function _webform_filter_values in Webform 5.2
Same name and namespace in other branches
- 6.3 webform.module \_webform_filter_values()
- 6.2 webform.module \_webform_filter_values()
- 7.4 webform.module \_webform_filter_values()
- 7.3 webform.module \_webform_filter_values()
Filters all special tokens provided by webform, such as %post and %profile.
Parameters
$string: The string to have its toknes replaced.
$node: If replacing node-level tokens, the node for which tokens will be created.
$submission: If replacing submission-level tokens, the submission for which tokens will be created.
$strict: Boolean value indicating if the results should be run through check_plain. This is used any time the values will be output as HTML, but not in default values or e-mails.
$allow_anonymous: Boolean value indicating if all tokens should be replaced for anonymous users, even if they contain sensitive user information such as %session or %ip_address. This is disabled by default to prevent user data from being preserved in the anonymous page cache and should only be used in non-cached situations, such as e-mails.
12 calls to _webform_filter_values()
- webform_client_form_submit in ./
webform.module - webform_expand_date in components/
date.inc - _webform_csv_data_select in components/
select.inc - Return the result of a textfield submission. The output of this function will be displayed under the "results" tab then "submissions".
- _webform_filter_descriptions in ./
webform.module - Filters all special tokens provided by webform, and allows basic layout in descriptions.
- _webform_grid_options in components/
grid.inc - Utility function to split user-entered values from new-line separated text into an array of options.
File
- ./
webform.module, line 1980
Code
function _webform_filter_values($string, $node = NULL, $submission = NULL, $strict = TRUE, $allow_anonymous = FALSE) {
global $user;
static $replacements;
// Setup default token replacements.
if (!isset($replacements)) {
$replacements['unsafe'] = array();
$replacements['safe']['%site'] = variable_get('site_name', 'drupal');
$replacements['safe']['%date'] = format_date(time(), 'large');
}
// Node replacements.
if (isset($node) && !array_key_exists('%title', $replacements)) {
$replacements['safe']['%title'] = $node->title;
}
// Submission replacements.
if (isset($submission) && !array_key_exists('%email_values', $replacements)) {
foreach ($submission as $cid => $value) {
$replacements['unsafe']['%cid[' . $cid . ']'] = $value;
}
}
// Provide a list of candidates for token replacement.
// Note these tokens are not cached as they may change frequently.
$special_tokens = array(
'safe' => array(
'%get' => $_GET,
),
'unsafe' => array(
'%cookie' => $_COOKIE,
'%session' => $_SESSION,
'%post' => $_POST,
'%request' => $_REQUEST,
),
);
// User replacements.
if (!array_key_exists('%username', $replacements['unsafe'])) {
$replacements['unsafe']['%username'] = isset($user->name) ? $user->name : '';
$replacements['unsafe']['%useremail'] = isset($user->mail) ? $user->mail : '';
$replacements['unsafe']['%ip_address'] = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR'];
// Doesn't really belong here with user things, but works.
$special_tokens['unsafe']['%server'] = $_SERVER;
}
// User profile replacements.
if (!isset($replacements['unsafe']['%profile[uid]'])) {
if ($user->uid && module_exists('profile')) {
profile_load_profile($user);
}
$special_tokens['unsafe']['%profile'] = $user;
}
foreach ($special_tokens as $safe_state => $tokens) {
foreach ($tokens as $token => $variable) {
if (strpos($string, $token) !== FALSE) {
foreach ($variable as $key => $value) {
// This special case for profile module dates.
if ($token == '%profile' && is_array($value) && isset($value['year'])) {
$replacement = format_date(strtotime($value['month'] . '/' . $value['day'] . '/' . $value['year']), 'custom', 'F j, Y', '0');
}
else {
$replacement = (string) $value;
}
$replacements[$safe_state][$token . '[' . $key . ']'] = $replacement;
}
}
}
}
// Make a copy of the replacements so we don't affect the static version.
$safe_replacements = $replacements['safe'];
// Restrict replacements for anonymous users. Not all tokens can be used
// because they may expose session or other private data to other users when
// anonymous page caching is enabled.
if ($user->uid || $allow_anonymous) {
$safe_replacements += $replacements['unsafe'];
}
else {
foreach ($replacements['unsafe'] as $key => $value) {
$safe_replacements[$key] = '';
}
}
$find = array_keys($safe_replacements);
$replace = array_values($safe_replacements);
$string = str_replace($find, $replace, $string);
// Clean up any unused tokens.
foreach ($special_tokens as $safe_state => $tokens) {
foreach (array_keys($tokens) as $token) {
$string = preg_replace('/\\' . $token . '\\[\\w+\\]/', '', $string);
}
}
return $strict ? filter_xss($string) : $string;
}