1323
  1. /**
  2. * Check if an IP shortens URL too fast to prevent DB flood. Return true, or die.
  3. *
  4. */
  5. function yourls_check_IP_flood( $ip = '' ) {

    yourls_check_IP_flood() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. // Allow plugins to short-circuit the whole function
  7. $pre = yourls_apply_filter( 'shunt_check_IP_flood', false, $ip );
  8. if ( false !== $pre )
  9. return $pre;
in includes/functions.php, line 1361
  1. $ip = ( $ip ? yourls_sanitize_ip( $ip ) : yourls_get_IP() );
  2. $ip = yourls_escape( $ip );
  3. yourls_do_action( 'check_ip_flood', $ip );
  4. global $ydb;

    $ydb adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  5. $table = YOURLS_DB_TABLE_URL;
  6. $lasttime = $ydb->get_var( "SELECT `timestamp` FROM $table WHERE `ip` = '$ip' ORDER BY `timestamp` DESC LIMIT 1" );
  7. if( $lasttime ) {
  8. $now = date( 'U' );
in includes/functions.php, line 1384
  1. * Check if YOURLS is installing
  2. *
  3. * @return bool
  4. * @since 1.6
  5. */
  6. function yourls_is_installing() {

    yourls_is_installing() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  7. $installing = defined( 'YOURLS_INSTALLING' ) && YOURLS_INSTALLING == true;
  8. return yourls_apply_filter( 'is_installing', $installing );
  9. }
  10. /**
in includes/functions.php, line 1395
  1. * Check if YOURLS is upgrading
  2. *
  3. * @return bool
  4. * @since 1.6
  5. */
  6. function yourls_is_upgrading() {

    yourls_is_upgrading() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  7. $upgrading = defined( 'YOURLS_UPGRADING' ) && YOURLS_UPGRADING == true;
  8. return yourls_apply_filter( 'is_upgrading', $upgrading );
  9. }
in includes/functions.php, line 1409
  1. * Checks property $ydb->installed that is created by yourls_get_all_options()
  2. *
  3. * See inline comment for updating from 1.3 or prior.
  4. *
  5. */
  6. function yourls_is_installed() {

    yourls_is_installed() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  7. global $ydb;
  8. $is_installed = ( property_exists( $ydb, 'installed' ) && $ydb->installed == true );
  9. return yourls_apply_filter( 'is_installed', $is_installed );
  10. /* Note: this test won't work on YOURLS 1.3 or older (Aug 2009...)
in includes/functions.php, line 1410
  1. *
  2. * See inline comment for updating from 1.3 or prior.
  3. *
  4. */
  5. function yourls_is_installed() {
  6. global $ydb;

    $ydb adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by ozh
  7. $is_installed = ( property_exists( $ydb, 'installed' ) && $ydb->installed == true );
  8. return yourls_apply_filter( 'is_installed', $is_installed );
  9. /* Note: this test won't work on YOURLS 1.3 or older (Aug 2009...)
  10. Should someone complain that they cannot upgrade directly from
in includes/functions.php, line 1424
  1. /**
  2. * Generate random string of (int)$length length and type $type (see function for details)
  3. *
  4. */
  5. function yourls_rnd_string ( $length = 5, $type = 0, $charlist = '' ) {

    yourls_rnd_string() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. $str = '';
  7. $length = intval( $length );
  8. // define possible characters
  9. switch ( $type ) {
in includes/functions.php, line 1477
  1. /**
  2. * Return salted string
  3. *
  4. */
  5. function yourls_salt( $string ) {

    yourls_salt() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. $salt = defined('YOURLS_COOKIEKEY') ? YOURLS_COOKIEKEY : md5(__FILE__) ;
  7. return yourls_apply_filter( 'yourls_salt', md5 ($string . $salt), $string );
  8. }
  9. /**
in includes/functions.php, line 1500
  1. * @param string|array $param1 Either newkey or an associative_array.
  2. * @param string $param2 Either newvalue or oldquery or URI.
  3. * @param string $param3 Optional. Old query or URI.
  4. * @return string New URL query string.
  5. */
  6. function yourls_add_query_arg() {

    yourls_add_query_arg() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  7. $ret = '';
  8. if ( is_array( func_get_arg(0) ) ) {
  9. if ( @func_num_args() < 2 || false === @func_get_arg( 1 ) )
  10. $uri = $_SERVER['REQUEST_URI'];
  11. else
in includes/functions.php, line 1572
  1. /**
  2. * Navigates through an array and encodes the values to be used in a URL. Stolen from WP, used in yourls_add_query_arg()
  3. *
  4. */
  5. function yourls_urlencode_deep( $value ) {

    yourls_urlencode_deep() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. $value = is_array( $value ) ? array_map( 'yourls_urlencode_deep', $value ) : urlencode( $value );
  7. return $value;
  8. }
  9. /**
in includes/functions.php, line 1587
  1. * @since 1.5
  2. * @param string|array $key Query key or keys to remove.
  3. * @param bool|string $query Optional. When false uses the $_SERVER value. Default false.
  4. * @return string New URL query string.
  5. */
  6. function yourls_remove_query_arg( $key, $query = false ) {

    yourls_remove_query_arg() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  7. if ( is_array( $key ) ) { // removing multiple keys
  8. foreach ( $key as $k )
  9. $query = yourls_add_query_arg( $k, false, $query );
  10. return $query;
  11. }
in includes/functions.php, line 1600
  1. /**
  2. * Return a time-dependent string for nonce creation
  3. *
  4. */
  5. function yourls_tick() {

    yourls_tick() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. return ceil( time() / YOURLS_NONCE_LIFE );
  7. }
  8. /**
  9. * Create a time limited, action limited and user limited token
in includes/functions.php, line 1608
  1. /**
  2. * Create a time limited, action limited and user limited token
  3. *
  4. */
  5. function yourls_create_nonce( $action, $user = false ) {

    yourls_create_nonce() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. if( false == $user )
  7. $user = defined( 'YOURLS_USER' ) ? YOURLS_USER : '-1';
  8. $tick = yourls_tick();
  9. return substr( yourls_salt($tick . $action . $user), 0, 10 );
  10. }
in includes/functions.php, line 1619
  1. /**
  2. * Create a nonce field for inclusion into a form
  3. *
  4. */
  5. function yourls_nonce_field( $action, $name = 'nonce', $user = false, $echo = true ) {

    yourls_nonce_field() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. $field = '<input type="hidden" id="'.$name.'" name="'.$name.'" value="'.yourls_create_nonce( $action, $user ).'" />';
  7. if( $echo )
  8. echo $field."\n";
  9. return $field;
  10. }
in includes/functions.php, line 1630
  1. /**
  2. * Add a nonce to a URL. If URL omitted, adds nonce to current URL
  3. *
  4. */
  5. function yourls_nonce_url( $action, $url = false, $name = 'nonce', $user = false ) {

    yourls_nonce_url() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. $nonce = yourls_create_nonce( $action, $user );
  7. return yourls_add_query_arg( $name, $nonce, $url );
  8. }
  9. /**
in includes/functions.php, line 1642
  1. *
  2. * Returns true if valid, dies otherwise (yourls_die() or die($return) if defined)
  3. * if $nonce is false or unspecified, it will use $_REQUEST['nonce']
  4. *
  5. */
  6. function yourls_verify_nonce( $action, $nonce = false, $user = false, $return = '' ) {

    yourls_verify_nonce() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  7. // get user
  8. if( false == $user )
  9. $user = defined( 'YOURLS_USER' ) ? YOURLS_USER : '-1';
  10. // get current nonce value
in includes/functions.php, line 1667
  1. /**
  2. * Converts keyword into short link (prepend with YOURLS base URL)
  3. *
  4. */
  5. function yourls_link( $keyword = '' ) {

    yourls_link() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. $link = YOURLS_SITE . '/' . yourls_sanitize_keyword( $keyword );
  7. return yourls_apply_filter( 'yourls_link', $link, $keyword );
  8. }
  9. /**
in includes/functions.php, line 1676
  1. /**
  2. * Converts keyword into stat link (prepend with YOURLS base URL, append +)
  3. *
  4. */
  5. function yourls_statlink( $keyword = '' ) {

    yourls_statlink() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. $link = YOURLS_SITE . '/' . yourls_sanitize_keyword( $keyword ) . '+';
  7. if( yourls_is_ssl() )
  8. $link = yourls_set_url_scheme( $link, 'https' );
  9. return yourls_apply_filter( 'yourls_statlink', $link, $keyword );
  10. }
in includes/functions.php, line 1687
  1. /**
  2. * Check if we're in API mode. Returns bool
  3. *
  4. */
  5. function yourls_is_API() {

    yourls_is_API() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. $return = defined( 'YOURLS_API' ) && YOURLS_API == true;
  7. return yourls_apply_filter( 'is_API', $return );
  8. }
  9. /**
in includes/functions.php, line 1696
  1. /**
  2. * Check if we're in Ajax mode. Returns bool
  3. *
  4. */
  5. function yourls_is_Ajax() {

    yourls_is_Ajax() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. $return = defined( 'YOURLS_AJAX' ) && YOURLS_AJAX == true;
  7. return yourls_apply_filter( 'is_Ajax', $return );
  8. }
  9. /**
in includes/functions.php, line 1705
  1. /**
  2. * Check if we're in GO mode (yourls-go.php). Returns bool
  3. *
  4. */
  5. function yourls_is_GO() {

    yourls_is_GO() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. $return = defined( 'YOURLS_GO' ) && YOURLS_GO == true;
  7. return yourls_apply_filter( 'is_GO', $return );
  8. }
  9. /**
in includes/functions.php, line 1714
  1. /**
  2. * Check if we're displaying stats infos (yourls-infos.php). Returns bool
  3. *
  4. */
  5. function yourls_is_infos() {

    yourls_is_infos() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. $return = defined( 'YOURLS_INFOS' ) && YOURLS_INFOS == true;
  7. return yourls_apply_filter( 'is_infos', $return );
  8. }
  9. /**
in includes/functions.php, line 1723
  1. /**
  2. * Check if we're in the admin area. Returns bool
  3. *
  4. */
  5. function yourls_is_admin() {

    yourls_is_admin() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. $return = defined( 'YOURLS_ADMIN' ) && YOURLS_ADMIN == true;
  7. return yourls_apply_filter( 'is_admin', $return );
  8. }
  9. /**
in includes/functions.php, line 1732
  1. /**
  2. * Check if the server seems to be running on Windows. Not exactly sure how reliable this is.
  3. *
  4. */
  5. function yourls_is_windows() {

    yourls_is_windows() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. return defined( 'DIRECTORY_SEPARATOR' ) && DIRECTORY_SEPARATOR == '\\';
  7. }
  8. /**
  9. * Check if SSL is required. Returns bool.
in includes/functions.php, line 1740
  1. /**
  2. * Check if SSL is required. Returns bool.
  3. *
  4. */
  5. function yourls_needs_ssl() {

    yourls_needs_ssl() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. $return = defined('YOURLS_ADMIN_SSL') && YOURLS_ADMIN_SSL == true;
  7. return yourls_apply_filter( 'needs_ssl', $return );
  8. }
  9. /**
in includes/functions.php, line 1749
  1. /**
  2. * Return admin link, with SSL preference if applicable.
  3. *
  4. */
  5. function yourls_admin_url( $page = '' ) {

    yourls_admin_url() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. $admin = YOURLS_SITE . '/admin/' . $page;
  7. if( yourls_is_ssl() or yourls_needs_ssl() ) {
  8. $admin = yourls_set_url_scheme( $admin, 'https' );
  9. }
  10. return yourls_apply_filter( 'admin_url', $admin, $page );
in includes/functions.php, line 1761
  1. /**
  2. * Return YOURLS_SITE or URL under YOURLS setup, with SSL preference
  3. *
  4. */
  5. function yourls_site_url( $echo = true, $url = '' ) {

    yourls_site_url() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. $url = yourls_get_relative_url( $url );
  7. $url = trim( YOURLS_SITE . '/' . $url, '/' );
  8. // Do not enforce (checking yourls_need_ssl() ) but check current usage so it won't force SSL on non-admin pages
  9. if( yourls_is_ssl() ) {
in includes/functions.php, line 1780
  1. /**
  2. * Check if SSL is used, returns bool. Stolen from WP.
  3. *
  4. */
  5. function yourls_is_ssl() {

    yourls_is_ssl() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. $is_ssl = false;
  7. if ( isset( $_SERVER['HTTPS'] ) ) {
  8. if ( 'on' == strtolower( $_SERVER['HTTPS'] ) )
  9. $is_ssl = true;
  10. if ( '1' == $_SERVER['HTTPS'] )
in includes/functions.php, line 1803
  1. * Charset in use is guessed from HTML meta tag, or if not found, from server's 'content-type' response.
  2. *
  3. * @param string $url URL
  4. * @return string Title (sanitized) or the URL if no title found
  5. */
  6. function yourls_get_remote_title( $url ) {

    yourls_get_remote_title() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  7. // Allow plugins to short-circuit the whole function
  8. $pre = yourls_apply_filter( 'shunt_get_remote_title', false, $url );
  9. if ( false !== $pre )
  10. return $pre;
in includes/functions.php, line 1877
  1. /**
  2. * Quick UA check for mobile devices. Return boolean.
  3. *
  4. */
  5. function yourls_is_mobile_device() {

    yourls_is_mobile_device() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. // Strings searched
  7. $mobiles = array(
  8. 'android', 'blackberry', 'blazer',
  9. 'compal', 'elaine', 'fennec', 'hiptop',
  10. 'iemobile', 'iphone', 'ipod', 'ipad',
in includes/functions.php, line 1900
  1. /**
  2. * Get request in YOURLS base (eg in 'http://sho.rt/yourls/abcd' get 'abdc')
  3. *
  4. */
  5. function yourls_get_request() {

    yourls_get_request() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. // Allow plugins to short-circuit the whole function
  7. $pre = yourls_apply_filter( 'shunt_get_request', false );
  8. if ( false !== $pre )
  9. return $pre;
in includes/functions.php, line 1930
  1. /**
  2. * Change protocol to match current scheme used (http or https)
  3. *
  4. */
  5. function yourls_match_current_protocol( $url, $normal = 'http://', $ssl = 'https://' ) {

    yourls_match_current_protocol() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by ozh
  6. if( yourls_is_ssl() )
  7. $url = str_replace( $normal, $ssl, $url );
  8. return yourls_apply_filter( 'match_current_protocol', $url );
  9. }
in includes/functions.php, line 1940
  1. /**
  2. * Fix $_SERVER['REQUEST_URI'] variable for various setups. Stolen from WP.
  3. *
  4. */
  5. function yourls_fix_request_uri() {

    yourls_fix_request_uri() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. $default_server_values = array(
  7. 'SERVER_SOFTWARE' => '',
  8. 'REQUEST_URI' => '',
  9. );
in includes/functions.php, line 1983
  1. /**
  2. * Shutdown function, runs just before PHP shuts down execution. Stolen from WP
  3. *
  4. */
  5. function yourls_shutdown() {

    yourls_shutdown() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. yourls_do_action( 'shutdown' );
  7. }
  8. /**
  9. * Auto detect custom favicon in /user directory, fallback to YOURLS favicon, and echo/return its URL
in includes/functions.php, line 1991
  1. /**
  2. * Auto detect custom favicon in /user directory, fallback to YOURLS favicon, and echo/return its URL
  3. *
  4. */
  5. function yourls_favicon( $echo = true ) {

    yourls_favicon() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. static $favicon = null;
  7. if( $favicon !== null ) {
  8. if( $echo ) {
  9. echo $favicon;
in includes/functions.php, line 2026
  1. /**
  2. * Check for maintenance mode. If yes, die. See yourls_maintenance_mode(). Stolen from WP.
  3. *
  4. */
  5. function yourls_check_maintenance_mode() {

    yourls_check_maintenance_mode() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. $file = YOURLS_ABSPATH . '/.maintenance' ;
  7. if ( !file_exists( $file ) || yourls_is_upgrading() || yourls_is_installing() )
  8. return;
in includes/functions.php, line 2032
  1. $file = YOURLS_ABSPATH . '/.maintenance' ;
  2. if ( !file_exists( $file ) || yourls_is_upgrading() || yourls_is_installing() )
  3. return;
  4. global $maintenance_start;

    $maintenance_start adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  5. include_once( $file );
  6. // If the $maintenance_start timestamp is older than 10 minutes, don't die.
  7. if ( ( time() - $maintenance_start ) >= 600 )
  8. return;
in includes/functions.php, line 2059
  1. * Return current admin page, or null if not an admin page
  2. *
  3. * @return mixed string if admin page, null if not an admin page
  4. * @since 1.6
  5. */
  6. function yourls_current_admin_page() {

    yourls_current_admin_page() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  7. if( yourls_is_admin() ) {
  8. $current = substr( yourls_get_request(), 6 );
  9. if( $current === false )
  10. $current = 'index.php'; // if current page is http://sho.rt/admin/ instead of http://sho.rt/admin/index.php
in includes/functions.php, line 2084
  1. *
  2. * @param string $url URL to be check
  3. * @param array $protocols Optional. Array of protocols, defaults to global $yourls_allowedprotocols
  4. * @return boolean true if protocol allowed, false otherwise
  5. */
  6. function yourls_is_allowed_protocol( $url, $protocols = array() ) {

    yourls_is_allowed_protocol() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  7. if( ! $protocols ) {
  8. global $yourls_allowedprotocols;
  9. $protocols = $yourls_allowedprotocols;
  10. }
in includes/functions.php, line 2086
  1. * @param array $protocols Optional. Array of protocols, defaults to global $yourls_allowedprotocols
  2. * @return boolean true if protocol allowed, false otherwise
  3. */
  4. function yourls_is_allowed_protocol( $url, $protocols = array() ) {
  5. if( ! $protocols ) {
  6. global $yourls_allowedprotocols;

    $yourls_allowedprotocols adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  7. $protocols = $yourls_allowedprotocols;
  8. }
  9. $protocol = yourls_get_protocol( $url );
  10. return yourls_apply_filter( 'is_allowed_protocol', in_array( $protocol, $protocols ), $url, $protocols );
in includes/functions.php, line 2109
  1. * @since 1.6
  2. *
  3. * @param string $url URL to be check
  4. * @return string Protocol, with slash slash if applicable. Empty string if no protocol
  5. */
  6. function yourls_get_protocol( $url ) {

    yourls_get_protocol() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  7. preg_match( '!^[a-zA-Z][a-zA-Z0-9\+\.-]+:(//)?!', $url, $matches );
  8. /*
  9. http://en.wikipedia.org/wiki/URI_scheme#Generic_syntax
  10. The scheme name consists of a sequence of characters beginning with a letter and followed by any
  11. combination of letters, digits, plus ("+"), period ("."), or hyphen ("-"). Although schemes are
in includes/functions.php, line 2133
  1. * @since 1.6
  2. * @param string $url URL to relativize
  3. * @param bool $strict if true and if URL isn't relative to YOURLS install, return empty string
  4. * @return string URL
  5. */
  6. function yourls_get_relative_url( $url, $strict = true ) {

    yourls_get_relative_url() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  7. $url = yourls_sanitize_url( $url );
  8. // Remove protocols to make it easier
  9. $noproto_url = str_replace( 'https:', 'http:', $url );
  10. $noproto_site = str_replace( 'https:', 'http:', YOURLS_SITE );
in includes/functions.php, line 2169
  1. *
  2. * @param string $function The function that was called
  3. * @param string $version The version of WordPress that deprecated the function
  4. * @param string $replacement Optional. The function that should have been called
  5. */
  6. function yourls_deprecated_function( $function, $version, $replacement = null ) {

    yourls_deprecated_function() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  7. yourls_do_action( 'deprecated_function', $function, $replacement, $version );
  8. // Allow plugin to filter the output error trigger
  9. if ( YOURLS_DEBUG && yourls_apply_filter( 'deprecated_function_trigger_error', true ) ) {
in includes/functions.php, line 2191
  1. *
  2. * @since 1.6
  3. * @param mixed $val Value to test against ''
  4. * @return bool True if not an empty string
  5. */
  6. function yourls_return_if_not_empty_string( $val ) {

    yourls_return_if_not_empty_string() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  7. return( $val !== '' );
  8. }
  9. /**
  10. * Returns true.
in includes/functions.php, line 2203
  1. * Useful for returning true to filters easily.
  2. *
  3. * @since 1.7.1
  4. * @return bool True.
  5. */
  6. function yourls_return_true() {

    yourls_return_true() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by ozh
  7. return true;
  8. }
  9. /**
  10. * Returns false.
in includes/functions.php, line 2215
  1. * Useful for returning false to filters easily.
  2. *
  3. * @since 1.7.1
  4. * @return bool False.
  5. */
  6. function yourls_return_false() {

    yourls_return_false() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by ozh
  7. return false;
  8. }
  9. /**
  10. * Returns 0.
in includes/functions.php, line 2227
  1. * Useful for returning 0 to filters easily.
  2. *
  3. * @since 1.7.1
  4. * @return int 0.
  5. */
  6. function yourls_return_zero() {

    yourls_return_zero() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by ozh
  7. return 0;
  8. }
  9. /**
  10. * Returns an empty array.
in includes/functions.php, line 2239
  1. * Useful for returning an empty array to filters easily.
  2. *
  3. * @since 1.7.1
  4. * @return array Empty array.
  5. */
  6. function yourls_return_empty_array() {

    yourls_return_empty_array() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by ozh
  7. return array();
  8. }
  9. /**
  10. * Returns null.
in includes/functions.php, line 2251
  1. * Useful for returning null to filters easily.
  2. *
  3. * @since 1.7.1
  4. * @return null Null value.
  5. */
  6. function yourls_return_null() {

    yourls_return_null() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by ozh
  7. return null;
  8. }
  9. /**
  10. * Returns an empty string.
in includes/functions.php, line 2263
  1. * Useful for returning an empty string to filters easily.
  2. *
  3. * @since 1.7.1
  4. * @return string Empty string.
  5. */
  6. function yourls_return_empty_string() {

    yourls_return_empty_string() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by ozh
  7. return '';
  8. }
  9. /**
  10. * Add a message to the debug log
in includes/functions.php, line 2277
  1. *
  2. * @since 1.7
  3. * @param string $msg Message to add to the debug log
  4. * @return string The message itself
  5. */
  6. function yourls_debug_log( $msg ) {

    yourls_debug_log() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by ozh
  7. global $ydb;
  8. $ydb->debug_log[] = $msg;
  9. return $msg;
  10. }
in includes/functions.php, line 2278
  1. * @since 1.7
  2. * @param string $msg Message to add to the debug log
  3. * @return string The message itself
  4. */
  5. function yourls_debug_log( $msg ) {
  6. global $ydb;

    $ydb adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by ozh
  7. $ydb->debug_log[] = $msg;
  8. return $msg;
  9. }
  10. /**
in includes/functions.php, line 2306
  1. * @since 1.7
  2. * @param string $url URL to be parsed
  3. * @param array $array Optional, array of key names to be used in returned array
  4. * @return mixed false if no protocol found, array of ('protocol' , 'slashes', 'rest') otherwise
  5. */
  6. function yourls_get_protocol_slashes_and_rest( $url, $array = array( 'protocol', 'slashes', 'rest' ) ) {

    yourls_get_protocol_slashes_and_rest() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by ozh
  7. $proto = yourls_get_protocol( $url );
  8. if( !$proto or count( $array ) != 3 )
  9. return false;
in includes/functions.php, line 2327
  1. * @since 1.7.1
  2. * @param string $url URL
  3. * @param string $scheme scheme, either 'http' or 'https'
  4. * @return string URL with chosen scheme
  5. */
  6. function yourls_set_url_scheme( $url, $scheme = false ) {

    yourls_set_url_scheme() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by ozh
  7. if( $scheme != 'http' && $scheme != 'https' ) {
  8. return $url;
  9. }
  10. return preg_replace( '!^[a-zA-Z0-9\+\.-]+://!', $scheme . '://', $url );
  11. }
in includes/functions.php, line 2342
  1. * This function checks, if needed, if there's a new version of YOURLS and, if applicable, display
  2. * an update notice.
  3. *
  4. * @since 1.7.3
  5. */
  6. function yourls_tell_if_new_version() {

    yourls_tell_if_new_version() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by ozh
  7. $check = yourls_maybe_check_core_version();
  8. yourls_debug_log( 'Check for new version: ' . ($check ? 'yes' : 'no') );
  9. yourls_new_core_version_notice();
  10. }
in admin/plugins.php, line 21
  1. yourls_verify_nonce( 'manage_plugins', $_REQUEST['nonce'] );
  2. // Check plugin file is valid
  3. if( isset( $_GET['plugin'] ) && yourls_validate_plugin_file( YOURLS_PLUGINDIR.'/'.$_GET['plugin'].'/plugin.php') ) {
  4. global $ydb;

    $ydb adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  5. // Activate / Deactive
  6. switch( $_GET['action'] ) {
  7. case 'activate':
  8. $result = yourls_activate_plugin( $_GET['plugin'].'/plugin.php' );
  9. if( $result === true )
  1. *
  2. * @since 1.7
  3. * @param string $extension Optional: user defined choice
  4. * @return class $ydb DB class instance
  5. */
  6. function yourls_set_DB_driver( ) {

    yourls_set_DB_driver() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by ozh
  7. // Auto-pick the driver. Priority: user defined, then PDO, then mysqli, then mysql
  8. if ( defined( 'YOURLS_DB_DRIVER' ) ) {
  9. $driver = strtolower( YOURLS_DB_DRIVER ); // accept 'MySQL', 'mySQL', etc
  10. } elseif ( extension_loaded( 'pdo_mysql' ) ) {
  1. // Set the new driver
  2. if ( in_array( $driver, array( 'mysql', 'mysqli', 'pdo' ) ) ) {
  3. $class = yourls_require_db_files( $driver );
  4. }
  5. global $ydb;

    $ydb adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by ozh
  6. if ( !class_exists( $class, false ) ) {
  7. $ydb = new stdClass();
  8. yourls_die(
  9. yourls__( 'YOURLS requires the mysql, mysqli or pdo_mysql PHP extension. No extension found. Check your server config, or contact your host.' ),
  1. *
  2. * @since 1.7.1
  3. * @param string $driver DB driver
  4. * @return string name of the DB class to instantiate
  5. */
  6. function yourls_require_db_files( $driver ) {

    yourls_require_db_files() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by ozh
  7. require_once( YOURLS_INC . '/ezSQL/ez_sql_core.php' );
  8. require_once( YOURLS_INC . '/ezSQL/ez_sql_core_yourls.php' );
  9. require_once( YOURLS_INC . '/ezSQL/ez_sql_' . $driver . '.php' );
  10. require_once( YOURLS_INC . '/ezSQL/ez_sql_' . $driver . '_yourls.php' );
  11. return 'ezSQL_' . $driver . '_yourls';
  1. /**
  2. * Connect to DB
  3. *
  4. * @since 1.0
  5. */
  6. function yourls_db_connect() {

    yourls_db_connect() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by ozh
  7. global $ydb;
  8. if ( !defined( 'YOURLS_DB_USER' )
  9. or !defined( 'YOURLS_DB_PASS' )
  10. or !defined( 'YOURLS_DB_NAME' )
  1. * Connect to DB
  2. *
  3. * @since 1.0
  4. */
  5. function yourls_db_connect() {
  6. global $ydb;

    $ydb adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by ozh
  7. if ( !defined( 'YOURLS_DB_USER' )
  8. or !defined( 'YOURLS_DB_PASS' )
  9. or !defined( 'YOURLS_DB_NAME' )
  10. or !defined( 'YOURLS_DB_HOST' )
  1. * This function is supposed to be called right after yourls_get_all_options() has fired. It is not designed (yet) to
  2. * check for a responding server after several successful operation to check if the server has gone MIA
  3. *
  4. * @since 1.7.1
  5. */
  6. function yourls_is_db_alive() {

    yourls_is_db_alive() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by ozh
  7. global $ydb;
  8. $alive = false;
  9. switch( $ydb->DB_driver ) {
  10. case 'pdo' :
  1. * check for a responding server after several successful operation to check if the server has gone MIA
  2. *
  3. * @since 1.7.1
  4. */
  5. function yourls_is_db_alive() {
  6. global $ydb;

    $ydb adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by ozh
  7. $alive = false;
  8. switch( $ydb->DB_driver ) {
  9. case 'pdo' :
  10. $alive = isset( $ydb->dbh );
  1. *
  2. * @TODO in version 1.8 : use a new localized string, specific to the problem (ie: "DB is dead")
  3. *
  4. * @since 1.7.1
  5. */
  6. function yourls_db_dead() {

    yourls_db_dead() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by ozh
  7. // Use any /user/db_error.php file
  8. if( file_exists( YOURLS_USERDIR . '/db_error.php' ) ) {
  9. include_once( YOURLS_USERDIR . '/db_error.php' );
  10. die();
  11. }
  1. <?php
  2. /**
  3. * Check for valid user via login form or stored cookie. Returns true or an error message
  4. *
  5. */
  6. function yourls_is_valid_user() {

    yourls_is_valid_user() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  7. // Allow plugins to short-circuit the whole function
  8. $pre = yourls_apply_filter( 'shunt_is_valid_user', null );
  9. if ( null !== $pre ) {
  10. return $pre;
  11. }
  1. /**
  2. * Check auth against list of login=>pwd. Sets user if applicable, returns bool
  3. *
  4. */
  5. function yourls_check_username_password() {

    yourls_check_username_password() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. global $yourls_user_passwords;
  7. if( isset( $yourls_user_passwords[ $_REQUEST['username'] ] ) && yourls_check_password_hash( $_REQUEST['username'], $_REQUEST['password'] ) ) {
  8. yourls_set_user( $_REQUEST['username'] );
  9. return true;
  10. }
  1. /**
  2. * Check auth against list of login=>pwd. Sets user if applicable, returns bool
  3. *
  4. */
  5. function yourls_check_username_password() {
  6. global $yourls_user_passwords;

    $yourls_user_passwords adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  7. if( isset( $yourls_user_passwords[ $_REQUEST['username'] ] ) && yourls_check_password_hash( $_REQUEST['username'], $_REQUEST['password'] ) ) {
  8. yourls_set_user( $_REQUEST['username'] );
  9. return true;
  10. }
  11. return false;
  1. /**
  2. * Check a submitted password sent in plain text against stored password which can be a salted hash
  3. *
  4. */
  5. function yourls_check_password_hash( $user, $submitted_password ) {

    yourls_check_password_hash() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by ozh
  6. global $yourls_user_passwords;
  7. if( !isset( $yourls_user_passwords[ $user ] ) )
  8. return false;
  1. /**
  2. * Check a submitted password sent in plain text against stored password which can be a salted hash
  3. *
  4. */
  5. function yourls_check_password_hash( $user, $submitted_password ) {
  6. global $yourls_user_passwords;

    $yourls_user_passwords adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by ozh
  7. if( !isset( $yourls_user_passwords[ $user ] ) )
  8. return false;
  9. if ( yourls_has_phpass_password( $user ) ) {
  1. *
  2. * @since 1.7
  3. * @param string $config_file Full path to file
  4. * @return true if overwrite was successful, an error message otherwise
  5. */
  6. function yourls_hash_passwords_now( $config_file ) {

    yourls_hash_passwords_now() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by ozh
  7. if( !is_readable( $config_file ) )
  8. return 'cannot read file'; // not sure that can actually happen...
  9. if( !is_writable( $config_file ) )
  10. return 'cannot write file';
  1. *
  2. * @since 1.7
  3. * @param string $password password to hash
  4. * @return string hashed password
  5. */
  6. function yourls_phpass_hash( $password ) {

    yourls_phpass_hash() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by ozh
  7. $hasher = yourls_phpass_instance();
  8. return $hasher->HashPassword( $password );
  9. }
  10. /**
  1. * @since 1.7
  2. * @param string $password clear (eg submitted in a form) password
  3. * @param string $hash hash supposedly generated by phpass
  4. * @return bool true if the hash matches the password once hashed by phpass, false otherwise
  5. */
  6. function yourls_phpass_check( $password, $hash ) {

    yourls_phpass_check() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by ozh
  7. $hasher = yourls_phpass_instance();
  8. return $hasher->CheckPassword( $password, $hash );
  9. }
  10. /**
  1. * @since 1.7
  2. * @param int $iteration iteration count - 8 is default in phpass
  3. * @param bool $portable flag to force portable (cross platform and system independant) hashes - false to use whatever the system can do best
  4. * @return object a PasswordHash instance
  5. */
  6. function yourls_phpass_instance( $iteration = 8, $portable = false ) {

    yourls_phpass_instance() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by ozh
  7. $iteration = yourls_apply_filter( 'phpass_new_instance_iteration', $iteration );
  8. $portable = yourls_apply_filter( 'phpass_new_instance_portable', $portable );
  9. if( !class_exists( 'Hautelook\Phpass\PasswordHash' ) ) {
  10. require_once( YOURLS_INC.'/phpass/PasswordHash.php' );
  1. * Check to see if any passwords are stored as cleartext.
  2. *
  3. * @since 1.7
  4. * @return bool true if any passwords are cleartext
  5. */
  6. function yourls_has_cleartext_passwords() {

    yourls_has_cleartext_passwords() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by Nic Waller
  7. global $yourls_user_passwords;
  8. foreach ( $yourls_user_passwords as $user => $pwdata ) {
  9. if ( !yourls_has_md5_password( $user ) && !yourls_has_phpass_password( $user ) ) {
  10. return true;
  11. }
  1. *
  2. * @since 1.7
  3. * @return bool true if any passwords are cleartext
  4. */
  5. function yourls_has_cleartext_passwords() {
  6. global $yourls_user_passwords;

    $yourls_user_passwords adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by Nic Waller
  7. foreach ( $yourls_user_passwords as $user => $pwdata ) {
  8. if ( !yourls_has_md5_password( $user ) && !yourls_has_phpass_password( $user ) ) {
  9. return true;
  10. }
  11. }
  1. *
  2. * @since 1.7
  3. * @param string $user user login
  4. * @return bool true if password hashed, false otherwise
  5. */
  6. function yourls_has_md5_password( $user ) {

    yourls_has_md5_password() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by ozh
  7. global $yourls_user_passwords;
  8. return( isset( $yourls_user_passwords[ $user ] )
  9. && substr( $yourls_user_passwords[ $user ], 0, 4 ) == 'md5:'
  10. && strlen( $yourls_user_passwords[ $user ] ) == 42 // http://www.google.com/search?q=the+answer+to+life+the+universe+and+everything
  11. );
  1. * @since 1.7
  2. * @param string $user user login
  3. * @return bool true if password hashed, false otherwise
  4. */
  5. function yourls_has_md5_password( $user ) {
  6. global $yourls_user_passwords;

    $yourls_user_passwords adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by ozh
  7. return( isset( $yourls_user_passwords[ $user ] )
  8. && substr( $yourls_user_passwords[ $user ], 0, 4 ) == 'md5:'
  9. && strlen( $yourls_user_passwords[ $user ] ) == 42 // http://www.google.com/search?q=the+answer+to+life+the+universe+and+everything
  10. );
  11. }
  1. *
  2. * @since 1.7
  3. * @param string $user user login
  4. * @return bool true if password hashed with PHPASS, otherwise false
  5. */
  6. function yourls_has_phpass_password( $user ) {

    yourls_has_phpass_password() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by ozh
  7. global $yourls_user_passwords;
  8. return( isset( $yourls_user_passwords[ $user ] )
  9. && substr( $yourls_user_passwords[ $user ], 0, 7 ) == 'phpass:'
  10. );
  11. }
  1. * @since 1.7
  2. * @param string $user user login
  3. * @return bool true if password hashed with PHPASS, otherwise false
  4. */
  5. function yourls_has_phpass_password( $user ) {
  6. global $yourls_user_passwords;

    $yourls_user_passwords adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by ozh
  7. return( isset( $yourls_user_passwords[ $user ] )
  8. && substr( $yourls_user_passwords[ $user ], 0, 7 ) == 'phpass:'
  9. );
  10. }
  1. /**
  2. * Check auth against encrypted COOKIE data. Sets user if applicable, returns bool
  3. *
  4. */
  5. function yourls_check_auth_cookie() {

    yourls_check_auth_cookie() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. global $yourls_user_passwords;
  7. foreach( $yourls_user_passwords as $valid_user => $valid_password ) {
  8. if ( yourls_salt( $valid_user ) == $_COOKIE[ yourls_cookie_name() ] ) {
  9. yourls_set_user( $valid_user );
  10. return true;
  1. /**
  2. * Check auth against encrypted COOKIE data. Sets user if applicable, returns bool
  3. *
  4. */
  5. function yourls_check_auth_cookie() {
  6. global $yourls_user_passwords;

    $yourls_user_passwords adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  7. foreach( $yourls_user_passwords as $valid_user => $valid_password ) {
  8. if ( yourls_salt( $valid_user ) == $_COOKIE[ yourls_cookie_name() ] ) {
  9. yourls_set_user( $valid_user );
  10. return true;
  11. }
  1. *
  2. *
  3. * @since 1.4.1
  4. * @return bool False if signature or timestamp missing or invalid, true if valid
  5. */
  6. function yourls_check_signature_timestamp() {

    yourls_check_signature_timestamp() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  7. if( !isset( $_REQUEST['signature'] ) OR empty( $_REQUEST['signature'] )
  8. OR !isset( $_REQUEST['timestamp'] ) OR empty( $_REQUEST['timestamp'] )
  9. )
  10. return false;
  1. // Timestamp in PHP : time()
  2. // Timestamp in JS: parseInt(new Date().getTime() / 1000)
  3. // Check signature & timestamp against all possible users
  4. global $yourls_user_passwords;

    $yourls_user_passwords adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  5. foreach( $yourls_user_passwords as $valid_user => $valid_password ) {
  6. if (
  7. (
  8. md5( $_REQUEST['timestamp'].yourls_auth_signature( $valid_user ) ) == $_REQUEST['signature']
  9. or
  1. * Check auth against signature. Sets user if applicable, returns bool
  2. *
  3. * @since 1.4.1
  4. * @return bool False if signature missing or invalid, true if valid
  5. */
  6. function yourls_check_signature() {

    yourls_check_signature() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  7. if( !isset( $_REQUEST['signature'] ) OR empty( $_REQUEST['signature'] ) )
  8. return false;
  9. // Check signature against all possible users
  10. global $yourls_user_passwords;
  1. function yourls_check_signature() {
  2. if( !isset( $_REQUEST['signature'] ) OR empty( $_REQUEST['signature'] ) )
  3. return false;
  4. // Check signature against all possible users
  5. global $yourls_user_passwords;

    $yourls_user_passwords adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by ozh
  6. foreach( $yourls_user_passwords as $valid_user => $valid_password ) {
  7. if ( yourls_auth_signature( $valid_user ) == $_REQUEST['signature'] ) {
  8. yourls_set_user( $valid_user );
  9. return true;
  10. }
  1. /**
  2. * Generate secret signature hash
  3. *
  4. */
  5. function yourls_auth_signature( $username = false ) {

    yourls_auth_signature() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. if( !$username && defined('YOURLS_USER') ) {
  7. $username = YOURLS_USER;
  8. }
  9. return ( $username ? substr( yourls_salt( $username ), 0, 10 ) : 'Cannot generate auth signature: no username' );
  10. }
  1. /**
  2. * Check if timestamp is not too old
  3. *
  4. */
  5. function yourls_check_timestamp( $time ) {

    yourls_check_timestamp() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. $now = time();
  7. // Allow timestamp to be a little in the future or the past -- see Issue 766
  8. return yourls_apply_filter( 'check_timestamp', abs( $now - $time ) < YOURLS_NONCE_LIFE, $time );
  9. }
  1. /**
  2. * Store new cookie. No $user will delete the cookie.
  3. *
  4. * @param mixed $user String, user login, or null to delete cookie
  5. */
  6. function yourls_store_cookie( $user = null ) {

    yourls_store_cookie() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  7. // No user will delete the cookie with a cookie time from the past
  8. if( !$user ) {
  9. $time = time() - 3600;
  10. } else {
  1. /**
  2. * Set user name
  3. *
  4. */
  5. function yourls_set_user( $user ) {

    yourls_set_user() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. if( !defined( 'YOURLS_USER' ) )
  7. define( 'YOURLS_USER', $user );
  8. }
  9. /**
  1. * TODO: when multi user is implemented, the whole cookie stuff should be reworked to allow storing multiple users
  2. *
  3. * @since 1.7.1
  4. * @return string unique cookie name for a given YOURLS site
  5. */
  6. function yourls_cookie_name() {

    yourls_cookie_name() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by ozh
  7. return 'yourls_' . yourls_salt( YOURLS_SITE );
  8. }
  1. /**
  2. * Return word or words if more than one
  3. *
  4. */
  5. function yourls_plural( $word, $count=1 ) {

    yourls_plural() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by ozh
  6. yourls_deprecated_function( __FUNCTION__, '1.6', 'yourls_n' );
  7. return $word . ($count > 1 ? 's' : '');
  8. }
  9. /**
  1. /**
  2. * Return list of all shorturls associated to the same long URL. Returns NULL or array of keywords.
  3. *
  4. */
  5. function yourls_get_duplicate_keywords( $longurl ) {

    yourls_get_duplicate_keywords() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by ozh
  6. yourls_deprecated_function( __FUNCTION__, '1.7', 'yourls_get_longurl_keywords' );
  7. if( !yourls_allow_duplicate_longurls() )
  8. return NULL;
  9. return yourls_apply_filter( 'get_duplicate_keywords', yourls_get_longurl_keywords ( $longurl ), $longurl );
  10. }
  1. * Make sure a integer is safe
  2. *
  3. * Note: this function is dumb and dumbly named since it does not intval(). DO NOT USE.
  4. *
  5. */
  6. function yourls_intval( $int ) {

    yourls_intval() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by ozh
  7. yourls_deprecated_function( __FUNCTION__, '1.7', 'yourls_sanitize_int' );
  8. return yourls_escape( $int );
  9. }
  10. /**
  1. /**
  2. * Get remote content via a GET request using best transport available
  3. *
  4. */
  5. function yourls_get_remote_content( $url, $maxlen = 4096, $timeout = 5 ) {

    yourls_get_remote_content() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by ozh
  6. yourls_deprecated_function( __FUNCTION__, '1.7', 'yourls_http_get_body' );
  7. return yourls_http_get_body( $url );
  8. }
  9. /**
  1. *
  2. * @param string $hook the name of the YOURLS element or action
  3. * @param mixed $value the value of the element before filtering
  4. * @return mixed
  5. */
  6. function yourls_apply_filters( $hook, $value = '' ) {

    yourls_apply_filters() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by ozh
  7. yourls_deprecated_function( __FUNCTION__, '1.7.1', 'yourls_apply_filter' );
  8. return yourls_apply_filter( $hook, $value );
  9. }
  10. /**
  1. /**
  2. * Check if we'll need interface display function (ie not API or redirection)
  3. *
  4. */
  5. function yourls_has_interface() {

    yourls_has_interface() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by ozh
  6. yourls_deprecated_function( __FUNCTION__, '1.7.1' );
  7. if( yourls_is_API() or yourls_is_GO() )
  8. return false;
  9. return true;
  10. }
  1. * @uses YOURLS_PROXY
  2. * @since 1.7
  3. * @deprecated 1.7.1
  4. * @return bool true if a proxy is defined, false otherwise
  5. */
  6. function yourls_http_proxy_is_defined() {

    yourls_http_proxy_is_defined() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by ozh
  7. yourls_deprecated_function( __FUNCTION__, '1.7.1', 'yourls_http_get_proxy' );
  8. return yourls_apply_filter( 'http_proxy_is_defined', defined( 'YOURLS_PROXY' ) );
  9. }
  10. /**
  1. * @param string $text Text to translate
  2. * @param string $context Context information for the translators
  3. * @param string $domain Optional. Domain to retrieve the translated text
  4. * @return string Translated context string without pipe
  5. */
  6. function yourls_ex( $text, $context, $domain = 'default' ) {

    yourls_ex() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by ozh
  7. yourls_deprecated_function( __FUNCTION__, '1.7.1', 'yourls_xe' );
  8. echo yourls_xe( $text, $context, $domain );
  9. }
  1. /**
  2. * Convert an integer (1337) to a string (3jk).
  3. *
  4. */
  5. function yourls_int2string( $num, $chars = null ) {

    yourls_int2string() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by ozh
  6. if( $chars == null )
  7. $chars = yourls_get_shorturl_charset();
  8. $string = '';
  9. $len = strlen( $chars );
  10. while( $num >= $len ) {
  1. /**
  2. * Convert a string (3jk) to an integer (1337)
  3. *
  4. */
  5. function yourls_string2int( $string, $chars = null ) {

    yourls_string2int() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. if( $chars == null )
  7. $chars = yourls_get_shorturl_charset();
  8. $integer = 0;
  9. $string = strrev( $string );
  10. $baselen = strlen( $chars );
  1. /**
  2. * Return a unique(ish) hash for a string to be used as a valid HTML id
  3. *
  4. */
  5. function yourls_string2htmlid( $string ) {

    yourls_string2htmlid() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. return yourls_apply_filter( 'string2htmlid', 'y'.abs( crc32( $string ) ) );
  7. }
  8. /**
  9. * Make sure a link keyword (ie "1fv" as in "http://sho.rt/1fv") is valid.
  1. /**
  2. * Make sure a link keyword (ie "1fv" as in "http://sho.rt/1fv") is valid.
  3. *
  4. */
  5. function yourls_sanitize_string( $string ) {

    yourls_sanitize_string() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. // make a regexp pattern with the shorturl charset, and remove everything but this
  7. $pattern = yourls_make_regexp_pattern( yourls_get_shorturl_charset() );
  8. $valid = substr( preg_replace( '![^'.$pattern.']!', '', $string ), 0, 199 );
  9. return yourls_apply_filter( 'sanitize_string', $valid, $string );
  1. /**
  2. * Alias function. I was always getting it wrong.
  3. *
  4. */
  5. function yourls_sanitize_keyword( $keyword ) {

    yourls_sanitize_keyword() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. return yourls_sanitize_string( $keyword );
  7. }
  8. /**
  9. * Sanitize a page title. No HTML per W3C http://www.w3.org/TR/html401/struct/global.html#h-7.4.2
  1. * @since 1.5
  2. * @param string $unsafe_title Title, potentially unsafe
  3. * @param string $fallback Optional fallback if after sanitization nothing remains
  4. * @return string Safe title
  5. */
  6. function yourls_sanitize_title( $unsafe_title, $fallback = '' ) {

    yourls_sanitize_title() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by ozh
  7. $title = $unsafe_title;
  8. $title = strip_tags( $title );
  9. $title = preg_replace( "/\s+/", ' ', trim( $title ) );
  10. if ( '' === $title || false === $title ) {
  1. *
  2. * @param string $unsafe_url unsafe URL
  3. * @param array $protocols Optional allowed protocols, default to global $yourls_allowedprotocols
  4. * @return string Safe URL
  5. */
  6. function yourls_sanitize_url( $unsafe_url, $protocols = array() ) {

    yourls_sanitize_url() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by ozh
  7. $url = yourls_esc_url( $unsafe_url, 'redirection', $protocols );
  8. return yourls_apply_filter( 'sanitize_url', $url, $unsafe_url );
  9. }
  10. /**
  1. * @since 1.7.2
  2. * @param string $unsafe_url unsafe URL
  3. * @param array $protocols Optional allowed protocols, default to global $yourls_allowedprotocols
  4. * @return string Safe URL
  5. */
  6. function yourls_sanitize_url_safe( $unsafe_url, $protocols = array() ) {

    yourls_sanitize_url_safe() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by ozh
  7. $url = yourls_esc_url( $unsafe_url, 'safe', $protocols );
  8. return yourls_apply_filter( 'sanitize_url_safe', $url, $unsafe_url );
  9. }
  10. /**
  1. * Perform a replacement while a string is found, eg $subject = '%0%0%0DDD', $search ='%0D' -> $result =''
  2. *
  3. * Stolen from WP's _deep_replace
  4. *
  5. */
  6. function yourls_deep_replace( $search, $subject ){

    yourls_deep_replace() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  7. $found = true;
  8. while($found) {
  9. $found = false;
  10. foreach( (array) $search as $val ) {
  11. while( strpos( $subject, $val ) !== false ) {
  1. /**
  2. * Make sure an integer is a valid integer (PHP's intval() limits to too small numbers)
  3. *
  4. */
  5. function yourls_sanitize_int( $int ) {

    yourls_sanitize_int() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by ozh
  6. return ( substr( preg_replace( '/[^0-9]/', '', strval( $int ) ), 0, 20 ) );
  7. }
  8. /**
  9. * Escape a string or an array of strings before DB usage. ALWAYS escape before using in a SQL query. Thanks.
  1. * Escape a string or an array of strings before DB usage. ALWAYS escape before using in a SQL query. Thanks.
  2. *
  3. * @param string|array $data string or array of strings to be escaped
  4. * @return string|array escaped data
  5. */
  6. function yourls_escape( $data ) {

    yourls_escape() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by ozh
  7. if( is_array( $data ) ) {
  8. foreach( $data as $k => $v ) {
  9. if( is_array( $v ) ) {
  10. $data[ $k ] = yourls_escape( $v );
  11. } else {
  1. *
  2. * @since 1.7
  3. * @param string $a string to be escaped
  4. * @return string escaped string
  5. */
  6. function yourls_escape_real( $string ) {

    yourls_escape_real() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by ozh
  7. global $ydb;
  8. if( isset( $ydb ) && ( $ydb instanceof ezSQLcore ) )
  9. return $ydb->escape( $string );
  10. // YOURLS DB classes have been bypassed by a custom DB engine or a custom cache layer
  1. * @since 1.7
  2. * @param string $a string to be escaped
  3. * @return string escaped string
  4. */
  5. function yourls_escape_real( $string ) {
  6. global $ydb;

    $ydb adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by ozh
  7. if( isset( $ydb ) && ( $ydb instanceof ezSQLcore ) )
  8. return $ydb->escape( $string );
  9. // YOURLS DB classes have been bypassed by a custom DB engine or a custom cache layer
  10. return yourls_apply_filter( 'custom_escape_real', addslashes( $string ), $string );
  1. /**
  2. * Sanitize an IP address
  3. *
  4. */
  5. function yourls_sanitize_ip( $ip ) {

    yourls_sanitize_ip() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. return preg_replace( '/[^0-9a-fA-F:., ]/', '', $ip );
  7. }
  8. /**
  9. * Make sure a date is m(m)/d(d)/yyyy, return false otherwise
  1. /**
  2. * Make sure a date is m(m)/d(d)/yyyy, return false otherwise
  3. *
  4. */
  5. function yourls_sanitize_date( $date ) {

    yourls_sanitize_date() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. if( !preg_match( '!^\d{1,2}/\d{1,2}/\d{4}$!' , $date ) ) {
  7. return false;
  8. }
  9. return $date;
  10. }
  1. /**
  2. * Sanitize a date for SQL search. Return false if malformed input.
  3. *
  4. */
  5. function yourls_sanitize_date_for_sql( $date ) {

    yourls_sanitize_date_for_sql() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. if( !yourls_sanitize_date( $date ) )
  7. return false;
  8. return date( 'Y-m-d', strtotime( $date ) );
  9. }
  1. /**
  2. * Return trimmed string
  3. *
  4. */
  5. function yourls_trim_long_string( $string, $length = 60, $append = '[...]' ) {

    yourls_trim_long_string() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. $newstring = $string;
  7. if ( mb_strlen( $newstring ) > $length ) {
  8. $newstring = mb_substr( $newstring, 0, $length - mb_strlen( $append ), 'UTF-8' ) . $append;
  9. }
  10. return yourls_apply_filter( 'trim_long_string', $newstring, $string, $length, $append );
  1. *
  2. * @since 1.4.1
  3. * @param string $ver Version number
  4. * @return string Sanitized version number
  5. */
  6. function yourls_sanitize_version( $ver ) {

    yourls_sanitize_version() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  7. preg_match( '/(^[0-9.]+).*$/', $ver, $matches );
  8. return isset( $matches[1] ) ? trim( $matches[1], '.' ) : '';
  9. }
  10. /**
  1. /**
  2. * Sanitize a filename (no Win32 stuff)
  3. *
  4. */
  5. function yourls_sanitize_filename( $file ) {

    yourls_sanitize_filename() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. $file = str_replace( '\\', '/', $file ); // sanitize for Win32 installs
  7. $file = preg_replace( '|/+|' ,'/', $file ); // remove any duplicate slash
  8. return $file;
  9. }
  1. /**
  2. * Check if a string seems to be UTF-8. Stolen from WP.
  3. *
  4. */
  5. function yourls_seems_utf8( $str ) {

    yourls_seems_utf8() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. $length = strlen( $str );
  7. for ( $i=0; $i < $length; $i++ ) {
  8. $c = ord( $str[ $i ] );
  9. if ( $c < 0x80 ) $n = 0; # 0bbbbbbb
  10. elseif (($c & 0xE0) == 0xC0) $n=1; # 110bbbbb
  1. *
  2. * @since 1.7.1
  3. *
  4. * @return bool whether there's /u support or not
  5. */
  6. function yourls_supports_pcre_u() {

    yourls_supports_pcre_u() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by ozh
  7. static $utf8_pcre;
  8. if( !isset( $utf8_pcre ) ) {
  9. $utf8_pcre = (bool) @preg_match( '/^./u', 'a' );
  10. }
  11. return $utf8_pcre;
  1. *
  2. * @param string $string The text which is to be checked.
  3. * @param boolean $strip Optional. Whether to attempt to strip out invalid UTF8. Default is false.
  4. * @return string The checked text.
  5. */
  6. function yourls_check_invalid_utf8( $string, $strip = false ) {

    yourls_check_invalid_utf8() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  7. $string = (string) $string;
  8. if ( 0 === strlen( $string ) ) {
  9. return '';
  10. }
  1. * @param string $string The text which is to be encoded.
  2. * @param mixed $quote_style Optional. Converts double quotes if set to ENT_COMPAT, both single and double if set to ENT_QUOTES or none if set to ENT_NOQUOTES. Also compatible with old values; converting single quotes if set to 'single', double if set to 'double' or both if otherwise set. Default is ENT_NOQUOTES.
  3. * @param boolean $double_encode Optional. Whether to encode existing html entities. Default is false.
  4. * @return string The encoded text with HTML entities.
  5. */
  6. function yourls_specialchars( $string, $quote_style = ENT_NOQUOTES, $double_encode = false ) {

    yourls_specialchars() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  7. $string = (string) $string;
  8. if ( 0 === strlen( $string ) )
  9. return '';
  1. *
  2. * @param string $string The text which is to be decoded.
  3. * @param mixed $quote_style Optional. Converts double quotes if set to ENT_COMPAT, both single and double if set to ENT_QUOTES or none if set to ENT_NOQUOTES. Also compatible with old _wp_specialchars() values; converting single quotes if set to 'single', double if set to 'double' or both if otherwise set. Default is ENT_NOQUOTES.
  4. * @return string The decoded text without HTML entities.
  5. */
  6. function yourls_specialchars_decode( $string, $quote_style = ENT_NOQUOTES ) {

    yourls_specialchars_decode() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  7. $string = (string) $string;
  8. if ( 0 === strlen( $string ) ) {
  9. return '';
  10. }
  1. * @since 1.6
  2. *
  3. * @param string $text
  4. * @return string
  5. */
  6. function yourls_esc_html( $text ) {

    yourls_esc_html() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  7. $safe_text = yourls_check_invalid_utf8( $text );
  8. $safe_text = yourls_specialchars( $safe_text, ENT_QUOTES );
  9. return yourls_apply_filter( 'esc_html', $safe_text, $text );
  10. }
  1. * @since 1.6
  2. *
  3. * @param string $text
  4. * @return string
  5. */
  6. function yourls_esc_attr( $text ) {

    yourls_esc_attr() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  7. $safe_text = yourls_check_invalid_utf8( $text );
  8. $safe_text = yourls_specialchars( $safe_text, ENT_QUOTES );
  9. return yourls_apply_filter( 'esc_attr', $safe_text, $text );
  10. }
  1. * @param string $url The URL to be cleaned.
  2. * @param string $context 'display' or something else. Use yourls_sanitize_url() for database or redirection usage.
  3. * @param array $protocols Optional. Array of allowed protocols, defaults to global $yourls_allowedprotocols
  4. * @return string The cleaned $url
  5. */
  6. function yourls_esc_url( $url, $context = 'display', $protocols = array() ) {

    yourls_esc_url() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  7. // trim first -- see #1931
  8. $url = trim( $url );
  9. // make sure there's only one 'http://' at the beginning (prevents pasting a URL right after the default 'http://')
  10. $url = str_replace(
  1. $url = str_replace( '&amp;', '&#038;', $url );
  2. $url = str_replace( "'", '&#039;', $url );
  3. }
  4. if ( ! is_array( $protocols ) or ! $protocols ) {
  5. global $yourls_allowedprotocols;

    $yourls_allowedprotocols adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  6. $protocols = yourls_apply_filter( 'esc_url_protocols', $yourls_allowedprotocols );
  7. // Note: $yourls_allowedprotocols is also globally filterable in functions-kses.php/yourls_kses_init()
  8. }
  9. if ( !yourls_is_allowed_protocol( $url, $protocols ) )
  1. *
  2. * @since 1.7.1
  3. * @param string $url URL
  4. * @return string URL with lowercase scheme and protocol
  5. */
  6. function yourls_lowercase_scheme_domain( $url ) {

    yourls_lowercase_scheme_domain() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by ozh
  7. $scheme = yourls_get_protocol( $url );
  8. if( '' == $scheme ) {
  9. // Scheme not found, malformed URL? Something else? Not sure.
  10. return $url;
  1. * @since 1.6
  2. *
  3. * @param string $text The text to be escaped.
  4. * @return string Escaped text.
  5. */
  6. function yourls_esc_js( $text ) {

    yourls_esc_js() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  7. $safe_text = yourls_check_invalid_utf8( $text );
  8. $safe_text = yourls_specialchars( $safe_text, ENT_COMPAT );
  9. $safe_text = preg_replace( '/&#(x)?0*(?(1)27|39);?/i', "'", stripslashes( $safe_text ) );
  10. $safe_text = str_replace( "\r", '', $safe_text );
  11. $safe_text = str_replace( "\n", '\\n', addslashes( $safe_text ) );
  1. * @since 1.6
  2. *
  3. * @param string $text
  4. * @return string
  5. */
  6. function yourls_esc_textarea( $text ) {

    yourls_esc_textarea() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  7. $safe_text = htmlspecialchars( $text, ENT_QUOTES );
  8. return yourls_apply_filter( 'esc_textarea', $safe_text, $text );
  9. }
  1. *
  2. * @link https://developer.mozilla.org/en/JavaScript/Reference/Global_Objects/encodeURI
  3. * @param $url
  4. * @return string
  5. */
  6. function yourls_encodeURI( $url ) {

    yourls_encodeURI() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by LeoColomb
  7. // Decode URL all the way
  8. $result = yourls_rawurldecode_while_encoded( $url );
  9. // Encode once
  10. $result = strtr( rawurlencode( $result ), array (
  11. '%3B' => ';', '%2C' => ',', '%2F' => '/', '%3F' => '?', '%3A' => ':', '%40' => '@',
  1. * @since 1.6
  2. *
  3. * @param string $string Value to which backslashes will be added.
  4. * @return string String with backslashes inserted.
  5. */
  6. function yourls_backslashit($string) {

    yourls_backslashit() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day