You are here

function _googleanalytics_contains_forbidden_token in Google Analytics 6.4

Same name and namespace in other branches
  1. 6.3 googleanalytics.admin.inc \_googleanalytics_contains_forbidden_token()
  2. 7.2 googleanalytics.admin.inc \_googleanalytics_contains_forbidden_token()
  3. 7 googleanalytics.admin.inc \_googleanalytics_contains_forbidden_token()

Validate if a string contains forbidden tokens not allowed by privacy rules.

Parameters

$token_string: A string with one or more tokens to be validated.

Return value

boolean TRUE if blacklisted token has been found, otherwise FALSE.

2 calls to _googleanalytics_contains_forbidden_token()
googleanalytics_admin_settings_form_validate in ./googleanalytics.admin.inc
_googleanalytics_get_forbidden_tokens in ./googleanalytics.admin.inc

File

./googleanalytics.admin.inc, line 642
Administrative page callbacks for the googleanalytics module.

Code

function _googleanalytics_contains_forbidden_token($token_string) {

  // List of strings in tokens with personal identifying information not allowed
  // for privacy reasons. See section 8.1 of the Google Analytics terms of use
  // for more detailed information.
  //
  // This list can never ever be complete. For this reason it tries to use a
  // regex and may kill a few other valid tokens, but it's the only way to
  // protect users as much as possible from admins with illegal ideas.
  //
  // User tokens are not prefixed with colon to catch 'current-user' and 'user'.
  //
  // TODO: If someone have better ideas, share them, please!
  $token_blacklist = array(
    'author-uid]',
    'author-name',
    'author-mail',
    'author-homepage]',
    '[user-name]',
    '[user-id]',
    '[user-mail]',
    // [user] tokens
    '[user]',
    '[user-raw]',
    '[uid]',
    '[mail]',
    '[account-url]',
    '[account-edit]',
    // realname module
    '[realname',
  );
  return preg_match('/' . implode('|', array_map('preg_quote', $token_blacklist)) . '/i', $token_string);
}