function verify_blogid(&$blogid) { require_once(DIR . '/includes/blog_functions.php'); if (!($this->info['bloginfo'] = fetch_bloginfo($blogid))) { return false; } else { return true; } }
function delete() { if ($blogtextid = $this->existing['blogtextid']) { $db =& $this->registry->db; require_once(DIR . '/includes/blog_functions_log_error.php'); if ($this->info['hard_delete']) { require_once(DIR . '/vb/search/indexcontroller/queue.php'); vb_Search_Indexcontroller_Queue::indexQueue('vBBlog', 'BlogComment', 'delete', $blogtextid); $db->query_write(" DELETE " . TABLE_PREFIX . "blog_text, " . TABLE_PREFIX . "blog_textparsed FROM " . TABLE_PREFIX . "blog_text LEFT JOIN " . TABLE_PREFIX . "blog_textparsed ON (" . TABLE_PREFIX . "blog_textparsed.blogtextid = " . TABLE_PREFIX . "blog_text.blogtextid) WHERE " . TABLE_PREFIX . "blog_text.blogtextid = $blogtextid "); $db->query_write(" DELETE FROM " . TABLE_PREFIX . "blog_deletionlog WHERE primaryid = $blogtextid AND type = 'blogtextid' "); $db->query_write(" DELETE FROM " . TABLE_PREFIX . "blog_moderation WHERE primaryid = $blogtextid AND type = 'blogtextid' "); $db->query_write(" DELETE FROM " . TABLE_PREFIX . "blog_hash WHERE blogtextid = " . intval($blogtextid) . " AND dateline > " . (TIMENOW - 300) ); if (!$this->info['skip_moderator_log']) { blog_moderator_action($this->existing, 'comment_x_by_y_removed', array($this->existing['title'], $this->existing['username'])); } } else { $this->set('state', 'deleted'); $this->save(); if (!$this->info['skip_moderator_log']) { blog_moderator_action($this->existing, 'comment_x_by_y_softdeleted', array($this->existing['title'], $this->existing['username'])); } // soft delete // We have a DM for this $db->query_write(" REPLACE INTO " . TABLE_PREFIX . "blog_deletionlog (primaryid, type, userid, username, reason, dateline) VALUES ($blogtextid, 'blogtextid', " . $this->registry->userinfo['userid'] . ", '" . $db->escape_string($this->registry->userinfo['username']) . "', '" . $db->escape_string($this->info['reason']) . "', " . TIMENOW . ") "); $db->query_write(" DELETE FROM " . TABLE_PREFIX . "blog_moderation WHERE primaryid = $blogtextid AND type = 'blogtextid' "); } if (!$this->info['skip_build_blog_counters']) { build_blog_entry_counters($this->existing['blogid']); if (empty($this->info['blog']['userid'])) { $bloginfo = fetch_bloginfo($this->existing['blogid']); build_blog_user_counters($bloginfo['userid']); } else { build_blog_user_counters($this->info['blog']['userid']); } } ($hook = vBulletinHook::fetch_hook('blog_textdata_delete')) ? eval($hook) : false; return true; } return false; }
($hook = vBulletinHook::fetch_hook('blog_sendtofriend_complete')) ? eval($hook) : false; $url =& $vbulletin->url; $templater = vB_Template::create('blog_send_to_friend'); $templater->register('bloginfo', $bloginfo); $templater->register('errormessages', $errormessages); $templater->register('human_verify', $human_verify); $templater->register('imagereg', $imagereg); $templater->register('stf', $stf); $templater->register('url', $url); $templater->register('usernamecode', $usernamecode); $content = $templater->render(); } // ####################################################################### if ($_POST['do'] == 'rate') { $vbulletin->input->clean_array_gpc('p', array('vote' => TYPE_UINT, 'ajax' => TYPE_BOOL, 'blogid' => TYPE_UINT)); $bloginfo = fetch_bloginfo($vbulletin->GPC['blogid']); track_blog_visit($bloginfo['userid']); if ($vbulletin->GPC['vote'] < 1 or $vbulletin->GPC['vote'] > 5) { standard_error(fetch_error('invalidvote')); } if ($bloginfo['state'] !== 'visible') { print_no_permission(); } $rated = intval(fetch_bbarray_cookie('blog_rate', $bloginfo['blogid'])); ($hook = vBulletinHook::fetch_hook('blog_rate_start')) ? eval($hook) : false; $update = false; if ($vbulletin->userinfo['userid']) { if ($rating = $db->query_first("\r\n\t\t\tSELECT *\r\n\t\t\tFROM " . TABLE_PREFIX . "blog_rate\r\n\t\t\tWHERE userid = " . $vbulletin->userinfo['userid'] . "\r\n\t\t\t\tAND blogid = {$bloginfo['blogid']}\r\n\t\t")) { if ($vbulletin->options['votechange']) { if ($vbulletin->GPC['vote'] != $rating['vote']) { $blograte =& datamanager_init('Blog_Rate', $vbulletin, ERRTYPE_STANDARD);
/** * Fetches information about the selected blog with permission checks, almost identical to fetch_bloginfo * * @param integer The blog post we want info about * @param mixed Should a permission check be performed as well * * @return array Array of information about the blog or prints an error if it doesn't exist / permission problems */ function verify_blog($blogid, $alert = true, $perm_check = true) { global $vbulletin, $vbphrase; $bloginfo = fetch_bloginfo($blogid); if (!$bloginfo) { if ($alert) { standard_error(fetch_error('invalidid', $vbphrase['blog'], $vbulletin->options['contactuslink'])); } else { return 0; } } if ($perm_check) { if ( ( //belongs to the user and the user can't view own (why?) !($vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canviewown']) AND $bloginfo['userid'] == $vbulletin->userinfo['userid'] ) OR ( //does not belong to the user and the user can't view others. !($vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canviewothers']) AND $bloginfo['userid'] != $vbulletin->userinfo['userid'] ) ) { print_no_permission(); } if ($bloginfo['state'] == 'deleted' AND !can_moderate_blog()) { if (!is_member_of_blog($vbulletin->userinfo, $bloginfo) OR $perm_check === 'modifychild') { // the blog entry is deleted standard_error(fetch_error('invalidid', $vbphrase['blog'], $vbulletin->options['contactuslink'])); } } else if (($bloginfo['pending'] OR $bloginfo['state'] == 'draft') AND !is_member_of_blog($vbulletin->userinfo, $bloginfo)) { // can't view a pending/draft if you aren't the author standard_error(fetch_error('invalidid', $vbphrase['blog'], $vbulletin->options['contactuslink'])); } else if ($bloginfo['state'] == 'moderation' AND !can_moderate_blog('canmoderateentries')) { // the blog entry is awaiting moderation if (!is_member_of_blog($vbulletin->userinfo, $bloginfo) OR $perm_check === 'modifychild') { standard_error(fetch_error('invalidid', $vbphrase['blog'], $vbulletin->options['contactuslink'])); } } else if (in_coventry($bloginfo['userid']) AND !can_moderate_blog()) { standard_error(fetch_error('invalidid', $vbphrase['blog'], $vbulletin->options['contactuslink'])); } else if (!$bloginfo['canviewmyblog']) // Check Socnet permissions { print_no_permission(); } } return $bloginfo; }
/** * Updating the votecount for that thread * * @param boolean Do the query? */ function post_save_each($doquery = true) { // Are we handleing a multi DM if (!$this->condition OR $this->existing['vote'] != $this->fetch_field('vote')) { if ($this->info['blog']) { $bloginfo =& $this->info['blog']; } else { $bloginfo = fetch_bloginfo($this->fetch_field('blogid')); } if (!$this->condition) { // Increment the vote count for the thread that has just been voted on $blogman =& datamanager_init('Blog', $this->registry, ERRTYPE_SILENT, 'blog'); $blogman->set_existing($bloginfo); $blogman->set('ratingtotal', "ratingtotal + " . intval($this->fetch_field('vote')), false); $blogman->set('ratingnum', 'ratingnum + 1', false); $blogman->set('rating', 'ratingtotal / ratingnum', false); $blogman->save(); } else { // this is an update $votediff = $this->fetch_field('vote') - $this->existing['vote']; $blogman =& datamanager_init('Blog', $this->registry, ERRTYPE_SILENT, 'blog'); $blogman->set_existing($bloginfo); $blogman->set('ratingtotal', "ratingtotal + $votediff", false); $blogman->set('rating', "ratingtotal / ratingnum", false); $blogman->save(); } build_blog_user_counters($bloginfo['userid']); if ($this->fetch_field('userid') == $this->registry->userinfo['userid']) { set_bbarray_cookie('blog_rate', $this->fetch_field('blogid'), $this->fetch_field('vote'), 1); } } ($hook = vBulletinHook::fetch_hook('blog_ratedata_postsave')) ? eval($hook) : false; }
{ require_once(DIR . '/packages/vbattach/attach.php'); $attach = new vB_Attach_Display_Content($vbulletin, 'vBBlog_BlogEntry'); $post['attachments'] = $attach->fetch_postattach(0, $bloginfo['blogid']); } require_once(DIR . '/includes/class_blog_entry.php'); require_once(DIR . '/includes/class_bbcode_blog.php'); require_once(DIR . '/includes/class_xml.php'); $bbcode = new vB_BbCodeParser_Blog_Snippet($vbulletin, fetch_tag_list()); $factory = new vB_Blog_EntryFactory($vbulletin, $bbcode, $categories); $xml = new vB_AJAX_XML_Builder($vbulletin, 'text/xml'); $xml->add_group('entrybits'); $bloginfo = fetch_bloginfo($bloginfo['blogid'], false); // TODO - We need to know from AJAX whether $userinfo is set, e.g. do=list&u=9 OR do=list $entry_handler =& $factory->create($bloginfo); if ($vbulletin->userinfo['userid'] == $bloginfo['userid']) { $entry_handler->userinfo = $vbulletin->userinfo; } // no attachment support for lists at this time $entry_handler->attachments = $post['attachments']; $rentry = process_replacement_vars($entry_handler->construct()); $xml->add_tag('message', process_replacement_vars($rentry)); $xml->close_group(); $xml->print_xml(); } else
/** * Verify parameters match * * @var array * * @return boolean */ function verify_pingback_ping(&$pinfo) { $params = array( 'string', 'string', ); require_once(DIR . '/includes/blog_functions_post.php'); if ($this->build_xmlrpc_array($params, $pinfo)) { // XML-RPC is valid if we are here // 1 - Verify that the second URL matches the URL to our blog but don't validate the blogid here // 2 - Insert the information into the blog_pinghistory table // 3 - Cron script will verify the entries and insert pingbacks // This allows us to kill floods for the most part if (!empty($this->xmlrpc_array[0]['string'])) { if (preg_match('#^' . preg_quote($this->registry->options['bburl'], '#') . '\/blog(?:_callback)?.php\?b(?:logid)?=(\d+)$#si', trim($this->xmlrpc_array[1]['string']), $matches)) { $blogid = intval($matches[1]); $sourcemd5 = md5(trim($this->xmlrpc_array[0]['string'])); if ($blogid) { $result = $this->registry->db->query_write(" INSERT IGNORE INTO " . TABLE_PREFIX . "blog_pinghistory (blogid, sourcemd5, sourceurl, dateline) VALUES ($blogid, '$sourcemd5', '" . $this->registry->db->escape_string(trim($this->xmlrpc_array[0]['string'])) . "', " . TIMENOW . ") "); if ($this->registry->db->affected_rows($result)) { $this->build_xml_response('accepted'); require_once(DIR . '/includes/blog_functions.php'); if ($bloginfo = fetch_bloginfo($blogid)) { if ($bloginfo['state'] == 'visible') { cache_permissions($bloginfo, false); // verify user has permission to receive pingbacks if ($bloginfo['permissions']['vbblog_general_permissions'] & $this->registry->bf_ugp_vbblog_general_permissions['blog_canreceivepingback']) { $dataman =& datamanager_init('Blog_Trackback', $this->registry, ERRTYPE_ARRAY); $dataman->set('blogid', $blogid); $dataman->set('url', trim($this->xmlrpc_array[0]['string'])); $dataman->set('userid', $bloginfo['userid']); $dataman->set_info('akismet_key', $bloginfo['akismet_key']); $dataman->pre_save(); if (!empty($dataman->errors)) { write_trackback_log('pingback', 'in', 6, array('GLOBALS' => $GLOBALS['HTTP_RAW_POST_DATA'], 'errors' => $dataman->errors)); } else { $dataman->save(); write_trackback_log('pingback', 'in', 0, $GLOBALS['HTTP_RAW_POST_DATA']); } } else { write_trackback_log('pingback', 'in', 4, $GLOBALS['HTTP_RAW_POST_DATA']); } } else { write_trackback_log('pingback', 'in', 7, $GLOBALS['HTTP_RAW_POST_DATA']); } } else { write_trackback_log('pingback', 'in', 5, $GLOBALS['HTTP_RAW_POST_DATA']); } return true; } else { write_trackback_log('pingback', 'in', 3, $GLOBALS['HTTP_RAW_POST_DATA']); } } else { write_trackback_log('pingback', 'in', 2, $GLOBALS['HTTP_RAW_POST_DATA']); } } else { write_trackback_log('pingback', 'in', 2, $GLOBALS['HTTP_RAW_POST_DATA']); } } else { write_trackback_log('pingback', 'in', 1, $GLOBALS['HTTP_RAW_POST_DATA']); } } else { write_trackback_log('pingback', 'in', 1, $GLOBALS['HTTP_RAW_POST_DATA']); } $xml_error_struct = $this->build_fault_struct(-32500, $this->faultcodes['-32500']); $this->build_xml_response($xml_error_struct, true); // $this->build_xmlrpc_array sets build_xml_response() on failure return false; }
function send_xml_response() { require_once(DIR . '/includes/class_xml.php'); $this->xml_object = new vB_XML_Builder($this->registry); $this->xml_object->doc = ''; $this->xml_object->add_group('response'); if ($this->sourceurl AND $this->registry->options['vbblog_trackback']) { $sourcemd5 = md5($this->sourceurl); $result = $this->registry->db->query_write(" INSERT IGNORE INTO " . TABLE_PREFIX . "blog_pinghistory (blogid, sourcemd5, sourceurl, dateline) VALUES ({$this->blogid}, '$sourcemd5', '" . $this->registry->db->escape_string($this->sourceurl) . "', " . TIMENOW . ") "); require_once(DIR . '/includes/blog_functions_post.php'); if ($this->registry->db->affected_rows($result)) { require_once(DIR . '/includes/blog_functions.php'); if ($bloginfo = fetch_bloginfo($this->blogid)) { if ($bloginfo['state'] == 'visible') { cache_permissions($bloginfo, false); if ($bloginfo['permissions']['vbblog_general_permissions'] & $this->registry->bf_ugp_vbblog_general_permissions['blog_canreceivepingback']) { // verify user has permission to receive trackbacks $dataman =& datamanager_init('Blog_Trackback', $this->registry, ERRTYPE_SILENT); $dataman->set('blogid', $this->blogid); $dataman->set('url', $this->sourceurl); $dataman->set('userid', $bloginfo['userid']); $dataman->set_info('akismet_key', $bloginfo['akismet_key']); if (!empty($dataman->errors)) { write_trackback_log('trackback', 'in', 6, array('GLOBALS' => '', 'errors' => $dataman->errors), $bloginfo, $this->sourceurl); } else { $dataman->save(); write_trackback_log('trackback', 'in', 0, '', $bloginfo, $this->sourceurl); } } else { write_trackback_log('trackback', 'in', 4, '', $bloginfo, $this->sourceurl); } } else { write_trackback_log('trackback', 'in', 7, '', $bloginfo, $this->sourceurl); } } else { write_trackback_log('trackback', 'in', 5, '', array(), $this->sourceurl); } if (defined('NOSHUTDOWNFUNC')) { $this->registry->db->close(); } $this->xml_object->add_tag('error', 0); $this->xml_object->close_group('response'); $this->xml_object->send_content_type_header(); $this->xml_object->send_content_length_header(); echo $this->xml_object->fetch_xml_tag() . $this->xml_object->output(); return; } else { write_trackback_log('trackback', 'in', 3, '', array(), $this->sourceurl); } } if (defined('NOSHUTDOWNFUNC')) { $this->registry->db->close(); } $this->xml_object->add_tag('error', 1); $this->xml_object->add_tag('message', 'Invalid'); $this->xml_object->close_group('response'); $this->xml_object->send_content_type_header(); $this->xml_object->send_content_length_header(); echo $this->xml_object->fetch_xml_tag() . $this->xml_object->output(); return; }