public function importAdminCP($parsedXML, $startat = 0, $perpage = 1, $overwrite = false, $styleid = -1, $anyversion = false, $extra = array()) { /* * Since this function allows passing in a string rather than pulling a file from the filesystem, we should * be more careful about who can call it * This check is based on the admincp/template.php script @ if ($_REQUEST['do'] == 'upload'). We should keep them in line. */ if (!vB::getUserContext()->hasAdminPermission('canadmintemplates') or !vB::getUserContext()->hasAdminPermission('canadminstyles')) { require_once DIR . '/includes/adminfunctions.php'; print_cp_no_permission(); } if (empty($parsedXML['guid'])) { // todo: some error handling here if basic xml file validation isn't okay. } $this->parsedXML['theme'] = $parsedXML; // make sure we have the theme parent, as any imported themes will be its children if (empty(self::$themeParent['guid'])) { $this->getDefaultParentTheme(); } /* * drop any unexpected extra variables. * Let's also clean them, since there might be someway a user w/ the right permissions * hits this function directly. So here we have an issue. If coming through the adminCP page, * things will already be cleaned, so STRINGS will already be escaped. However, I don't think * the title should contain any special HTML characters, so I think we don't have to worry about * double escaping here. If we do end up having to worry about double escaping, we need to remove * the cleaning here, and just rely on the adminCP page's cleaning, then make sure NOTHING HERE * GOES STRAIGHT TO DB without going through the assertor in adminfunctions_template.php */ $unclean = $extra; $extra = array(); $cleanMap = array('title' => vB_Cleaner::TYPE_STR, 'parentid' => vB_Cleaner::TYPE_INT, 'displayorder' => vB_Cleaner::TYPE_INT, 'userselect' => vB_Cleaner::TYPE_BOOL); foreach ($unclean as $key => $value) { if (isset($cleanMap[$key])) { $extra[$key] = vB::getCleaner()->clean($value, $cleanMap[$key]); } } return $this->import($startat, $perpage, $overwrite, $styleid, $anyversion, $extra); }
// ######################## SET PHP ENVIRONMENT ########################### error_reporting(E_ALL & ~E_NOTICE & ~8192); // ##################### DEFINE IMPORTANT CONSTANTS ####################### define('CVS_REVISION', '$RCSfile$ - $Revision: 39862 $'); // #################### PRE-CACHE TEMPLATES AND DATA ###################### $phrasegroups = array(); $specialtemplates = array('bookmarksitecache'); // ########################## REQUIRE BACK-END ############################ require_once './global.php'; require_once DIR . '/includes/adminfunctions_bookmarksite.php'; // ############################# LOG ACTION ############################### $vbulletin->input->clean_array_gpc('r', array('bookmarksiteid' => TYPE_INT)); log_admin_action($vbulletin->GPC['bookmarksiteid'] != 0 ? "bookmark site id = " . $vbulletin->GPC['bookmarksiteid'] : ''); // ######################## CHECK ADMIN PERMISSIONS ####################### if (!can_administer('canadminsettings')) { print_cp_no_permission(); } // ######################################################################## // ######################### START MAIN SCRIPT ############################ // ######################################################################## print_cp_header($vbphrase['social_bookmarking_manager']); // default action if (empty($_REQUEST['do'])) { $_REQUEST['do'] = 'modify'; } // ######################################################################## // when we want to add a new site from the site list page we need change the action before the main 'socialbookmarks_setpost' handler // we came here if somebody press the add button in the sitelist edit/save form if ($_POST['do'] == 'socialbookmarks_setpost' and $vbulletin->GPC['add']) { $_POST['do'] = 'add'; }
function get_style_export_xml ( $styleid, $product, $product_version, $title, $mode ) { //only is the (badly named) list of template groups global $vbulletin, $vbphrase, $only; if ($styleid == -1) { // set the style title as 'master style' $style = array('title' => $vbphrase['master_style']); $sqlcondition = "styleid = -1"; $parentlist = "-1"; $is_master = true; } else { // query everything from the specified style $style = $vbulletin->db->query_first(" SELECT * FROM " . TABLE_PREFIX . "style WHERE styleid = " . $styleid ); //export as master -- export a style with all changes as a new master style. if ($mode == 2) { //only allowed in debug mode. if (!$vbulletin->debug) { print_cp_no_permission(); } // get all items from this style and all parent styles $sqlcondition = "templateid IN(" . implode(',', unserialize($style['templatelist'])) . ")"; $sqlcondition .= " AND title NOT LIKE 'vbcms_grid_%'"; $parentlist = $style['parentlist']; $is_master = true; $title = $vbphrase['master_style']; } //export with parent styles else if ($mode == 1) { // get all items from this style and all parent styles (except master) $sqlcondition = "styleid <> -1 AND templateid IN(" . implode(',', unserialize($style['templatelist'])) . ")"; //remove the master style id off the end of the list $parentlist = substr(trim($style['parentlist']), 0, -3); $is_master = false; } //this style only else { // get only items customized in THIS style $sqlcondition = "styleid = " . $styleid; $parentlist = $styleid; $is_master = false; } } if ($product == 'vbulletin') { $sqlcondition .= " AND (product = '" . $vbulletin->db->escape_string($product) . "' OR product = '')"; } else { $sqlcondition .= " AND product = '" . $vbulletin->db->escape_string($product) . "'"; } // set a default title if ($title == '' OR $styleid == -1) { $title = $style['title']; } // -------------------------------------------- // query the templates and put them in an array $templates = array(); $gettemplates = $vbulletin->db->query_read(" SELECT title, templatetype, username, dateline, version, IF(templatetype = 'template', template_un, template) AS template FROM " . TABLE_PREFIX . "template WHERE $sqlcondition ORDER BY title "); while ($gettemplate = $vbulletin->db->fetch_array($gettemplates)) { switch($gettemplate['templatetype']) { case 'template': // regular template // if we have ad template, and we are exporting as master, make sure we do not export the add data if (substr($gettemplate['title'], 0, 3) == 'ad_' AND $mode == 2) { $gettemplate['template'] = ''; } $isgrouped = false; foreach(array_keys($only) AS $group) { if (strpos(strtolower(" $gettemplate[title]"), $group) == 1) { $templates["$group"][] = $gettemplate; $isgrouped = true; } } if (!$isgrouped) { $templates['zzz'][] = $gettemplate; } break; case 'stylevar': // stylevar $templates['StyleVar Special Templates'][] = $gettemplate; break; case 'css': // css $templates['CSS Special Templates'][] = $gettemplate; break; case 'replacement': // replacement $templates['Replacement Var Special Templates'][] = $gettemplate; break; } } unset($template); $vbulletin->db->free_result($gettemplates); if (!empty($templates)) { ksort($templates); $only['zzz'] = 'Ungrouped Templates'; } // -------------------------------------------- // fetch stylevar-dfns $stylevarinfo = get_stylevars_for_export($product, $parentlist, $is_master); $stylevar_cache = $stylevarinfo['stylevars']; $stylevar_dfn_cache = $stylevarinfo['stylevardfns']; if (empty($templates) AND empty($stylevar_cache) AND empty($stylevar_dfn_cache)) { print_stop_message('download_contains_no_customizations'); } // -------------------------------------------- // now output the XML require_once(DIR . '/includes/class_xml.php'); $xml = new vB_XML_Builder($vbulletin); $xml->add_group('style', array( 'name' => $title, 'vbversion' => $product_version, 'product' => $product, 'type' => $is_master ? 'master' : 'custom' ) ); foreach($templates AS $group => $grouptemplates) { $xml->add_group('templategroup', array('name' => iif(isset($only["$group"]), $only["$group"], $group))); foreach($grouptemplates AS $template) { $xml->add_tag('template', $template['template'], array( 'name' => htmlspecialchars($template['title']), 'templatetype' => $template['templatetype'], 'date' => $template['dateline'], 'username' => $template['username'], 'version' => htmlspecialchars_uni($template['version'])), true ); } $xml->close_group(); } $xml->add_group('stylevardfns'); foreach ($stylevar_dfn_cache AS $stylevargroupname => $stylevargroup) { $xml->add_group('stylevargroup', array('name' => $stylevargroupname)); foreach($stylevargroup AS $stylevar) { $xml->add_tag('stylevar', '', array( 'name' => htmlspecialchars($stylevar['stylevarid']), 'datatype' => $stylevar['datatype'], 'validation' => base64_encode($stylevar['validation']), 'failsafe' => base64_encode($stylevar['failsafe']) ) ); } $xml->close_group(); } $xml->close_group(); $xml->add_group('stylevars'); foreach ($stylevar_cache AS $stylevarid => $stylevar) { $xml->add_tag('stylevar', '', array( 'name' => htmlspecialchars($stylevar['stylevarid']), 'value' => base64_encode($stylevar['value']) ) ); } $xml->close_group(); $xml->close_group(); $doc = "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>\r\n\r\n"; $doc .= $xml->output(); $xml = null; return $doc; }
function get_style_export_xml($styleid, $product, $product_version, $title, $mode) { // $only is the (badly named) list of template groups global $vbulletin, $vbphrase, $only; /* Load the master 'style' phrases for use in the export, and then rebuild the $only array */ load_phrases(array('style'), -1); build_template_groups($only); if ($styleid == -1 or $styleid == -2) { // set the style title as 'master style' $style = array('title' => $styleid == -1 ? $vbphrase['master_style'] : $vbphrase['mobile_master_style']); $sqlcondition = "styleid = {$styleid}"; $parentlist = $styleid; $styletype = $styleid == -1 ? 'master' : 'mobilemaster'; } else { // query everything from the specified style $style = $vbulletin->db->query_first("\n\t\t\tSELECT *\n\t\t\tFROM " . TABLE_PREFIX . "style\n\t\t\tWHERE styleid = " . $styleid); //export as master -- export a style with all changes as a new master style. if ($mode == 2) { //only allowed in debug mode. if (!$vbulletin->debug) { print_cp_no_permission(); } // get all items from this style and all parent styles $sqlcondition = "templateid IN(" . implode(',', unserialize($style['templatelist'])) . ")"; $sqlcondition .= " AND title NOT LIKE 'vbcms_grid_%'"; $parentlist = $style['parentlist']; $styletype = $style['type'] == 'standard' ? 'master' : 'mobilemaster'; $title = $vbphrase['master_style']; } else { if ($mode == 1) { // get all items from this style and all parent styles (except master) $sqlcondition = "styleid <> -1 AND styleid <> -2 AND templateid IN(" . implode(',', unserialize($style['templatelist'])) . ")"; //remove the master style id off the end of the list $parentlist = substr(trim($style['parentlist']), 0, -3); $styletype = 'custom'; } else { // get only items customized in THIS style $sqlcondition = "styleid = " . $styleid; $parentlist = $styleid; $styletype = 'custom'; } } } if ($product == 'vbulletin') { $sqlcondition .= " AND (product = '" . $vbulletin->db->escape_string($product) . "' OR product = '')"; } else { $sqlcondition .= " AND product = '" . $vbulletin->db->escape_string($product) . "'"; } // set a default title if ($title == '' or $styleid == -1 or $styleid == -2) { $title = $style['title']; } // -------------------------------------------- // query the templates and put them in an array $templates = array(); $gettemplates = $vbulletin->db->query_read("\n\t\tSELECT title, templatetype, username, dateline, version,\n\t\tIF(templatetype = 'template', template_un, template) AS template\n\t\tFROM " . TABLE_PREFIX . "template\n\t\tWHERE {$sqlcondition}\n\t\tORDER BY title\n\t"); $ugcount = $ugtemplates = 0; while ($gettemplate = $vbulletin->db->fetch_array($gettemplates)) { switch ($gettemplate['templatetype']) { case 'template': // regular template // if we have ad template, and we are exporting as master, make sure we do not export the add data if (substr($gettemplate['title'], 0, 3) == 'ad_' and $mode == 2) { $gettemplate['template'] = ''; } $isgrouped = false; foreach (array_keys($only) as $group) { if (strpos(strtolower(" {$gettemplate['title']}"), $group) == 1) { $templates["{$group}"][] = $gettemplate; $isgrouped = true; } } if (!$isgrouped) { if ($ugtemplates % 10 == 0) { $ugcount++; } $ugtemplates++; //sort ungrouped templates last. $ugcount_key = 'zzz' . str_pad($ugcount, 5, '0', STR_PAD_LEFT); $templates[$ugcount_key][] = $gettemplate; $only[$ugcount_key] = construct_phrase($vbphrase['ungrouped_templates_x'], $ugcount); } break; case 'stylevar': // stylevar $templates[$vbphrase['stylevar_special_templates']][] = $gettemplate; break; case 'css': // css $templates[$vbphrase['css_special_templates']][] = $gettemplate; break; case 'replacement': // replacement $templates[$vbphrase['replacement_var_special_templates']][] = $gettemplate; break; } } unset($template); $vbulletin->db->free_result($gettemplates); if (!empty($templates)) { ksort($templates); } // -------------------------------------------- // fetch stylevar-dfns $stylevarinfo = get_stylevars_for_export($product, $parentlist); $stylevar_cache = $stylevarinfo['stylevars']; $stylevar_dfn_cache = $stylevarinfo['stylevardfns']; if (empty($templates) and empty($stylevar_cache) and empty($stylevar_dfn_cache)) { throw new vB_Exception_AdminStopMessage('download_contains_no_customizations'); } // -------------------------------------------- // now output the XML require_once DIR . '/includes/class_xml.php'; $xml = new vB_XML_Builder($vbulletin); $xml->add_group('style', array('name' => $title, 'vbversion' => $product_version, 'product' => $product, 'type' => $styletype)); foreach ($templates as $group => $grouptemplates) { $xml->add_group('templategroup', array('name' => iif(isset($only["{$group}"]), $only["{$group}"], $group))); foreach ($grouptemplates as $template) { $xml->add_tag('template', $template['template'], array('name' => htmlspecialchars_uni($template['title']), 'templatetype' => $template['templatetype'], 'date' => $template['dateline'], 'username' => $template['username'], 'version' => htmlspecialchars_uni($template['version'])), true); } $xml->close_group(); } $xml->add_group('stylevardfns'); foreach ($stylevar_dfn_cache as $stylevargroupname => $stylevargroup) { $xml->add_group('stylevargroup', array('name' => $stylevargroupname)); foreach ($stylevargroup as $stylevar) { $xml->add_tag('stylevar', '', array('name' => htmlspecialchars_uni($stylevar['stylevarid']), 'datatype' => $stylevar['datatype'], 'validation' => vb_base64_encode($stylevar['validation']), 'failsafe' => vb_base64_encode($stylevar['failsafe']))); } $xml->close_group(); } $xml->close_group(); $xml->add_group('stylevars'); foreach ($stylevar_cache as $stylevarid => $stylevar) { $xml->add_tag('stylevar', '', array('name' => htmlspecialchars_uni($stylevar['stylevarid']), 'value' => vb_base64_encode($stylevar['value']))); } $xml->close_group(); $xml->close_group(); $doc = "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>\r\n\r\n"; $doc .= $xml->output(); $xml = null; return $doc; }