function thread_to_xml($thread, $link) { global $state_chatting, $threadstate_to_string, $threadstate_key, $mibew_encoding, $operator, $settings, $can_viewthreads, $can_takeover, $mysqlprefix; $state = $threadstate_to_string[$thread['istate']]; $result = "<thread id=\"" . safe_htmlspecialchars(safe_htmlspecialchars($thread['threadid'])) . "\" stateid=\"{$state}\""; if ($state == "closed") { return $result . "/>"; } $state = getstring($threadstate_key[$thread['istate']]); $nextagent = $thread['nextagent'] != 0 ? operator_by_id_($thread['nextagent'], $link) : null; $threadoperator = $nextagent ? get_operator_name($nextagent) : ($thread['agentName'] ? $thread['agentName'] : "-"); if ($threadoperator == "-" && $thread['groupname']) { $threadoperator = "- " . $thread['groupname'] . " -"; } if (!($thread['istate'] == $state_chatting && $thread['agentId'] != $operator['operatorid'] && !is_capable($can_takeover, $operator))) { $result .= " canopen=\"true\""; } if ($thread['agentId'] != $operator['operatorid'] && $thread['nextagent'] != $operator['operatorid'] && is_capable($can_viewthreads, $operator)) { $result .= " canview=\"true\""; } if ($settings['enableban'] == "1") { $result .= " canban=\"true\""; } $banForThread = $settings['enableban'] == "1" ? ban_for_addr_($thread['remote'], $link) : false; if ($banForThread) { $result .= " ban=\"blocked\" banid=\"" . safe_htmlspecialchars(safe_htmlspecialchars($banForThread['banid'])) . "\""; } $result .= " state=\"{$state}\" typing=\"" . safe_htmlspecialchars(safe_htmlspecialchars($thread['userTyping'])) . "\">"; $result .= "<name>"; if ($banForThread) { $result .= safe_htmlspecialchars(getstring('chat.client.spam.prefix')); } $result .= safe_htmlspecialchars(safe_htmlspecialchars(get_user_name($thread['userName'], $thread['remote'], $thread['userid']))) . "</name>"; $result .= "<addr>" . safe_htmlspecialchars(get_user_addr($thread['remote'])) . "</addr>"; $result .= "<agent>" . safe_htmlspecialchars(safe_htmlspecialchars($threadoperator)) . "</agent>"; $result .= "<time>" . safe_htmlspecialchars(safe_htmlspecialchars($thread['unix_timestamp(dtmcreated)'])) . "000</time>"; $result .= "<modified>" . safe_htmlspecialchars(safe_htmlspecialchars($thread['unix_timestamp(dtmmodified)'])) . "000</modified>"; if ($banForThread) { $result .= "<reason>" . safe_htmlspecialchars(safe_htmlspecialchars($banForThread['comment'])) . "</reason>"; } $userAgent = get_useragent_version($thread['userAgent']); $result .= "<useragent>" . safe_htmlspecialchars($userAgent) . "</useragent>"; if ($thread["shownmessageid"] != 0) { $query = "select tmessage from {$mysqlprefix}chatmessage where messageid = " . intval($thread["shownmessageid"]); $line = select_one_row($query, $link); if ($line) { $message = preg_replace("/[\r\n\t]+/", " ", $line["tmessage"]); $result .= "<message>" . safe_htmlspecialchars(safe_htmlspecialchars($message)) . "</message>"; } } $result .= "</thread>"; return $result; }
$banId = verifyparam("banId", "/^(\\d{1,10})?\$/", ""); $address = getparam("address"); $days = getparam("days"); $comment = getparam('comment'); $threadid = isset($_POST['threadid']) ? getparam('threadid') : ""; if (!$address) { $errors[] = no_field("form.field.address"); } if (!preg_match("/^\\d+\$/", $days)) { $errors[] = wrong_field("form.field.ban_days"); } if (!$comment) { $errors[] = no_field("form.field.ban_comment"); } $link = connect(); $existing_ban = ban_for_addr_($address, $link); mysql_close($link); if (!$banId && $existing_ban || $banId && $existing_ban && $banId != $existing_ban['banid']) { $errors[] = getlocal2("ban.error.duplicate", array(safe_htmlspecialchars($address), safe_htmlspecialchars($existing_ban['banid']))); } if (count($errors) == 0) { $link = connect(); $utime = time() + $days * 24 * 60 * 60; if (!$banId) { $query = sprintf("insert into {$mysqlprefix}chatban (dtmcreated,dtmtill,address,comment) values (CURRENT_TIMESTAMP,%s,'%s','%s')", "FROM_UNIXTIME(" . intval($utime) . ")", mysql_real_escape_string($address, $link), mysql_real_escape_string($comment, $link)); perform_query($query, $link); } else { $query = sprintf("update {$mysqlprefix}chatban set dtmtill = %s,address = '%s',comment = '%s' where banid = %s", "FROM_UNIXTIME(" . intval($utime) . ")", mysql_real_escape_string($address, $link), mysql_real_escape_string($comment, $link), intval($banId)); perform_query($query, $link); } mysql_close($link);