* @copyright CiviCRM LLC https://civicrm.org/licensing
*/
+use function xKerman\Restricted\unserialize;
+use xKerman\Restricted\UnserializeFailedException;
+
require_once 'HTML/QuickForm/Rule/Email.php';
/**
* the converted string
*/
public static function htmlToText($html) {
- require_once 'packages/html2text/rcube_html2text.php';
+ require_once 'html2text/rcube_html2text.php';
$token_html = preg_replace('!\{([a-z_.]+)\}!i', 'token:{$1}', $html);
$converter = new rcube_html2text($token_html);
$token_text = $converter->get_text();
return array_values(array_unique($result));
}
+ /**
+ * Safely unserialize a string of scalar or array values (but not objects!)
+ *
+ * Use `xkerman/restricted-unserialize` to unserialize strings using PHP's
+ * serialization format. `restricted-unserialize` works like PHP's built-in
+ * `unserialize` function except that it does not deserialize object instances,
+ * making it immune to PHP Object Injection {@see https://www.owasp.org/index.php/PHP_Object_Injection}
+ * vulnerabilities.
+ *
+ * Note: When dealing with user inputs, it is generally recommended to use
+ * safe, standard data interchange formats such as JSON rather than PHP's
+ * serialization format when dealing with user input.
+ *
+ * @param string|NULL $string
+ *
+ * @return mixed
+ */
+ public static function unserialize($string) {
+ if (!is_string($string)) {
+ return FALSE;
+ }
+ try {
+ return unserialize($string);
+ }
+ catch (UnserializeFailedException $e) {
+ return FALSE;
+ }
+ }
+
+ /**
+ * Returns the plural form of an English word.
+ *
+ * @param string $str
+ * @return string
+ */
+ public static function pluralize($str) {
+ switch (substr($str, -1)) {
+ case 's':
+ return $str . 'es';
+
+ case 'y':
+ return substr($str, 0, -1) . 'ies';
+
+ default:
+ return $str . 's';
+ }
+ }
+
}
projects / civicrm-core.git / blobdiff