$templater->register('collapseobj_groupid', $collapseobj_groupid); $templater->register('groupid', $groupid); $templater->register('groupname', $groupname); $templater->register('messagelistbits', $messagelistbits); $templater->register('messagesingroup', $messagesingroup); $messagelist_periodgroups .= $templater->render(); } if ($desc) { unset($search['order']); } $sorturl = urlimplode($search); // build pagenav $pagenav = construct_page_nav($pagenumber, $perpage, $totalmessages, 'private.php?' . $vbulletin->session->vars['sessionurl'] . 'folderid=' . $vbulletin->GPC['folderid'] . '&pp=' . $vbulletin->GPC['perpage'] . '&' . $sorturl); $sortfield = $search['sort']; unset($search['sort']); $sorturl = 'private.php?' . $vbulletin->session->vars['sessionurl'] . 'folderid=' . $vbulletin->GPC['folderid'] . ($searchurl = urlimplode($search) ? '&' . $searchurl : ''); $oppositesort = $desc ? 'asc' : 'desc'; $orderlinks = array('date' => $sorturl . '&sort=date' . ($sortfield == 'date' ? '&order=' . $oppositesort : ''), 'title' => $sorturl . '&sort=title' . ($sortfield == 'title' ? '&order=' . $oppositesort : '&order=asc'), 'sender' => $sorturl . '&sort=sender' . ($sortfield == 'sender' ? '&order=' . $oppositesort : '&order=asc')); $templater = vB_Template::create('forumdisplay_sortarrow'); $templater->register('oppositesort', $oppositesort); $sortarrow["{$sortfield}"] = $templater->render(); // values for filters $startdate = fetch_datearray_from_timestamp($search['startdate'] ? $search['startdate'] : strtotime('last month', TIMENOW)); $enddate = fetch_datearray_from_timestamp($search['enddate'] ? $search['enddate'] : TIMENOW); $startmonth[$startdate[month]] = 'selected="selected"'; $endmonth[$enddate[month]] = 'selected="selected"'; $readselection[$search['read']] = 'selected="selected"'; $templater = vB_Template::create('pm_filter'); $templater->register('enddate', $enddate); $templater->register('endmonth', $endmonth); $templater->register('order', $order);
/** * Verify Friendly URL * Ensures the requested URL was in the correct format according to the * friendlyurl option. If not, throw a 301 to the correct route. */ public function assertFriendlyUrl() { // API don't need to redirect if (defined('VB_API') and VB_API === true) { return; } // Only redirect on GET if ('GET' != $_SERVER['REQUEST_METHOD']) { return; } // If this route isn't valid then we'll be 404'ing anyway if (!$this->isValid()) { return; } // If we don't have an entry path then there's nothing to do if (!($request_path = vB_Router::getEntryPath())) { return; } // Allow hooks to handle non canonical urls ($hook = vBulletinHook::fetch_hook('friendlyurl_redirect_canonical_route')) ? eval($hook) : false; // Check if we should be enforcing the canonical url if (vB_Friendly_Url::CANON_OFF == vB::$vbulletin->options['friendlyurl_canonical']) { return; } // Only redirect guests and search engines if (vB::$vbulletin->userinfo['userid'] and !vB::$vbulletin->options['friendlyurl_canonical_registered']) { return; } // Get the canonical path if (!isset($canonical_path)) { $canonical_path = $this->getRoutePath(false, vB_Friendly_Url::CANON_STRICT == vB::$vbulletin->options['friendlyurl_canonical'], true); } // Whether the request was canonical $canonical = true; // If no route path is specified then only rewrite can differ if ($request_path == VB_ROUTER_SEGMENT) { //This looks like a bug. The second "==" should be an "AND". This is based on the fact that how its written doesn't //make a lot of sense and the behavior with the change is more consistant. However its a bug with senority at this //point and fixing it will change how urls behave. For the time being leaving it alone is better than the risk of //changing it. if ((FRIENDLY_URL == FRIENDLY_URL_REWRITE) == (vB::$vbulletin->options['friendlyurl'] == FRIENDLY_URL_REWRITE)) { return; } } // Check the Friendly URL method if (FRIENDLY_URL !== intval(vB::$vbulletin->options['friendlyurl'])) { $canonical = false; } // Check URI if ($canonical and vB_Friendly_URL::CANON_STRICT == vB::$vbulletin->options['friendlyurl_canonical']) { if ($request_path != $canonical_path) { // request may have been in the current charset, try utf-8 $request_path = to_utf8($request_path, vB::$vbulletin->userinfo['lang_charset']); if ($request_path != $canonical_path) { $canonical = false; } } } // Redirect if incorrect if (!$canonical) { // Get the raw redirect url $url = $this->getCurrentURL(null, null, '', false, true); // add any query vars $vars = $_GET; unset($vars[vB::$vbulletin->options['route_requestvar']]); unset($vars['pagenumber']); // Remove duplicate created by shortvar code if (!empty($vars)) { $url .= (strpos($url, '?') ? '&' : '?') . urlimplode($vars, false, true); } //do a quick check to ensure that we aren't trying to redirect to the url //we came in on. This is needed primarily because of a special case where the //friendly url logic doesn't correctly detect the rewrite URL version of the //incoming link and will attempt to redirect because they don't match. $url = create_full_url($url); $cleaned_url = vB::$vbulletin->input->xss_clean(vB::$vbulletin->input->strip_sessionhash($url)); $cleaned_url = $this->domain_to_lower($cleaned_url); //if ($url != VB_URL_CLEAN) if (urldecode($cleaned_url) != urldecode($this->domain_to_lower(VB_URL_CLEAN))) { // redirect to the canonical url exec_header_redirect($url, 301); } } }
function do_get_pms() { global $vbulletin, $db, $messagecounters; if (!$vbulletin->userinfo['userid']) { json_error(ERR_INVALID_LOGGEDIN, RV_NOT_LOGGED_IN); } $vbulletin->input->clean_array_gpc('r', array('folderid' => TYPE_INT, 'perpage' => TYPE_UINT, 'pagenumber' => TYPE_UINT)); // Fetch PM unread count $result = $db->query_read_slave("\n\tSELECT COUNT(messageread) AS unread\n\tFROM " . TABLE_PREFIX . "pm\n\tWHERE userid = " . $vbulletin->userinfo['userid'] . "\n\tAND messageread = 0"); $unread = 0; if ($row = $db->fetch_array($result)) { $unread = $row['unread']; } $pm_out = array(); // vBulletin Code Begin $folderjump = construct_folder_jump(0, $vbulletin->GPC['folderid']); $foldername = $foldernames["{$vbulletin->GPC['folderid']}"]; // count receipts $receipts = $db->query_first_slave("\n\t\tSELECT\n\t\t\tSUM(IF(readtime <> 0, 1, 0)) AS confirmed,\n\t\t\tSUM(IF(readtime = 0, 1, 0)) AS unconfirmed\n\t\tFROM " . TABLE_PREFIX . "pmreceipt\n\t\tWHERE userid = " . $vbulletin->userinfo['userid']); // get ignored users $ignoreusers = preg_split('#\\s+#s', $vbulletin->userinfo['ignorelist'], -1, PREG_SPLIT_NO_EMPTY); $totalmessages = intval($messagecounters["{$vbulletin->GPC['folderid']}"]); // build pm counters bar, folder is 100 if we have no quota so red shows on the main bar $tdwidth = array(); $tdwidth['folder'] = $permissions['pmquota'] ? ceil($totalmessages / $permissions['pmquota'] * 100) : 100; $tdwidth['total'] = $permissions['pmquota'] ? ceil($vbulletin->userinfo['pmtotal'] / $permissions['pmquota'] * 100) - $tdwidth['folder'] : 0; $tdwidth['quota'] = 100 - $tdwidth['folder'] - $tdwidth['total']; $show['thisfoldertotal'] = iif($tdwidth['folder'], true, false); $show['allfolderstotal'] = iif($tdwidth['total'], true, false); $show['pmicons'] = iif($vbulletin->options['privallowicons'], true, false); // build navbar $navbits[''] = $foldernames["{$vbulletin->GPC['folderid']}"]; if ($totalmessages == 0) { $show['messagelist'] = false; } else { $show['messagelist'] = true; $vbulletin->input->clean_array_gpc('r', array('sort' => TYPE_NOHTML, 'order' => TYPE_NOHTML, 'searchtitle' => TYPE_NOHTML, 'searchuser' => TYPE_NOHTML, 'startdate' => TYPE_UNIXTIME, 'enddate' => TYPE_UNIXTIME, 'searchread' => TYPE_UINT)); $search = array('sort' => 'sender' == $vbulletin->GPC['sort'] ? 'sender' : ('title' == $vbulletin->GPC['sort'] ? 'title' : 'date'), 'order' => $vbulletin->GPC['order'] == 'asc' ? 'asc' : 'desc', 'searchtitle' => $vbulletin->GPC['searchtitle'], 'searchuser' => $vbulletin->GPC['searchuser'], 'startdate' => $vbulletin->GPC['startdate'], 'enddate' => $vbulletin->GPC['enddate'], 'read' => $vbulletin->GPC['searchread']); // make enddate inclusive $search['enddate'] = $search['enddate'] ? $search['enddate'] + 86400 : 0; $show['openfilter'] = ($search['searchtitle'] or $search['searchuser'] or $search['startdate'] or $search['enddate']); $sortfield = 'sender' == $search['sort'] ? 'pmtext.fromusername' : ('title' == $search['sort'] ? 'pmtext.title' : 'pmtext.dateline'); $desc = $search['order'] == 'desc'; //($hook = vBulletinHook::fetch_hook('private_messagelist_filter')) ? eval($hook) : false; // get a sensible value for $perpage sanitize_pageresults($totalmessages, $vbulletin->GPC['pagenumber'], $vbulletin->GPC['perpage'], $vbulletin->options['pmmaxperpage'], $vbulletin->options['pmperpage']); // work out the $startat value $startat = ($vbulletin->GPC['pagenumber'] - 1) * $vbulletin->GPC['perpage']; $perpage = $vbulletin->GPC['perpage']; $pagenumber = $vbulletin->GPC['pagenumber']; // array to store private messages in period groups $pm_period_groups = array(); $need_sql_calc_rows = ($search['searchtitle'] or $search['searchuser'] or $search['startdate'] or $search['enddate'] or $search['read']); $readstatus = array(0 => '', 1 => '= 0', 2 => '> 0', 3 => '< 2', 4 => '= 2'); $readstatus = $search['read'] == 0 ? '' : 'AND pm.messageread ' . $readstatus[$search['read']]; // query private messages $pms = $db->query_read_slave("\n\t\t\tSELECT " . ($need_sql_calc_rows ? 'SQL_CALC_FOUND_ROWS' : '') . " pm.*, pmtext.*\n\t\t\t\t" . iif($vbulletin->options['privallowicons'], ", icon.title AS icontitle, icon.iconpath") . "\n\t\t\tFROM " . TABLE_PREFIX . "pm AS pm\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "pmtext AS pmtext ON(pmtext.pmtextid = pm.pmtextid)\n\t\t\t" . iif($vbulletin->options['privallowicons'], "LEFT JOIN " . TABLE_PREFIX . "icon AS icon ON(icon.iconid = pmtext.iconid)") . "\n\t\t\tWHERE pm.userid=" . $vbulletin->userinfo['userid'] . " AND pm.folderid=" . $vbulletin->GPC['folderid'] . ($search['searchtitle'] ? " AND pmtext.title LIKE '%" . $vbulletin->db->escape_string($search['searchtitle']) . "%'" : '') . ($search['searchuser'] ? " AND pmtext.fromusername LIKE '%" . $vbulletin->db->escape_string($search['searchuser']) . "%'" : '') . ($search['startdate'] ? " AND pmtext.dateline >= {$search['startdate']}" : '') . ($search['enddate'] ? " AND pmtext.dateline <= {$search['enddate']}" : '') . "\n\t\t\t{$readstatus}\n\t\t\tORDER BY {$sortfield} " . ($desc ? 'DESC' : 'ASC') . "\n\t\t\tLIMIT {$startat}, " . $vbulletin->GPC['perpage'] . "\n\t\t"); while ($pm = $db->fetch_array($pms)) { if ('title' == $search['sort']) { $pm_period_groups[fetch_char_group($pm['title'])]["{$pm['pmid']}"] = $pm; } else { if ('sender' == $search['sort']) { $pm_period_groups["{$pm['fromusername']}"]["{$pm['pmid']}"] = $pm; } else { $pm_period_groups[fetch_period_group($pm['dateline'])]["{$pm['pmid']}"] = $pm; } } } $db->free_result($pms); // ensure other group is last if (isset($pm_period_groups['other'])) { $pm_period_groups = $desc ? array_merge($pm_period_groups, array('other' => $pm_period_groups['other'])) : array_merge(array('other' => $pm_period_groups['other']), $pm_period_groups); } // display returned messages $show['pmcheckbox'] = true; require_once DIR . '/includes/functions_bigthree.php'; foreach ($pm_period_groups as $groupid => $pms) { if ('date' == $search['sort'] and preg_match('#^(\\d+)_([a-z]+)_ago$#i', $groupid, $matches)) { $groupname = construct_phrase($vbphrase["x_{$matches['2']}_ago"], $matches[1]); } else { if ('title' == $search['sort'] or 'date' == $search['sort']) { if ('older' == $groupid and sizeof($pm_period_groups) == 1) { $groupid = 'old_messages'; } $groupname = $vbphrase["{$groupid}"]; } else { $groupname = $groupid; } } $groupid = $vbulletin->GPC['folderid'] . '_' . $groupid; $collapseobj_groupid =& $vbcollapse["collapseobj_pmf{$groupid}"]; $collapseimg_groupid =& $vbcollapse["collapseimg_pmf{$groupid}"]; $messagesingroup = sizeof($pms); $messagelistbits = ''; foreach ($pms as $pmid => $pm) { if (in_array($pm['fromuserid'], $ignoreusers)) { // from user is on Ignore List //eval('$messagelistbits .= "' . fetch_template('pm_messagelistbit_ignore') . '";'); } else { switch ($pm['messageread']) { case 0: // unread $pm['statusicon'] = 'new'; break; case 1: // read $pm['statusicon'] = 'old'; break; case 2: // replied to $pm['statusicon'] = 'replied'; break; case 3: // forwarded $pm['statusicon'] = 'forwarded'; break; } $pm['senddate'] = vbdate($vbulletin->options['dateformat'], $pm['dateline']); $pm['sendtime'] = vbdate($vbulletin->options['timeformat'], $pm['dateline']); // get userbit if ($vbulletin->GPC['folderid'] == -1) { $users = unserialize($pm['touserarray']); $touser = array(); $tousers = array(); if (!empty($users)) { foreach ($users as $key => $item) { if (is_array($item)) { foreach ($item as $subkey => $subitem) { $touser["{$subkey}"] = $subitem; } } else { $touser["{$key}"] = $item; } } uasort($touser, 'strnatcasecmp'); } foreach ($touser as $userid => $username) { //eval('$tousers[] = "' . fetch_template('pm_messagelistbit_user') . '";'); } $userbit = implode(', ', $tousers); } else { $userid =& $pm['fromuserid']; $username =& $pm['fromusername']; //eval('$userbit = "' . fetch_template('pm_messagelistbit_user') . '";'); } $show['pmicon'] = iif($pm['iconpath'], true, false); $show['unread'] = iif(!$pm['messageread'], true, false); //($hook = vBulletinHook::fetch_hook('private_messagelist_messagebit')) ? eval($hook) : false; //eval('$messagelistbits .= "' . fetch_template('pm_messagelistbit') . '";'); } $to_users = unserialize($pm['touserarray']); $users = array(); if ($to_users !== false) { if ($to_users['cc']) { $users = $to_users['cc']; } } if (!is_array($users)) { $users = array(); } $pm_new = 0; switch ($pm['messageread']) { case 0: $pm_new = 1; break; case 1: $pm_new = 0; break; case 2: $pm_new = 2; break; } $avatarurl = ''; $userinfoavatar = fetch_userinfo($pm['fromuserid'], FETCH_USERINFO_AVATAR); fetch_avatar_from_userinfo($userinfoavatar, true, false); if ($userinfoavatar['avatarurl'] != '') { $avatarurl = process_avatarurl($userinfoavatar['avatarurl']); } unset($userinfoavatar); $tmp = array('id' => $pm['pmid'], 'new_pm' => $pm_new, 'username' => prepare_utf8_string(strip_tags($pm['fromusername'])), 'to_usernames' => prepare_utf8_string(implode('; ', $users)), 'title' => prepare_utf8_string($pm['title']), 'message' => prepare_utf8_string(htmlspecialchars_uni(fetch_censored_text(strip_bbcode(strip_quotes($pm['message']), false, true)))), 'pm_timestamp' => prepare_utf8_string(date_trunc($pm['senddate'] . ' ' . $pm['sendtime']))); if ($avatarurl != '') { $tmp['avatarurl'] = $avatarurl; } $pm_out[] = $tmp; } // free up memory not required any more unset($pm_period_groups["{$groupid}"]); //($hook = vBulletinHook::fetch_hook('private_messagelist_period')) ? eval($hook) : false; // build group template //eval('$messagelist_periodgroups .= "' . fetch_template('pm_messagelist_periodgroup') . '";'); } if ($desc) { unset($search['order']); } $sorturl = urlimplode($search); // build pagenav if ($need_sql_calc_rows) { list($totalmessages) = $vbulletin->db->query_first_slave("SELECT FOUND_ROWS()", DBARRAY_NUM); } $pagenav = construct_page_nav($pagenumber, $perpage, $totalmessages, 'private.php?' . $vbulletin->session->vars['sessionurl'] . 'folderid=' . $vbulletin->GPC['folderid'] . '&pp=' . $vbulletin->GPC['perpage'] . '&' . $sorturl); $sortfield = $search['sort']; unset($search['sort']); $sorturl = 'private.php?' . $vbulletin->session->vars['sessionurl'] . 'folderid=' . $vbulletin->GPC['folderid'] . ($searchurl = urlimplode($search) ? '&' . $searchurl : ''); $oppositesort = $desc ? 'asc' : 'desc'; $orderlinks = array('date' => $sorturl . '&sort=date' . ($sortfield == 'date' ? '&order=' . $oppositesort : ''), 'title' => $sorturl . '&sort=title' . ($sortfield == 'title' ? '&order=' . $oppositesort : '&order=asc'), 'sender' => $sorturl . '&sort=sender' . ($sortfield == 'sender' ? '&order=' . $oppositesort : '&order=asc')); //eval('$sortarrow["$sortfield"] = "' . fetch_template('forumdisplay_sortarrow') . '";'); // values for filters $startdate = fetch_datearray_from_timestamp($search['startdate'] ? $search['startdate'] : strtotime('last month', TIMENOW)); $enddate = fetch_datearray_from_timestamp($search['enddate'] ? $search['enddate'] : TIMENOW); $startmonth[$startdate[month]] = 'selected="selected"'; $endmonth[$enddate[month]] = 'selected="selected"'; $readselection[$search['read']] = 'selected="selected"'; //eval('$sortfilter = "' . fetch_template('pm_filter') . '";'); } if ($vbulletin->GPC['folderid'] == -1) { $show['sentto'] = true; $show['movetofolder'] = false; } else { $show['sentto'] = false; $show['movetofolder'] = true; } return array('pms' => $pm_out, 'total_pms' => $totalmessages, 'unread_pms' => $unread); }
while ($parent_items->fetch()) { // Create parent menu Item if ($user->can_accessPage($p_PID)) { $menu = ' <ul class="nav nav-sidebar">' . PHP_EOL; if (($p_cat2 == WebApp::get('cat2') || $p_cat2 == 'admin' && WebApp::get('cat2') === NULL) && $p_cat3 == WebApp::get('cat3')) { $menu .= ' <li class="active">'; } else { $menu .= ' <li>'; } $url = array(); if ($p_cat2 != 'admin') { $url[1] = 'admin'; } $url[2] = $p_cat2; $url[3] = $p_cat3; $menu .= '<a href="' . urlimplode($url) . '">' . $p_title . '</a></li>' . PHP_EOL; // Create children items if ($p_cat2 == WebApp::get('cat2')) { $child_items->bind_param('i', $p_ID); $child_items->bind_result($c_ID, $c_PID, $c_title, $c_cat2, $c_cat3); $child_items->execute(); $child_items->store_result(); if ($child_items->num_rows != 0) { while ($child_items->fetch()) { if ($user->can_accessPage($c_PID)) { if ($c_cat2 == WebApp::get('cat2') && $c_cat3 == WebApp::get('cat3')) { $menu .= ' <li class="active">'; } else { $menu .= ' <li>'; } $menu .= '<a href="/admin/' . $c_cat2 . '/' . $c_cat3 . '">' . $c_title . '</a></li>' . PHP_EOL;
/** * Verify Friendly URL * Ensures the requested URL was in the correct format according to the * friendlyurl option. If not, throw a 301 to the correct route. */ public function assertFriendlyUrl() { // Only redirect on GET if ('GET' != $_SERVER['REQUEST_METHOD']) { return; } // If this route isn't valid then we'll be 404'ing anyway if (!$this->isValid()) { return; } // If we don't have an entry path then there's nothing to do if (!($request_path = vB_Router::getEntryPath())) { return; } // Allow hooks to handle non canonical urls ($hook = vBulletinHook::fetch_hook('friendlyurl_redirect_canonical_route')) ? eval($hook) : false; // Check if we should be enforcing the canonical url if (vB_Friendly_Url::CANON_OFF == vB::$vbulletin->options['friendlyurl_canonical']) { return; } // Only redirect guests and search engines if (vB::$vbulletin->userinfo['userid'] AND !vB::$vbulletin->options['friendlyurl_canonical_registered']) { return; } // Get the canonical path if (!isset($canonical_path)) { $canonical_path = $this->getRoutePath(false, (vB_Friendly_Url::CANON_STRICT == vB::$vbulletin->options['friendlyurl_canonical']), true); } // Whether the request was canonical $canonical = true; // If no route path is specified then only rewrite can differ if ($request_path == VB_ROUTER_SEGMENT) { if ((FRIENDLY_URL == FRIENDLY_URL_REWRITE) == (vB::$vbulletin->options['friendlyurl'] == FRIENDLY_URL_REWRITE)) { return; } } // Check the Friendly URL method if (FRIENDLY_URL !== intval(vB::$vbulletin->options['friendlyurl'])) { $canonical = false; } // Check URI if ($canonical AND (vB_Friendly_URL::CANON_STRICT == vB::$vbulletin->options['friendlyurl_canonical'])) { if ($request_path != $canonical_path) { // request may have been in the current charset, try utf-8 $request_path = to_utf8($request_path, vB::$vbulletin->userinfo['lang_charset']); if ($request_path != $canonical_path) { $canonical = false; } } } // Redirect if incorrect if (!$canonical) { // Get the raw redirect url $url = $this->getCurrentURL(null, null, '', false, true); // add any query vars $vars = $_GET; unset($vars[vB::$vbulletin->options['route_requestvar']]); if (!empty($vars)) { $url .= (strpos($url, '?') ? '&' : '?') . urlimplode($vars, false, true); } // redirect to the canonical url exec_header_redirect($url, 301); } }