public static function filterXmlInput(array $filters, $xmlrpc_params) { global $db, $mybb; require_once MYBB_ROOT . $mybb->settings['tapatalk_directory'] . '/emoji/emoji.class.php'; $params = php_xmlrpc_decode($xmlrpc_params); // handle upload requests etc. if (empty($params) && !empty($_POST['method_name'])) { $params = array(); foreach ($filters as $name => $type) { if (isset($_POST[$name])) { $params[] = $_POST[$name]; } } } $data = array(); $i = 0; foreach ($filters as $name => $type) { switch ($type) { case self::INT: if (isset($params[$i])) { $data[$name] = intval($params[$i]); } else { $data[$name] = 0; } break; case self::ALPHASTRING: if (isset($params[$i])) { $data[$name] = preg_replace("#[^a-z\\.\\-_]#i", "", $params[$i]); } else { $data[$name] = ''; } $data[$name . '_esc'] = $db->escape_string($data[$name]); break; case self::STRING: if (isset($params[$i])) { if ($name == 'subject' || $name == 'post_title' || $name == 'title') { $data[$name] = tapatalkEmoji::covertUnifiedToEmpty($params[$i]); } else { $data[$name] = tapatalkEmoji::covertEmojiToName($params[$i]); } } else { $data[$name] = ''; } $data[$name . '_esc'] = $db->escape_string($data[$name]); break; case self::RAW: $data[$name] = $params[$i]; break; } $i++; } return $data; }
function get_quote_pm_func($xmlrpc_params) { global $db, $lang, $theme, $plugins, $mybb, $session, $settings, $cache, $time, $mybbgroups; require_once MYBB_ROOT . $mybb->settings['tapatalk_directory'] . '/emoji/emoji.class.php'; $input = Tapatalk_Input::filterXmlInput(array('message_id' => Tapatalk_Input::INT), $xmlrpc_params); $lang->load("private"); $parser = new postParser(); if ($mybb->settings['enablepms'] == 0) { return xmlrespfalse($lang->pms_disabled); } if ($mybb->user['uid'] == '/' || $mybb->user['uid'] == 0 || $mybb->usergroup['canusepms'] == 0) { return tt_no_permission(); } if (!$mybb->user['pmfolders']) { $mybb->user['pmfolders'] = "1**\$%%\$2**\$%%\$3**\$%%\$4**"; $sql_array = array("pmfolders" => $mybb->user['pmfolders']); $db->update_query("users", $sql_array, "uid = " . $mybb->user['uid']); } $rand = my_rand(0, 9); if ($rand == 5) { update_pm_count(); } $foldernames = array(); $foldersexploded = explode("\$%%\$", $mybb->user['pmfolders']); foreach ($foldersexploded as $key => $folders) { $folderinfo = explode("**", $folders, 2); $folderinfo[1] = get_pm_folder_name($folderinfo[0], $folderinfo[1]); $foldernames[$folderinfo[0]] = $folderinfo[1]; } if ($mybb->usergroup['cansendpms'] == 0) { return tt_no_permission(); } $query = $db->query("\n\t\tSELECT pm.*, u.username AS quotename\n\t\tFROM " . TABLE_PREFIX . "privatemessages pm\n\t\tLEFT JOIN " . TABLE_PREFIX . "users u ON (u.uid=pm.fromid)\n\t\tWHERE pm.pmid='{$input['message_id']}' AND pm.uid='" . $mybb->user['uid'] . "'\n\t"); $pm = $db->fetch_array($query); $message = $pm['message']; $subject = $pm['subject']; $subject = preg_replace("#(FW|RE):( *)#is", '', $subject); $message = "[quote={$pm['quotename']}]\n{$message}\n[/quote]"; $message = preg_replace('#^/me (.*)$#im', "* " . $pm['quotename'] . " \\1", $message); $subject = "Re: {$subject}"; $result = new xmlrpcval(array('result' => new xmlrpcval(true, 'boolean'), 'result_text' => new xmlrpcval('', 'base64'), 'msg_id' => new xmlrpcval($pm['pmid'], 'string'), 'msg_subject' => new xmlrpcval($subject, 'base64'), 'text_body' => new xmlrpcval(tapatalkEmoji::covertNameToEmoji($message), 'base64')), 'struct'); return new xmlrpcresp($result); }
function process_post($post, $returnHtml = false) { global $mybb; require_once MYBB_ROOT . $mybb->settings['tapatalk_directory'] . '/emoji/emoji.class.php'; $post = tapatalkEmoji::covertHtmlToEmoji($post); if ($returnHtml) { //$post = str_replace("&", '&', $post); //$post = str_replace("<", '<', $post); //$post = str_replace(">", '>', $post); // handled by post parser nl2br option //$post = str_replace("\r", '', $post); //$post = str_replace("\n", '<br />', $post); $post = str_replace('[hr]', '<br />____________________________________<br />', $post); } else { $post = strip_tags($post); $post = html_entity_decode($post, ENT_QUOTES, 'UTF-8'); $post = str_replace('[hr]', "\n____________________________________\n", $post); } //mybb 1.8 $array_reg = array(array('reg' => '/\\[img(.*?)\\](.*?)\\[\\/img\\]/si', 'replace' => "[img]\$2[/img]"), array('reg' => '/\\[video=(.*?)\\](.*?)\\[\\/video\\]/si', 'replace' => '[url=$2]$1[/url]'), array('reg' => '/\\[s\\](.*?)\\[\\/s\\]/si', 'replace' => '$1')); foreach ($array_reg as $arr) { $post = preg_replace($arr['reg'], $arr['replace'], $post); } $post = str_replace("$", '$', $post); $post = trim($post); // remove link on img //$post = preg_replace('/\[url=[^\]]*?\]\s*(\[img\].*?\[\/img\])\s*\[\/url\]/si', '$1', $post); if ($returnHtml) { $post = preg_replace('/\\[ttcode\\](.*?)\\[\\/ttcode\\]/sei', "'[code]'.base64_decode(html_entity_decode('\$1', ENT_QUOTES, 'UTF-8')).'[/code]'", $post); } else { $post = preg_replace('/\\[ttcode\\](.*?)\\[\\/ttcode\\]/sei', "'[code]'.base64_decode('\$1').'[/code]'", $post); } return $post; }
function get_raw_post_func($xmlrpc_params) { global $db, $lang, $theme, $plugins, $mybb, $session, $settings, $cache, $time, $mybbgroups; require_once MYBB_ROOT . $mybb->settings['tapatalk_directory'] . '/emoji/emoji.class.php'; $lang->load("editpost"); $input = Tapatalk_Input::filterXmlInput(array('post_id' => Tapatalk_Input::INT), $xmlrpc_params); // No permission for guests if (!$mybb->user['uid']) { return tt_no_permission(); } // Get post info $pid = $input['post_id']; $query = $db->simple_select("posts", "*", "pid='{$pid}'"); $post = $db->fetch_array($query); if (!$post['pid']) { return xmlrespfalse($lang->error_invalidpost); } // Get thread info $tid = $post['tid']; $thread = get_thread($tid); if (!$thread['tid']) { return xmlrespfalse($lang->error_invalidthread); } $thread['subject'] = htmlspecialchars_uni($thread['subject']); // Get forum info $fid = $post['fid']; $forum = get_forum($fid); if (!$forum || $forum['type'] != "f") { return xmlrespfalse($lang->error_closedinvalidforum); } if ($forum['open'] == 0 || $mybb->user['suspendposting'] == 1) { return tt_no_permission(); } $forumpermissions = forum_permissions($fid); if (!is_moderator($fid, "caneditposts")) { if ($thread['closed'] == 1) { return xmlrespfalse($lang->redirect_threadclosed); } if ($forumpermissions['caneditposts'] == 0) { return tt_no_permission(); } if ($mybb->user['uid'] != $post['uid']) { return tt_no_permission(); } // Edit time limit $time = TIME_NOW; if ($mybb->settings['edittimelimit'] != 0 && $post['dateline'] < $time - $mybb->settings['edittimelimit'] * 60) { $lang->edit_time_limit = $lang->sprintf($lang->edit_time_limit, $mybb->settings['edittimelimit']); return xmlrespfalse($lang->edit_time_limit); } } // Check if this forum is password protected and we have a valid password tt_check_forum_password($forum['fid']); if ($forumpermissions['canpostattachments'] != 0) { // Get a listing of the current attachments, if there are any $attachcount = 0; global $attachcache; $query = $db->simple_select("attachments", "*", "pid='{$pid}'"); $attachments = ''; while ($attachment = $db->fetch_array($query)) { $attachcache[$attachment['pid']][$attachment['aid']] = $attachment; $attachcount++; } } $attachment_list = array(); if ($attachcount) { $attachment_list = process_post_attachments($post['pid'], $post, true); } $result = new xmlrpcval(array('post_id' => new xmlrpcval($post['pid'], 'string'), 'post_title' => new xmlrpcval($post['subject'], 'base64'), 'post_content' => new xmlrpcval(tapatalkEmoji::covertNameToEmoji($post['message']), 'base64'), 'attachments' => new xmlrpcval($attachment_list, 'array'), 'group_id' => new xmlrpcval($post['posthash']), 'show_reason' => new xmlrpcval($mybb->settings['alloweditreason'] && version_compare($mybb->version, '1.8.0', '>='), 'boolean'), 'edit_reason' => new xmlrpcval($post['editreason'], 'base64')), 'struct'); return new xmlrpcresp($result); }
function get_quote_post_func($xmlrpc_params) { global $db, $lang, $theme, $plugins, $mybb, $session, $settings, $cache, $time, $mybbgroups; require_once MYBB_ROOT . $mybb->settings['tapatalk_directory'] . '/emoji/emoji.class.php'; $input = Tapatalk_Input::filterXmlInput(array('post_id' => Tapatalk_Input::STRING), $xmlrpc_params); $lang->load("newreply"); $parser = new postParser(); $pids = explode('-', $input['post_id']); $message = ''; foreach ($pids as $pid) { $query = $db->simple_select("posts", "tid", "pid = '{$pid}'"); if ($db->num_rows($query) == 0) { return xmlrespfalse("Invalid post"); } $post = $db->fetch_array($query); $tid = $post['tid']; $options = array("limit" => 1); $query = $db->simple_select("threads", "*", "tid='" . $tid . "'"); if ($db->num_rows($query) == 0) { return xmlrespfalse($lang->error_invalidthread); } $thread = $db->fetch_array($query); $fid = $thread['fid']; // Get forum info $forum = get_forum($fid); if (!$forum) { return xmlrespfalse($lang->error_invalidforum); } $forumpermissions = forum_permissions($fid); if ($thread['visible'] == 0 && !is_moderator($fid) || $thread['visible'] < 0) { return xmlrespfalse($lang->error_invalidthread); } if ($forum['open'] == 0 || $forum['type'] != "f") { return xmlrespfalse($lang->error_closedinvalidforum); } if ($mybb->user['uid'] < 1 || $forumpermissions['canview'] == 0 || $forumpermissions['canpostreplys'] == 0 || $mybb->user['suspendposting'] == 1) { return tt_no_permission(); } if ($forumpermissions['canonlyviewthreads'] == 1 && $thread['uid'] != $mybb->user['uid']) { return tt_no_permission(); } tt_check_forum_password($forum['fid']); // Check to see if the thread is closed, and if the user is a mod. if (!is_moderator($fid, "caneditposts")) { if ($thread['closed'] == 1) { return xmlrespfalse($lang->redirect_threadclosed); } } // Is the currently logged in user a moderator of this forum? if (is_moderator($fid)) { $ismod = true; } else { $ismod = false; } $unviewable_forums = get_unviewable_forums(); if ($unviewable_forums) { $unviewable_forums = "AND t.fid NOT IN ({$unviewable_forums})"; } if (is_moderator($fid)) { $visible_where = "AND p.visible != 2"; } else { $visible_where = "AND p.visible > 0"; } require_once MYBB_ROOT . "inc/functions_posting.php"; $query = $db->query("\n\t\t\tSELECT p.subject, p.message, p.pid, p.tid, p.username, p.dateline, u.username AS userusername\n\t\t\tFROM " . TABLE_PREFIX . "posts p\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "threads t ON (t.tid=p.tid)\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "users u ON (u.uid=p.uid)\n\t\t\tWHERE p.pid = {$pid} {$unviewable_forums} {$visible_where}\n\t\t"); $load_all = intval($mybb->input['load_all_quotes']); if ($db->num_rows($query) == 0) { return xmlrespfalse("Invalid post"); } $quoted_post = $db->fetch_array($query); // Only show messages for the current thread if ($quoted_post['tid'] == $tid || $load_all == 1) { // If this post was the post for which a quote button was clicked, set the subject if ($pid == $quoted_post['pid']) { $subject = preg_replace('#RE:\\s?#i', '', $quoted_post['subject']); $subject = "RE: " . $subject; } $message .= parse_quoted_message($quoted_post); $quoted_ids[] = $quoted_post['pid']; } else { ++$external_quotes; } if ($mybb->settings['maxquotedepth'] != '0') { $message = remove_message_quotes($message); } } $result = new xmlrpcval(array('post_id' => new xmlrpcval($pid), 'post_title' => new xmlrpcval($subject, 'base64'), 'post_content' => new xmlrpcval(tapatalkEmoji::covertNameToEmoji($message), 'base64')), 'struct'); return new xmlrpcresp($result); }