You are here

Home » API reference » Webform 5.2 » webform.module

function _webform_filter_values in Webform 5.2

Same name and namespace in other branches
  1. 6.3 webform.module \_webform_filter_values()
  2. 6.2 webform.module \_webform_filter_values()
  3. 7.4 webform.module \_webform_filter_values()
  4. 7.3 webform.module \_webform_filter_values()

Filters all special tokens provided by webform, such as %post and %profile.

Parameters

$string: The string to have its toknes replaced.

$node: If replacing node-level tokens, the node for which tokens will be created.

$submission: If replacing submission-level tokens, the submission for which tokens will be created.

$strict: Boolean value indicating if the results should be run through check_plain. This is used any time the values will be output as HTML, but not in default values or e-mails.

$allow_anonymous: Boolean value indicating if all tokens should be replaced for anonymous users, even if they contain sensitive user information such as %session or %ip_address. This is disabled by default to prevent user data from being preserved in the anonymous page cache and should only be used in non-cached situations, such as e-mails.

12 calls to _webform_filter_values()
webform_client_form_submit in ./webform.module
webform_expand_date in components/date.inc
_webform_csv_data_select in components/select.inc
Return the result of a textfield submission. The output of this function will be displayed under the "results" tab then "submissions".
_webform_filter_descriptions in ./webform.module
Filters all special tokens provided by webform, and allows basic layout in descriptions.
_webform_grid_options in components/grid.inc
Utility function to split user-entered values from new-line separated text into an array of options.

... See full list

File

./webform.module, line 1980

Code

function _webform_filter_values($string, $node = NULL, $submission = NULL, $strict = TRUE, $allow_anonymous = FALSE) {
  global $user;
  static $replacements;

  // Setup default token replacements.
  if (!isset($replacements)) {
    $replacements['unsafe'] = array();
    $replacements['safe']['%site'] = variable_get('site_name', 'drupal');
    $replacements['safe']['%date'] = format_date(time(), 'large');
  }

  // Node replacements.
  if (isset($node) && !array_key_exists('%title', $replacements)) {
    $replacements['safe']['%title'] = $node->title;
  }

  // Submission replacements.
  if (isset($submission) && !array_key_exists('%email_values', $replacements)) {
    foreach ($submission as $cid => $value) {
      $replacements['unsafe']['%cid[' . $cid . ']'] = $value;
    }
  }

  // Provide a list of candidates for token replacement.
  // Note these tokens are not cached as they may change frequently.
  $special_tokens = array(
    'safe' => array(
      '%get' => $_GET,
    ),
    'unsafe' => array(
      '%cookie' => $_COOKIE,
      '%session' => $_SESSION,
      '%post' => $_POST,
      '%request' => $_REQUEST,
    ),
  );

  // User replacements.
  if (!array_key_exists('%username', $replacements['unsafe'])) {
    $replacements['unsafe']['%username'] = isset($user->name) ? $user->name : '';
    $replacements['unsafe']['%useremail'] = isset($user->mail) ? $user->mail : '';
    $replacements['unsafe']['%ip_address'] = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR'];

    // Doesn't really belong here with user things, but works.
    $special_tokens['unsafe']['%server'] = $_SERVER;
  }

  // User profile replacements.
  if (!isset($replacements['unsafe']['%profile[uid]'])) {
    if ($user->uid && module_exists('profile')) {
      profile_load_profile($user);
    }
    $special_tokens['unsafe']['%profile'] = $user;
  }
  foreach ($special_tokens as $safe_state => $tokens) {
    foreach ($tokens as $token => $variable) {
      if (strpos($string, $token) !== FALSE) {
        foreach ($variable as $key => $value) {

          // This special case for profile module dates.
          if ($token == '%profile' && is_array($value) && isset($value['year'])) {
            $replacement = format_date(strtotime($value['month'] . '/' . $value['day'] . '/' . $value['year']), 'custom', 'F j, Y', '0');
          }
          else {
            $replacement = (string) $value;
          }
          $replacements[$safe_state][$token . '[' . $key . ']'] = $replacement;
        }
      }
    }
  }

  // Make a copy of the replacements so we don't affect the static version.
  $safe_replacements = $replacements['safe'];

  // Restrict replacements for anonymous users. Not all tokens can be used
  // because they may expose session or other private data to other users when
  // anonymous page caching is enabled.
  if ($user->uid || $allow_anonymous) {
    $safe_replacements += $replacements['unsafe'];
  }
  else {
    foreach ($replacements['unsafe'] as $key => $value) {
      $safe_replacements[$key] = '';
    }
  }
  $find = array_keys($safe_replacements);
  $replace = array_values($safe_replacements);
  $string = str_replace($find, $replace, $string);

  // Clean up any unused tokens.
  foreach ($special_tokens as $safe_state => $tokens) {
    foreach (array_keys($tokens) as $token) {
      $string = preg_replace('/\\' . $token . '\\[\\w+\\]/', '', $string);
    }
  }
  return $strict ? filter_xss($string) : $string;
}