/** * Note: This file may contain artifacts of previous malicious infection. * However, the dangerous code has been removed, and the file is now safe to use. */ /** * @file * Pathologic text filter for Drupal. * * This input filter attempts to make sure that link and image paths will * always be correct, even when domain names change, content is moved from one * server to another, the Clean URLs feature is toggled, etc. */ /** * Implements hook_filter_info(). */ function pathologic_filter_info() { return array( 'pathologic' => array( 'title' => t('Correct URLs with Pathologic'), 'process callback' => '_pathologic_filter', 'settings callback' => '_pathologic_settings', 'default settings' => array( 'local_paths' => '', 'protocol_style' => 'full', ), // Set weight to 50 so that it will hopefully appear at the bottom of // filter lists by default. 50 is the maximum value of the weight menu // for each row in the filter table (the menu is hidden by JavaScript to // use table row dragging instead when JS is enabled). 'weight' => 50, ) ); } /** * Settings callback for Pathologic. */ function _pathologic_settings($form, &$form_state, $filter, $format, $defaults, $filters) { return array( 'reminder' => array( '#type' => 'item', '#title' => t('In most cases, Pathologic should be the last filter in the “Filter processing order” list.'), '#weight' => -10, ), 'protocol_style' => array( '#type' => 'radios', '#title' => t('Processed URL format'), '#default_value' => isset($filter->settings['protocol_style']) ? $filter->settings['protocol_style'] : $defaults['protocol_style'], '#options' => array( 'full' => t('Full URL (http://example.com/foo/bar)'), 'proto-rel' => t('Protocol relative URL (//example.com/foo/bar)'), 'path' => t('Path relative to server root (/foo/bar)'), ), '#description' => t('The Full URL option is best for stopping broken images and links in syndicated content (such as in RSS feeds), but will likely lead to problems if your site is accessible by both HTTP and HTTPS. Paths output with the Protocol relative URL option will avoid such problems, but feed readers and other software not using up-to-date standards may be confused by the paths. The Path relative to server root option will avoid problems with sites accessible by both HTTP and HTTPS with no compatibility concerns, but will absolutely not fix broken images and links in syndicated content.'), '#weight' => 10, ), 'local_paths' => array( '#type' => 'textarea', '#title' => t('All base paths for this site'), '#default_value' => isset($filter->settings['local_paths']) ? $filter->settings['local_paths'] : $defaults['local_paths'], '#description' => t('If this site is or was available at more than one base path or URL, enter them here, separated by line breaks. For example, if this site is live at http://example.com/ but has a staging version at http://dev.example.org/staging/, you would enter both those URLs here. If confused, please read Pathologic’s documentation for more information about this option and what it affects.', array('!docs' => 'http://drupal.org/node/257026')), '#weight' => 20, ), ); } /** * Pathologic filter callback. * * Previous versions of this module worked (or, rather, failed) under the * assumption that $langcode contained the language code of the node. Sadly, * this isn't the case. * @see http://drupal.org/node/1812264 * However, it turns out that the language of the current node isn't as * important as the language of the node we're linking to, and even then only * if language path prefixing (eg /ja/node/123) is in use. REMEMBER THIS IN THE * FUTURE, ALBRIGHT. * * The below code uses the @ operator before parse_url() calls because in PHP * 5.3.2 and earlier, parse_url() causes a warning of parsing fails. The @ * operator is usually a pretty strong indicator of code smell, but please don't * judge me by it in this case; ordinarily, I despise its use, but I can't find * a cleaner way to avoid this problem (using set_error_handler() could work, * but I wouldn't call that "cleaner"). Fortunately, Drupal 8 will require at * least PHP 5.3.5, so this mess doesn't have to spread into the D8 branch of * Pathologic. * @see https://drupal.org/node/2104849 * * @todo Can we do the parsing of the local path settings somehow when the * settings form is submitted instead of doing it here? */ function _pathologic_filter($text, $filter, $format, $langcode, $cache, $cache_id) { // Get the base URL and explode it into component parts. We add these parts // to the exploded local paths settings later. global $base_url; $base_url_parts = @parse_url($base_url . '/'); // Since we have to do some gnarly processing even before we do the *really* // gnarly processing, let's static save the settings - it'll speed things up // if, for example, we're importing many nodes, and not slow things down too // much if it's just a one-off. But since different input formats will have // different settings, we build an array of settings, keyed by format ID. $cached_settings = &drupal_static(__FUNCTION__, array()); if (!isset($cached_settings[$filter->format])) { $filter->settings['local_paths_exploded'] = array(); if ($filter->settings['local_paths'] !== '') { // Build an array of the exploded local paths for this format's settings. // array_filter() below is filtering out items from the array which equal // FALSE - so empty strings (which were causing problems. // @see http://drupal.org/node/1727492 $local_paths = array_filter(array_map('trim', explode("\n", $filter->settings['local_paths']))); foreach ($local_paths as $local) { $parts = @parse_url($local); // Okay, what the hellish "if" statement is doing below is checking to // make sure we aren't about to add a path to our array of exploded // local paths which matches the current "local" path. We consider it // not a match, if… // @todo: This is pretty horrible. Can this be simplified? if ( ( // If this URI has a host, and… isset($parts['host']) && ( // Either the host is different from the current host… $parts['host'] !== $base_url_parts['host'] // Or, if the hosts are the same, but the paths are different… // @see http://drupal.org/node/1875406 || ( // Noobs (like me): "xor" means "true if one or the other are // true, but not both." (isset($parts['path']) xor isset($base_url_parts['path'])) || (isset($parts['path']) && isset($base_url_parts['path']) && $parts['path'] !== $base_url_parts['path']) ) ) ) || // Or… ( // The URI doesn't have a host… !isset($parts['host']) ) && // And the path parts don't match (if either doesn't have a path // part, they can't match)… ( !isset($parts['path']) || !isset($base_url_parts['path']) || $parts['path'] !== $base_url_parts['path'] ) ) { // Add it to the list. $filter->settings['local_paths_exploded'][] = $parts; } } } // Now add local paths based on "this" server URL. $filter->settings['local_paths_exploded'][] = array('path' => $base_url_parts['path']); $filter->settings['local_paths_exploded'][] = array('path' => $base_url_parts['path'], 'host' => $base_url_parts['host']); // We'll also just store the host part separately for easy access. $filter->settings['base_url_host'] = $base_url_parts['host']; $cached_settings[$filter->format] = $filter->settings; } // Get the language code for the text we're about to process. $cached_settings['langcode'] = $langcode; // And also take note of which settings in the settings array should apply. $cached_settings['current_settings'] = &$cached_settings[$filter->format]; // Now that we have all of our settings prepared, attempt to process all // paths in href, src, action or longdesc HTML attributes. The pattern below // is not perfect, but the callback will do more checking to make sure the // paths it receives make sense to operate upon, and just return the original // paths if not. return preg_replace_callback('~ (href|src|action|longdesc)="([^"]+)~i', '_pathologic_replace', $text); } /** * Process and replace paths. preg_replace_callback() callback. */ function _pathologic_replace($matches) { // Get the base path. global $base_path; // Get the settings for the filter. Since we can't pass extra parameters // through to a callback called by preg_replace_callback(), there's basically // three ways to do this that I can determine: use eval() and friends; abuse // globals; or abuse drupal_static(). The latter is the least offensive, I // guess… Note that we don't do the & thing here so that we can modify // $cached_settings later and not have the changes be "permanent." $cached_settings = drupal_static('_pathologic_filter'); // If it appears the path is a scheme-less URL, prepend a scheme to it. // parse_url() cannot properly parse scheme-less URLs. Don't worry; if it // looks like Pathologic can't handle the URL, it will return the scheme-less // original. // @see https://drupal.org/node/1617944 // @see https://drupal.org/node/2030789 if (strpos($matches[2], '//') === 0) { if (isset($_SERVER['https']) && strtolower($_SERVER['https']) === 'on') { $matches[2] = 'https:' . $matches[2]; } else { $matches[2] = 'http:' . $matches[2]; } } // Now parse the URL after reverting HTML character encoding. // @see http://drupal.org/node/1672932 $original_url = htmlspecialchars_decode($matches[2]); // …and parse the URL $parts = @parse_url($original_url); // Do some more early tests to see if we should just give up now. if ( // If parse_url() failed, give up. $parts === FALSE || ( // If there's a scheme part and it doesn't look useful, bail out. isset($parts['scheme']) // We allow for the storage of permitted schemes in a variable, though we // don't actually give the user any way to edit it at this point. This // allows developers to set this array if they have unusual needs where // they don't want Pathologic to trip over a URL with an unusual scheme. // @see http://drupal.org/node/1834308 // "files" and "internal" are for Path Filter compatibility. && !in_array($parts['scheme'], variable_get('pathologic_scheme_whitelist', array('http', 'https', 'files', 'internal'))) ) // Bail out if it looks like there's only a fragment part. || (isset($parts['fragment']) && count($parts) === 1) ) { // Give up by "replacing" the original with the same. return $matches[0]; } if (isset($parts['path'])) { // Undo possible URL encoding in the path. // @see http://drupal.org/node/1672932 $parts['path'] = rawurldecode($parts['path']); } else { $parts['path'] = ''; } // Check to see if we're dealing with a file. // @todo Should we still try to do path correction on these files too? if (isset($parts['scheme']) && $parts['scheme'] === 'files') { // Path Filter "files:" support. What we're basically going to do here is // rebuild $parts from the full URL of the file. $new_parts = @parse_url(file_create_url(file_default_scheme() . '://' . $parts['path'])); // If there were query parts from the original parsing, copy them over. if (!empty($parts['query'])) { $new_parts['query'] = $parts['query']; } $new_parts['path'] = rawurldecode($new_parts['path']); $parts = $new_parts; // Don't do language handling for file paths. $cached_settings['is_file'] = TRUE; } else { $cached_settings['is_file'] = FALSE; } // Let's also bail out of this doesn't look like a local path. $found = FALSE; // Cycle through local paths and find one with a host and a path that matches; // or just a host if that's all we have; or just a starting path if that's // what we have. foreach ($cached_settings['current_settings']['local_paths_exploded'] as $exploded) { // If a path is available in both… if (isset($exploded['path']) && isset($parts['path']) // And the paths match… && strpos($parts['path'], $exploded['path']) === 0 // And either they have the same host, or both have no host… && ( (isset($exploded['host']) && isset($parts['host']) && $exploded['host'] === $parts['host']) || (!isset($exploded['host']) && !isset($parts['host'])) ) ) { // Remove the shared path from the path. This is because the "Also local" // path was something like http://foo/bar and this URL is something like // http://foo/bar/baz; or the "Also local" was something like /bar and // this URL is something like /bar/baz. And we only care about the /baz // part. $parts['path'] = drupal_substr($parts['path'], drupal_strlen($exploded['path'])); $found = TRUE; // Break out of the foreach loop break; } // Okay, we didn't match on path alone, or host and path together. Can we // match on just host? Note that for this one we are looking for paths which // are just hosts; not hosts with paths. elseif ((isset($parts['host']) && !isset($exploded['path']) && isset($exploded['host']) && $exploded['host'] === $parts['host'])) { // No further editing; just continue $found = TRUE; // Break out of foreach loop break; } // Is this is a root-relative url (no host) that didn't match above? // Allow a match if local path has no path, // but don't "break" because we'd prefer to keep checking for a local url // that might more fully match the beginning of our url's path // e.g.: if our url is /foo/bar we'll mark this as a match for // http://example.com but want to keep searching and would prefer a match // to http://example.com/foo if that's configured as a local path elseif (!isset($parts['host']) && (!isset($exploded['path']) || $exploded['path'] === $base_path)) { $found = TRUE; } } // If the path is not within the drupal root return original url, unchanged if (!$found) { return $matches[0]; } // Okay, format the URL. // If there's still a slash lingering at the start of the path, chop it off. $parts['path'] = ltrim($parts['path'],'/'); // Examine the query part of the URL. Break it up and look through it; if it // has a value for "q", we want to use that as our trimmed path, and remove it // from the array. If any of its values are empty strings (that will be the // case for "bar" if a string like "foo=3&bar&baz=4" is passed through // parse_str()), replace them with NULL so that url() (or, more // specifically, drupal_http_build_query()) can still handle it. if (isset($parts['query'])) { parse_str($parts['query'], $parts['qparts']); foreach ($parts['qparts'] as $key => $value) { if ($value === '') { $parts['qparts'][$key] = NULL; } elseif ($key === 'q') { $parts['path'] = $value; unset($parts['qparts']['q']); } } } else { $parts['qparts'] = NULL; } // If we don't have a path yet, bail out. if (!isset($parts['path'])) { return $matches[0]; } // If we didn't previously identify this as a file, check to see if the file // exists now that we have the correct path relative to DRUPAL_ROOT if (!$cached_settings['is_file']) { $cached_settings['is_file'] = !empty($parts['path']) && is_file(DRUPAL_ROOT . '/'. $parts['path']); } // Okay, deal with language stuff. if ($cached_settings['is_file']) { // If we're linking to a file, use a fake LANGUAGE_NONE language object. // Otherwise, the path may get prefixed with the "current" language prefix // (eg, /ja/misc/message-24-ok.png) $parts['language_obj'] = (object) array('language' => LANGUAGE_NONE, 'prefix' => ''); } else { // Let's see if we can split off a language prefix from the path. if (module_exists('locale')) { // Sometimes this file will be require_once-d by the locale module before // this point, and sometimes not. We require_once it ourselves to be sure. require_once DRUPAL_ROOT . '/includes/language.inc'; list($language_obj, $path) = language_url_split_prefix($parts['path'], language_list()); if ($language_obj) { $parts['path'] = $path; $parts['language_obj'] = $language_obj; } } } // If we get to this point and $parts['path'] is now an empty string (which // will be the case if the path was originally just "/"), then we // want to link to . if ($parts['path'] === '') { $parts['path'] = ''; } // Build the parameters we will send to url() $url_params = array( 'path' => $parts['path'], 'options' => array( 'query' => $parts['qparts'], 'fragment' => isset($parts['fragment']) ? $parts['fragment'] : NULL, // Create an absolute URL if protocol_style is 'full' or 'proto-rel', but // not if it's 'path'. 'absolute' => $cached_settings['current_settings']['protocol_style'] !== 'path', // If we seem to have found a language for the path, pass it along to // url(). Otherwise, ignore the 'language' parameter. 'language' => isset($parts['language_obj']) ? $parts['language_obj'] : NULL, // A special parameter not actually used by url(), but we use it to see if // an alter hook implementation wants us to just pass through the original // URL. 'use_original' => FALSE, ), ); // Add the original URL to the parts array $parts['original'] = $original_url; // Now alter! // @see http://drupal.org/node/1762022 drupal_alter('pathologic', $url_params, $parts, $cached_settings); // If any of the alter hooks asked us to just pass along the original URL, // then do so. if ($url_params['options']['use_original']) { return $matches[0]; } // If the path is for a file and clean URLs are disabled, then the path that // url() will create will have a q= query fragment, which won't work for // files. To avoid that, we use this trick to temporarily turn clean URLs on. // This is horrible, but it seems to be the sanest way to do this. // @see http://drupal.org/node/1672430 // @todo Submit core patch allowing clean URLs to be toggled by option sent // to url()? if (!empty($cached_settings['is_file'])) { $cached_settings['orig_clean_url'] = !empty($GLOBALS['conf']['clean_url']); if (!$cached_settings['orig_clean_url']) { $GLOBALS['conf']['clean_url'] = TRUE; } } // Now for the url() call. Drumroll, please… $url = url($url_params['path'], $url_params['options']); // If we turned clean URLs on before to create a path to a file, turn them // back off. if ($cached_settings['is_file'] && !$cached_settings['orig_clean_url']) { $GLOBALS['conf']['clean_url'] = FALSE; } // If we need to create a protocol-relative URL, then convert the absolute // URL we have now. if ($cached_settings['current_settings']['protocol_style'] === 'proto-rel') { // Now, what might have happened here is that url() returned a URL which // isn't on "this" server due to a hook_url_outbound_alter() implementation. // We don't want to convert the URL in that case. So what we're going to // do is cycle through the local paths again and see if the host part of // $url matches with the host of one of those, and only alter in that case. $url_parts = @parse_url($url); if (!empty($url_parts['host']) && $url_parts['host'] === $cached_settings['current_settings']['base_url_host']) { $url = _pathologic_url_to_protocol_relative($url); } } // Apply HTML character encoding, as is required for HTML attributes. // @see http://drupal.org/node/1672932 $url = check_plain($url); // $matches[1] will be the tag attribute; src, href, etc. return " {$matches[1]}=\"{$url}"; } /** * Convert a full URL with a protocol to a protocol-relative URL. * * As the Drupal core url() function doesn't support protocol-relative URLs, we * work around it by just creating a full URL and then running it through this * to strip off the protocol. * * Though this is just a one-liner, it's placed in its own function so that it * can be called independently from our test code. */ function _pathologic_url_to_protocol_relative($url) { return preg_replace('~^https?://~', '//', $url); } Ethics | MRC Centre for Regenerative Medicine
Leading science, pioneering therapies
Stem cells and regenerative medicine

Ethics

All medical advancements come with ethical considerations; learn about some of the ethical issues surrounding stem cells in medicine.

Regulation of stem cell research

Ethical considerations and discussions have always been part of medicine and research. These discussions can greatly influence rules and regulations that impact the work of researchers and clinicians. A misconception about stem cell research is that scientists can isolate stem cells whenever they like, create stem cell lines, and use these cells in tests as they wish. In reality, the UK has put in place specific regulations for the creation and use of stem cells. These regulations require scientists to submit research proposals to government agencies (the HFEA and the HTA) before creating or using human stem cells. Lawyers, clinicians, ethicists and other scientists evaluate the research proposals to make sure the use of stem cells is appropriate. If researchers want to carry out new experiments with stem cell lines they already made, a new proposal must be submitted for approval.

If approval is given to make new stem cells, UK regulations require that these cells are registered and stored in the UK Stem Cell Bank. The stem cell bank acts as a resource for other researchers to obtain stem cells lines and as a way for the UK to oversee what stem cell lines researchers are making. Scientists can get approval to use cells stored in the stem cell bank rather than making new stem cells. Using existing stem cell lines saves researchers time, labour and guarantees the cells are of consistent quality. It also helps avoid some ethical issues surrounding making new cell lines like embryonic stem cells.

  • Overview of stem cell regulation in EU countries on EuroStemCell.org.

Embryonic stem cells

Embryonic stem (ES) cells can differentiate into any other specialised cell in the body. Studying ES cells allows researchers to learn how the human body develops under normal conditions. Additionally, understanding how these cells are derived and function is essential for developing regenerative medicine treatments.

Ethical discussions surrounding ES cells focus on how ES cells are created. ES are derived in the laboratory from cells collected from a very early embryo, called a blastocyst. A blastocyst develops approximately 5 days after conception and has not yet implanted itself into the mother’s womb. Blastocysts are roughly 150 cells, which is very small, about the size of a pin head. Most blastocysts for scientific and medical research are donated by parents that have undergone an in vitro fertilization (IVF) treatment. The process of collecting ES cells destroys the blastocyst, however, most unused blastocysts from IVF treatments are destroyed anyway. Still, some people ask whether it is justifiable to destroy early embryos at all, even if the research on ES cells might help treat people with diseases and injuries. This ethical discussion has resulted in strict regulations that monitor who can: supply the blastocysts to make ES cells, generate ES cells, and use ES cells once made (see the above section on regulations). The UK government’s regulations on ES cells have attempted to find a balance between different perspectives and values of the UK people in this ES cell debate. Likewise, government rules vary from country to country as the citizens and their governments come to different conclusions on stem cell research.

To a certain extent technologies, such as induced pluripotent stem (iPS) cells, provide a way to end the use of ES cells and avoid ethical issues. However, the reality is that some research will always require the use of ES cells to understand things such as human development and to examine/compare the ability of iPS cells (or any other new cell technology) to differentiate. Also, it is important to realise that iPS cells present some of their own ethical concerns, further discussed below.

Induced pluripotent stem cells

Technologies to create induced pluripotent stem (iPS) cells, or other pluripotent cells, present researchers with exciting scientific possibilities as well as important ethical responsibilities that need to be well regulated. Shinya Yamanaka, the scientist who led the discovery of iPS cells, emphasises the need for regulation. For example, researchers have demonstrated they are able to make eggs and sperm from iPS cells. These reproductive cells were used to create mouse embryos that grew into live-born mice when hosted by a surrogate mother. Should iPS technologies be used to make human embryos from skin cells in a similar manner? Additionally, iPS cell technologies could permit men to make eggs from skin cells, and women to make sperm. This technology is not yet possible in humans, yet there is concern over how these procedures should be regulated.

Another ethical issue with iPS cells (and tissue stem cells) is deciding who owns them. Once iPS cells are created, are the cells the property of the creators, the donor, or both? Should iPS cells be provided to other patients with or without the consent of the original donor? These are just some ethical concerns still unanswered.

Research on animals

Research using animals has played and continues to play a key role in the advancement of medical, biological and veterinary science. It has made a vital contribution to the understanding, prevention, treatment and cure of a wide range of major health problems in both people and animals, including cancer, heart disease and diabetes. Presently, all new medical treatments in the UK, stem cell based or not, are required by law to be tested on animals to make sure they are safe before testing in people.

Medical research institutions have to follow very strict rules and regulations set and checked by the UK Government’s Home Office. These regulations aim to maximise animal welfare and minimise the use of animals as much as possible in research. Researchers must, by law, show that their research could not be carried out using non-animal alternative methods before it can be approved. Additionally, licences to use animals in research are only granted where the potential benefits of the work are likely to outweigh the effects on the animals concerned.

Replacement, Reduction and Refinement
In the UK, the legal and ethical use of animals in research is guided by the ‘3 Rs’ – Replacement, Reduction and Refinement. Researchers must replace animal studies with other research methods wherever possible; reduce the number of animals as far as possible while maintaining scientific rigor; and refine experimental and husbandry procedures to improve animal welfare and minimise potential distress. Scientists are developing new technologies to help them to achieve these aims. One such example is the development of technologies that use iPS cells to directly test drugs on a patient’s cells. However, new testing systems will never completely replace animal testing, as there are many biological systems too complex to be recreated in the laboratory. At present, testing the safety of treatments in animals is vital for rapid development of better and safer medicines.

  • More information about the use of animals in medical research on the Medical Research Council website.
  • More information on the University of Edinburgh website.

Affording stem cell treatments

Regenerative medicines, in theory, could be developed as personalised medicine, tailored to work specifically for each patient. As wonderful as personalised medicine sounds, this kind of medical treatment would be very costly. Stem cell technologies being created in today’s laboratories are time-consuming and very expensive. This raises questions of: Who will be able to afford these treatments? Will public healthcare include expensive regenerative medicines? Who will decide the balance between cost and a patient’s quality of life?

Ideas are needed to address the affordability and accessibility associated with regenerative medicines. One proposed idea is to create a Global Stem Cell Bank. One of the largest complications of transplanting organs, tissues and cells is immune system rejection of the transplant. The Global Stem Cell Bank could address this complication by carrying different types of stem cells that are matched to the immune system requirements of groups of patients, much like blood banks carry different blood types (A, B, O & Rh blood groups). Costs for making the stem cells could then be shared by everyone using the stem cell bank, making it much more affordable. Also, having stem cells already made, rather than taking weeks or months to make suitable stem cells in a lab, would allow treatments to be performed more quickly from the time of diagnosis.

Responsibility for personal health

Regenerative medicines may one day be able to cure injuries and treat many diseases and injuries. However, will this mean that people no longer need to worry about behaviour that leads to diseases and injuries? Will smokers be able to keep smoking, knowing they can just get fixed up? The same can be asked about other health issues, like heavy drinking, poor eating habits, drug abuse, and even injuries from extreme sports. Should costly regenerative medicine treatments be performed only if the patient is going to change his or her behaviour? Who should pay for treating these individuals if they will likely need to be re-treated in the future? Stem cell treatments may also allow individuals to live longer and longer. Questions about the costs associated with caring for an ageing population need to be asked as the average life span continues to rise.

Printer-friendly versionPrinter-friendly version