Example #1
0
/**
* Halts execution and redirects to the address specified
*
* If the 'useheaderredirect' option is on, the system will attempt to redirect invisibly using header('Location...
* However, 'useheaderredirect' is overridden by setting $forceredirect to a true value.
*
* @param	string	Redirect message
* @param	string	URL to which to redirect the browser
*/
function standard_redirect($message = '', $forceredirect = false)
{
	global $header, $footer, $headinclude, $headinclude_bottom, $forumjump;
	global $timezone, $vbulletin, $vbphrase;

	static
		$str_find     = array('"',      '<',    '>'),
		$str_replace  = array('&quot;', '&lt;', '&gt;');

	if ($vbulletin->db->explain)
	{
		$totaltime = microtime(true) - TIMESTART;

		$vartext .= "<!-- Page generated in " . vb_number_format($totaltime, 5) . " seconds with " . $vbulletin->db->querycount . " queries -->";

		$querytime = $vbulletin->db->time_total;
		echo "\n<b>Page generated in $totaltime seconds with " . $vbulletin->db->querycount . " queries,\nspending $querytime doing MySQL queries and " . ($totaltime - $querytime) . " doing PHP things.\n\n<hr />Shutdown Queries:</b>" . (defined('NOSHUTDOWNFUNC') ? " <b>DISABLED</b>" : '') . "<hr />\n\n";
		exit;
	}

	if ($vbulletin->options['useheaderredirect'] AND !$forceredirect AND !headers_sent() AND !$vbulletin->GPC['postvars'])
	{
		exec_header_redirect(unhtmlspecialchars($vbulletin->url, true));
	}

	$title = $vbulletin->options['bbtitle'];

	$pagetitle = $title;
	$errormessage = $message;

	$url = unhtmlspecialchars($vbulletin->url, true);
	$url = str_replace(chr(0), '', $url);
	$url = create_full_url($url);
	$url = str_replace($str_find, $str_replace, $url);
	$js_url = addslashes_js($url, '"'); // " has been replaced by &quot;

	$url = preg_replace(
		array('/&#0*59;?/', '/&#x0*3B;?/i', '#;#'),
		'%3B',
		$url
	);
	$url = preg_replace('#&amp%3B#i', '&amp;', $url);

	define('NOPMPOPUP', 1); // No footer here

	require_once(DIR . '/includes/functions_misc.php');
	$postvars = construct_hidden_var_fields(verify_client_string($vbulletin->GPC['postvars']));
	$formfile =& $url;

	($hook = vBulletinHook::fetch_hook('redirect_generic')) ? eval($hook) : false;

	$templater = vB_Template::create('STANDARD_REDIRECT');
		$templater->register('errormessage', $errormessage);
		$templater->register('formfile', $formfile);
		$templater->register('headinclude', $headinclude);
		$templater->register('headinclude_bottom', $headinclude_bottom);
		$templater->register('js_url', $js_url);
		$templater->register('pagetitle', $pagetitle);
		$templater->register('postvars', $postvars);
		$templater->register('url', $url);
	print_output($templater->render());
	exit;
}
Example #2
0
/**
* Halts execution and redirects to the address specified
*
* If the 'useheaderredirect' option is on, the system will attempt to redirect invisibly using header('Location...
* However, 'useheaderredirect' is overridden by setting $forceredirect to a true value.
*
* @param	string	Redirect message
* @param	string	URL to which to redirect the browser
*/
function standard_redirect($message = '', $forceredirect = false)
{
    global $header, $footer, $headinclude, $forumjump;
    global $timezone, $vbulletin, $vbphrase, $stylevar, $pagestarttime;
    static $str_find = array('"', '<', '>'), $str_replace = array('&quot;', '&lt;', '&gt;');
    if ($vbulletin->db->explain) {
        $pageendtime = microtime();
        $starttime = explode(' ', $pagestarttime);
        $endtime = explode(' ', $pageendtime);
        $totaltime = $endtime[0] - $starttime[0] + $endtime[1] - $starttime[1];
        $vartext .= "<!-- Page generated in " . vb_number_format($totaltime, 5) . " seconds with " . $vbulletin->db->querycount . " queries -->";
        $querytime = $vbulletin->db->time_total;
        echo "\n<b>Page generated in {$totaltime} seconds with " . $vbulletin->db->querycount . " queries,\nspending {$querytime} doing MySQL queries and " . ($totaltime - $querytime) . " doing PHP things.\n\n<hr />Shutdown Queries:</b>" . (defined('NOSHUTDOWNFUNC') ? " <b>DISABLED</b>" : '') . "<hr />\n\n";
        exit;
    }
    if ($vbulletin->url) {
        $foundurl = false;
        if ($urlinfo = @parse_url($vbulletin->url)) {
            if (!$urlinfo['scheme']) {
                // url is made full in exec_header_redirect which stops a url from being redirected to, say "www.php.net" (no http://)
                $foundurl = true;
            } else {
                $whitelist = array();
                if ($vbulletin->options['redirect_whitelist']) {
                    $whitelist = explode("\n", trim($vbulletin->options['redirect_whitelist']));
                }
                // Add $bburl to the whitelist
                $bburlinfo = @parse_url($vbulletin->options['bburl']);
                $bburl = "{$bburlinfo['scheme']}://{$bburlinfo['host']}";
                array_unshift($whitelist, $bburl);
                // if the "realurl" of this request does not equal $bburl, add it as well..
                $realurl = VB_URL_SCHEME . '://' . VB_URL_HOST;
                if (strtolower($bburl) != strtolower($realurl)) {
                    array_unshift($whitelist, $realurl);
                }
                $vburl = strtolower($vbulletin->url);
                foreach ($whitelist as $url) {
                    $url = trim($url);
                    if ($vburl == strtolower($url) or strpos($vburl, strtolower($url) . '/', 0) === 0) {
                        $foundurl = true;
                        break;
                    }
                }
            }
        }
        if (!$foundurl) {
            eval(standard_error(fetch_error('invalid_redirect_url_x', $vbulletin->url)));
        }
    }
    if ($vbulletin->options['useheaderredirect'] and !$forceredirect and !headers_sent() and !$vbulletin->GPC['postvars']) {
        exec_header_redirect($vbulletin->url);
    }
    $title = $vbulletin->options['bbtitle'];
    $pagetitle = $title;
    $errormessage = $message;
    $url = unhtmlspecialchars($vbulletin->url);
    $url = str_replace(chr(0), '', $url);
    $url = create_full_url($url);
    $url = str_replace($str_find, $str_replace, $url);
    $js_url = addslashes_js($url, '"');
    // " has been replaced by &quot;
    $url = preg_replace(array('/&#0*59;?/', '/&#x0*3B;?/i', '#;#'), '%3B', $url);
    $url = preg_replace('#&amp%3B#i', '&amp;', $url);
    define('NOPMPOPUP', 1);
    // No footer here
    require_once DIR . '/includes/functions_misc.php';
    $postvars = construct_hidden_var_fields(verify_client_string($vbulletin->GPC['postvars']));
    $formfile =& $url;
    ($hook = vBulletinHook::fetch_hook('redirect_generic')) ? eval($hook) : false;
    eval('print_output("' . fetch_template('STANDARD_REDIRECT') . '");');
    exit;
}