/**
* Displays a link, or a button if the link's URL is too large, to
* accommodate some browsers' limitations
*
* @param string $url the URL
* @param string $message the link message
* @param mixed $tag_params string: js confirmation
* array: additional tag params (f.e. style="")
* @param boolean $new_form we set this to false when we are already in
* a form, to avoid generating nested forms
* @param boolean $strip_img whether to strip the image
* @param string $target target
* @param boolean $force_button use a button even when the URL is not too long
*
* @return string the results to be echoed or saved in an array
*/
public static function linkOrButton(
$url, $message, $tag_params = array(),
$new_form = true, $strip_img = false, $target = '', $force_button = false
) {
$url_length = mb_strlen($url);
// with this we should be able to catch case of image upload
// into a (MEDIUM) BLOB; not worth generating even a form for these
if ($url_length > $GLOBALS['cfg']['LinkLengthLimit'] * 100) {
return '';
}
if (! is_array($tag_params)) {
$tmp = $tag_params;
$tag_params = array();
if (! empty($tmp)) {
$tag_params['onclick'] = 'return confirmLink(this, \''
. Sanitize::escapeJsString($tmp) . '\')';
}
unset($tmp);
}
if (! empty($target)) {
$tag_params['target'] = htmlentities($target);
if ($target === '_blank' && strncmp($url, 'url.php?', 8) == 0) {
$tag_params['rel'] = 'noopener noreferrer';
}
}
$displayed_message = '';
// Add text if not already added
if (stristr($message, '<img')
&& (! $strip_img || ($GLOBALS['cfg']['ActionLinksMode'] == 'icons'))
&& (strip_tags($message) == $message)
) {
$displayed_message = '<span>'
. htmlspecialchars(
preg_replace('/^.*\salt="([^"]*)".*$/si', '\1', $message)
)
. '</span>';
}
// Suhosin: Check that each query parameter is not above maximum
$in_suhosin_limits = true;
if ($url_length <= $GLOBALS['cfg']['LinkLengthLimit']) {
$suhosin_get_MaxValueLength = ini_get('suhosin.get.max_value_length');
if ($suhosin_get_MaxValueLength) {
$query_parts = self::splitURLQuery($url);
foreach ($query_parts as $query_pair) {
if (strpos($query_pair, '=') === false) {
continue;
}
list(, $eachval) = explode('=', $query_pair);
if (mb_strlen($eachval) > $suhosin_get_MaxValueLength
) {
$in_suhosin_limits = false;
break;
}
}
}
}
if (($url_length <= $GLOBALS['cfg']['LinkLengthLimit'])
&& $in_suhosin_limits
&& ! $force_button
) {
$tag_params_strings = array();
foreach ($tag_params as $par_name => $par_value) {
// htmlspecialchars() only on non javascript
$par_value = mb_substr($par_name, 0, 2) == 'on'
? $par_value
: htmlspecialchars($par_value);
$tag_params_strings[] = $par_name . '="' . $par_value . '"';
}
// no whitespace within an <a> else Safari will make it part of the link
$ret = "\n" . '<a href="' . $url . '" '
. implode(' ', $tag_params_strings) . '>'
. $message . $displayed_message . '</a>' . "\n";
} else {
// no spaces (line breaks) at all
// or after the hidden fields
// IE will display them all
if (! isset($query_parts)) {
$query_parts = self::splitURLQuery($url);
}
$url_parts = parse_url($url);
if ($new_form) {
if ($target) {
$target = ' target="' . $target . '"';
}
$ret = '<form action="' . $url_parts['path'] . '" class="link"'
. ' method="post"' . $target . ' style="display: inline;">';
$subname_open = '';
$subname_close = '';
$submit_link = '#';
} else {
$query_parts[] = 'redirect=' . $url_parts['path'];
if (empty($GLOBALS['subform_counter'])) {
$GLOBALS['subform_counter'] = 0;
}
$GLOBALS['subform_counter']++;
$ret = '';
$subname_open = 'subform[' . $GLOBALS['subform_counter'] . '][';
$subname_close = ']';
$submit_link = '#usesubform[' . $GLOBALS['subform_counter']
. ']=1';
}
foreach ($query_parts as $query_pair) {
list($eachvar, $eachval) = explode('=', $query_pair);
$ret .= '<input type="hidden" name="' . $subname_open . $eachvar
. $subname_close . '" value="'
. htmlspecialchars(urldecode($eachval)) . '" />';
} // end while
if (empty($tag_params['class'])) {
$tag_params['class'] = 'formLinkSubmit';
} else {
$tag_params['class'] .= ' formLinkSubmit';
}
$tag_params_strings = array();
foreach ($tag_params as $par_name => $par_value) {
// htmlspecialchars() only on non javascript
$par_value = mb_substr($par_name, 0, 2) == 'on'
? $par_value
: htmlspecialchars($par_value);
$tag_params_strings[] = $par_name . '="' . $par_value . '"';
}
$ret .= "\n" . '<a href="' . $submit_link . '" '
. implode(' ', $tag_params_strings) . '>'
. $message . ' ' . $displayed_message . '</a>' . "\n";
if ($new_form) {
$ret .= '</form>';
}
} // end if... else...
return $ret;
} // end of the 'linkOrButton()' function
