/** * Check the Comcode is valid. * * @param LONG_TEXT The comcode to convert * @param ?MEMBER The member the evaluation is running as. This is a security issue, and you should only run as an administrator if you have considered where the comcode came from carefully (NULL: current member) * @param boolean Whether to explicitly execute this with admin rights. There are a few rare situations where this should be done, for data you know didn't come from a member, but is being evaluated by one. * @param ?object The database connection to use (NULL: standard site connection) * @param boolean Whether there might be new attachments. If there are, we will check as lax- as attachments are always preserved by forcing lax parsing. */ function check_comcode($comcode, $source_member = NULL, $as_admin = false, $connection = NULL, $attachment_possibility = false) { if (running_script('stress_test_loader')) { return; } global $LAX_COMCODE; $temp = $LAX_COMCODE; if ($attachment_possibility) { $has_one = false; foreach ($_POST as $key => $value) { if (preg_match('#^hidFileID\\_#i', $key) != 0) { require_code('uploads'); $has_one = is_swf_upload(); } } foreach ($_FILES as $key => $file) { $matches = array(); if (is_uploaded_file($file['tmp_name']) && preg_match('#file(\\d)#', $key, $matches) != 0) { $has_one = true; } } if ($has_one) { $LAX_COMCODE = true; } // We don't want a simple syntax error to cause us to lose our attachments } comcode_to_tempcode($comcode, $source_member, $as_admin, 60, NULL, $connection, false, false, false, false, true); $LAX_COMCODE = $temp; }
/** * Standard modular run function for preview hooks. * * @return array A pair: The preview, the updated post Comcode */ function run() { require_code('uploads'); require_lang('banners'); // Check according to banner type $title_text = post_param('title_text', ''); $direct_code = post_param('direct_code', ''); $url_param_name = 'image_url'; $file_param_name = 'file'; require_code('uploads'); $is_upload = is_swf_upload() || array_key_exists($file_param_name, $_FILES) && (array_key_exists('tmp_name', $_FILES[$file_param_name]) && is_uploaded_file($_FILES[$file_param_name]['tmp_name'])); $_banner_type_rows = $GLOBALS['SITE_DB']->query_select('banner_types', array('*'), array('id' => post_param('b_type')), '', 1); if (!array_key_exists(0, $_banner_type_rows)) { warn_exit(do_lang_tempcode('MISSING_RESOURCE')); } $banner_type_row = $_banner_type_rows[0]; if ($banner_type_row['t_is_textual'] == 0) { if ($direct_code == '') { $urls = get_url($url_param_name, $file_param_name, 'uploads/banners', 0, $is_upload ? OCP_UPLOAD_IMAGE : OCP_UPLOAD_ANYTHING); $img_url = fixup_protocolless_urls($urls[0]); if ($img_url == '') { warn_exit(do_lang_tempcode('IMPROPERLY_FILLED_IN_UPLOAD_BANNERS')); } } else { $img_url = ''; } } else { $img_url = ''; if ($title_text == '') { warn_exit(do_lang_tempcode('IMPROPERLY_FILLED_IN_BANNERS')); } if (strlen($title_text) > $banner_type_row['t_max_file_size']) { warn_exit(do_lang_tempcode('BANNER_TOO_LARGE_2', integer_format(strlen($title_text)), integer_format($banner_type_row['t_max_file_size']))); } } require_code('banners'); $preview = show_banner(post_param('name'), post_param('title_text', ''), comcode_to_tempcode(post_param('caption')), $img_url, '', post_param('site_url'), post_param('b_type')); return array($preview, NULL); }
/** * Find whether this preview hook applies. * * @return array Triplet: Whether it applies, the attachment ID type, whether the forum DB is used [optional] */ function applies() { require_code('uploads'); $applies = get_param('page', '') == 'cms_iotds' && (get_param('type') == '_ed' || get_param('type') == 'ad') && (is_swf_upload() || count($_FILES) != 0); return array($applies, NULL, false); }
/** * The actualiser to edit a zone. * * @return tempcode The UI */ function __edit_zone() { $zone = post_param('zone'); $delete = post_param_integer('delete', 0); if ($delete == 1) { $title = get_page_title('DELETE_ZONE'); actual_delete_zone($zone); // Show it worked / Refresh $_url = build_url(array('page' => '_SELF', 'type' => 'edit'), '_SELF'); return redirect_screen($title, $_url, do_lang_tempcode('SUCCESS')); } else { $_title = post_param('title'); $default_page = post_param('default_page'); $header_text = post_param('header_text'); $theme = post_param('theme'); $wide = post_param_integer('wide'); if ($wide == -1) { $wide = NULL; } $require_session = post_param_integer('require_session', 0); $displayed_in_menu = post_param_integer('displayed_in_menu', 0); $new_zone = post_param('new_zone'); actual_edit_zone($zone, $_title, $default_page, $header_text, $theme, $wide, $require_session, $displayed_in_menu, $new_zone); if ($new_zone != '') { $this->set_permissions($new_zone); } $title = get_page_title('EDIT_ZONE'); // Get title late, as we might be changing the theme this title is got from // Handle logos if (addon_installed('zone_logos')) { require_code('themes2'); require_code('uploads'); $themes = find_all_themes(); foreach (array_keys($themes) as $theme) { $iurl = ''; if (is_swf_upload() || array_key_exists('logo_upload_' . $theme, $_FILES) && is_uploaded_file($_FILES['logo_upload_' . $theme]['tmp_name'])) { $urls = get_url('', 'logo_upload_' . $theme, 'themes/' . $theme . '/images_custom', 0, OCP_UPLOAD_IMAGE); $iurl = $urls[0]; } if ($iurl == '') { $theme_img_code = post_param('logo_select_' . $theme, ''); if ($theme_img_code == '') { continue; // Probably a theme was added half-way //warn_exit(do_lang_tempcode('IMPROPERLY_FILLED_IN_UPLOAD')); } $iurl = find_theme_image($theme_img_code, false, true, $theme); } $GLOBALS['SITE_DB']->query_delete('theme_images', array('id' => 'logo/' . $new_zone . '-logo', 'theme' => $theme, 'lang' => get_site_default_lang()), '', 1); $GLOBALS['SITE_DB']->query_insert('theme_images', array('id' => 'logo/' . $new_zone . '-logo', 'theme' => $theme, 'path' => $iurl, 'lang' => get_site_default_lang())); persistant_cache_delete('THEME_IMAGES'); } } // Show it worked / Refresh $url = get_param('redirect', NULL); if (is_null($url)) { $_url = build_url(array('page' => '_SELF', 'type' => 'edit'), '_SELF'); $url = $_url->evaluate(); } return redirect_screen($title, $url, do_lang_tempcode('SUCCESS')); } }
/** * The actualiser to import in bulk from an archive file. * * @return tempcode The UI */ function _import() { post_param('test'); // To pick up on max file size exceeded errors require_code('uploads'); require_code('images'); is_swf_upload(true); breadcrumb_set_parents(array(array('_SELF:_SELF:misc', do_lang_tempcode('EMOTICONS')), array('_SELF:_SELF:import', do_lang_tempcode('CHOOSE')), array('_SELF:_SELF:import', do_lang_tempcode('IMPORT_EMOTICONS')))); foreach ($_FILES as $attach_name => $__file) { $tmp_name = $__file['tmp_name']; $file = $__file['name']; switch (get_file_extension($file)) { case 'zip': if (!function_exists('zip_open') && get_option('unzip_cmd') == '') { warn_exit(do_lang_tempcode('ZIP_NOT_ENABLED')); } if (!function_exists('zip_open')) { require_code('m_zip'); $mzip = true; } else { $mzip = false; } $myfile = zip_open($tmp_name); if (!is_integer($myfile)) { while (false !== ($entry = zip_read($myfile))) { // Load in file zip_entry_open($myfile, $entry); $_file = zip_entry_name($entry); if (is_image($_file)) { if (file_exists(get_file_base() . '/themes/default/images/emoticons/index.html')) { $path = get_custom_file_base() . '/themes/default/images_custom/emoticons__' . basename($_file); } else { $path = get_custom_file_base() . '/themes/default/images_custom/ocf_emoticons__' . basename($_file); } $outfile = @fopen($path, 'wb') or intelligent_write_error($path); $more = mixed(); do { $more = zip_entry_read($entry); if (fwrite($outfile, $more) < strlen($more)) { warn_exit(do_lang_tempcode('COULD_NOT_SAVE_FILE')); } } while ($more !== false && $more != ''); fclose($outfile); fix_permissions($path); sync_file($path); $this->_import_emoticon($path); } zip_entry_close($entry); } zip_close($myfile); } else { require_code('failure'); warn_exit(zip_error($myfile, $mzip)); } break; case 'tar': require_code('tar'); $myfile = tar_open($tmp_name, 'rb'); if ($myfile !== false) { $directory = tar_get_directory($myfile); foreach ($directory as $entry) { // Load in file $_file = $entry['path']; if (is_image($_file)) { if (file_exists(get_file_base() . '/themes/default/images/emoticons/index.html')) { $path = get_custom_file_base() . '/themes/default/images_custom/emoticons__' . basename($_file); } else { $path = get_custom_file_base() . '/themes/default/images_custom/ocf_emoticons__' . basename($_file); } $_in = tar_get_file($myfile, $entry['path'], false, $path); $this->_import_emoticon($path); } } tar_close($myfile); } break; default: if (is_image($file)) { $urls = get_url('', $attach_name, 'themes/default/images_custom'); $path = $urls[0]; $this->_import_emoticon($path); } else { attach_message(do_lang_tempcode('BAD_ARCHIVE_FORMAT'), 'warn'); } } } $title = get_page_title('IMPORT_EMOTICONS'); log_it('IMPORT_EMOTICONS'); return $this->do_next_manager($title, do_lang_tempcode('SUCCESS'), NULL); }
/** * The actualiser to import wordpress blog * * @return tempcode The UI */ function _import_wordpress() { check_specific_permission('mass_import', NULL, NULL, 'cms_news'); $title = get_page_title('IMPORT_WP_DB'); require_code('rss'); require_code('news'); require_code('news2'); $GLOBALS['LAX_COMCODE'] = true; require_code('uploads'); is_swf_upload(true); $is_validated = post_param_integer('wp_auto_validate', 0); $to_own_account = post_param_integer('wp_add_to_own', 0); //Wordpress post xml file importing method if (get_param('method') == 'xml') { $rss_url = post_param('xml_url', NULL); if (array_key_exists('file_novalidate', $_FILES)) { if (is_swf_upload(true) && array_key_exists('file_novalidate', $_FILES) || array_key_exists('file_novalidate', $_FILES) && is_uploaded_file($_FILES['file_novalidate']['tmp_name'])) { $rss_url = $_FILES['file_novalidate']['tmp_name']; } else { warn_exit(do_lang_tempcode('IMPROPERLY_FILLED_IN')); } } else { warn_exit(do_lang_tempcode('IMPROPERLY_FILLED_IN')); } $rss = new rss($rss_url, true); if (!is_null($rss->error)) { warn_exit($rss->error); } $cat_id = NULL; $NEWS_CATS = $GLOBALS['SITE_DB']->query_select('news_categories', array('*'), array('nc_owner' => NULL)); $NEWS_CATS = list_to_map('id', $NEWS_CATS); $extra_post_data = array(); foreach ($rss->gleamed_items as $item) { if (!array_key_exists('category', $item)) { $item['category'] = do_lang('NC_general'); } $extra_post_data[] = $item; foreach ($NEWS_CATS as $_cat => $news_cat) { if (get_translated_text($news_cat['nc_title']) == $item['category']) { $cat_id = $_cat; } } //Check for existing owner categories, if not create blog category for creator if ($to_own_account == 0) { $creator = $item['author']; $submitter_id = $GLOBALS['FORUM_DRIVER']->get_member_from_username($creator); } else { $submitter_id = get_member(); } //if(is_null($submitter_id)) continue; //Skip importing posts of nonexisting users $owner_category_id = $GLOBALS['SITE_DB']->query_value_null_ok('news_categories', 'id', array('nc_owner' => $submitter_id)); if (is_null($cat_id)) { $cat_id = add_news_category($item['category'], 'newscats/general', '', NULL); $NEWS_CATS = $GLOBALS['SITE_DB']->query_select('news_categories', array('*'), array('nc_owner' => NULL)); $NEWS_CATS = list_to_map('id', $NEWS_CATS); } // Add news add_news($item['title'], html_to_comcode($item['news']), NULL, $is_validated, 1, 1, 1, '', array_key_exists('news_article', $item) ? html_to_comcode($item['news_article']) : '', $owner_category_id, array($cat_id), NULL, $submitter_id, 0, time(), NULL, ''); } if (url_is_local($rss_url)) { // Means it is a temp file @unlink($rss_url); } } elseif (get_param('method') == 'db') { import_wordpress_db(); } breadcrumb_set_parents(array(array('_SELF:_SELF:misc', do_lang_tempcode('MANAGE_BLOGS')), array('_SELF:_SELF:import_wordpress', do_lang_tempcode('IMPORT_WORDPRESS')))); breadcrumb_set_self(do_lang_tempcode('DONE')); return inform_screen($title, do_lang_tempcode('IMPORT_WORDPRESS_DONE')); }
/** * Edit a member's photo, and check validity. * * @param ID_TEXT The identifier for the name of the posted URL field. * @param ID_TEXT The identifier for the name of the posted upload. * @param ?MEMBER The member (NULL: the current member). */ function ocf_member_choose_photo($param_name, $upload_name, $member_id = NULL) { if (is_null($member_id)) { $member_id = get_member(); } require_code('uploads'); if (!array_key_exists($upload_name, $_FILES) || !is_swf_upload() && !is_uploaded_file($_FILES[$upload_name]['tmp_name'])) { $old = $GLOBALS['FORUM_DB']->query_value('f_members', 'm_photo_url', array('id' => $member_id)); $x = post_param($param_name); if ($x != '' && url_is_local($x) && !$GLOBALS['FORUM_DRIVER']->is_super_admin(get_member())) { if ($old != $x) { access_denied('ASSOCIATE_EXISTING_FILE'); } } if ($old == $x) { return; } // Not changed, bomb out as we don't want to generate a thumbnail, or copy to avatar, or send notification } // Find photo URL $urls = get_url($param_name, $upload_name, file_exists(get_custom_file_base() . '/uploads/photos') ? 'uploads/photos' : 'uploads/ocf_photos', 0, OCP_UPLOAD_IMAGE, true, 'thumb_' . $param_name, $upload_name . '2', false, true); if (!(strlen($urls[0]) > 1)) { $urls[1] = ''; } if ((get_base_url() != get_forum_base_url() || array_key_exists('on_msn', $GLOBALS['SITE_INFO']) && $GLOBALS['SITE_INFO']['on_msn'] == '1') && $urls[0] != '' && url_is_local($urls[0])) { $urls[0] = get_custom_base_url() . '/' . $urls[0]; } if ((get_base_url() != get_forum_base_url() || array_key_exists('on_msn', $GLOBALS['SITE_INFO']) && $GLOBALS['SITE_INFO']['on_msn'] == '1') && $urls[1] != '' && url_is_local($urls[1])) { $urls[1] = get_custom_base_url() . '/' . $urls[1]; } if (get_option('is_on_gd') == '0' || !function_exists('imagetypes')) { if (!array_key_exists($upload_name . '2', $_FILES) || !is_swf_upload() && !is_uploaded_file($_FILES[$upload_name . '2']['tmp_name'])) { $field = post_param('thumb_' . $param_name, ''); if ($field == '' && $urls[0] != '') { warn_exit(do_lang_tempcode('IMPROPERLY_FILLED_IN_UPLOAD')); } if ($field != '' && url_is_local($field) && !$GLOBALS['FORUM_DRIVER']->is_super_admin(get_member())) { $old = $GLOBALS['FORUM_DB']->query_value('f_members', 'm_photo_thumb_url', array('id' => $member_id)); if ($old != $field) { access_denied('ASSOCIATE_EXISTING_FILE'); } } } } // Cleanup old photo $old = $GLOBALS['FORUM_DB']->query_value('f_members', 'm_photo_url', array('id' => $member_id)); if ($old == $urls[0]) { return; } if (url_is_local($old) && (substr($old, 0, 19) == 'uploads/ocf_photos/' || substr($old, 0, 15) == 'uploads/photos/')) { @unlink(get_custom_file_base() . '/' . rawurldecode($old)); } $GLOBALS['FORUM_DB']->query_update('f_members', array('m_photo_url' => $urls[0], 'm_photo_thumb_url' => $urls[1]), array('id' => $member_id), '', 1); require_code('notifications'); dispatch_notification('ocf_choose_photo', NULL, do_lang('CHOOSE_PHOTO_SUBJECT', $GLOBALS['FORUM_DRIVER']->get_username($member_id), NULL, NULL, get_lang($member_id)), do_lang('CHOOSE_PHOTO_BODY', $urls[0], $urls[1], $GLOBALS['FORUM_DRIVER']->get_username($member_id), get_lang($member_id))); // If no avatar, or default avatar, or avatars not installed, use photo for it $avatar_url = $GLOBALS['FORUM_DRIVER']->get_member_avatar_url($member_id); $default_avatar_url = find_theme_image('ocf_default_avatars/default', true, true); if (!addon_installed('ocf_avatars')) { $avatar_url = $urls[0]; if (get_option('is_on_gd') == '1' && function_exists('imagetypes')) { $stub = url_is_local($avatar_url) ? get_complex_base_url($avatar_url) . '/' : ''; $file_path = convert_url_to_path($stub . $avatar_url); if (!is_null($file_path)) { $new_file_path = str_replace('/ocf_photos/', '/ocf_avatars/', $file_path); if (!file_exists($new_file_path)) { copy($file_path, $new_file_path); fix_permissions($new_file_path); sync_file($new_file_path); } $avatar_url = str_replace('/ocf_photos/', '/ocf_avatars/', $avatar_url); } } ocf_member_choose_avatar($avatar_url, $member_id); } // Decache from run-time cache unset($GLOBALS['FORUM_DRIVER']->MEMBER_ROWS_CACHED[$member_id]); unset($GLOBALS['MEMBER_CACHE_FIELD_MAPPINGS'][$member_id]); }
/** * The UI to confirm sending of our newsletter. * * @return tempcode The UI */ function confirm_send() { $title = get_page_title('NEWSLETTER_SEND'); $message = post_param('message'); $subject = post_param('subject'); $lang = choose_language($title); $template = post_param('template', 'MAIL'); $in_full = post_param_integer('in_full', 0); $html_only = post_param_integer('html_only', 0); $from_email = post_param('from_email', ''); $from_name = post_param('from_name', ''); $extra_post_data = array(); require_code('uploads'); if (is_swf_upload(true) && array_key_exists('file', $_FILES) || array_key_exists('file', $_FILES) && is_uploaded_file($_FILES['file']['tmp_name'])) { $_csv_data = array(); $myfile = fopen($_FILES['file']['tmp_name'], 'rt'); $del = ','; $csv_test_line = fgetcsv($myfile, 4096, $del); if (count($csv_test_line) == 1 && strpos($csv_test_line[0], ';') !== false) { $del = ';'; } rewind($myfile); while (($csv_line = fgetcsv($myfile, 4096, $del)) !== false) { $_csv_data[] = $csv_line; } fclose($myfile); $extra_post_data['csv_data'] = serialize($_csv_data); } if (post_param_integer('make_periodic', 0) == 1) { // We're making a periodic newsletter. Thus we need to pass this info // through to the next step $extra_post_data['make_periodic'] = '1'; // Re-generate preview from latest chosen_categories $message = $this->generate_whats_new_comcode(post_param('chosen_categories', ''), $in_full, $lang, get_input_date('cutoff')); } $address = $GLOBALS['FORUM_DRIVER']->get_member_email_address(get_member()); if ($address == '') { $address = get_option('staff_address'); } $username = $GLOBALS['FORUM_DRIVER']->get_username(get_member()); $message = newsletter_variable_substitution($message, $subject, '', '', do_lang('UNKNOWN'), $address, 'test', ''); require_code('mail'); require_code('tempcode_compiler'); $in_html = false; if (strpos($message, '<html') !== false) { $_preview = template_to_tempcode($message); $in_html = true; } else { $comcode_version = comcode_to_tempcode($message, get_member(), true); $_preview = do_template('MAIL', array('TITLE' => $subject, 'CSS' => css_tempcode(true, true, $comcode_version->evaluate()), 'LANG' => get_site_default_lang(), 'LOGOURL' => get_logo_url(''), 'CONTENT' => $comcode_version), NULL, false, NULL, '.tpl', 'templates', $GLOBALS['FORUM_DRIVER']->get_theme('')); $in_html = $html_only == 1; } $text_preview = $html_only == 1 ? '' : comcode_to_clean_text(static_evaluate_tempcode(template_to_tempcode($message))); require_code('mail'); $preview_subject = $subject; if (post_param_integer('make_periodic', 0) == 1) { $preview_subject .= ' - ' . get_timezoned_date(time(), false, false, false, true); } require_code('comcode_text'); $preview = do_template('NEWSLETTER_CONFIRM_WRAP', array('_GUID' => '02bd5a782620141f8589e647e2c6d90b', 'TEXT_PREVIEW' => $text_preview, 'PREVIEW' => $_preview, 'SUBJECT' => $subject)); mail_wrap($preview_subject, $html_only == 1 ? $_preview->evaluate() : $message, array($address), $username, $from_email, $from_name, 3, NULL, true, NULL, true, $in_html); breadcrumb_set_parents(array(array('_SELF:_SELF:misc', do_lang_tempcode('MANAGE_NEWSLETTER')), array('_SELF:_SELF:new', do_lang_tempcode('NEWSLETTER_SEND')))); breadcrumb_set_self(do_lang_tempcode('CONFIRM')); require_code('templates_confirm_screen'); return form_confirm_screen($title, $preview, 'send', get_param('old_type', 'new'), $extra_post_data); }
/** * The actualiser to contact a member. * * @return tempcode The UI */ function actual() { if (addon_installed('captcha')) { require_code('captcha'); enforce_captcha(); } $member_id = get_param_integer('id'); $email_address = $GLOBALS['FORUM_DRIVER']->get_member_row_field($member_id, 'm_email_address'); if (is_null($email_address)) { fatal_exit(do_lang_tempcode('INTERNAL_ERROR')); } $to_name = $GLOBALS['FORUM_DRIVER']->get_username($member_id); breadcrumb_set_parents(array(array('_SELF:_SELF:misc', do_lang_tempcode('EMAIL_MEMBER', escape_html($to_name))))); if (is_null($to_name)) { warn_exit(do_lang_tempcode('USER_NO_EXIST')); } $from_email = trim(post_param('email_address')); require_code('type_validation'); if (!is_valid_email_address($from_email)) { warn_exit(do_lang_tempcode('INVALID_EMAIL_ADDRESS')); } $from_name = post_param('name'); $title = get_page_title('EMAIL_MEMBER', true, array(escape_html($GLOBALS['FORUM_DRIVER']->get_username($member_id)))); require_code('mail'); $attachments = array(); $size_so_far = 0; require_code('uploads'); is_swf_upload(true); foreach ($_FILES as $file) { if (is_swf_upload() || is_uploaded_file($file['tmp_name'])) { $attachments[$file['tmp_name']] = $file['name']; $size_so_far += $file['size']; } else { if (defined('UPLOAD_ERR_NO_FILE') && array_key_exists('error', $file) && $file['error'] != UPLOAD_ERR_NO_FILE) { warn_exit(do_lang_tempcode('ERROR_UPLOADING_ATTACHMENTS')); } } } $size = $GLOBALS['FORUM_DRIVER']->get_member_row_field($member_id, 'm_max_email_attach_size_mb'); if ($size_so_far > $size * 1024 * 1024) { warn_exit(do_lang_tempcode('EXCEEDED_ATTACHMENT_SIZE', integer_format($size))); } mail_wrap(do_lang('EMAIL_MEMBER_SUBJECT', get_site_name(), post_param('subject'), NULL, get_lang($member_id)), post_param('message'), array($email_address), $to_name, $from_email, $from_name, 3, $attachments, false, get_member()); log_it('EMAIL', strval($member_id), $to_name); breadcrumb_set_self(do_lang_tempcode('DONE')); $url = get_param('redirect'); return redirect_screen($title, $url, do_lang_tempcode('SUCCESS')); }
/** * Get tempcode for a Comcode tag. This function should always return (errors should be placed in the Comcode output stream), for stability reasons (i.e. if you're submitting something, you can't have the whole submit process die half way through in an unstructured fashion). * * @param string The tag being converted * @param array A map of the attributes (name=>val) for the tag. Val is usually a string, although in select places, the XML parser may pass tempcode. * @param mixed Tempcode of the inside of the tag ([between]THIS[/between]); the XML parser may pass in special stuff here, which is interpreted only for select tags * @param boolean Whether we are allowed to proceed even if this tag is marked as 'dangerous' * @param string A special identifier to mark where the resultant tempcode is going to end up (e.g. the ID of a post) * @param integer The position this tag occurred at in the Comcode * @param MEMBER The member who is responsible for this Comcode * @param boolean Whether to check as arbitrary admin * @param object The database connection to use * @param string The whole chunk of comcode * @param boolean Whether this is for WML output * @param boolean Whether this is only a structure sweep * @param boolean Whether we are in semi-parse-mode (some tags might convert differently) * @param ?array A list of words to highlight (NULL: none) * @param ?MEMBER The member we are running on behalf of, with respect to how attachments are handled; we may use this members attachments that are already within this post, and our new attachments will be handed to this member (NULL: member evaluating) * @param boolean Whether what we have came from inside a semihtml tag * @param boolean Whether what we have came from semihtml mode * @return tempcode The tempcode for the Comcode */ function _do_tags_comcode($tag, $attributes, $embed, $comcode_dangerous, $pass_id, $marker, $source_member, $as_admin, $connection, &$comcode, $wml, $structure_sweep, $semiparse_mode, $highlight_bits = NULL, $on_behalf_of_member = NULL, $in_semihtml = false, $is_all_semihtml = false) { if ($structure_sweep && $tag != 'title') { return new ocp_tempcode(); } $param_given = isset($attributes['param']); if (!isset($attributes['param']) && $tag != 'block') { $attributes['param'] = ''; } global $DANGEROUS_TAGS, $STRUCTURE_LIST, $COMCODE_PARSE_TITLE; if (isset($DANGEROUS_TAGS[$tag]) && !$comcode_dangerous) { $username = $GLOBALS['FORUM_DRIVER']->get_username($source_member); if (is_null($username)) { $username = do_lang('UNKNOWN'); } if ($semiparse_mode) { $params = ''; foreach ($attributes as $key => $val) { $params .= ' ' . $key . '="' . comcode_escape($val) . '"'; } return make_string_tempcode('<input class="ocp_keep_ui_controlled" size="45" title="[' . $tag . '' . escape_html($params) . ']' . ($in_semihtml || $is_all_semihtml ? escape_html($embed->evaluate()) : escape_html($embed->evaluate())) . '[/' . $tag . ']" type="text" value="' . ($tag == 'block' ? do_lang('COMCODE_EDITABLE_BLOCK', escape_html($embed->evaluate())) : do_lang('COMCODE_EDITABLE_TAG', escape_html($tag))) . '" />'); } return do_template('WARNING_TABLE', array('WARNING' => do_lang_tempcode('comcode:NO_ACCESS_FOR_TAG', escape_html($tag), escape_html($username)))); //return new ocp_tempcode(); } // These are just bbcode compatibility tags.. we will remap to our proper comcode if ($tag == 'php') { $attributes['param'] = 'php'; $tag = 'code'; } elseif ($tag == 'sql') { $attributes['param'] = 'sql'; $tag = 'code'; } elseif ($tag == 'codebox') { $attributes['scroll'] = '1'; $tag = 'code'; } elseif ($tag == 'left') { $attributes['param'] = 'left'; $tag = 'align'; } elseif ($tag == 'center') { $attributes['param'] = 'center'; $tag = 'align'; } elseif ($tag == 'right') { $attributes['param'] = 'right'; $tag = 'align'; } elseif ($tag == 'thread') { $tag = 'topic'; } elseif ($tag == 'internal_table' || $tag == 'external_table') { $tag = 'box'; if (array_key_exists('class', $attributes)) { $attributes['type'] = $attributes['class']; } } if ($semiparse_mode) { $non_text_tags = array('attachment', 'section_controller', 'big_tab_controller', 'currency', 'block', 'contents', 'concepts', 'flash', 'menu', 'email', 'reference', 'upload', 'page', 'exp_thumb', 'exp_ref', 'thumb', 'snapback', 'post', 'thread', 'topic', 'include', 'random', 'jumping', 'shocker'); // Also in JAVASCRIPT_EDITING.tpl if ($tag == 'attachment_safe') { if (preg_match('#^new\\_\\d+$#', $embed->evaluate()) != 0) { $non_text_tags[] = 'attachment_safe'; } } if (in_array($tag, $non_text_tags)) { $params = ''; foreach ($attributes as $key => $val) { $params .= ' ' . $key . '="' . str_replace('"', '\\"', $val) . '"'; } if ($tag != 'block' || !is_file(get_file_base() . '/sources_custom/miniblocks/' . $embed->evaluate() . '.php')) { return make_string_tempcode('<input class="ocp_keep_ui_controlled" size="45" title="[' . $tag . '' . escape_html($params) . ']' . ($in_semihtml || $is_all_semihtml ? escape_html($embed->evaluate()) : escape_html($embed->evaluate())) . '[/' . $tag . ']" type="text" value="' . ($tag == 'block' ? do_lang('comcode:COMCODE_EDITABLE_BLOCK', escape_html($embed->evaluate())) : do_lang('comcode:COMCODE_EDITABLE_TAG', escape_html($tag))) . '" />'); } else { return make_string_tempcode('[block' . escape_html($params) . ']' . ($in_semihtml || $is_all_semihtml ? $embed->evaluate() : escape_html($embed->evaluate())) . '[/block]'); } } } $temp_tpl = new ocp_tempcode(); switch ($tag) { case 'no_parse': $temp_tpl->attach($embed); break; case 'currency': if (addon_installed('ecommerce')) { $bracket = array_key_exists('bracket', $attributes) && $attributes['bracket'] == '1'; if ($attributes['param'] == '') { $attributes['param'] = get_option('currency'); } $temp_tpl = do_template('COMCODE_CURRENCY', array('_GUID' => 'ee1fcdae082af6397ff3bad89006e012', 'AMOUNT' => $embed, 'FROM_CURRENCY' => $attributes['param'], 'BRACKET' => $bracket)); } break; case 'overlay': $x = strval(array_key_exists('x', $attributes) ? intval($attributes['x']) : 100); $y = strval(array_key_exists('y', $attributes) ? intval($attributes['y']) : 100); $width = strval(array_key_exists('width', $attributes) ? intval($attributes['width']) : 300); $height = strval(array_key_exists('height', $attributes) ? intval($attributes['height']) : 300); $timein = strval(array_key_exists('timein', $attributes) ? intval($attributes['timein']) : 0); $timeout = strval(array_key_exists('timeout', $attributes) ? intval($attributes['timeout']) : -1); $temp_tpl = do_template('COMCODE_OVERLAY', array('_GUID' => 'dfd0f7a72cc2bf6b613b28f8165a0034', 'UNIQ_ID' => 'a' . uniqid('', true), 'EMBED' => $embed, 'ID' => $attributes['param'] != '' ? $attributes['param'] : 'rand' . uniqid('', true), 'X' => $x, 'Y' => $y, 'WIDTH' => $width, 'HEIGHT' => $height, 'TIMEIN' => $timein, 'TIMEOUT' => $timeout)); break; case 'code': if ($wml) { $temp_tpl->attach('<b>'); $temp_tpl->attach($embed); $temp_tpl->attach('</b>'); break; } list($_embed, $title) = do_code_box($attributes['param'], $embed, array_key_exists('numbers', $attributes) && $attributes['numbers'] == '1', $in_semihtml, $is_all_semihtml); if (!is_null($_embed)) { $tpl = array_key_exists('scroll', $attributes) && $attributes['scroll'] == '1' ? 'COMCODE_CODE_SCROLL' : 'COMCODE_CODE'; if ($tpl == 'COMCODE_CODE_SCROLL' && substr_count($_embed, chr(10)) < 10) { $style = 'height: auto'; } else { $style = ''; } $temp_tpl = do_template($tpl, array('_GUID' => 'c5d46d0927272fcacbbabcfab0ef6b0c', 'STYLE' => $style, 'TYPE' => $attributes['param'], 'CONTENT' => $_embed, 'TITLE' => $title)); } else { $_embed = ''; } if ($temp_tpl->is_empty()) { if ($in_semihtml || $is_all_semihtml) { require_code('comcode_from_html'); $back_to_comcode = semihtml_to_comcode($embed->evaluate()); // Undo what's happened already //$back_to_comcode=html_entity_decode($back_to_comcode,ENT_QUOTES,get_charset()); // Remove the escaping entities that were inside the code tag $embed = comcode_to_tempcode($back_to_comcode, $source_member, $as_admin, 80, $pass_id, $connection); // Re-parse (with full security) } $_embed = $embed->evaluate(); if (!array_key_exists('scroll', $attributes) && strlen($_embed) > 1000) { $attributes['scroll'] = '1'; } $tpl = array_key_exists('scroll', $attributes) && $attributes['scroll'] == '1' ? 'COMCODE_CODE_SCROLL' : 'COMCODE_CODE'; $title = do_lang_tempcode('CODE'); if ($tpl == 'COMCODE_CODE_SCROLL' && substr_count($_embed, chr(10)) < 10) { $style = 'height: auto'; } else { $style = ''; } $temp_tpl = do_template($tpl, array('CONTENT' => $_embed, 'TITLE' => $title, 'STYLE' => $style, 'TYPE' => $attributes['param'])); } break; case 'list': if (is_array($embed)) { $parts = $embed; } else { $_embed = trim($embed->evaluate()); $_embed = str_replace('[/*]', '', $_embed); $parts = explode('[*]', $_embed); } if (isset($temp_tpl->preprocessable_bits)) { $temp_tpl->preprocessable_bits = array_merge($temp_tpl->preprocessable_bits, $embed->preprocessable_bits); } if ($wml) { foreach ($parts as $i => $part) { if ($i == 0 && str_replace(array(' ', '<br />', ' '), array('', '', ''), trim($part)) == '') { continue; } $temp_tpl->attach('<br />* '); $temp_tpl->attach($part); } $temp_tpl->attach('<br />* '); break; } $type = $attributes['param']; if ($type != '') { if ($type == '1') { $type = 'decimal'; } elseif ($type == 'a') { $type = 'lower-alpha'; } elseif ($type == 'i') { $type = 'lower-roman'; } elseif ($type == 'x') { $type = 'none'; } elseif (!in_array($type, array('circle', 'disc', 'square', 'armenian', 'decimal', 'decimal-leading-zero', 'georgian', 'lower-alpha', 'lower-greek', 'lower-latin', 'lower-roman', 'upper-alpha', 'upper-latin', 'upper-roman'))) { $type = 'disc'; } $tag = in_array($type, array('circle', 'disc', 'square')) ? 'ul' : 'ol'; $temp_tpl->attach('<' . $tag . ' style="list-style-type: ' . $type . '">'); foreach ($parts as $i => $part) { if ($i == 0 && str_replace(array(' ', '<br />', ' '), array('', '', ''), trim($part)) == '') { continue; } $temp_tpl->attach('<li>' . preg_replace('#\\<br /\\>(\\ |\\s)*$#D', '', preg_replace('#^\\<br /\\>(\\ |\\s)*#D', '', $part)) . '</li>'); } $temp_tpl->attach('</' . $tag . '>'); } else { $temp_tpl->attach('<ul>'); foreach ($parts as $i => $part) { if ($i == 0 && str_replace(array(' ', '<br />', ' '), array('', '', ''), trim($part)) == '') { continue; } $temp_tpl->attach('<li>' . preg_replace('#\\<br /\\>(\\ |\\s)*$#D', '', preg_replace('#^\\<br /\\>(\\ |\\s)*#D', '', $part)) . '</li>'); } $temp_tpl->attach('</ul>'); } break; case 'snapback': require_lang('ocf'); $post_id = intval($embed->evaluate()); $s_title = $attributes['param'] == '' ? do_lang_tempcode('FORUM_POST_NUMBERED', integer_format($post_id)) : make_string_tempcode($attributes['param']); $forum = array_key_exists('forum', $attributes) ? $attributes['forum'] : ''; $temp_tpl = do_template('COMCODE_SNAPBACK', array('URL' => $GLOBALS['FORUM_DRIVER']->post_url($post_id, $forum), 'TITLE' => $s_title)); break; case 'post': require_lang('ocf'); $post_id = intval($embed->evaluate()); $s_title = $attributes['param'] == '' ? do_lang_tempcode('FORUM_POST_NUMBERED', integer_format($post_id)) : make_string_tempcode($attributes['param']); $forum = array_key_exists('forum', $attributes) ? $attributes['forum'] : ''; $temp_tpl->attach(hyperlink($GLOBALS['FORUM_DRIVER']->post_url($post_id, $forum), $s_title)); break; case 'topic': require_lang('ocf'); $topic_id = intval($embed->evaluate()); $s_title = $attributes['param'] == '' ? do_lang_tempcode('FORUM_TOPIC_NUMBERED', integer_format($topic_id)) : make_string_tempcode($attributes['param']); $forum = array_key_exists('forum', $attributes) ? $attributes['forum'] : ''; $temp_tpl->attach(hyperlink($GLOBALS['FORUM_DRIVER']->topic_url($topic_id, $forum), $s_title)); break; case 'staff_note': $temp_tpl = new ocp_tempcode(); return $temp_tpl; case 'section': if ($wml) { $temp_tpl = $embed; break; } $name = array_key_exists('param', $attributes) ? $attributes['param'] : 'section' . strval(mt_rand(0, 100)); $default = array_key_exists('default', $attributes) ? $attributes['default'] : '0'; $temp_tpl = do_template('COMCODE_SECTION', array('_GUID' => 'a902962ccdc80046c999d6fed907d105', 'PASS_ID' => 'x' . $pass_id, 'DEFAULT' => $default == '1', 'NAME' => $name, 'CONTENT' => $embed)); break; case 'section_controller': if ($wml) { break; } $sections = explode(',', $embed->evaluate()); $temp_tpl = do_template('COMCODE_SECTION_CONTROLLER', array('_GUID' => '133bf24892e9e3ec2a01146d6ec418fe', 'SECTIONS' => $sections, 'PASS_ID' => 'x' . $pass_id)); break; case 'big_tab': if ($wml) { $temp_tpl = $embed; break; } $name = array_key_exists('param', $attributes) ? $attributes['param'] : 'big_tab' . strval(mt_rand(0, 100)); $default = array_key_exists('default', $attributes) ? $attributes['default'] : '0'; $temp_tpl = do_template('COMCODE_BIG_TABS_TAB', array('PASS_ID' => 'x' . $pass_id, 'DEFAULT' => $default == '1', 'NAME' => $name, 'CONTENT' => $embed)); break; case 'big_tab_controller': if ($wml) { break; } $tabs = explode(',', $embed->evaluate()); if (!array_key_exists('switch_time', $attributes)) { $attributes['switch_time'] = '6000'; } $temp_tpl = do_template('COMCODE_BIG_TABS_CONTROLLER', array('SWITCH_TIME' => $attributes['switch_time'], 'TABS' => $tabs, 'PASS_ID' => 'x' . $pass_id)); break; case 'tab': if ($wml) { $temp_tpl = $embed; break; } $default = array_key_exists('default', $attributes) ? $attributes['default'] : '0'; $temp_tpl = do_template('COMCODE_TAB_BODY', array('DEFAULT' => $default == '1', 'TITLE' => trim($attributes['param']), 'CONTENT' => $embed)); break; case 'tabs': if ($wml) { break; } $heads = new ocp_tempcode(); $tabs = explode(',', $attributes['param']); foreach ($tabs as $i => $tab) { $heads->attach(do_template('COMCODE_TAB_HEAD', array('TITLE' => trim($tab), 'FIRST' => $i == 0, 'LAST' => !array_key_exists($i + 1, $tabs)))); } $temp_tpl = do_template('COMCODE_TAB_CONTROLLER', array('HEADS' => $heads, 'CONTENT' => $embed)); break; case 'carousel': if ($attributes['param'] == '') { $attributes['param'] = '40'; } $temp_tpl = do_template('COMCODE_CAROUSEL', array('CONTENT' => $embed, 'SCROLL_AMOUNT' => $attributes['param'])); break; case 'menu': if ($wml) { break; } $name = array_key_exists('param', $attributes) ? $attributes['param'] : 'mnu' . strval(mt_rand(0, 100)); $type = array_key_exists('type', $attributes) ? $attributes['type'] : 'tree'; require_code('menus'); require_code('menus_comcode'); $temp_tpl = build_comcode_menu($embed->evaluate(), $name, $source_member, $type); break; case 'if_in_group': $groups = ''; $_groups = explode(',', $attributes['param']); $all_groups = $GLOBALS['FORUM_DRIVER']->get_usergroup_list(); foreach ($_groups as $group) { $find = array_search($group, $all_groups); if ($find === false) { if ($groups != '') { $groups .= ','; } $groups .= $group; } else { if ($groups != '') { $groups .= ','; } $groups .= strval($find); } } $temp_tpl = do_template('COMCODE_IF_IN_GROUP', array('_GUID' => '761a7cc07f7b4b68508d68ce19b87d2c', 'TYPE' => array_key_exists('type', $attributes) ? $attributes['type'] : '', 'CONTENT' => $embed, 'GROUPS' => $groups)); break; case 'acronym': case 'abbr': $temp_tpl = do_template('COMCODE_ABBR', array('_GUID' => 'acbc4f991dsf03f81b61919b74ac24c91', 'CONTENT' => $embed, 'TITLE' => $attributes['param'])); break; case 'address': $temp_tpl = do_template('COMCODE_ADDRESS', array('_GUID' => 'acbcsdf9910703f81b61919b74ac24c91', 'CONTENT' => $embed)); break; case 'dfn': $temp_tpl = do_template('COMCODE_DFN', array('_GUID' => 'acbc4f9910703f81b61sf19b74ac24c91', 'CONTENT' => $embed)); break; case 'pulse': $min_color = array_key_exists('min', $attributes) ? $attributes['min'] : '0000FF'; $max_color = array_key_exists('max', $attributes) ? $attributes['max'] : 'FF0044'; if (substr($min_color, 0, 1) == '#') { $min_color = substr($min_color, 1); } if (substr($max_color, 0, 1) == '#') { $max_color = substr($max_color, 1); } $speed = $attributes['param'] == '' ? 100 : intval($attributes['param']); $temp_tpl = do_template('COMCODE_PULSE', array('_GUID' => 'adsd4f9910sfd03f81b61919b74ac24c91', 'RAND_ID' => uniqid('', true), 'CONTENT' => $embed, 'MIN_COLOR' => $min_color, 'MAX_COLOR' => $max_color, 'SPEED' => strval($speed))); break; case 'del': $cite = array_key_exists('cite', $attributes) ? $attributes['cite'] : NULL; if (!is_null($cite)) { $temp_tpl = test_url($cite, 'del', $cite, $source_member); } $datetime = array_key_exists('datetime', $attributes) ? $attributes['datetime'] : NULL; $temp_tpl->attach(do_template('COMCODE_DEL', array('_GUID' => 'acsd4f9910sfd03f81b61919b74ac24c91', 'CONTENT' => $embed, 'CITE' => $cite, 'DATETIME' => $datetime))); break; case 'ins': $cite = array_key_exists('cite', $attributes) ? $attributes['cite'] : NULL; if (!is_null($cite)) { $temp_tpl = test_url($cite, 'ins', $cite, $source_member); if (!$temp_tpl->is_empty()) { break; } } $datetime = array_key_exists('datetime', $attributes) ? $attributes['datetime'] : NULL; $temp_tpl->attach(do_template('COMCODE_INS', array('_GUID' => 'asss4f9910703f81b61919bsfc24c91', 'CONTENT' => $embed, 'CITE' => $cite, 'DATETIME' => $datetime))); break; case 'cite': $temp_tpl = do_template('COMCODE_CITE', array('_GUID' => 'acbcsf910703f81b61919b74ac24c91', 'CONTENT' => $embed)); break; case 'b': if ($semiparse_mode) { $temp_tpl = make_string_tempcode('<b>' . $embed->evaluate() . '</b>'); break; } $temp_tpl = do_template('COMCODE_BOLD', array('_GUID' => 'acbc4fds910703f81b619sf74ac24c91', 'CONTENT' => $embed)); break; case 'align': if ($wml) { $temp_tpl = $embed; break; } $align = array_key_exists('param', $attributes) ? $attributes['param'] : 'left'; $temp_tpl = do_template('COMCODE_ALIGN', array('_GUID' => '950b4d9db12cac6bf536860bedd96a36', 'ALIGN' => $align, 'CONTENT' => $embed)); break; case 'indent': if ($wml) { $temp_tpl = $embed; break; } $indent = array_key_exists('param', $attributes) ? $attributes['param'] : '10'; if (!is_numeric($indent)) { $indent = '10'; } $temp_tpl = do_template('COMCODE_INDENT', array('_GUID' => 'd8e69fa17eebd5312e3ad5788e3a1343', 'INDENT' => $indent, 'CONTENT' => $embed)); break; case 'surround': if ($wml) { $temp_tpl = $embed; break; } if ($semiparse_mode && $embed->evaluate() == '') { $temp_tpl = make_string_tempcode('<kbd class="ocp_keep" title="no_parse">[surround="' . comcode_escape(array_key_exists('param', $attributes) ? $attributes['param'] : 'float_surrounder') . '"]' . $embed->evaluate() . '[/surround]</kbd>'); break; } $class = array_key_exists('param', $attributes) && $attributes['param'] != '' ? $attributes['param'] : 'float_surrounder'; $temp_tpl = do_template('COMCODE_SURROUND', array('_GUID' => 'e8e69fa17eebd5312e3ad5788e3a1343', 'CLASS' => $class, 'CONTENT' => $embed)); break; case 'i': if ($semiparse_mode) { $temp_tpl = make_string_tempcode('<i>' . $embed->evaluate() . '</i>'); break; } $temp_tpl = do_template('COMCODE_ITALICS', array('_GUID' => '4321a1fe3825418e57a29410183c0c60', 'CONTENT' => $embed)); break; case 'u': if ($semiparse_mode) { $temp_tpl = make_string_tempcode('<u>' . $embed->evaluate() . '</u>'); break; } $temp_tpl = do_template('COMCODE_UNDERLINE', array('_GUID' => '69cc8e73b17f9e6a35eb1af2bd1dc6ab', 'CONTENT' => $embed)); break; case 's': if ($wml) { $temp_tpl = $embed; break; } if ($semiparse_mode) { $temp_tpl = make_string_tempcode('<strike>' . $embed->evaluate() . '</strike>'); break; } $temp_tpl = do_template('COMCODE_STRIKE', array('_GUID' => 'ed242591cefd365497cc0c63abbb11a9', 'CONTENT' => $embed)); break; case 'tooltip': $param = is_object($attributes['param']) ? $attributes['param'] : comcode_to_tempcode($attributes['param'], $source_member, $as_admin, 60, NULL, $connection, false, false, false, false, false, $highlight_bits, $on_behalf_of_member); if ($wml) { $temp_tpl->attach($embed); $temp_tpl->attach('[ '); $temp_tpl->attach($param); $temp_tpl->attach(' ]'); break; } $temp_tpl = do_template('COMCODE_TOOLTIP', array('_GUID' => 'c9f4793dc0c1a92cd7d08ae1b87c2308', 'URL' => array_key_exists('url', $attributes) ? $attributes['url'] : '', 'TOOLTIP' => $param, 'CONTENT' => $embed)); break; case 'sup': if ($wml) { $temp_tpl->attach('^'); $temp_tpl->attach($embed); break; } $temp_tpl = do_template('COMCODE_SUP', array('_GUID' => '74d2ecfe193dacb6d922bc288828196a', 'CONTENT' => $embed)); break; case 'sub': if ($wml) { $temp_tpl->attach('{'); $temp_tpl->attach($embed); $temp_tpl->attach('}'); break; } $temp_tpl = do_template('COMCODE_SUB', array('_GUID' => '515e310e00a6d7c30f7dca0a5956ebcf', 'CONTENT' => $embed)); break; case 'title': if ($semiparse_mode && strpos($comcode, '[contents') !== false) { $temp_tpl = make_string_tempcode('[title' . reinsert_parameters($attributes) . ']' . $embed->evaluate() . '[/title]'); break; } $level = $attributes['param'] != '' ? intval($attributes['param']) : 1; if ($level == 0) { $level = 1; } // Stop crazy Comcode causing stack errors with the toc $uniq_id = strval(count($STRUCTURE_LIST)); $STRUCTURE_LIST[] = array($level, $embed, $uniq_id); if ($level == 1) { $template = 'SCREEN_TITLE'; } elseif ($level == 2) { $template = 'COMCODE_SECTION_TITLE'; } elseif ($level == 3) { $template = 'COMCODE_MINOR_TITLE'; } elseif ($level == 4) { $template = 'COMCODE_VERY_MINOR_TITLE'; } else { $template = 'COMCODE_VERY_MINOR_TITLE'; } if ($level == 1) { if (is_null($COMCODE_PARSE_TITLE)) { $COMCODE_PARSE_TITLE = $embed->evaluate(); if (is_object($COMCODE_PARSE_TITLE)) { $COMCODE_PARSE_TITLE = $COMCODE_PARSE_TITLE->evaluate(); } } } $base = array_key_exists('base', $attributes) ? intval($attributes['base']) : 2; if (array_key_exists('number', $attributes) && $level >= $base) { $list_types = $attributes['number'] == '' ? array() : explode(',', $attributes['number']); $list_types = array_merge($list_types, array('decimal', 'lower-alpha', 'lower-roman', 'upper-alpha', 'upper-roman', 'disc')); $numerals = array('i', 'ii', 'iii', 'iv', 'v', 'vi', 'viii', 'ix', 'x', 'xi', 'xii', 'xiii', 'xiv', 'xv', 'xvi', 'xvii', 'xviii', 'xix', 'xx'); $symbol_lookup = array('decimal' => range(1, 100), 'lower-alpha' => range('a', 'z'), 'lower-roman' => $numerals, 'upper-alpha' => range('A', 'Z'), 'upper-roman' => str_replace('i', 'I', str_replace('v', 'V', str_replace('x', 'X', $numerals)))); $level_text = ''; $list_pos = count($STRUCTURE_LIST) - 2; for ($j = $level; $j >= $base; $j--) { $num_before = 0; for ($i = $list_pos; $i >= 0; $i--) { $list_pos--; if ($STRUCTURE_LIST[$i][0] == $j - 1) { break; } if ($STRUCTURE_LIST[$i][0] == $j) { $num_before++; } } $level_number = @strval($symbol_lookup[$list_types[$j - $base]][$num_before]); $level_text = $level_number . ($level_text != '' ? '.' : '') . $level_text; } $old_embed = $embed; $embed = make_string_tempcode($level_text . ' – '); $embed->attach($old_embed); } if ($wml) { if ($level == 1) { $temp_tpl->attach('<br /><p><big><u><b>'); $temp_tpl->attach($embed); $temp_tpl->attach('</b></u></big></p><br />'); } elseif ($level == 2) { $temp_tpl->attach('<br /><p><big><u>'); $temp_tpl->attach($embed); $temp_tpl->attach('</u></big></p><br />'); } elseif ($level == 3) { $temp_tpl->attach('<br /><p><big>'); $temp_tpl->attach($embed); $temp_tpl->attach('</big></p><br />'); } elseif ($level == 4) { $temp_tpl->attach('<br /><p>'); $temp_tpl->attach($embed); $temp_tpl->attach('</p><br />'); } break; } if ($semiparse_mode) { $temp_tpl = make_string_tempcode('<h' . strval($level) . ($level == 1 ? ' class="main_page_title"' : '') . '><span class="inner">' . $embed->evaluate() . '</span></h' . strval($level) . '>'); break; } $tpl_map = array('ID' => substr($pass_id, 0, 5) == 'panel' ? NULL : $uniq_id, 'TITLE' => $embed, 'HELP_URL' => '', 'HELP_TERM' => ''); if (array_key_exists('sub', $attributes)) { $tpl_map['SUB'] = protect_from_escaping(comcode_to_tempcode($attributes['sub'], $source_member, $as_admin, 60, NULL, $connection, false, false, false, false, false, $highlight_bits, $on_behalf_of_member)); } $temp_tpl = do_template($template, $tpl_map); break; case 'attachment': case 'attachment2': // legacy // legacy case 'attachment_safe': if ($wml) { break; } require_code('attachments'); if (is_null($on_behalf_of_member)) { $on_behalf_of_member = $source_member; } $id = $embed->evaluate(); global $COMCODE_ATTACHMENTS; if (!is_numeric($id) && !$as_admin && !has_specific_permission($source_member, 'exceed_filesize_limit')) { // We work all this out before we do any downloads, to make sure orphaned files aren't dumped on the file system (possible hack method) if (get_forum_type() == 'ocf') { require_lang('ocf'); require_code('ocf_groups'); $daily_quota = ocf_get_member_best_group_property($source_member, 'max_daily_upload_mb'); } else { $daily_quota = 5; // 5 is a hard coded default for non-OCF forums } if (!is_null($daily_quota)) { $_size_uploaded_today = $connection->query('SELECT SUM(a_file_size) AS the_answer FROM ' . $connection->get_table_prefix() . 'attachments WHERE a_member_id=' . strval((int) $source_member) . ' AND a_add_time>' . strval(time() - 60 * 60 * 24)); if (is_null($_size_uploaded_today[0]['the_answer'])) { $_size_uploaded_today[0]['the_answer'] = 0; } $size_uploaded_today = ceil((double) $_size_uploaded_today[0]['the_answer'] / 1024.0 / 1024.0); $attach_size = 0; require_code('uploads'); is_swf_upload(true); foreach ($_FILES as $_file) { $attach_size += floatval($_file['size']) / 1024.0 / 1024.0; } if ($size_uploaded_today + $attach_size > floatval($daily_quota)) { $temp_tpl = do_template('WARNING_TABLE', array('WARNING' => do_lang_tempcode('OVER_DAILY_QUOTA', integer_format($daily_quota), float_format($size_uploaded_today)))); break; } } } $thumb_url = array_key_exists('thumb_url', $attributes) ? $attributes['thumb_url'] : ''; // Embedded attachments if (!is_numeric($id) && substr($id, 0, 4) != 'new_' && substr($id, 0, 4) != 'url_') { $file = base64_decode(str_replace(chr(10), '', $id)); if ($file === false) { $temp_tpl = do_template('WARNING_TABLE', array('WARNING' => do_lang_tempcode('comcode:CORRUPT_ATTACHMENT'))); break; } $md5 = md5(substr($file, 0, 30)); $original_filename = array_key_exists('filename', $attributes) ? $attributes['filename'] : $md5 . '.dat'; if (get_file_extension($original_filename) != 'dat') { require_code('files2'); check_extension($original_filename, true); $new_filename = $md5 . '.' . get_file_extension($original_filename) . '.dat'; } else { $new_filename = $md5 . '.' . get_file_extension($original_filename); } $path = get_custom_file_base() . '/uploads/attachments/' . $new_filename; $myfile = @fopen($path, 'wb'); if ($myfile === false) { $temp_tpl = do_template('WARNING_TABLE', array('WARNING' => intelligent_write_error_inline($path))); break; } if (fwrite($myfile, $file) < strlen($file)) { warn_exit(do_lang_tempcode('COULD_NOT_SAVE_FILE')); } fclose($myfile); fix_permissions($path); sync_file($path); $_size = strlen($file); $url = 'uploads/attachments/' . $new_filename; if ($connection->connection_write != $GLOBALS['SITE_DB']->connection_write) { $url = get_custom_base_url() . '/' . $url; } // Thumbnail if ($thumb_url == '') { require_code('images'); if (is_image($original_filename)) { $gd = get_option('is_on_gd') == '1' && function_exists('imagetypes'); if ($gd) { require_code('images'); if (!is_saveable_image($url)) { $ext = '.png'; } else { $ext = '.' . get_file_extension($original_filename); } $thumb_url = 'uploads/attachments_thumbs/' . $md5 . $ext; convert_image(get_custom_base_url() . '/' . $url, get_custom_file_base() . '/' . $thumb_url, -1, -1, intval(get_option('thumb_width')), true, NULL, false, true); if ($connection->connection_write != $GLOBALS['SITE_DB']->connection_write) { $thumb_url = get_custom_base_url() . '/' . $thumb_url; } } else { $thumb_url = $url; } } } if (addon_installed('galleries')) { require_code('images'); if (is_video($url) && $connection->connection_read == $GLOBALS['SITE_DB']->connection_read) { require_code('transcoding'); $url = transcode_video($url, 'attachments', 'a_url', 'a_original_filename', NULL, NULL); } } $attachment = array('a_member_id' => $on_behalf_of_member, 'a_file_size' => $_size, 'a_url' => $url, 'a_thumb_url' => $thumb_url, 'a_original_filename' => $original_filename, 'a_num_downloads' => 0, 'a_last_downloaded_time' => NULL, 'a_add_time' => time()); $attachment['a_description'] = array_key_exists('description', $attributes) ? is_object($attributes['description']) ? '[html]' . $attributes['description']->evaluate() . '[/html]' : $attributes['description'] : ''; $attach_id = $connection->query_insert('attachments', $attachment, true); $attachment['id'] = $attach_id; // Create and document attachment if (!array_key_exists('type', $attributes)) { $attributes['type'] = 'auto'; } $COMCODE_ATTACHMENTS[$pass_id][] = array('tag_type' => $tag, 'type' => 'new', 'attachmenttype' => $attributes['type'], 'description' => $attachment['a_description'], 'id' => intval($attach_id), 'marker' => $marker, 'comcode' => $comcode); // Marker will allow us to search back and replace this with the added id } elseif (!is_numeric($id)) { require_code('uploads'); if (substr($id, 0, 4) == 'new_') { $_id = substr($id, 4); if (!is_numeric($_id)) { $temp_tpl = do_template('WARNING_TABLE', array('WARNING' => do_lang_tempcode('comcode:INVALID_ATTACHMENT'))); break; } $attributes['type'] = post_param('attachmenttype' . $_id, array_key_exists('type', $attributes) ? $attributes['type'] : 'auto'); if (substr($attributes['type'], -8) == '_extract') { $attributes['type'] = substr($attributes['type'], 0, strlen($attributes['type']) - 8); } $urls = get_url('', 'file' . $_id, 'uploads/attachments', 2, OCP_UPLOAD_ANYTHING, (!array_key_exists('thumb', $attributes) || $attributes['thumb'] != '0') && $thumb_url == '', '', '', true, true, true); if ($urls[0] == '') { return new ocp_tempcode(); } //warn_exit(do_lang_tempcode('ERROR_UPLOADING')); Can't do this, because this might not be post-calculated if something went wrong once is_swf_upload(true); $_size = $_FILES['file' . $_id]['size']; $original_filename = $_FILES['file' . $_id]['name']; if (get_magic_quotes_gpc()) { $original_filename = stripslashes($original_filename); } } elseif (substr($id, 0, 4) == 'url_') { if (!has_specific_permission($source_member, 'draw_to_server') && !$as_admin) { break; } $_id = '!'; $attributes['type'] = post_param('attachmenttype' . $_id, array_key_exists('type', $attributes) ? $attributes['type'] : 'auto'); $url = remove_url_mistakes(substr($id, 4)); $_POST['_specify_url'] = $url; // Little hack, as we need to read it from a POST if (get_magic_quotes_gpc()) { $_POST['_specify_url'] = addslashes($_POST['_specify_url']); } $urls = get_url('_specify_url', '', 'uploads/filedump', 1, OCP_UPLOAD_ANYTHING, (!array_key_exists('thumb', $attributes) || $attributes['thumb'] != '0') && $thumb_url == '', '', '', true, true); if ($urls[0] == '') { return new ocp_tempcode(); } $original_filename = rawurldecode(substr($url, strrpos($url, '/') + 1)); if (url_is_local($urls[0])) { $_size = @filesize(get_custom_file_base() . '/' . rawurldecode($urls[0])); if ($_size === false) { $_size = filesize(get_file_base() . '/' . rawurldecode($urls[0])); } } else { $_size = 0; } } else { $temp_tpl = do_template('WARNING_TABLE', array('WARNING' => do_lang_tempcode('comcode:INVALID_ATTACHMENT'))); break; } if ($urls[0] == '') { require_code('images'); require_code('files2'); $temp_tpl = do_template('WARNING_TABLE', array('WARNING' => do_lang_tempcode('ATTACHMENT_WOULD_NOT_UPLOAD', float_format(get_max_file_size() / 1024 / 1024), float_format(get_max_image_size() / 1024 / 1024)))); break; } $url = $urls[0]; if ($connection->connection_write != $GLOBALS['SITE_DB']->connection_write) { $url = get_custom_base_url() . '/' . $url; } if ($thumb_url == '') { $thumb_url = array_key_exists(1, $urls) ? $urls[1] : ''; } if ($thumb_url != '' && $connection != $GLOBALS['SITE_DB']) { $thumb_url = get_custom_base_url() . '/' . $thumb_url; } $num_downloads = 0; $last_downloaded_time = NULL; $add_time = time(); $member_id = $on_behalf_of_member; if (addon_installed('galleries')) { require_code('images'); if (is_video($url) && $connection->connection_read == $GLOBALS['SITE_DB']->connection_read) { require_code('transcoding'); $url = transcode_video($url, 'attachments', 'a_url', 'a_original_filename', NULL, NULL); } } $attachment = array('a_member_id' => $member_id, 'a_file_size' => $_size, 'a_url' => $url, 'a_thumb_url' => $thumb_url, 'a_original_filename' => $original_filename, 'a_num_downloads' => $num_downloads, 'a_last_downloaded_time' => $last_downloaded_time, 'a_add_time' => $add_time); $attachment['a_description'] = post_param('caption' . $_id, array_key_exists('description', $attributes) ? is_object($attributes['description']) ? '[html]' . $attributes['description']->evaluate() . '[/html]' : $attributes['description'] : ''); $attach_id = $connection->query_insert('attachments', $attachment, true); $attachment['id'] = $attach_id; if ($tag == 'attachment2' || $tag == 'attachment_safe' || substr($id, 0, 4) == 'url_') { $connection->query_delete('attachment_refs', array('r_referer_type' => 'null', 'r_referer_id' => '', 'a_id' => $attachment['id']), '', 1); $connection->query_insert('attachment_refs', array('r_referer_type' => 'null', 'r_referer_id' => '', 'a_id' => $attachment['id'])); } // Create and document attachment $COMCODE_ATTACHMENTS[$pass_id][] = array('tag_type' => $tag, 'time' => time(), 'type' => substr($id, 0, 4) == 'new_' ? 'new' : 'url', 'attachmenttype' => $attributes['type'], 'description' => $attachment['a_description'], 'id' => intval($attach_id), 'marker' => $marker, 'comcode' => $comcode); // Marker will allow us to search back and replace this with the added id // Existing attachments } else { $__id = intval($id); // Check we have permission to re-use this $owner = $connection->query_value_null_ok('attachments', 'a_member_id', array('id' => $__id)); if (is_null($owner)) { $temp_tpl = do_template('WARNING_TABLE', array('WARNING' => do_lang_tempcode('MISSING_RESOURCE_COMCODE', 'attachment', escape_html(strval($__id))))); if (!in_array(get_page_name(), $GLOBALS['DONT_CARE_MISSING_PAGES']) && !running_script('iframe')) { require_code('failure'); relay_error_notification(do_lang('MISSING_RESOURCE_COMCODE', 'attachment', strval($__id)), false, $GLOBALS['FORUM_DRIVER']->is_staff($source_member) ? 'error_occurred_missing_reference_important' : 'error_occurred_missing_reference'); } break; } $_attachment = $connection->query_select('attachments', array('*'), array('id' => $__id), '', 1); $attachment = $_attachment[0]; $already_referenced = array_key_exists($__id, $GLOBALS['ATTACHMENTS_ALREADY_REFERENCED']); if ($already_referenced || $as_admin || $source_member === $owner || (has_specific_permission($source_member, 'reuse_others_attachments') || $owner == $source_member) && has_attachment_access($source_member, $__id)) { if (!array_key_exists('type', $attributes)) { $attributes['type'] = 'auto'; } $COMCODE_ATTACHMENTS[$pass_id][] = array('tag_type' => $tag, 'time' => $attachment['a_add_time'], 'type' => 'existing', 'id' => $__id, 'attachmenttype' => $attributes['type'], 'marker' => $marker, 'comcode' => $comcode); } else { require_lang('permissions'); $username = $GLOBALS['FORUM_DRIVER']->get_username($source_member); if (is_null($username)) { $username = do_lang('DELETED'); } $temp_tpl = do_template('WARNING_TABLE', array('WARNING' => do_lang_tempcode('permissions:ACCESS_DENIED__REUSE_ATTACHMENT', $username))); break; //access_denied('REUSE_ATTACHMENT'); } if ($connection->connection_write != $GLOBALS['SITE_DB']->connection_write) { if (url_is_local($attachment['a_url'])) { $attachment['a_url'] = get_custom_base_url() . '/' . $attachment['a_url']; } if (url_is_local($attachment['a_url'])) { $attachment['a_thumb_url'] = get_custom_base_url() . '/' . $attachment['a_thumb_url']; } } $attachment['a_description'] = array_key_exists('description', $attributes) ? is_object($attributes['description']) ? '[html]' . $attributes['description']->evaluate() . '[/html]' : $attributes['description'] : $attachment['a_description']; } // Now, render it // ============== $temp_tpl = render_attachment($tag, $attributes, $attachment, $pass_id, $source_member, $as_admin, $connection, $highlight_bits, $on_behalf_of_member, $semiparse_mode); if (array_key_exists('float', $attributes)) { $temp_tpl = do_template('FLOATER', array('_GUID' => '802fe29019be80993296de7cc8b5cc5e', 'FLOAT' => $attributes['float'], 'CONTENT' => $temp_tpl)); } break; case 'include': $codename = $embed->evaluate(); $zone = $attributes['param']; if ($zone == '_SEARCH') { $zone = get_comcode_zone($codename); } if ($zone == '_SELF') { $zone = get_zone_name(); } $temp_comcode_parse_title = $COMCODE_PARSE_TITLE; $temp = request_page($codename, false, $zone, NULL, true); $COMCODE_PARSE_TITLE = $temp_comcode_parse_title; if ($temp->is_empty()) { $temp_tpl = do_template('WARNING_TABLE', array('WARNING' => do_lang_tempcode('MISSING_RESOURCE_COMCODE', 'include', hyperlink(build_url(array('page' => 'cms_comcode_pages', 'type' => '_ed', 'page_link' => $zone . ':' . $codename), get_module_zone('cms_comcode_pages')), $zone . ':' . $codename, false, true)))); if (!in_array(get_page_name(), $GLOBALS['DONT_CARE_MISSING_PAGES']) && !running_script('iframe')) { require_code('failure'); relay_error_notification(do_lang('MISSING_RESOURCE_COMCODE', 'include', $zone . ':' . $codename), false, $GLOBALS['FORUM_DRIVER']->is_staff($source_member) ? 'error_occurred_missing_reference_important' : 'error_occurred_missing_reference'); } } else { $temp_tpl = symbol_tempcode('LOAD_PAGE', array($codename, $zone)); } break; case 'random': unset($attributes['param']); if ($wml) { $top_attribute = array_pop($attributes); $temp_tpl = is_object($top_attribute) ? $top_attribute : comcode_to_tempcode($top_attribute, $source_member, $as_admin, 60, NULL, $connection, false, false, false, false, false, $highlight_bits, $on_behalf_of_member); break; } $max = $embed->evaluate() == '' ? intval($embed->evaluate()) : 0; foreach ($attributes as $num => $val) { $_temp = is_object($val) ? $val : comcode_to_tempcode($val, $source_member, $as_admin, 60, NULL, $connection, false, false, false, false, false, $highlight_bits, $on_behalf_of_member); $attributes[$num] = $_temp->evaluate(); if (intval($num) > $max) { $max = intval($num); } } $_parts = new ocp_tempcode(); krsort($attributes); foreach ($attributes as $num => $val) { $_parts->attach(do_template('COMCODE_RANDOM_PART', array('_GUID' => '5fa49a916304f9caa0ddedeb01531142', 'NUM' => strval($num), 'VAL' => $val))); } $temp_tpl = do_template('COMCODE_RANDOM', array('_GUID' => '9b77aaf593b12c763fb0c367fab415b6', 'UNIQID' => uniqid('', true), 'FULL' => $embed, 'MAX' => strval($max), 'PARTS' => $_parts)); break; case 'jumping': unset($attributes['param']); if ($wml) { $top_attribute = array_pop($attributes); $temp_tpl = is_object($top_attribute) ? $top_attribute : comcode_to_tempcode($top_attribute, $source_member, $as_admin, 60, NULL, $connection, false, false, false, false, false, $highlight_bits, $on_behalf_of_member); break; } $_parts = new ocp_tempcode(); foreach ($attributes as $val) { $_temp = is_object($val) ? $val : comcode_to_tempcode($val, $source_member, $as_admin, 60, NULL, $connection, false, false, false, false, false, $highlight_bits, $on_behalf_of_member); $_parts->attach(do_template('COMCODE_JUMPING_PART', array('_GUID' => 'd163bd11920f39f0cb8ff2f6ba48bc80', 'PART' => $_temp->evaluate()))); } $embed = $embed->evaluate(); $temp_tpl = do_template('COMCODE_JUMPING', array('_GUID' => '85e9f83ed134868436a7db7692f56047', 'UNIQID' => uniqid('', true), 'FULL' => implode(', ', $attributes), 'TIME' => strval((int) $embed), 'PARTS' => $_parts)); break; case 'shocker': if ($wml) { $top_attribute = array_pop($attributes); $temp_tpl = is_object($top_attribute) ? $top_attribute : comcode_to_tempcode($top_attribute, $source_member, $as_admin, 60, NULL, $connection, false, false, false, false, false, $highlight_bits, $on_behalf_of_member); break; } $_parts = new ocp_tempcode(); foreach ($attributes as $key => $val) { if (substr($key, 0, 5) == 'left_') { $left = $val; $right = array_key_exists('right_' . substr($key, 5), $attributes) ? $attributes['right_' . substr($key, 5)] : ''; $left = is_object($left) ? $left : comcode_to_tempcode($left, $source_member, $as_admin, 60, NULL, $connection, false, false, false, false, false, $highlight_bits, $on_behalf_of_member); $right = is_object($right) ? $right : comcode_to_tempcode($right, $source_member, $as_admin, 60, NULL, $connection, false, false, false, false, false, $highlight_bits, $on_behalf_of_member); $_parts->attach(do_template('COMCODE_SHOCKER_PART', array('LEFT' => $left, 'RIGHT' => $right))); } } $min_color = array_key_exists('min', $attributes) ? $attributes['min'] : '0000FF'; $max_color = array_key_exists('max', $attributes) ? $attributes['max'] : 'FF0044'; if (substr($min_color, 0, 1) == '#') { $min_color = substr($min_color, 1); } if (substr($max_color, 0, 1) == '#') { $max_color = substr($max_color, 1); } $embed = $embed->evaluate(); $temp_tpl = do_template('COMCODE_SHOCKER', array('UNIQID' => uniqid('', true), 'MIN_COLOR' => $min_color, 'MAX_COLOR' => $max_color, 'FULL' => implode(', ', $attributes), 'TIME' => strval(intval($embed)), 'PARTS' => $_parts)); break; case 'ticker': if ($wml) { $temp_tpl = $embed; break; } $width = $attributes['param']; if (!is_numeric($width)) { $width = '300'; } $fspeed = array_key_exists('speed', $attributes) ? float_to_raw_string(floatval($attributes['speed'])) : '1'; $temp_tpl = do_template('COMCODE_TICKER', array('_GUID' => 'e48893cda61995261577f0556443c537', 'UNIQID' => uniqid('', true), 'SPEED' => $fspeed, 'WIDTH' => $width, 'TEXT' => $embed)); break; case 'highlight': if ($wml) { $temp_tpl->attach('<i>'); $temp_tpl->attach($embed); $temp_tpl->attach('</i>'); break; } $temp_tpl = do_template('COMCODE_HIGHLIGHT', array('_GUID' => '695d041b6605f06ec2aeee1e82f87185', 'CONTENT' => $embed)); break; case 'size': $size = array_key_exists('param', $attributes) ? $attributes['param'] : '1'; if ($wml) { if (floatval($size) >= 1.5) { $temp_tpl->attach('<big>'); $temp_tpl->attach($embed); $temp_tpl->attach('</big>'); } elseif (floatval($size) < 0.8) { $temp_tpl->attach('<small>'); $temp_tpl->attach($embed); $temp_tpl->attach('</small>'); } else { $temp_tpl->attach($embed); } break; } if (is_numeric($size)) { $size = 'font-size: ' . $size . 'em;'; } elseif (substr($size, 0, 1) == '+') { $size = 'font-size: ' . substr($size, 1) . 'em'; } elseif (substr($size, -1) == '%') { $size = 'font-size: ' . float_to_raw_string(floatval(substr($size, 0, strlen($size) - 1)) / 100.0) . 'em'; } elseif (substr($size, -2) == 'of') { $new_size = '1em'; switch ($size) { case '1of': $new_size = '8pt'; break; case '2of': $new_size = '10pt'; break; case '3of': $new_size = '12pt'; break; case '4of': $new_size = '14pt'; break; case '5of': $new_size = '18pt'; break; case '6of': $new_size = '24pt'; break; case '7of': $new_size = '36pt'; break; } $size = 'font-size: ' . $new_size; } else { $size = 'font-size: ' . $size; } $size_len = strlen($size); filter_html($as_admin, $source_member, 0, $size_len, $size, false, false); $temp_tpl = do_template('COMCODE_FONT', array('_GUID' => 'fb23fdcb45aabdfeca9f37ed8098948e', 'CONTENT' => $embed, 'SIZE' => $size, 'COLOR' => '', 'FACE' => '')); break; case 'color': if ($wml) { $temp_tpl = $embed; break; } $color = array_key_exists('param', $attributes) ? 'color: ' . $attributes['param'] . ';' : ''; $temp_tpl = do_template('COMCODE_FONT', array('_GUID' => 'bd146414c9239ba2076f4b683df437d7', 'CONTENT' => $embed, 'SIZE' => '', 'COLOR' => $color, 'FACE' => '')); $color_len = strlen($color); filter_html($as_admin, $source_member, 0, $color_len, $color, false, false); break; case 'tt': if ($wml) { $temp_tpl->attach('<i>'); $temp_tpl->attach($embed); $temp_tpl->attach('</i>'); break; } $temp_tpl = do_template('COMCODE_TELETYPE', array('CONTENT' => $embed)); break; case 'samp': if ($wml) { $temp_tpl->attach('<i>'); $temp_tpl->attach($embed); $temp_tpl->attach('</i>'); break; } $temp_tpl = do_template('COMCODE_SAMP', array('CONTENT' => $embed)); break; case 'q': if ($wml) { $temp_tpl->attach('<i>'); $temp_tpl->attach($embed); $temp_tpl->attach('</i>'); break; } $temp_tpl = do_template('COMCODE_Q', array('CONTENT' => $embed)); break; case 'var': if ($wml) { $temp_tpl->attach('<i>'); $temp_tpl->attach($embed); $temp_tpl->attach('</i>'); break; } $temp_tpl = do_template('COMCODE_VAR', array('CONTENT' => $embed)); break; case 'font': $face = $attributes['param']; if ($face == '' && array_key_exists('face', $attributes)) { $face = $attributes['face']; } $color = array_key_exists('color', $attributes) ? $attributes['color'] : ''; $size = array_key_exists('size', $attributes) ? $attributes['size'] : ''; if ($face == '/') { $face = ''; } if ($color == '/') { $color = ''; } if ($size == '/') { $size = ''; } if ($wml) { $before = ''; $after = ''; if ($size != '') { if (floatval($size) >= 1.5) { $before = '<big>'; $after = '</big>'; } elseif (floatval($size) < 0.8) { $before = '<small>'; $after = '</small>'; } } $temp_tpl->attach($before); $temp_tpl->attach($embed); $temp_tpl->attach($after); break; } if ($color != '') { $color = 'color: ' . $color . ';'; } if ($size != '') { if (is_numeric($size)) { $size = 'font-size: ' . $size . 'em;'; } elseif (substr($size, 0, 1) == '+') { $size = 'font-size: ' . substr($size, 1) . 'em'; } elseif (substr($size, -1) == '%') { $size = 'font-size: ' . float_to_raw_string(floatval(substr($size, 0, strlen($size) - 1)) / 100.0) . 'em'; } elseif (substr($size, -2) == 'of') { $new_size = '1em'; switch ($size) { case '1of': $new_size = '8pt'; break; case '2of': $new_size = '10pt'; break; case '3of': $new_size = '12pt'; break; case '4of': $new_size = '14pt'; break; case '5of': $new_size = '18pt'; break; case '6of': $new_size = '24pt'; break; case '7of': $new_size = '36pt'; break; } $size = 'font-size: ' . $new_size; } else { $size = 'font-size: ' . $size; } } if ($face != '') { $face = 'font-family: ' . str_replace('\'', '', $face) . ';'; } $size_len = strlen($size); filter_html($as_admin, $source_member, 0, $size_len, $size, false, false); $color_len = strlen($color); filter_html($as_admin, $source_member, 0, $color_len, $color, false, false); $face_len = strlen($face); filter_html($as_admin, $source_member, 0, $face_len, $face, false, false); $temp_tpl = do_template('COMCODE_FONT', array('_GUID' => 'f5fcafe737b8fdf466a6a51773e09c9b', 'CONTENT' => $embed, 'SIZE' => $size, 'COLOR' => $color, 'FACE' => $face)); break; case 'box': if ($wml) { $temp_tpl->attach('<br /><p>'); if ($attributes['param'] != '') { $temp_tpl->attach('<big>'); $temp_tpl->attach($attributes['param']); $temp_tpl->attach('</big><br /><br />'); } $temp_tpl->attach($embed); $temp_tpl->attach('</p></br />'); break; } // Legacy parameter. There used to be 'place' and 'nowrap' and 'class', but these are now gone. $breadth = array_key_exists('breadth', $attributes) ? $attributes['breadth'] : '100%'; if ($breadth == 'WIDE') { $breadth = '100%'; } if ($breadth == 'WIDE_HIGH') { $breadth = '100%'; } if ($breadth == 'THIN') { $breadth = 'auto'; } // The new versions $dimensions = array_key_exists('dimensions', $attributes) ? comcode_to_tempcode($attributes['dimensions'], $source_member, $as_admin, 60, NULL, $connection, false, false, false, false, false, $highlight_bits, $on_behalf_of_member) : make_string_tempcode($breadth); $type = array_key_exists('type', $attributes) ? $attributes['type'] : ''; $options = array_key_exists('options', $attributes) ? $attributes['options'] : ''; $meta = $comcode_dangerous && array_key_exists('meta', $attributes) ? $attributes['meta'] : ''; //Insecure, unneeded here $links = $comcode_dangerous && array_key_exists('links', $attributes) ? $attributes['links'] : ''; //Insecure, unneeded here $converted = is_object($attributes['param']) ? $attributes['param'] : comcode_to_tempcode($attributes['param'], $source_member, $as_admin, 60, NULL, $connection, false, false, false, false, false, $highlight_bits, $on_behalf_of_member); $temp_tpl = directive_tempcode('BOX', $embed, array($converted, $dimensions, make_string_tempcode($type), make_string_tempcode($options), make_string_tempcode($meta), make_string_tempcode($links))); if (array_key_exists('float', $attributes)) { $temp_tpl = do_template('FLOATER', array('_GUID' => '54e8fc9ec1e16cfc5c8824e22f1e8745', 'FLOAT' => $attributes['float'], 'CONTENT' => $temp_tpl)); } break; case 'concept': if ($wml) { $temp_tpl = $embed; break; } if (!array_key_exists('param', $attributes) || $attributes['param'] == '') { $key = $embed->evaluate(); $temp_tpl = symbol_tempcode('DISPLAY_CONCEPT', array($key)); } else { $temp_tpl = do_template('COMCODE_CONCEPT_INLINE', array('_GUID' => '381a59de4d6f8967446c12bf4641a9ce', 'TEXT' => $embed, 'FULL' => $attributes['param'])); } break; case 'concepts': if ($wml) { break; } $title = $embed->evaluate(); $concepts = new ocp_tempcode(); foreach ($attributes as $_key => $_value) { if (substr($_key, -4) == '_key') { $key = $_value; $cid = substr($_key, 0, strlen($_key) - 4); $to_parse = array_key_exists($cid . '_value', $attributes) ? $attributes[$cid . '_value'] : new ocp_tempcode(); $value = is_object($to_parse) ? $to_parse : comcode_to_tempcode($to_parse, $source_member, $as_admin, 60, NULL, $connection, false, false, false, false, false, $highlight_bits, $on_behalf_of_member); $concepts->attach(do_template('COMCODE_CONCEPTS_CONCEPT', array('_GUID' => '4baf6dabc32146c594c7fd922791b6b2', 'A' => 'concept___' . preg_replace('#[^\\w]#', '_', $key), 'KEY' => $key, 'VALUE' => $value))); } } $temp_tpl = do_template('COMCODE_CONCEPTS', array('_GUID' => '4c7a1d70753dc1d209b9951aa10f361a', 'TITLE' => $title, 'CONCEPTS' => $concepts)); break; case 'exp_ref': if ($wml) { break; } $_embed = $embed->evaluate(); if (strpos($_embed, '.') !== false) { break; } $stub = get_file_base() . '/data_custom/images/' . get_zone_name() . '/'; $stub2 = get_base_url() . '/data_custom/images/' . get_zone_name() . '/'; if (!file_exists($stub)) { $stub = get_file_base() . '/data/images/' . get_zone_name() . '/'; $stub2 = get_base_url() . '/data/images/' . get_zone_name() . '/'; } if (!file_exists($stub)) { $stub = get_file_base() . '/data_custom/images/'; $stub2 = get_base_url() . '/data_custom/images/'; } if (!file_exists($stub)) { $stub = get_file_base() . '/data/images/'; $stub2 = get_base_url() . '/data/images/'; } if (substr($_embed, 0, 1) == '/') { $_embed = substr($_embed, 1); } if (file_exists($stub . $_embed . '.png')) { $url = $stub2 . $_embed . '.png'; } elseif (file_exists($stub . $_embed . '.gif')) { $url = $stub2 . $_embed . '.gif'; } elseif (file_exists($stub . $_embed . '.jpg')) { $url = $stub2 . $_embed . '.jpg'; } elseif (file_exists($stub . $_embed . '.jpeg')) { $url = $stub2 . $_embed . '.jpeg'; } else { $stub = get_file_base() . '/data/images/docs/'; $stub2 = get_base_url() . '/data/images/docs/'; if (substr($_embed, 0, 1) == '/') { $_embed = substr($_embed, 1); } if (file_exists($stub . $_embed . '.png')) { $url = $stub2 . $_embed . '.png'; } elseif (file_exists($stub . $_embed . '.gif')) { $url = $stub2 . $_embed . '.gif'; } elseif (file_exists($stub . $_embed . '.jpg')) { $url = $stub2 . $_embed . '.jpg'; } elseif (file_exists($stub . $_embed . '.jpeg')) { $url = $stub2 . $_embed . '.jpeg'; } else { $temp_tpl = do_template('WARNING_TABLE', array('WARNING' => do_lang_tempcode('MISSING_RESOURCE_COMCODE', 'exp_ref', escape_html($_embed)))); if (array_key_exists('COMCODE_BROKEN_URLS', $GLOBALS)) { $GLOBALS['COMCODE_BROKEN_URLS'][] = array($_embed, NULL); } elseif (!in_array(get_page_name(), $GLOBALS['DONT_CARE_MISSING_PAGES']) && !running_script('iframe')) { require_code('failure'); relay_error_notification(do_lang('MISSING_RESOURCE_COMCODE', 'exp_ref', $_embed), false, $GLOBALS['FORUM_DRIVER']->is_staff($source_member) ? 'error_occurred_missing_reference_important' : 'error_occurred_missing_reference'); } break; } } $text = make_string_tempcode($attributes['param']); if ($text->is_empty()) { $text = do_lang_tempcode('EXAMPLE'); } $temp_tpl = do_template('COMCODE_EXP_REF', array('_GUID' => '89e7f528e72096e3458d6acb70734d0b', 'TEXT' => $text, 'URL' => $url)); break; case 'exp_thumb': if ($wml) { break; } $_embed = $embed->evaluate(); if (strpos($_embed, '.') !== false) { break; } $stub = get_file_base() . '/data/images/' . get_zone_name() . '/'; $stub2 = get_base_url() . '/data/images/' . get_zone_name() . '/'; if (substr($_embed, 0, 1) == '/') { $_embed = substr($_embed, 1); } if (file_exists($stub . $_embed . '.png')) { $url_full = $stub2 . $_embed . '.png'; } elseif (file_exists($stub . $_embed . '.gif')) { $url_full = $stub2 . $_embed . '.gif'; } elseif (file_exists($stub . $_embed . '.jpg')) { $url_full = $stub2 . $_embed . '.jpg'; } elseif (file_exists($stub . $_embed . '.jpeg')) { $url_full = $stub2 . $_embed . '.jpeg'; } else { $stub = get_file_base() . '/data/images/docs/'; $stub2 = get_base_url() . '/data/images/docs/'; if (substr($_embed, 0, 1) == '/') { $_embed = substr($_embed, 1); } if (file_exists($stub . $_embed . '.png')) { $url_full = $stub2 . $_embed . '.png'; } elseif (file_exists($stub . $_embed . '.gif')) { $url_full = $stub2 . $_embed . '.gif'; } elseif (file_exists($stub . $_embed . '.jpg')) { $url_full = $stub2 . $_embed . '.jpg'; } elseif (file_exists($stub . $_embed . '.jpeg')) { $url_full = $stub2 . $_embed . '.jpeg'; } else { $temp_tpl = do_template('WARNING_TABLE', array('WARNING' => do_lang_tempcode('MISSING_RESOURCE_COMCODE', 'exp_thumb', escape_html($_embed)))); if (array_key_exists('COMCODE_BROKEN_URLS', $GLOBALS)) { $GLOBALS['COMCODE_BROKEN_URLS'][] = $_embed; } elseif (!in_array(get_page_name(), $GLOBALS['DONT_CARE_MISSING_PAGES']) && !running_script('iframe')) { require_code('failure'); relay_error_notification(do_lang('MISSING_RESOURCE_COMCODE', 'exp_thumb', $_embed), false, $GLOBALS['FORUM_DRIVER']->is_staff($source_member) ? 'error_occurred_missing_reference_important' : 'error_occurred_missing_reference'); } break; } } $float = array_key_exists('float', $attributes) ? $attributes['float'] : 'right'; $text = $attributes['param']; if (get_option('is_on_gd') == '0' || !function_exists('imagetypes')) { $url_thumb = $url_full; } else { $new_name = $_embed . '_thumb.png'; $file_thumb = $stub . $new_name; if (file_exists($file_thumb)) { $url_thumb = $stub2 . rawurlencode($new_name); } else { $new_name = $_embed . '.png'; $file_thumb = get_custom_file_base() . '/uploads/auto_thumbs/' . $new_name; if (!file_exists($file_thumb)) { require_code('images'); convert_image($url_full, $file_thumb, -1, -1, 150, false); } $url_thumb = get_custom_base_url() . '/uploads/auto_thumbs/' . rawurlencode($new_name); } } if (get_param_integer('wide_print', 0) == 1) { $temp_tpl = do_template('COMCODE_EXP_THUMB_PRINT', array('_GUID' => 'de7f8a7fa29c2335f381a0beb3da9406', 'FLOAT' => $float, 'TEXT' => $text, 'URL_THUMB' => $url_thumb, 'URL_FULL' => $url_full)); } else { $temp_tpl = do_template('COMCODE_EXP_THUMB', array('_GUID' => 'ce7f8a7fa29c2335f381a0beb3da9406', 'FLOAT' => $float, 'TEXT' => $text, 'URL_THUMB' => $url_thumb, 'URL_FULL' => $url_full)); } break; case 'thumb': if ($wml) { break; } $_embed = $embed->evaluate(); $_embed = remove_url_mistakes($_embed); $_embed = check_naughty_javascript_url($source_member, $_embed, $as_admin); if (substr($_embed, 0, 1) == '/') { $_embed = substr($_embed, 1); } if (url_is_local($_embed)) { if (file_exists(get_file_base() . '/' . $_embed) && !file_exists(get_custom_file_base() . '/' . $_embed)) { $url_full = get_base_url() . '/' . $_embed; } else { $url_full = get_custom_base_url() . '/' . $_embed; } } else { $url_full = $_embed; } $align = array_key_exists('align', $attributes) ? $attributes['align'] : 'bottom'; if (get_option('is_on_gd') == '0' || !function_exists('imagetypes') || !has_specific_permission($source_member, 'draw_to_server') && !$as_admin) { $url_thumb = $url_full; } else { if ($attributes['param'] != '') { $url_thumb = url_is_local($attributes['param']) ? get_custom_base_url() . '/' . $attributes['param'] : $attributes['param']; } if ($attributes['param'] == '' || url_is_local($attributes['param']) && !file_exists(get_custom_file_base() . '/' . rawurldecode($attributes['param']))) { $new_name = url_to_filename($url_full); require_code('images'); if (!is_saveable_image($new_name)) { $new_name .= '.png'; } if (is_null($new_name)) { $temp_tpl = do_template('WARNING_TABLE', array('WARNING' => do_lang_tempcode('URL_THUMB_TOO_LONG'))); break; } $file_thumb = get_custom_file_base() . '/uploads/auto_thumbs/' . $new_name; if (!file_exists($file_thumb) && strpos($file_thumb, '{$') === false) { convert_image($url_full, $file_thumb, -1, -1, intval(get_option('thumb_width')), false); } $url_thumb = get_custom_base_url() . '/uploads/auto_thumbs/' . rawurlencode($new_name); } } $caption = array_key_exists('caption', $attributes) ? $attributes['caption'] : ''; $temp_tpl = do_template('COMCODE_THUMB', array('_GUID' => '1b0d25f72ef5f816091269e29c586d60', 'CAPTION' => $caption, 'RAND' => strval(mt_rand(0, 32000)), 'ALIGN' => $align, 'PASS_ID' => intval($pass_id) < 0 ? strval(mt_rand(0, 10000)) : $pass_id, 'URL_THUMB' => $url_thumb, 'URL_FULL' => $url_full)); if (array_key_exists('float', $attributes)) { $temp_tpl = do_template('FLOATER', array('_GUID' => 'cbc56770714a44f56676f43da282cc7a', 'FLOAT' => $attributes['float'], 'CONTENT' => $temp_tpl)); } break; case 'img': if ($wml) { break; } if ($semiparse_mode && array_key_exists('rollover', $attributes)) { $temp_tpl = make_string_tempcode('[img' . reinsert_parameters($attributes) . ']' . $embed->evaluate() . '[/img]'); break; } $_embed = $embed->evaluate(); $given_url = $_embed; $_embed = remove_url_mistakes($_embed); if (substr($_embed, 0, 1) == '/') { $_embed = substr($_embed, 1); } $_embed = check_naughty_javascript_url($source_member, $_embed, $as_admin); if (url_is_local($_embed)) { if (file_exists(get_file_base() . '/' . $_embed) && !file_exists(get_custom_file_base() . '/' . $_embed)) { $url_full = get_base_url() . '/' . $_embed; } else { $url_full = get_custom_base_url() . '/' . $_embed; } } else { $url_full = $_embed; } $temp_tpl = test_url($url_full, 'img', @html_entity_decode($given_url, ENT_QUOTES, get_charset()), $source_member); $align = array_key_exists('align', $attributes) ? $attributes['align'] : ''; $caption = is_object($attributes['param']) ? $attributes['param'] : comcode_to_tempcode($attributes['param'], $source_member, $as_admin, 60, NULL, $connection, false, false, false, false, false, $highlight_bits, $on_behalf_of_member); if (array_key_exists('title', $attributes)) { $tooltip = is_object($attributes['title']) ? $attributes['title'] : comcode_to_tempcode($attributes['title'], $source_member, $as_admin, 60, NULL, $connection, false, false, false, false, false, $highlight_bits, $on_behalf_of_member); } else { $tooltip = $caption; } $rollover = array_key_exists('rollover', $attributes) ? $attributes['rollover'] : NULL; if (!is_null($rollover) && url_is_local($rollover)) { if (file_exists(get_file_base() . '/' . $rollover) && !file_exists(get_custom_file_base() . '/' . $rollover)) { $rollover = get_base_url() . '/' . $rollover; } else { $rollover = get_custom_base_url() . '/' . $rollover; } } $refresh_time = array_key_exists('refresh_time', $attributes) ? strval(intval($attributes['refresh_time'])) : '0'; $temp_tpl->attach(do_template('COMCODE_IMG', array('_GUID' => '70166d8dbb0aff064b99c0dd30ed77a8', 'RAND' => uniqid('', true), 'REFRESH_TIME' => $refresh_time, 'ROLLOVER' => $rollover, 'ALIGN' => $align, 'URL' => $url_full, 'TOOLTIP' => $tooltip, 'CAPTION' => $caption))); if (array_key_exists('float', $attributes)) { $temp_tpl = do_template('FLOATER', array('_GUID' => '918162250c80e10212efd9a051545b9b', 'FLOAT' => $attributes['float'], 'CONTENT' => $temp_tpl)); } break; case 'flash': if ($wml) { break; } $_embed = $embed->evaluate(); $given_url = $_embed; $_embed = remove_url_mistakes($_embed); if (substr($_embed, 0, 1) == '/') { $_embed = substr($_embed, 1); } $_embed = check_naughty_javascript_url($source_member, $_embed, $as_admin); $url_full = url_is_local($_embed) ? get_custom_base_url() . '/' . $_embed : $_embed; $temp_tpl = test_url($url_full, 'flash', @html_entity_decode($given_url, ENT_QUOTES, get_charset()), $source_member); if ($attributes['param'] == '' || strpos($attributes['param'], 'x') === false) { if (!array_key_exists('width', $attributes)) { $attributes['width'] = '300'; } if (!array_key_exists('height', $attributes)) { $attributes['height'] = '300'; } $attributes['param'] = $attributes['width'] . 'x' . $attributes['height']; } list($width, $height) = explode('x', $attributes['param'], 2); if (addon_installed('jwplayer') && (substr($url_full, -4) == '.flv' || substr($url_full, -4) == '.mp4' || substr($url_full, -4) == '.mp3' || substr($url_full, -4) == '.webm')) { $temp_tpl->attach(do_template('COMCODE_FLV', array('_GUID' => '4746684d9e098709cc6671e1b00ce47e', 'URL' => $url_full, 'WIDTH' => $width, 'HEIGHT' => $height))); } else { $temp_tpl->attach(do_template('COMCODE_SWF', array('_GUID' => '8bc61ad75977a5a85eff96454af31fe8', 'URL' => $url_full, 'WIDTH' => $width, 'HEIGHT' => $height))); } break; case 'url': // Make them both HTML strings $url = $embed->evaluate(); if (is_object($attributes['param'])) { $switch_over = true; // We know if must be Comcode XML $attributes['param'] = $attributes['param']->evaluate(); } else { $switch_over = !looks_like_url($url) && looks_like_url($attributes['param'], true); if (strpos($attributes['param'], '[') !== false || strpos($attributes['param'], '{') !== false) { $param_temp = comcode_to_tempcode(escape_html($attributes['param']), $source_member, $as_admin, 60, NULL, $connection, false, false, true, false, false, $highlight_bits, $on_behalf_of_member); global $ADVERTISING_BANNERS; $temp_ab = $ADVERTISING_BANNERS; $ADVERTISING_BANNERS = array(); $caption = $param_temp; $ADVERTISING_BANNERS = $temp_ab; } else { $caption = make_string_tempcode(escape_html($attributes['param'])); // Consistency of escaping } } // Do we need to switch around? if ($switch_over) { $url = $attributes['param']; $caption = $embed; } // If we weren't given a caption, use the URL, but crop if necessary if ($caption->evaluate() == '') { $_caption = $url; // Shorten the URL if it is too long $max_link_length = 50; if (strlen($_caption) > $max_link_length) { $_caption = escape_html(substr(@html_entity_decode($_caption, ENT_QUOTES, get_charset()), 0, intval($max_link_length / 2 - 3))) . '…' . escape_html(substr(@html_entity_decode($_caption, ENT_QUOTES, get_charset()), intval(-$max_link_length / 2))); } $caption = make_string_tempcode($_caption); } // Tidy up the URL now $url = @html_entity_decode($url, ENT_QUOTES, get_charset()); $url = fixup_protocolless_urls($url); // Integrity and security $url = check_naughty_javascript_url($source_member, $url, $as_admin); // More URL tidying $local = url_is_local($url) || strpos($url, get_domain()) !== false; $given_url = $url; if ($url != '' && $url[0] != '#') { if (substr($url, 0, 1) == '/') { $url = substr($url, 1); } $url_full = url_is_local($url) ? get_base_url() . '/' . $url : $url; if ($GLOBALS['XSS_DETECT']) { ocp_mark_as_escaped($url_full); } } else { $url_full = $url; } $striped_base_url = str_replace('www.', '', str_replace('http://', '', get_base_url())); if ($striped_base_url != '' && substr($url, 0, 1) != '%' && strpos($url_full, $striped_base_url) === false) { $temp_tpl = test_url($url_full, 'url', $given_url, $source_member); } // Render if (!array_key_exists('target', $attributes)) { $attributes['target'] = $local ? '_top' : '_blank'; } if ($attributes['target'] == 'blank') { $attributes['target'] = '_blank'; } $rel = $as_admin || has_specific_permission($source_member, 'search_engine_links') ? '' : 'nofollow'; if ($attributes['target'] == '_blank') { $title = (is_object($caption) ? static_evaluate_tempcode($caption) : $caption) . ' ' . do_lang('LINK_NEW_WINDOW'); } else { $title = ''; } $temp_tpl->attach(do_template('COMCODE_URL', array('_GUID' => 'd1657530e6d3d57e6a4791fb3bfa0dd7', 'TITLE' => $title, 'REL' => $rel, 'TARGET' => $attributes['target'], 'URL' => $url_full, 'CAPTION' => $caption))); break; case 'email': $_embed = $embed->evaluate(); require_code('type_validation'); require_code('obfuscate'); // If we need to switch if (is_object($attributes['param']) || !is_valid_email_address($_embed) && is_valid_email_address($attributes['param'])) { $temp = $embed; // Is tempcode $_embed = $attributes['param']; $attributes['param'] = $temp; } else { $attributes['param'] = comcode_to_tempcode($attributes['param'], $source_member, $as_admin, 60, NULL, $connection, false, false, false, false, false, $highlight_bits, $on_behalf_of_member); // Becomes tempcode } if ($attributes['param']->is_empty()) { $attributes['param'] = obfuscate_email_address($_embed); } $subject = array_key_exists('subject', $attributes) ? $attributes['subject'] : ''; $body = array_key_exists('body', $attributes) ? $attributes['body'] : ''; $title = ''; if (array_key_exists('title', $attributes)) { $title = $attributes['title']; } $temp_tpl = do_template('COMCODE_EMAIL', array('_GUID' => '5f6ade8fe07701b6858575153d78f4e9', 'TITLE' => $title, 'ADDRESS' => obfuscate_email_address($_embed), 'SUBJECT' => $subject, 'BODY' => $body, 'CAPTION' => $attributes['param'])); break; case 'reference': if ($wml) { break; } if (array_key_exists('type', $attributes) && $attributes['type'] == 'url') { $_embed = $embed->evaluate(); $_embed = check_naughty_javascript_url($source_member, $_embed, $as_admin); if (!array_key_exists('title', $attributes)) { $attributes['title'] = $attributes['param']; } if (is_object($attributes['title']) || $attributes['title'] != '') { $_title = is_object($attributes['title']) ? make_string_tempcode(escape_html($attributes['title'])) : comcode_to_tempcode($attributes['title'], $source_member, $as_admin, 60, NULL, $connection, false, false, false, false, false, $highlight_bits, $on_behalf_of_member); $title = $_title->evaluate(); } else { $title = $_embed; } $embed = hyperlink($_embed, $title, true); } $temp_tpl = do_template('COMCODE_REFERENCE', array_merge($attributes, array('SOURCE' => $embed))); break; case 'upload': // This points to a file path, not a URL $_embed = $embed->evaluate(); $type = array_key_exists('type', $attributes) ? $attributes['type'] : 'downloads'; if (is_object($attributes['param']) || $attributes['param'] != '') { $_caption = is_object($attributes['param']) ? make_string_tempcode(escape_html($attributes['param'])) : comcode_to_tempcode($attributes['param'], $source_member, $as_admin, 60, NULL, $connection, false, false, false, false, false, $highlight_bits, $on_behalf_of_member); $__caption = $_caption->evaluate(); } else { $__caption = $_embed; } $url = get_custom_base_url() . '/' . $type . '/' . rawurlencode($_embed); $url = check_naughty_javascript_url($source_member, $url, $as_admin); $temp_tpl = test_url($url, 'upload', $_embed, $source_member); $temp_tpl->attach(hyperlink($url, $__caption)); break; case 'page': $ignore_if_hidden = array_key_exists('ignore_if_hidden', $attributes) && $attributes['ignore_if_hidden'] == '1'; unset($attributes['ignore_if_hidden']); // Two sets of parameters: simple style and complex style; both are completely incompatible $hash = ''; if ($attributes == array('param' => '')) { $zone = '_SEARCH'; $caption = $embed; $attributes = array('page' => $caption->evaluate()); } elseif (array_keys($attributes) == array('param')) { $caption = $embed; if ($wml) { $temp_tpl = $embed; break; } else { if (strpos($attributes['param'], ':') !== false) { global $OVERRIDE_SELF_ZONE; $page_link = $attributes['param']; list($zone, $attributes, $hash) = page_link_decode($page_link); if (!array_key_exists('page', $attributes)) { $attributes['page'] = ''; } if ($zone == '_SELF' && !is_null($OVERRIDE_SELF_ZONE)) { $zone = $OVERRIDE_SELF_ZONE; } } else { $zone = '_SEARCH'; // Changed in v3 from '_SELF', to allow context-sensitivity $attributes = array_merge(array('page' => $attributes['param']), $attributes); } } } else { $caption = array_key_exists('caption', $attributes) ? comcode_to_tempcode($attributes['caption'], $source_member, $as_admin, 60, NULL, $connection, false, false, false, false, false, $highlight_bits, $on_behalf_of_member) : $embed; if ($wml) { $temp_tpl = $caption; break; } else { $zone = $param_given ? $attributes['param'] : '_SEARCH'; // Changed in v3 from '_SELF', to allow context-sensitivity unset($attributes['caption']); if (!array_key_exists('page', $attributes)) { $attributes = array_merge(array('page' => $embed->evaluate()), $attributes); } } } unset($attributes['param']); foreach ($attributes as $key => $val) { if (is_object($val)) { $attributes[$key] = $val->evaluate(); } } if ($zone == '_SEARCH') { $zone = get_page_zone($attributes['page'], false); if (is_null($zone)) { $zone = ''; } } $pl_url = build_url($attributes, $zone, NULL, false, false, false, $hash); $temp_tpl = hyperlink($pl_url, $caption); $page = $attributes['page']; if ($page != '') { if ($zone == '_SELF') { $zone = get_zone_name(); } if ($zone == '_SEARCH') { $zone = get_page_zone($page, false); if (is_null($zone)) { $zone = ''; } // Oh dear, well it will be correctly identified as not found anyway } $ptest = _request_page($page, $zone); if ($ptest !== false) { if ($page == 'topicview' && array_key_exists('id', $attributes)) { if (!is_numeric($attributes['id'])) { $attributes['id'] = $GLOBALS['SITE_DB']->query_value_null_ok('url_id_monikers', 'm_resource_id', array('m_resource_page' => $page, 'm_moniker' => $attributes['id'])); } if (!is_null($attributes['id'])) { $test = $GLOBALS['FORUM_DB']->query_value_null_ok('f_topics', 'id', array('id' => $attributes['id'])); if (is_null($test)) { $ptest = false; } } else { $ptest = false; } } } if ($ptest === false) { //$temp_tpl->attach(' ['.do_lang('MISSING_RESOURCE').']'); // Don't want this as we might be making the page immediately if (!in_array(get_page_name(), $GLOBALS['DONT_CARE_MISSING_PAGES']) && !in_array($page, $GLOBALS['DONT_CARE_MISSING_PAGES']) && !running_script('iframe')) { if ($ignore_if_hidden) { $temp_tpl = do_template('COMCODE_DEL', array('CONTENT' => $caption)); } else { require_code('failure'); relay_error_notification(do_lang('MISSING_RESOURCE_COMCODE', 'page_link', $page_link), false, $GLOBALS['FORUM_DRIVER']->is_staff($source_member) ? 'error_occurred_missing_reference_important' : 'error_occurred_missing_reference'); } } } } break; case 'hide': if ($wml) { $temp_tpl = $embed; break; } if (array_key_exists('param', $attributes)) { $text = is_object($attributes['param']) ? $attributes['param'] : comcode_to_tempcode($attributes['param'], $source_member, $as_admin, 60, NULL, $connection, false, false, false, false, false, $highlight_bits, $on_behalf_of_member); } else { $text = do_lang_tempcode('EXPAND'); } $temp_tpl = do_template('COMCODE_HIDE', array('_GUID' => 'a591a0d1e6bb3dde0f22cebb9c7ab93e', 'TEXT' => $text, 'CONTENT' => $embed)); break; case 'quote': if ($wml) { $temp_tpl->attach('<br /><br />' . $attributes['param'] . ':'); $temp_tpl->attach($embed); break; } $cite = array_key_exists('cite', $attributes) ? $attributes['cite'] : NULL; if (!is_null($cite)) { $temp_tpl = test_url($cite, 'quote', $cite, $source_member); } if ($attributes['param'] == '' && isset($attributes['author'])) { $attributes['param'] = $attributes['author']; } // Compatibility with SMF if ($attributes['param'] != '') { if (is_numeric($attributes['param'])) { $attributes['param'] = $GLOBALS['FORUM_DRIVER']->get_username($attributes['param']); if (is_null($attributes['param'])) { $attributes['param'] = do_lang('UNKNOWN'); } } else { $attributes['param'] = protect_from_escaping(comcode_to_tempcode($attributes['param'], $source_member, $as_admin, 60, NULL, $connection, false, false, false, false, false, $highlight_bits, $on_behalf_of_member)); } $temp_tpl->attach(do_template('COMCODE_QUOTE_BY', array('_GUID' => '18f55a548892ad08b0b50b3b586b5b95', 'CITE' => $cite, 'CONTENT' => $embed, 'BY' => $attributes['param'], 'SAIDLESS' => array_key_exists('saidless', $attributes) ? $attributes['saidless'] : '0'))); } else { $temp_tpl->attach(do_template('COMCODE_QUOTE', array('_GUID' => 'fa275de59433c17da19b22814c17fdc5', 'CITE' => $cite, 'CONTENT' => $embed))); } break; case 'html': if ($wml) { break; } $temp_tpl = $embed; // Plain HTML. But it's been filtered already break; case 'semihtml': $temp_tpl = $embed; // Hybrid HTML. But it's been filtered already break; case 'block': if ($wml) { break; } $attributes['block'] = trim($embed->evaluate()); if (preg_match('#^[\\w\\-]*$#', $attributes['block']) == 0) { $temp_tpl = paragraph(do_lang_tempcode('MISSING_BLOCK_FILE', escape_html($attributes['block'])), '90dfdlksds8d7dyddssddxs', 'error_marker'); break; // Avoids a suspected hack attempt by just filtering early } $_attributes = array(); foreach ($attributes as $key => $val) { $_attributes[] = $key . '=' . $val; } $temp_tpl = symbol_tempcode('BLOCK', $_attributes); break; case 'contents': if ($wml) { break; } // Do structure sweep $urls_for = array(); $old_structure_list = $STRUCTURE_LIST; $STRUCTURE_LIST = array(); // reset for e.g. comcode_text_to_tempcode calls (which don't itself reset it, although _comcode_to_tempcode does for top level parses) if (array_key_exists('files', $attributes) && $comcode_dangerous) { $s_zone = array_key_exists('zone', $attributes) ? $attributes['zone'] : get_zone_name(); $pages = find_all_pages($s_zone, 'comcode_custom/' . get_site_default_lang(), 'txt') + find_all_pages($s_zone, 'comcode/' . get_site_default_lang(), 'txt'); $prefix = $attributes['files']; foreach ($pages as $pg_name => $pg_type) { if (substr($pg_name, 0, strlen($prefix)) == $prefix) { $i = count($STRUCTURE_LIST); comcode_to_tempcode(file_get_contents(zone_black_magic_filterer(get_file_base() . '/' . $s_zone . '/pages/' . $pg_type . '/' . $pg_name . '.txt'), FILE_TEXT), $source_member, $as_admin, 60, NULL, $connection, false, false, false, true, false, NULL, $on_behalf_of_member); $page_url = build_url(array('page' => $pg_name), $s_zone); while (array_key_exists($i, $STRUCTURE_LIST)) { $urls_for[] = $page_url; $i++; } } } $base = array_key_exists('base', $attributes) ? intval($attributes['base']) : 1; } else { if (substr($comcode, 0, 8) == '<comcode') { require_code('comcode_xml'); if (!$as_admin) { check_specific_permission('comcode_dangerous', NULL, $source_member); } $_ = new comcode_xml_to_tempcode($comcode, $source_member, 60, NULL, $connection, false, false, false, true, false, $on_behalf_of_member); } else { require_code('comcode_text'); comcode_text_to_tempcode($comcode, $source_member, $as_admin, 60, NULL, $connection, false, false, false, true, false, NULL, $on_behalf_of_member); } $base = array_key_exists('base', $attributes) ? intval($attributes['base']) : 1; } $list_types = $embed->evaluate() == '' ? array() : explode(',', $embed->evaluate()); $list_types += array('decimal', 'lower-alpha', 'lower-roman', 'upper-alpha', 'upper-roman', 'disc'); $levels_allowed = array_key_exists('levels', $attributes) ? intval($attributes['levels']) : NULL; // Convert the list structure into a tree structure $past_level_stack = array(1); $subtree_stack = array(array()); $levels = 1; foreach ($STRUCTURE_LIST as $i => $struct) { $level = $struct[0]; $title = $struct[1]; $uniq_id = $struct[2]; $url = array_key_exists($i, $urls_for) ? $urls_for[$i] : ''; if ($level > $levels_allowed && !is_null($levels_allowed)) { continue; } // Going down the tree if ($level > $past_level_stack[$levels - 1]) { array_push($past_level_stack, $level); array_push($subtree_stack, array(array($uniq_id, $title->evaluate(), $url))); $levels++; } else { // Going back up the tree, destroying levels that must have now closed off while ($level < $past_level_stack[$levels - 1] && $levels > 2) { array_pop($past_level_stack); $subtree = array_pop($subtree_stack); $levels--; // Alter the last of the next level on stack so it is actually taking the closed off level as children, and changing from a property list to a pair: property list & children $subtree_stack[$levels - 1][count($subtree_stack[$levels - 1]) - 1] = array($subtree_stack[$levels - 1][count($subtree_stack[$levels - 1]) - 1], $subtree); } // Store the title where we are $subtree_stack[$levels - 1][] = array($uniq_id, $title->evaluate(), $url); } } // Clean up... going up until we're with 1 while ($levels > 1) { array_pop($past_level_stack); $subtree = array_pop($subtree_stack); $levels--; $parent_level_start_index = count($subtree_stack[$levels - 1]) - 1; if ($parent_level_start_index < 0) { $subtree_stack[$levels - 1] = $subtree; } else { $subtree_stack[$levels - 1][$parent_level_start_index] = array($subtree_stack[$levels - 1][$parent_level_start_index], $subtree); } } // Now we have the structure to display $levels_t = _do_contents_level($subtree_stack[0], $list_types, $base); $temp_tpl = do_template('COMCODE_CONTENTS', array('_GUID' => 'ca2f5320fa930e2257a2e74e4f98e5a0', 'LEVELS' => $levels_t)); $STRUCTURE_LIST = $old_structure_list; // Restore, so subsequent 'title' tags have correct numbering break; } // Last ditch effort: custom tags if ($temp_tpl->is_definitely_empty() && !$wml) { global $REPLACE_TARGETS; if (array_key_exists($tag, $REPLACE_TARGETS)) { $replace = $REPLACE_TARGETS[$tag]['replace']; $parameters = explode(',', $REPLACE_TARGETS[$tag]['parameters']); $binding = array('CONTENT' => $embed, 'RAND' => uniqid('', true)); foreach ($parameters as $parameter) { $parameter = trim($parameter); $parts = explode('=', $parameter); if (count($parts) == 1) { $parts[] = ''; } if (count($parts) != 2) { continue; } list($parameter, $default) = $parts; if (!array_key_exists($parameter, $attributes) || $attributes[$parameter] == '') { $attributes[$parameter] = $default; } $binding[strtoupper($parameter)] = $attributes[$parameter]; $replace = str_replace('{' . $parameter . '}', '{' . strtoupper($parameter) . '*}', $replace); } $replace = str_replace('{content}', array_key_exists($tag, $GLOBALS['TEXTUAL_TAGS']) ? '{CONTENT}' : '{CONTENT*}', $replace); require_code('tempcode_compiler'); $temp_tpl = template_to_tempcode($replace); $temp_tpl = $temp_tpl->bind($binding, '(custom comcode: ' . $tag . ')'); } } return $temp_tpl; }
/** * Standard actualiser to import catalogue entries * * @return tempcode The UI */ function _import_catalogue() { require_code('catalogues2'); check_specific_permission('mass_import'); $catalog_root = NULL; $title = get_page_title('CATALOGUE_IMPORT'); $catalogue_name = get_param('catalogue_name'); $categories = array(); $fields = $GLOBALS['SITE_DB']->query_select('catalogue_fields', array('*'), array('c_name' => $catalogue_name)); $catsrow = $GLOBALS['SITE_DB']->query("SELECT t1.id,t2.text_original,t1.cc_parent_id FROM " . $GLOBALS['SITE_DB']->get_table_prefix() . "catalogue_categories t1," . $GLOBALS['SITE_DB']->get_table_prefix() . "translate t2 WHERE t1.cc_title=t2.id AND t1.c_name='" . db_escape_string($catalogue_name) . "'"); foreach ($catsrow as $values) { $categories[$values['text_original']] = $values['id']; // Root category is 'default' category for catalogue importing (category with same name as catalogue) if (!array_key_exists($catalogue_name, $categories) && is_null($values['cc_parent_id'])) { $categories[$catalogue_name] = $values['id']; } } require_code('uploads'); $csv_name = NULL; if (is_swf_upload(true) && array_key_exists('file_novalidate', $_FILES) || array_key_exists('file_novalidate', $_FILES) && is_uploaded_file($_FILES['file_novalidate']['tmp_name'])) { $csv_name = $_FILES['file_novalidate']['tmp_name']; } if (is_null($csv_name)) { warn_exit(do_lang_tempcode('IMPROPERLY_FILLED_IN')); } $fixed_contents = unixify_line_format(file_get_contents($csv_name)); $myfile = @fopen($csv_name, 'wb'); if ($myfile !== false) { fwrite($myfile, $fixed_contents); fclose($myfile); } $handle = fopen($csv_name, 'rb'); $del = ','; $csv_field_titles = fgetcsv($handle, 1000, $del); if (count($csv_field_titles) == 1 && strpos($csv_field_titles[0], ';') !== false) { $del = ';'; rewind($handle); $csv_field_titles = fgetcsv($handle, 1000, $del); } $csv_field_titles = array_flip($csv_field_titles); //if(!array_key_exists('CATEGORY',$csv_field_titles)) //Checking the fields title contains 'CATEGORY'. // warn_exit(do_lang_tempcode('FIELDS_UNMATCH')); global $LAX_COMCODE; $temp2 = $LAX_COMCODE; $LAX_COMCODE = true; if (function_exists('set_time_limit')) { @set_time_limit(0); } //$count=0; $root_cat = $GLOBALS['SITE_DB']->query_value_null_ok('catalogue_categories', 'id', array('cc_parent_id' => NULL)); while (($data = fgetcsv($handle, 100000, $del)) !== false) { if ($data === array(NULL)) { continue; } // blank line $this->import_csv_lines($catalogue_name, $data, $root_cat, $fields, $categories, $csv_field_titles); //$count++; } $LAX_COMCODE = $temp2; $description = is_null($this->do_next_description) ? do_lang_tempcode('SUCCESS') : $this->do_next_description; $this->donext_catalogue_name = $catalogue_name; return $this->do_next_manager($title, $description, NULL); }
/** * Extract video meta info from any uploaded video. * * @return array A triplet of 3 "?integer"'s: video width, video height, video length */ function get_special_video_info() { $video_length = post_param_integer('video_length', 0); $video_width = post_param_integer('video_width', 0); $video_height = post_param_integer('video_height', 0); if ($video_width == 0 || $video_height == 0 || $video_length == 0) { require_code('uploads'); if (is_swf_upload(true) && array_key_exists('file', $_FILES) || array_key_exists('file', $_FILES) && is_uploaded_file($_FILES['file']['tmp_name'])) { list($_video_width, $_video_height, $_video_length) = get_video_details($_FILES['file']['tmp_name'], $_FILES['file']['name']); } else { $url = post_param('url', ''); if ($url == '') { return array(NULL, NULL, NULL); } $download_test = NULL; $temp_path = ''; if ($url != '') { $temp_path = ocp_tempnam('ocpafm'); $write_to_file = fopen($temp_path, 'wb'); $download_test = http_download_file($url, 1024 * 50, false, false, 'ocPortal', NULL, NULL, NULL, NULL, NULL, $write_to_file); rewind($write_to_file); fclose($write_to_file); } if (!is_null($download_test)) { list($_video_width, $_video_height, $_video_length) = get_video_details($temp_path, is_null($GLOBALS['HTTP_FILENAME']) ? basename(urldecode($url)) : $GLOBALS['HTTP_FILENAME']); } else { list($_video_width, $_video_height, $_video_length) = array(NULL, NULL, NULL); } if ($temp_path != '') { @unlink($temp_path); } } if ($video_width == 0) { $video_width = is_null($_video_width) ? intval(get_option('default_video_width')) : $_video_width; } if ($video_height == 0) { $video_height = is_null($_video_height) ? intval(get_option('default_video_height')) : $_video_height; } if ($video_length == 0) { $video_length = is_null($_video_length) ? 0 : $_video_length; } } return array($video_width, $video_height, $video_length); }
/** * The actualiser to import news * * @return tempcode The UI */ function _import_news() { check_specific_permission('mass_import'); $title = get_page_title('IMPORT_NEWS'); require_code('rss'); require_code('news'); require_code('files'); $GLOBALS['LAX_COMCODE'] = true; disable_php_memory_limit(); $rss_url = post_param('rss_feed_url', NULL); require_code('uploads'); if (is_swf_upload(true) && array_key_exists('file_novalidate', $_FILES) || array_key_exists('file_novalidate', $_FILES) && is_uploaded_file($_FILES['file_novalidate']['tmp_name'])) { $rss_url = $_FILES['file_novalidate']['tmp_name']; } if (is_null($rss_url)) { warn_exit(do_lang_tempcode('IMPROPERLY_FILLED_IN')); } $is_validated = post_param_integer('auto_validate', 0); $download_images = post_param_integer('download_images', 0); $rss = new rss($rss_url, true); if (!is_null($rss->error)) { warn_exit($rss->error); } $submitter = get_member(); $NEWS_CATS = $GLOBALS['SITE_DB']->query_select('news_categories', array('*'), array('nc_owner' => NULL)); $NEWS_CATS = list_to_map('id', $NEWS_CATS); $extra_post_data = array(); foreach ($rss->gleamed_items as $i => $item) { if (!array_key_exists('category', $item)) { $item['category'] = do_lang('NC_general'); } $extra_post_data[] = $item; $cats_to_process = array($item['category']); if (array_key_exists('extra_categories', $item)) { $cats_to_process = array_merge($cats_to_process, $item['extra_categories']); } $cat_id = mixed(); $extra_categories = array(); foreach ($cats_to_process as $j => $cat) { $_cat_id = mixed(); foreach ($NEWS_CATS as $_cat => $news_cat) { if (get_translated_text($news_cat['nc_title']) == $cat) { $_cat_id = $_cat; } } if (is_null($_cat_id)) { $_cat_id = add_news_category($cat, 'newscats/general', '', NULL); // Need to reload now $NEWS_CATS = $GLOBALS['SITE_DB']->query_select('news_categories', array('*'), array('nc_owner' => NULL)); $NEWS_CATS = list_to_map('id', $NEWS_CATS); } if ($j == 0) { $cat_id = $_cat_id; } else { $extra_categories[] = $_cat_id; } } $rep_image = ''; if (array_key_exists('rep_image', $item)) { $rep_image = $item['rep_image']; if ($download_images == 1) { $stem = 'uploads/grepimages/' . basename(urldecode($rep_image)); $target_path = get_custom_file_base() . '/' . $stem; $rep_image = 'uploads/grepimages/' . basename($rep_image); while (file_exists($target_path)) { $uniqid = uniqid(''); $stem = 'uploads/grepimages/' . $uniqid . '_' . basename(urldecode($rep_image)); $target_path = get_custom_file_base() . '/' . $stem; $rep_image = 'uploads/grepimages/' . $uniqid . '_' . basename($rep_image); } $target_handle = fopen($target_path, 'wb') or intelligent_write_error($target_path); $result = http_download_file($item['rep_image'], NULL, false, false, 'ocPortal', NULL, NULL, NULL, NULL, NULL, $target_handle); fclose($target_handle); } } // Add news $ts = array_key_exists('clean_add_date', $item) ? $item['clean_add_date'] : (array_key_exists('add_date', $item) ? strtotime($item['add_date']) : time()); if ($ts === false) { $ts = time(); } // Seen in error email, it's if the add date won't parse by PHP $edit_date = array_key_exists('clean_edit_date', $item) ? $item['clean_edit_date'] : (array_key_exists('edit_date', $item) ? strtotime($item['edit_date']) : NULL); if ($edit_date === false) { $edit_date = NULL; } $news = array_key_exists('news', $item) ? html_to_comcode($item['news']) : ''; $news_article = array_key_exists('news_article', $item) ? html_to_comcode($item['news_article']) : ''; $news_id = add_news($item['title'], $news, array_key_exists('author', $item) ? $item['author'] : $GLOBALS['FORUM_DRIVER']->get_username(get_member()), $is_validated, 1, 1, 1, '', $news_article, $cat_id, $extra_categories, $ts, $submitter, 0, $edit_date, NULL, $rep_image); $rss->gleamed_items[$i]['import_id'] = $news_id; $rss->gleamed_items[$i]['import__news'] = $news; $rss->gleamed_items[$i]['import__news_article'] = $news_article; } foreach ($rss->gleamed_items as $i => $item) { $news = $item['import__news']; $news_article = $item['import__news_article']; $this->_grab_images_and_fix_links($download_images == 1, $news, $rss->gleamed_items); $this->_grab_images_and_fix_links($download_images == 1, $news_article, $rss->gleamed_items); lang_remap_comcode($GLOBALS['SITE_DB']->query_value('news', 'news', array('id' => $item['import_id'])), $news); lang_remap_comcode($GLOBALS['SITE_DB']->query_value('news', 'news_article', array('id' => $item['import_id'])), $news_article); } breadcrumb_set_parents(array(array('_SELF:_SELF:misc', do_lang_tempcode('MANAGE_NEWS')), array('_SELF:_SELF:import', do_lang_tempcode('IMPORT_NEWS')))); breadcrumb_set_self(do_lang_tempcode('DONE')); if (url_is_local($rss_url)) { // Means it is a temp file @unlink($rss_url); } return inform_screen($title, do_lang_tempcode('IMPORT_NEWS_DONE')); }
/** * The actualiser to import ical for calendar * * @return tempcode The UI */ function _import_ical() { check_specific_permission('mass_import'); $title = get_page_title('IMPORT_ICAL'); require_code('calendar_ical'); $ical_url = post_param('ical_feed_url', NULL); require_code('uploads'); if (is_swf_upload(true) && array_key_exists('file_novalidate', $_FILES) || array_key_exists('file_novalidate', $_FILES) && is_uploaded_file($_FILES['file_novalidate']['tmp_name'])) { $ical_url = $_FILES['file_novalidate']['tmp_name']; } if (is_null($ical_url)) { warn_exit(do_lang_tempcode('IMPROPERLY_FILLED_IN')); } ical_import($ical_url); breadcrumb_set_parents(array(array('_SELF:_SELF:misc', do_lang_tempcode('MANAGE_CALENDARS')), array('_SELF:_SELF:import', do_lang_tempcode('IMPORT_ICAL')))); breadcrumb_set_self(do_lang_tempcode('DONE')); return inform_screen($title, do_lang_tempcode('IMPORT_ICAL_DONE')); }
/** * Send the posted form over email to the staff address. * * @param ?string The subject of the email (NULL: from posted subject parameter). * @param string The intro text to the mail. * @param ?array A map of fields to field titles to transmit. (NULL: all posted fields, except subject and email) * @param ?string Email address to send to (NULL: look from post environment / staff address). */ function form_to_email($subject = NULL, $intro = '', $fields = NULL, $to_email = NULL) { if (is_null($subject)) { $subject = post_param('subject', get_site_name()); } if (is_null($fields)) { $fields = array(); foreach (array_diff(array_keys($_POST), array('MAX_FILE_SIZE', 'perform_validation', '_validated', 'posting_ref_id', 'f_face', 'f_colour', 'f_size', 'x', 'y', 'name', 'subject', 'email', 'to_members_email', 'to_written_name', 'redirect', 'http_referer')) as $key) { $is_hidden = strpos($key, 'hour') !== false || strpos($key, 'access_') !== false || strpos($key, 'minute') !== false || strpos($key, 'confirm') !== false || strpos($key, 'pre_f_') !== false || strpos($key, 'label_for__') !== false || strpos($key, 'wysiwyg_version_of_') !== false || strpos($key, 'is_wysiwyg') !== false || strpos($key, 'require__') !== false || strpos($key, 'tempcodecss__') !== false || strpos($key, 'comcode__') !== false || strpos($key, '_parsed') !== false || preg_match('#^caption\\d+$#', $key) != 0 || preg_match('#^attachmenttype\\d+$#', $key) != 0 || substr($key, 0, 1) == '_' || substr($key, 0, 9) == 'hidFileID' || substr($key, 0, 11) == 'hidFileName'; if ($is_hidden) { continue; } if (substr($key, 0, 1) != '_') { $fields[$key] = post_param('label_for__' . $key, ucwords(str_replace('_', ' ', $key))); } } } $message_raw = $intro; if ($message_raw != '') { $message_raw .= "\n\n------------\n\n"; } foreach ($fields as $field => $field_title) { $field_val = post_param($field, NULL); if (!is_null($field_val)) { $message_raw .= $field_title . ': ' . $field_val . "\n\n"; } } $from_email = trim(post_param('email', '')); $to_name = mixed(); $from_name = post_param('name', $GLOBALS['FORUM_DRIVER']->get_username(get_member())); if (is_null($to_email)) { $to = post_param_integer('to_members_email', NULL); if (!is_null($to)) { $to_email = $GLOBALS['FORUM_DRIVER']->get_member_email_address($to); $to_name = $GLOBALS['FORUM_DRIVER']->get_username($to); } } $attachments = array(); require_code('uploads'); is_swf_upload(true); foreach ($_FILES as $file) { $attachments[$file['tmp_name']] = $file['name']; } if (addon_installed('captcha')) { if (post_param_integer('_security', 0) == 1) { require_code('captcha'); enforce_captcha(); } } mail_wrap($subject, $message_raw, is_null($to_email) ? NULL : array($to_email), $to_name, $from_email, $from_name, 3, $attachments); }
/** * A theme image has been passed through by POST, either as a file (a new theme image), or as a reference to an existing one. Get the image code from the POST data. * * @param ID_TEXT The type of theme image * @param boolean Allow no code to be given * @param ID_TEXT Form field for uploading * @param ID_TEXT Form field for choosing * @param ?object Database connection (NULL: site database) * @return ID_TEXT The (possibly randomised) theme image code */ function get_theme_img_code($type, $allow_skip = false, $field_file = 'file', $field_choose = 'theme_img_code', $db = NULL) { if (is_null($db)) { $db = $GLOBALS['SITE_DB']; } // TODO: Image won't upload to central site. So perhaps we should not allow uploads if not editing on central site. if (substr($type, 0, 4) == 'ocf_' && file_exists(get_file_base() . '/themes/default/images/avatars/index.html')) { $type = substr($type, 4); } require_code('uploads'); if (is_swf_upload() || array_key_exists($field_file, $_FILES) && is_uploaded_file($_FILES[$field_file]['tmp_name'])) { $urls = get_url('', $field_file, 'themes/default/images_custom', 0, OCP_UPLOAD_IMAGE, false); $theme_img_code = $type . '/' . uniqid('', true); $db->query_insert('theme_images', array('id' => $theme_img_code, 'theme' => 'default', 'path' => $urls[0], 'lang' => get_site_default_lang())); persistant_cache_delete('THEME_IMAGES'); } else { $theme_img_code = post_param($field_choose, ''); if ($theme_img_code == '') { if ($allow_skip) { return ''; } warn_exit(do_lang_tempcode('IMPROPERLY_FILLED_IN_UPLOAD')); } } return $theme_img_code; }
/** * Check that not too many attachments have been uploaded for the member submitting. */ function _check_attachment_count() { if (get_forum_type() == 'ocf' && function_exists('get_member')) { require_code('ocf_groups'); require_lang('ocf'); require_lang('comcode'); $max_attachments_per_post = ocf_get_member_best_group_property(get_member(), 'max_attachments_per_post'); $may_have_one = false; foreach ($_POST as $key => $value) { if (preg_match('#^hidFileID\\_#i', $key) != 0) { require_code('uploads'); $may_have_one = is_swf_upload(); } } if ($may_have_one) { require_code('uploads'); is_swf_upload(true); } foreach (array_keys($_FILES) as $name) { if (substr($name, 0, 4) == 'file' && (is_numeric(substr($name, 4)) && $_FILES[$name]['tmp_name'] != '')) { $max_attachments_per_post--; } } if ($max_attachments_per_post < 0) { warn_exit(do_lang_tempcode('TOO_MANY_ATTACHMENTS')); } } }
/** * The actualiser for uploading a file. * * @return tempcode The UI. */ function module_do_upload() { if (!has_specific_permission(get_member(), 'upload_filedump')) { access_denied('I_ERROR'); } $title = get_page_title('FILEDUMP_UPLOAD'); if (function_exists('set_time_limit')) { @set_time_limit(0); } // Slowly uploading a file can trigger time limit, on some servers $place = filter_naughty(post_param('place')); require_code('uploads'); if (!is_swf_upload(true) && (!array_key_exists('file', $_FILES) || !is_uploaded_file($_FILES['file']['tmp_name']))) { $attach_name = 'file'; $max_size = get_max_file_size(); if (isset($_FILES[$attach_name]) && ($_FILES[$attach_name]['error'] == 1 || $_FILES[$attach_name]['error'] == 2)) { warn_exit(do_lang_tempcode('FILE_TOO_BIG', integer_format($max_size))); } elseif (isset($_FILES[$attach_name]) && ($_FILES[$attach_name]['error'] == 3 || $_FILES[$attach_name]['error'] == 6 || $_FILES[$attach_name]['error'] == 7)) { warn_exit(do_lang_tempcode('ERROR_UPLOADING_' . strval($_FILES[$attach_name]['error']))); } else { warn_exit(do_lang_tempcode('ERROR_UPLOADING')); } } $file = $_FILES['file']['name']; if (get_magic_quotes_gpc()) { $file = stripslashes($file); } if (!has_specific_permission(get_member(), 'upload_anything_filedump') || get_file_base() != get_custom_file_base()) { check_extension($file); } $file = str_replace('.', '-', basename($file, '.' . get_file_extension($file))) . '.' . get_file_extension($file); if (!file_exists(get_custom_file_base() . '/uploads/filedump' . $place . $file)) { $max_size = get_max_file_size(); if ($_FILES['file']['size'] > $max_size) { warn_exit(do_lang_tempcode('FILE_TOO_BIG', integer_format(intval($max_size)))); } $full = get_custom_file_base() . '/uploads/filedump' . $place . $file; if (is_swf_upload(true)) { @rename($_FILES['file']['tmp_name'], $full) or warn_exit(do_lang_tempcode('FILE_MOVE_ERROR', escape_html($file), escape_html('uploads/filedump' . $place))); } else { @move_uploaded_file($_FILES['file']['tmp_name'], $full) or warn_exit(do_lang_tempcode('FILE_MOVE_ERROR', escape_html($file), escape_html('uploads/filedump' . $place))); } fix_permissions($full); sync_file($full); $return_url = build_url(array('page' => '_SELF', 'place' => $place), '_SELF'); $test = $GLOBALS['SITE_DB']->query_value_null_ok('filedump', 'description', array('name' => $file, 'path' => $place)); if (!is_null($test)) { delete_lang($test); } $GLOBALS['SITE_DB']->query_delete('filedump', array('name' => $file, 'path' => $place), '', 1); $description = post_param('description'); $GLOBALS['SITE_DB']->query_insert('filedump', array('name' => $file, 'path' => $place, 'the_member' => get_member(), 'description' => insert_lang_comcode($description, 3))); require_code('notifications'); $subject = do_lang('FILEDUMP_NOTIFICATION_MAIL_SUBJECT', get_site_name(), $file, $place); $mail = do_lang('FILEDUMP_NOTIFICATION_MAIL', comcode_escape(get_site_name()), comcode_escape($file), array(comcode_escape($place), comcode_escape($description))); dispatch_notification('filedump', $place, $subject, $mail); log_it('FILEDUMP_UPLOAD', $file, $place); if (has_actual_page_access($GLOBALS['FORUM_DRIVER']->get_guest_id(), get_page_name(), get_zone_name())) { syndicate_described_activity('filedump:ACTIVITY_FILEDUMP_UPLOAD', $place . '/' . $file, '', '', '', '', '', 'filedump'); } return redirect_screen($title, $return_url, do_lang_tempcode('SUCCESS')); } else { warn_exit(do_lang_tempcode('OVERWRITE_ERROR')); } return new ocp_tempcode(); }
/** * The actualiser for importing a CSV file. * * @return tempcode The UI */ function _import_csv() { $title = get_page_title('IMPORT_MEMBER_CSV'); disable_php_memory_limit(); // Even though we split into chunks, PHP does leak memory :( $GLOBALS['HELPER_PANEL_PIC'] = 'pagepics/import_csv'; if (function_exists('set_time_limit')) { @set_time_limit(0); } require_lang('ocf'); require_code('ocf_members_action'); $default_password = post_param('default_password'); $num_added = 0; $num_edited = 0; $done = 0; $headings = $this->_get_csv_headings(); $all_cpfs = $GLOBALS['FORUM_DB']->query_select('f_custom_fields', array('id', 'cf_default', 'cf_type', 'cf_name'), NULL, 'ORDER BY cf_order'); foreach ($all_cpfs as $i => $c) { $c['text_original'] = get_translated_text($c['cf_name'], $GLOBALS['FORUM_DB']); $all_cpfs[$i] = $c; $headings[$c['text_original']] = NULL; } $_all_groups = $GLOBALS['FORUM_DRIVER']->get_usergroup_list(false, false, true); $all_groups = array_flip($_all_groups); $all_members = collapse_2d_complexity('id', 'm_username', $GLOBALS['FORUM_DB']->query_select('f_members', array('id', 'm_username'))); $all_members_flipped = array_flip($all_members); // Import require_code('uploads'); if (is_swf_upload(true) || array_key_exists('file', $_FILES) && is_uploaded_file($_FILES['file']['tmp_name'])) { $_csv_data = array(); $fixed_contents = unixify_line_format(file_get_contents($_FILES['file']['tmp_name'])); $myfile = @fopen($_FILES['file']['tmp_name'], 'wb'); if ($myfile !== false) { fwrite($myfile, $fixed_contents); fclose($myfile); } $myfile = fopen($_FILES['file']['tmp_name'], 'rb'); $del = ','; $csv_header = fgetcsv($myfile, 102400, $del); if ($csv_header === false) { warn_exit(do_lang_tempcode('NO_DATA_IMPORTED')); } if (count($csv_header) == 1 && strpos($csv_header[0], ';') !== false) { $del = ';'; rewind($myfile); $csv_header = fgetcsv($myfile, 102400, $del); } while (($csv_line = fgetcsv($myfile, 102400, $del)) !== false) { $line = array(); foreach ($csv_header as $i => $h) { $extracted_value = trim(unixify_line_format(array_key_exists($i, $csv_line) ? $csv_line[$i] : '')); if (strpos($h, ':') !== false) { $parts = explode(':', $h, 2); $h = trim($parts[0]); if ($extracted_value != '') { $extracted_value = $parts[1] . ': ' . $extracted_value; } } if (array_key_exists($h, $line)) { if ($extracted_value != '') { $line[$h] .= ($line[$h] != '' ? chr(10) : '') . $extracted_value; } } else { $line[$h] = $extracted_value; } } if (!array_key_exists('Username', $line) || $line['Username'] == '') { // Can we auto-generate it $forename = NULL; if (array_key_exists('Forenames', $line)) { $forename = $line['Forenames']; } if (array_key_exists('Forename', $line)) { $forename = $line['Forename']; } if (array_key_exists('First name', $line)) { $forename = $line['First name']; } if (array_key_exists('First Name', $line)) { $forename = $line['First Name']; } $surname = NULL; if (array_key_exists('Surname', $line)) { $surname = $line['Surname']; } if (array_key_exists('Last name', $line)) { $surname = $line['Last name']; } if (array_key_exists('Last Name', $line)) { $surname = $line['Last Name']; } if (!is_null($forename) || !is_null($surname)) { // Can we get a year too? $year = ''; foreach ($line as $tl_key => $tl_val) { if (substr($tl_key, 0, 4) == 'Year') { $year = $tl_val; break; } } if (strlen($year) == 4 && (substr($year, 0, 2) == '19' || substr($year, 0, 2) == '20')) { $year = substr($year, 2); } // Tidy up forename $_forename = preg_replace('#[^\\w]#', '', preg_replace('#[\\s\\.].*#', '', $forename)); // Tidy up surname (last bit strips like 'OBE') $_surname = preg_replace('#[^\\w]#', '', trim(preg_replace('#\\s*[A-Z\\d][A-Z\\d]+#', '', $surname))); // Put it together $line['Username'] = ucfirst($_forename) . ucfirst($_surname) . $year; } else { continue; // This field is needed } } $username = $line['Username']; $linked_id = NULL; if (array_key_exists('ID', $line)) { $linked_id = $line['ID'] != '' && array_key_exists(intval($line['ID']), $all_members) ? intval($line['ID']) : NULL; } if (is_null($linked_id)) { $linked_id = array_key_exists($username, $all_members_flipped) ? $all_members_flipped[$username] : NULL; } $new_member = is_null($linked_id); $email_address_key = 'E-mail address'; if (array_key_exists('Email address', $line)) { $email_address_key = 'Email address'; } if (array_key_exists('E-mail Address', $line)) { $email_address_key = 'E-mail Address'; } if (array_key_exists('Email Address', $line)) { $email_address_key = 'Email Address'; } if (array_key_exists('E-mail', $line)) { $email_address_key = 'E-mail'; } if (array_key_exists('Email', $line)) { $email_address_key = 'Email'; } $dob_key = 'Date of birth'; if (array_key_exists('Date Of Birth', $line)) { $dob_key = 'Date Of Birth'; } if (array_key_exists('DOB', $line)) { $dob_key = 'DOB'; } // If it's an edited member, add in their existing CSV details, so that if it's a partial merge it'll still work without deleting anything! if (!$new_member) { $member_groups = $GLOBALS['FORUM_DB']->query_select('f_group_members', array('gm_member_id', 'gm_group_id'), array('gm_validated' => 1, 'gm_member_id' => $linked_id)); $member_cpfs = list_to_map('mf_member_id', $GLOBALS['FORUM_DB']->query_select('f_member_custom_fields', array('*'), array('mf_member_id' => $linked_id), '', 1)); $this_record = $this->_get_csv_member_record($member_cpfs, $GLOBALS['FORUM_DRIVER']->get_member_row($linked_id), $_all_groups, $headings, $all_cpfs, $member_groups); // Remember "+" in PHP won't overwrite existing keys if (!array_key_exists($email_address_key, $line)) { unset($this_record['E-mail address']); } if (!array_key_exists($dob_key, $line)) { unset($this_record['Date of birth']); } $line += $this_record; } // Set up member row if (array_key_exists('Password', $line) && $line['Password'] != '') { $parts = explode('/', $line['Password']); $password = $parts[0]; $salt = array_key_exists(1, $parts) ? $parts[1] : NULL; $password_compatibility_scheme = array_key_exists(2, $parts) ? $parts[2] : NULL; } else { $password = NULL; $salt = NULL; $password_compatibility_scheme = NULL; } $matches = array(); if (array_key_exists($email_address_key, $line)) { $email_address = $line[$email_address_key]; } else { $email_address = NULL; } if (preg_match('#^([^\\s]*)\\s+\\(.*\\)$#', $email_address, $matches) != 0) { $email_address = $matches[1]; } if (preg_match('#^.*\\s+<(.*)>$#', $email_address, $matches) != 0) { $email_address = $matches[1]; } if (array_key_exists($dob_key, $line)) { $parts = explode('/', $line[$dob_key]); $dob_day = array_key_exists(2, $parts) ? intval($parts[2]) : NULL; $dob_month = array_key_exists(1, $parts) ? intval($parts[1]) : NULL; $dob_year = array_key_exists(0, $parts) ? intval($parts[0]) : NULL; } else { $dob_day = NULL; $dob_month = NULL; $dob_year = NULL; } $validated = array_key_exists('Validated', $line) ? strtoupper($line['Validated']) == 'YES' || $line['Validated'] == '1' || strtoupper($line['Validated']) == 'Y' || strtoupper($line['Validated']) == 'ON' ? 1 : 0 : 1; if (array_key_exists('Join time', $line)) { if (strpos($line['Join time'], '-') !== false) { $parts = explode('-', $line['Join time']); } else { $parts = explode('/', $line['Join time']); } if (!array_key_exists(1, $parts)) { $parts[1] = '1'; } if (!array_key_exists(2, $parts)) { $parts[2] = '1'; } if (strlen($parts[2]) != 4) { $join_time = mktime(0, 0, 0, intval($parts[1]), intval($parts[2]), intval($parts[0])); // yy(yy)-mm-dd } else { $join_time = mktime(0, 0, 0, intval($parts[1]), intval($parts[0]), intval($parts[2])); // dd-mm-yyyy } if ($join_time > time()) { $join_time = time(); } // Fixes MySQL out of range error that could happen } else { $join_time = NULL; } $avatar_url = array_key_exists('Avatar', $line) ? $line['Avatar'] : ''; if (!is_null($avatar_url)) { if (substr($avatar_url, 0, strlen(get_base_url() . '/')) == get_base_url() . '/') { $avatar_url = substr($avatar_url, strlen(get_base_url() . '/')); } } $signature = array_key_exists('Signature', $line) ? $line['Signature'] : ''; $is_perm_banned = array_key_exists('Banned', $line) ? strtoupper($line['Banned']) == 'YES' || $line['Banned'] == '1' || strtoupper($line['Banned']) == 'Y' || strtoupper($line['Banned']) == 'ON' ? 1 : 0 : 0; $reveal_age = array_key_exists('Reveal age', $line) ? strtoupper($line['Reveal age']) == 'YES' || $line['Reveal age'] == '1' || strtoupper($line['Reveal age']) == 'Y' || strtoupper($line['Reveal age']) == 'ON' ? 1 : 0 : 0; $language = array_key_exists('Language', $line) ? $line['Language'] : ''; $allow_emails = array_key_exists('Accept member e-mails', $line) ? strtoupper($line['Accept member e-mails']) == 'YES' || $line['Accept member e-mails'] == '1' || strtoupper($line['Accept member e-mails']) == 'Y' || strtoupper($line['Accept member e-mails']) == 'ON' ? 1 : 0 : 0; $allow_emails_from_staff = array_key_exists('Opt-in', $line) ? strtoupper($line['Opt-in']) == 'YES' || $line['Opt-in'] == '1' || strtoupper($line['Opt-in']) == 'Y' || strtoupper($line['Opt-in']) == 'ON' ? 1 : 0 : 0; $primary_group = NULL; $groups = NULL; if (array_key_exists('Usergroup', $line)) { $parts = explode('/', $line['Usergroup']); foreach ($parts as $p) { if (!array_key_exists($p, $all_groups)) { require_code('ocf_groups_action'); $g_id = ocf_make_group($p, 0, 0, 0, ''); $all_groups[$p] = $g_id; $_group_edit_url = build_url(array('page' => 'admin_ocf_groups', 'type' => '_ed', 'id' => $g_id), get_module_zone('admin_ocf_groups')); $group_edit_url = $_group_edit_url->evaluate(); attach_message(do_lang_tempcode('MEMBER_IMPORT_GROUP_ADDED', escape_html($p), escape_html($group_edit_url)), 'inform'); } } $primary_group = $all_groups[$parts[0]]; unset($parts[0]); $groups = array(); foreach ($parts as $p) { $groups[] = $all_groups[$p]; } } $photo_url = array_key_exists('Photo', $line) ? $line['Photo'] : ''; if ($photo_url != '') { require_code('images'); $photo_thumb_url = 'uploads/ocf_photos_thumbs/' . uniqid('', true) . '.png'; convert_image($photo_url, $photo_thumb_url, -1, -1, intval(get_option('thumb_width')), false); } else { $photo_thumb_url = ''; } $custom_fields = array(); foreach ($all_cpfs as $cpf) { $custom_fields[$cpf['id']] = array_key_exists($cpf['text_original'], $line) ? $line[$cpf['text_original']] : $cpf['cf_default']; if (!array_key_exists($cpf['text_original'], $line) && $cpf['cf_type'] == 'list') { $parts = explode($custom_fields[$cpf['id']], '|'); $custom_fields[$cpf['id']] = $parts[0]; } if ($cpf['cf_type'] == 'integer') { $custom_fields[$cpf['id']] = intval($custom_fields[$cpf['id']]); } elseif ($cpf['cf_type'] == 'tick') { $custom_fields[$cpf['id']] = strtoupper($custom_fields[$cpf['id']]) == 'YES' || strtoupper($custom_fields[$cpf['id']]) == 'Y' || strtoupper($custom_fields[$cpf['id']]) == 'ON' || $custom_fields[$cpf['id']] == '1' ? 1 : 0; } elseif ($cpf['cf_type'] == 'short_text' || $cpf['cf_type'] == 'short_trans') { $custom_fields[$cpf['id']] = substr(str_replace(chr(10), ', ', str_replace(',' . chr(10), chr(10), $custom_fields[$cpf['id']])), 0, 255); } elseif ($cpf['cf_type'] == 'long_text' || $cpf['cf_type'] == 'long_trans') { //$custom_fields[$cpf['id']]=$custom_fields[$cpf['id']]; } elseif ($cpf['cf_type'] == 'float') { if (preg_match('#^(Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec)\\n(\\d\\d\\d\\d)$#', $custom_fields[$cpf['id']]) != 0) { $parts = explode(chr(10), $custom_fields[$cpf['id']], 2); $month_lookup = array('Jan' => 0.1, 'Feb' => 0.2, 'Mar' => 0.3, 'Apr' => 0.4, 'May' => 0.5, 'Jun' => 0.6, 'Jul' => 0.7, 'Aug' => 0.8, 'Sep' => 0.9, 'Oct' => 0.1, 'Nov' => 0.11, 'Dec' => 0.12); $custom_fields[$cpf['id']] = floatval($parts[1]) + $month_lookup[$parts[0]]; } else { $custom_fields[$cpf['id']] = floatval($custom_fields[$cpf['id']]); } } unset($line[$cpf['text_original']]); } foreach (array_keys($headings) as $h) { unset($line[$h]); } unset($line[$email_address_key]); unset($line[$dob_key]); foreach ($line as $h => $f) { $cf_id = ocf_make_custom_field($h, 0, '', '', 0, 0, 0, 0, 'long_text'); $_cpf_edit_url = build_url(array('page' => 'admin_ocf_customprofilefields', 'type' => '_ed', 'id' => $cf_id), get_module_zone('admin_ocf_customprofilefields')); $cpf_edit_url = $_cpf_edit_url->evaluate(); attach_message(do_lang_tempcode('MEMBER_IMPORT_CPF_ADDED', escape_html($h), escape_html($cpf_edit_url)), 'inform'); $custom_fields[$cf_id] = $f; $all_cpfs[] = array('id' => $cf_id, 'cf_default' => '', 'text_original' => $h, 'cf_type' => 'short_line'); } if ($new_member) { if (is_null($password)) { $password = $default_password; } if (is_null($salt)) { $salt = ''; } if (is_null($password_compatibility_scheme)) { $password_compatibility_scheme = ''; } $linked_id = ocf_make_member($username, $password, is_null($email_address) ? '' : $email_address, $groups, $dob_day, $dob_month, $dob_year, $custom_fields, NULL, $primary_group, $validated, $join_time, NULL, '', $avatar_url, $signature, $is_perm_banned, get_option('default_preview_guests') == '1' ? 1 : 0, $reveal_age, '', $photo_url, $photo_thumb_url, 1, 1, $language, $allow_emails, $allow_emails_from_staff, '', NULL, '', false, $password_compatibility_scheme, $salt, 1, NULL, NULL, 0, '*', ''); $all_members[$linked_id] = $username; $all_members_flipped[$username] = $linked_id; $num_added++; } else { $old_username = $GLOBALS['OCF_DRIVER']->get_member_row_field($linked_id, 'm_username'); if ($old_username == $username) { $username = NULL; } ocf_edit_member($linked_id, $email_address, NULL, $dob_day, $dob_month, $dob_year, NULL, $primary_group, $custom_fields, NULL, $reveal_age, NULL, NULL, $language, $allow_emails, $allow_emails_from_staff, $validated, $username, $password, NULL, NULL, NULL, NULL, NULL, $join_time, $avatar_url, $signature, $is_perm_banned, $photo_url, $photo_thumb_url, $salt, $password_compatibility_scheme, true); $num_edited++; } $done++; } fclose($myfile); } else { warn_exit(do_lang_tempcode('IMPROPERLY_FILLED_IN_UPLOAD')); } if ($done == 0) { warn_exit(do_lang_tempcode('NO_DATA_IMPORTED')); } breadcrumb_set_parents(array(array('_SEARCH:admin_ocf_join:menu', do_lang_tempcode('MEMBERS')), array('_SEARCH:admin_ocf_join:import_csv', do_lang_tempcode('IMPORT_MEMBER_CSV')))); breadcrumb_set_self(do_lang_tempcode('DONE')); return inform_screen($title, do_lang_tempcode('NUM_MEMBERS_IMPORTED', escape_html(integer_format($num_added)), escape_html(integer_format($num_edited)))); }
/** * Standard modular render function for profile tabs edit hooks. * * @param MEMBER The ID of the member who is being viewed * @param MEMBER The ID of the member who is doing the viewing * @param boolean Whether to leave the tab contents NULL, if tis hook supports it, so that AJAX can load it later * @return ?array A tuple: The tab title, the tab body text (may be blank), the tab fields, extra Javascript (may be blank) the suggested tab order, hidden fields (optional) (NULL: if $leave_to_ajax_if_possible was set) */ function render_tab($member_id_of, $member_id_viewing, $leave_to_ajax_if_possible = false) { $title = do_lang_tempcode('AVATAR'); $order = 20; // Actualiser if (post_param_integer('submitting_avatar_tab', 0) == 1) { require_code('uploads'); if (has_specific_permission($member_id_viewing, 'own_avatars')) { if (!(is_swf_upload(true) && array_key_exists('avatar_file', $_FILES) || array_key_exists('avatar_file', $_FILES) && is_uploaded_file($_FILES['avatar_file']['tmp_name']))) { $urls = array(); $stock = post_param('avatar_alt_url', ''); if ($stock == '') { $stock = post_param('avatar_stock', NULL); if (!is_null($stock)) { $urls[0] = $stock == '' ? '' : find_theme_image($stock, false, true); } else { $urls[0] = ''; } // None } else { if (url_is_local($stock) && !$GLOBALS['FORUM_DRIVER']->is_super_admin($member_id_viewing)) { $old = $GLOBALS['FORUM_DB']->query_value('f_members', 'm_avatar_url', array('id' => $member_id_of)); if ($old != $stock) { access_denied('ASSOCIATE_EXISTING_FILE'); } } $urls[0] = $stock; // URL } } else { // We have chosen an upload. Note that we will not be looking at alt_url at this point, even though it is specified below for canonical reasons $urls = get_url('avatar_alt_url', 'avatar_file', file_exists(get_custom_file_base() . '/uploads/avatars') ? 'uploads/avatars' : 'uploads/ocf_avatars', 0, OCP_UPLOAD_IMAGE, false, '', '', false, true); if ((get_base_url() != get_forum_base_url() || array_key_exists('on_msn', $GLOBALS['SITE_INFO']) && $GLOBALS['SITE_INFO']['on_msn'] == '1') && $urls[0] != '' && url_is_local($urls[0])) { $urls[0] = get_custom_base_url() . '/' . $urls[0]; } } $avatar_url = $urls[0]; } else { $stock = post_param('avatar_stock'); $avatar_url = $stock == '' ? '' : find_theme_image($stock, false, true); } require_code('ocf_members_action'); require_code('ocf_members_action2'); ocf_member_choose_avatar($avatar_url, $member_id_of); attach_message(do_lang_tempcode('SUCCESS_SAVE'), 'inform'); } if ($leave_to_ajax_if_possible) { return NULL; } // UI fields $avatar_url = $GLOBALS['FORUM_DRIVER']->get_member_row_field($member_id_of, 'm_avatar_url'); require_javascript('javascript_multi'); $fields = new ocp_tempcode(); require_code('form_templates'); require_code('themes2'); $ids = get_all_image_ids_type('ocf_default_avatars', true); $found_it = false; foreach ($ids as $id) { $pos = strpos($avatar_url, '/' . $id); $selected = $pos !== false; if ($selected) { $found_it = true; } } $hidden = new ocp_tempcode(); if (has_specific_permission($member_id_viewing, 'own_avatars')) { $javascript = 'standardAlternateFields(\'avatar_file\',\'avatar_alt_url\',\'avatar_stock*\',true);'; $fields->attach(form_input_upload(do_lang_tempcode('UPLOAD'), do_lang_tempcode('DESCRIPTION_UPLOAD'), 'avatar_file', false, NULL, NULL, true, str_replace(' ', '', get_option('valid_images')))); handle_max_file_size($hidden, 'image'); $fields->attach(form_input_line(do_lang_tempcode('ALT_FIELD', do_lang_tempcode('URL')), do_lang_tempcode('DESCRIPTION_ALTERNATE_URL'), 'avatar_alt_url', $found_it ? '' : $avatar_url, false)); $fields->attach(form_input_picture_choose_specific(do_lang_tempcode('ALT_FIELD', do_lang_tempcode('STOCK')), do_lang_tempcode('DESCRIPTION_ALTERNATE_STOCK'), 'avatar_stock', $ids, $avatar_url, NULL, NULL, true)); } else { $javascript = ''; $fields->attach(form_input_picture_choose_specific(do_lang_tempcode('STOCK'), '', 'avatar_stock', $ids, $avatar_url, NULL, NULL, true)); } if ($avatar_url != '') { if (url_is_local($avatar_url)) { $avatar_url = get_complex_base_url($avatar_url) . '/' . $avatar_url; } $avatar = do_template('OCF_TOPIC_POST_AVATAR', array('_GUID' => '50a5902f3ab7e384d9cf99577b222cc8', 'AVATAR' => $avatar_url)); } else { $avatar = do_lang_tempcode('NONE_EM'); } $width = ocf_get_member_best_group_property($member_id_of, 'max_avatar_width'); $height = ocf_get_member_best_group_property($member_id_of, 'max_avatar_height'); $text = do_template('OCF_EDIT_AVATAR_TAB', array('_GUID' => 'dbdac6ca3bc752b54d2a24a4c6e69c7c', 'MEMBER_ID' => strval($member_id_of), 'USERNAME' => $GLOBALS['FORUM_DRIVER']->get_username($member_id_of), 'AVATAR' => $avatar, 'WIDTH' => integer_format($width), 'HEIGHT' => integer_format($height))); $hidden = new ocp_tempcode(); $hidden->attach(form_input_hidden('submitting_avatar_tab', '1')); return array($title, $fields, $text, $javascript, $order, $hidden); }
/** * Check the uploaded banner is valid. * * @param SHORT_TEXT The title text for the banner (only used for text banners, and functions as the 'trigger text' if the banner type is shown inline) * @param ID_TEXT The banner type (can be anything, where blank means 'normal') * @return array A pair: The URL, and the title text * @param string Param name for possible URL field * @param string Param name for possible upload field */ function check_banner($title_text = '', $b_type = '', $url_param_name = 'image_url', $file_param_name = 'file') { require_code('uploads'); $is_upload = is_swf_upload() || array_key_exists($file_param_name, $_FILES) && (array_key_exists('tmp_name', $_FILES[$file_param_name]) && is_uploaded_file($_FILES[$file_param_name]['tmp_name'])); require_code('uploads'); // Check according to banner type $_banner_type_rows = $GLOBALS['SITE_DB']->query_select('banner_types', array('*'), array('id' => $b_type), '', 1); if (!array_key_exists(0, $_banner_type_rows)) { warn_exit(do_lang_tempcode('MISSING_RESOURCE')); } $banner_type_row = $_banner_type_rows[0]; if ($banner_type_row['t_is_textual'] == 0) { $urls = get_url($url_param_name, $file_param_name, 'uploads/banners', 0, $is_upload ? OCP_UPLOAD_IMAGE_OR_SWF : OCP_UPLOAD_ANYTHING); $url = fixup_protocolless_urls($urls[0]); if ($url == '') { warn_exit(do_lang_tempcode('IMPROPERLY_FILLED_IN_UPLOAD_BANNERS')); } // Check width, height, size $test_url = $url; if (url_is_local($test_url)) { $data = file_get_contents(get_custom_file_base() . '/' . rawurldecode($test_url), FILE_BINARY); $test_url = get_custom_base_url() . '/' . $test_url; } else { $data = http_download_file($test_url); } if (strlen($data) > $banner_type_row['t_max_file_size'] * 1024) { if (url_is_local($test_url)) { @unlink(get_custom_file_base() . '/' . rawurldecode($test_url)); } warn_exit(do_lang_tempcode('BANNER_TOO_LARGE', integer_format(intval(ceil(strlen($data) / 1024))), integer_format($banner_type_row['t_max_file_size']))); } if (get_option('is_on_gd') == '1' && function_exists('imagetypes') && substr($test_url, -4) != '.swf') { require_code('images'); if (is_image($test_url)) { require_code('files'); $img_res = @imagecreatefromstring($data); if ($img_res === false) { if (url_is_local($test_url)) { @unlink(get_custom_file_base() . '/' . rawurldecode($test_url)); } warn_exit(do_lang_tempcode('CORRUPT_FILE', escape_html($test_url))); } if (get_file_extension($test_url) == 'gif') { $header = unpack('@6/' . 'vwidth/' . 'vheight', $data); $sx = $header['width']; $sy = $header['height']; } else { $sx = imagesx($img_res); $sy = imagesy($img_res); } if (get_option('banner_autosize') != '1' && ($sx != $banner_type_row['t_image_width'] || $sy != $banner_type_row['t_image_height'])) { if (url_is_local($test_url)) { @unlink(get_custom_file_base() . '/' . rawurldecode($test_url)); } warn_exit(do_lang_tempcode('BANNER_RES_BAD', integer_format($banner_type_row['t_image_width']), integer_format($banner_type_row['t_image_height']))); } } } } else { $url = ''; if ($title_text == '') { warn_exit(do_lang_tempcode('IMPROPERLY_FILLED_IN_BANNERS')); } if (strlen($title_text) > $banner_type_row['t_max_file_size']) { warn_exit(do_lang_tempcode('BANNER_TOO_LARGE_2', integer_format(strlen($title_text)), integer_format($banner_type_row['t_max_file_size']))); } } return array($url, $title_text); }