public function output() { global $vbulletin; $vbulletin->input->clean_array_gpc('r', array('userid' => TYPE_UINT)); // verify the userid exists, don't want useless entries in our table. if ($vbulletin->GPC['userid'] and $vbulletin->GPC['userid'] != $vbulletin->userinfo['userid']) { if (!($userinfo = fetch_userinfo($vbulletin->GPC['userid']))) { standard_error(fetch_error('invalidid', $vbphrase['user'], $vbulletin->options['contactuslink'])); } // are we a member of this user's blog? if (!is_member_of_blog($vbulletin->userinfo, $userinfo)) { print_no_permission(); } $userid = $userinfo['userid']; /* Blog posting check */ if (!($userinfo['permissions']['vbblog_entry_permissions'] & $vbulletin->bf_ugp_vbblog_entry_permissions['blog_canpost']) or !($userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canviewown'])) { print_no_permission(); } } else { $userinfo =& $vbulletin->userinfo; $userid = ''; /* Blog posting check, no guests! */ if (!($vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canviewown']) or !($vbulletin->userinfo['permissions']['vbblog_entry_permissions'] & $vbulletin->bf_ugp_vbblog_entry_permissions['blog_canpost']) or !$vbulletin->userinfo['userid']) { print_no_permission(); } } require_once DIR . '/includes/blog_functions_shared.php'; prepare_blog_category_permissions($userinfo, true); $globalcats = $this->construct_category($userinfo, 'global'); $localcats = $this->construct_category($userinfo, 'local'); return array('globalcategorybits' => $globalcats, 'localcategorybits' => $localcats); }
/** * Main entry point for the controller. * * @return string - The final page output */ public function getResponse() { // Register the templater to be used for XHTML vB_View::registerTemplater(vB_View::OT_XHTML, new vB_Templater_vB()); $error = vB_Router::getSegment('error'); // Resolve rerouted error $error = in_array($error, array('403', '404', '409', '500')) ? $error : '404'; $current_page = $_SERVER['SCRIPT_NAME'] . ($_SERVER['SCRIPT_NAME'] == '' ? '' : '?' . $_SERVER['QUERY_STRING']); if ('403' == $error) { define('WOLPATH', '403|cpglobal|403_error|' . new vB_Phrase('wol', 'viewing_no_permission_message')); vB::$vbulletin->session->set('location', $current_page); print_no_permission(); } else if ('409' == $error) { $message = ($message = vB_Router::getRerouteMessage()) ? $message : new vB_Phrase('error', 'error_409_description', vB_Router::getInitialURL(), vB_Router::getBaseURL(), vB::$vbulletin->options['contactuslink']); define('WOLPATH', '409|wol|' . new vB_Phrase('cpglobal', 'error') . "|$message"); vB::$vbulletin->session->set('location', $current_page); standard_error($message); } else if ('500' == $error) { $message = new vB_Phrase('error', 'error_500_description', vB_Router::getInitialURL(), vB_Router::getBaseURL(), vB::$vbulletin->options['contactuslink']); define('WOLPATH', '500|wol|' . new vB_Phrase('cpglobal', 'error') . "|$message"); vB::$vbulletin->session->set('location', $current_page); standard_error($message); } else { $message = new vB_Phrase('error', 'error_404_description', vB_Router::getBaseURL(), vB::$vbulletin->options['contactuslink']); define('WOLPATH', '404|wol|' . new vB_Phrase('cpglobal', 'error') . "|$message"); vB::$vbulletin->session->set('location', $current_page); } // Create the page view $page_view = new vB_View_Page('page'); $title = new vB_Phrase('error', 'error_404'); $page_view->setPageTitle($title); // Create the body view $error_view = new vB_View('error_message'); $subtitle = ($title != ($subtitle = vB_Router::getRerouteMessage())) ? $subtitle : false; $error_view->title = $title; $error_view->subtitle = $subtitle; $error_view->message = new vB_Phrase('error', 'error_404_description', vB_Router::getBaseURL(), vB::$vbulletin->options['contactuslink']); $page_view->setBodyView($error_view); // Add general page info $page_view->setPageTitle($title); return $page_view->render(); }
function do_vote_poll() { global $vbulletin, $db, $foruminfo, $threadinfo, $postid, $vbphrase; if (empty($threadinfo['threadid'])) { json_error(ERR_INVALID_THREAD); } $threadid = $vbulletin->GPC['threadid']; $counter = 1; $pollid = $threadinfo['pollid']; if (!$pollid) { json_error(ERR_INVALID_THREAD); } $forumperms = fetch_permissions($threadinfo['forumid']); // Get Poll info $pollinfo = verify_id('poll', $pollid, 0, 1); if (!$pollinfo['pollid']) { json_error(standard_error(fetch_error('invalidid', $vbphrase['poll'], $vbulletin->options['contactuslink']))); } $vbulletin->input->clean_array_gpc('r', array('options' => TYPE_STR)); $options = split(',', $vbulletin->GPC['options']); if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canvote'])) { print_no_permission(); } //check if poll is closed if (!$pollinfo['active'] or !$threadinfo['open'] or $pollinfo['dateline'] + $pollinfo['timeout'] * 86400 < TIMENOW and $pollinfo['timeout'] != 0) { //poll closed json_error(standard_error(fetch_error('pollclosed'))); } //check if an option was selected if (true) { // Query master to reduce the chance of multiple poll votes if ($uservoteinfo = $db->query_first("\n\t\t\tSELECT userid\n\t\t\tFROM " . TABLE_PREFIX . "pollvote\n\t\t\tWHERE userid = " . $vbulletin->userinfo['userid'] . "\n\t\t\t\tAND pollid = {$pollid}\n\t\t")) { //the user has voted before json_error(standard_error(fetch_error('useralreadyvote'))); } $totaloptions = substr_count($pollinfo['options'], '|||') + 1; //Error checking complete, lets get the options if ($pollinfo['multiple']) { $insertsql = ''; $skip_voters = false; foreach ($options as $val) { $val = intval($val); if ($val > 0 and $val <= $totaloptions) { $pollvote =& datamanager_init('PollVote', $vbulletin, ERRTYPE_STANDARD); $pollvote->set_info('skip_voters', $skip_voters); $pollvote->set('pollid', $pollid); $pollvote->set('votedate', TIMENOW); $pollvote->set('voteoption', $val); $pollvote->set('userid', $vbulletin->userinfo['userid']); $pollvote->set('votetype', $val); if (!$pollvote->save(true, false, false, false, true)) { json_error(standard_error(fetch_error('useralreadyvote'))); } $skip_voters = true; } } } else { if ($options[0] > 0 and $options[0] <= $totaloptions) { $pollvote =& datamanager_init('PollVote', $vbulletin, ERRTYPE_STANDARD); $pollvote->set('pollid', $pollid); $pollvote->set('votedate', TIMENOW); $pollvote->set('voteoption', $options[0]); $pollvote->set('userid', $vbulletin->userinfo['userid']); $pollvote->set('votetype', 0); if (!$pollvote->save(true, false, false, false, true)) { json_error(standard_error(fetch_error('useralreadyvote'))); } } } // make last reply date == last vote date if ($vbulletin->options['updatelastpost']) { // option selected in CP $threadman =& datamanager_init('Thread', $vbulletin, ERRTYPE_SILENT, 'threadpost'); $threadman->set_existing($threadinfo); $threadman->set('lastpost', TIMENOW); $threadman->save(); } ($hook = vBulletinHook::fetch_hook('poll_vote_complete')) ? eval($hook) : false; } return array('success' => true); }
public function UpdateProfileAJAX() { if ($this->vbulletin->options['dle_onoff'] && $this->vbulletin->options['dle_profile']) { if (!$this->vbulletin->userinfo['userid']) { print_no_permission(); } if (!($this->vbulletin->userinfo['permissions']['genericpermissions'] & $this->vbulletin->bf_ugp_genericpermissions['canmodifyprofile'])) { print_no_permission(); } $user_name = $this->vbulletin->userinfo['username']; if (DLE_CHARSET && DLE_CHARSET != $this->vbulletin->userinfo['lang_charset']) { $user_name = iconv($this->vbulletin->userinfo['lang_charset'], DLE_CHARSET, $user_name); } $this->_db_connect(); $user_name = $this->db->escape_string($user_name); $dleuser = $this->db->query_first("SELECT user_id, xfields FROM " . USERPREFIX . "_users WHERE name='{$user_name}'"); if (!empty($dleuser['user_id'])) { $xfields_array = array(); if ($dleuser['xfields']) { $isset_fields = explode("||", $dleuser['xfields']); foreach ($isset_fields as $field_name_value) { $part = explode("|", $field_name_value); $xfields_array[$part[0]] = $part[1]; } } $this->vbulletin->input->clean_array_gpc('p', array('fieldid' => TYPE_UINT, 'userfield' => TYPE_ARRAY)); function dle_convert_urlencoded_unicode_recursive($item) { if (is_array($item)) { foreach ($item as $key => $value) { $item["{$key}"] = dle_convert_urlencoded_unicode_recursive($value); } } else { $item = convert_urlencoded_unicode(trim($item)); } return $item; } // handle AJAX posting of %u00000 entries $this->vbulletin->GPC['userfield'] = dle_convert_urlencoded_unicode_recursive($this->vbulletin->GPC['userfield']); $update_field = ''; $fields = $this->vbulletin->GPC['userfield']; foreach ($this->vbulletin->options['dle_fields'] as $vb_field => $dle_field) { if (!empty($dle_field) && isset($fields[$vb_field])) { $value = $fields[$vb_field]; if (DLE_CHARSET && DLE_CHARSET != $this->vbulletin->userinfo['lang_charset']) { $value = iconv($this->vbulletin->userinfo['lang_charset'], DLE_CHARSET, $value); } if (in_array($dle_field, array('land', 'info', 'fullname'))) { if ($update_field) { $update_field .= ", "; } $update_field .= $dle_field . "='" . $this->db->escape_string($value) . "'"; } else { $value = str_replace("|", "|", $value); $value = $parse->BB_Parse($parse->process($value)); $xfields_array[$dle_field] = $value; } } } if ($xfields_array) { $xfields_str = ''; foreach ($xfields_array as $field_dle_name => $value) { if ($xfields_str) { $xfields_str .= "||"; } $xfields_str .= $field_dle_name . "|" . $value; } if ($update_field) { $update_field .= ", xfields='" . $this->db->escape_string($xfields_str) . "'"; } else { $update_field .= "xfields='" . $this->db->escape_string($xfields_str) . "'"; } } if ($update_field) { $this->db->query_write("UPDATE " . USERPREFIX . "_users SET {$update_field} WHERE user_id=" . $dleuser['user_id']); } } $this->_db_disconnect(); } }
/** * Fetches information about the selected custompage with permission checks * * @param integer The custompage we want info about * @param string The type of customblock that we are working with (page or block) * @param bool Should an error be displayed when block is not found * @param bool Should a permission check be performed as well * * @return array Array of information about the custom page or prints an error if it doesn't exist / permission problems */ function verify_blog_customblock($customblockid, $type = null, $alert = true, $perm_check = true) { global $vbulletin, $vbphrase; if (!($blockinfo = fetch_customblock_info($customblockid))) { if ($alert) { standard_error(fetch_error('invalidid', $vbphrase['custom_block'], $vbulletin->options['contactuslink'])); } else { return 0; } } else if ($type AND $blockinfo['type'] != $type) { standard_error(fetch_error('invalidid', $vbphrase['custom_block'], $vbulletin->options['contactuslink'])); } $blockinfo['userinfo'] = verify_id('user', $blockinfo['userid'], 1, 1, 10); if ($perm_check) { if ($vbulletin->userinfo['userid'] != $blockinfo['userinfo']['userid'] AND empty($blockinfo['userinfo']['bloguserid'])) { standard_error(fetch_error('blog_noblog', $blockinfo['userinfo']['username'])); } if (!$blockinfo['userinfo']['canviewmyblog']) { print_no_permission(); } if (in_coventry($blockinfo['userinfo']['userid']) AND !can_moderate_blog()) { standard_error(fetch_error('invalidid', $vbphrase['custom_block'], $vbulletin->options['contactuslink'])); } if ($vbulletin->userinfo['userid'] == $blockinfo['userinfo']['userid'] AND !($vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canviewown'])) { print_no_permission(); } if ($vbulletin->userinfo['userid'] != $blockinfo['userinfo']['userid'] AND !($vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canviewothers'])) { // Can't view other's entries so off you go to your own blog. exec_header_redirect("blog.php?$session[sessionurl]u=" . $vbulletin->userinfo['userid']); } } return $blockinfo; }
function vbseo_complete_sec($sec, $dat_proc = '') { global $vboptions, $forum, $vbulletin, $vbphrase, $postcache, $stylevar, $vbseo_gcache, $vbseo_linkbacks_no, $bbuserinfo; if (!VBSEO_ENABLED) { return; } if (defined('VBSEO_UNREG_EXPIRED')) { return $newtext; } if (VBSEO_IGNOREPAGES && preg_match('#(' . VBSEO_IGNOREPAGES . ')#i', VBSEO_REQURL)) { return; } if (VBSEO_REWRITE_THREADS_ADDTITLE && ($sec == 'newpost_preview' || $sec == 'postbit_display_complete')) { global $vbseo_previewmessage, $vbseo_cutbburl; if ($GLOBALS['post'] && $GLOBALS['post']['message']) { $ptext =& $GLOBALS['post']['message']; } else { $ptext =& $vbseo_previewmessage; } vbseo_reverse_formats(); $matchfull = preg_quote('http://' . VBSEO_HTTP_HOST, '#'); if (VBSEO_REWRITE_THREADS_ADDTITLE_POST) { $ptext = preg_replace('#(href=")(' . $matchfull . '[^"]*?' . VBSEO_FIND_P_FORMAT . '[^/"]*")#eis', 'vbseo_replace_urls_mini_post("$1","$2","$3")', $ptext); $ptext = preg_replace('#(href=")(' . $matchfull . '[^"]*?showpost\\.' . VBSEO_VB_EXT . '\\?[^"]*?p(?:ostid)?=(\\d+)[^/"]*")#eis', 'vbseo_replace_urls_mini_post("$1","$2","$3")', $ptext); } $ptext = preg_replace('#(href=")(' . $matchfull . '[^"]*?' . VBSEO_FIND_MT_FORMAT . '[^/"]*")#eis', 'vbseo_replace_urls_mini("$1","$2","$3","m")', $ptext); $ptext = preg_replace('#(href=")(' . $matchfull . '[^"]*?' . VBSEO_FIND_T_FORMAT . '[^/"]*")#eis', 'vbseo_replace_urls_mini("$1","$2","$3")', $ptext); $ptext = preg_replace('#(href=")(' . $matchfull . '[^"]*?(?:show|print)thread\\.' . VBSEO_VB_EXT . '\\?[^"]*?t(?:hreadid)?=(\\d+)[^/"]*")#eis', 'vbseo_replace_urls_mini("$1","$2","$3")', $ptext); } if (isset($vbulletin) && !$vbseo_cutbburl) { $vbseo_cutbburl = preg_replace('#/$#', '', $vbulletin->options['bburl']); } if ($sec == 'init_startup' && $vbseo_cutbburl) { vbseo_check_stripsids(); vbseo_prepare_seo_replace(); if (VBSEO_IN_PINGBACK && THIS_SCRIPT == 'showthread') { @header('X-Pingback: ' . $vbseo_cutbburl . '/vbseo-xmlrpc/'); } if (THIS_SCRIPT != 'search') { vbseo_prepare_cat_anchors(); } if (THIS_SCRIPT == 'newreply' || THIS_SCRIPT == 'editpost' || THIS_SCRIPT == 'newthread') { $vbseo_ref = $_SERVER['HTTP_REFERER']; $pre_repl = ''; $q = $_POST['message']; if ($vbseo_ref && strstr(strtolower($vbseo_ref), VBSEO_HTTP_HOST)) { $pre_repl = preg_replace('#/[^/]*$#', '/', $vbseo_ref); } if ($pre_repl && $pre_repl != $vbseo_cutbburl . '/') { $rs = '#((?:<a[^>]*?href="|\\[url="|\\[url\\]|<img[^>]*?src="|\\[img="|\\[img\\]))'; $_POST['message'] = preg_replace($rs . '(' . preg_quote($vbseo_cutbburl) . '/)?([^:"\\[\\]]*?\\.\\.[^:"\\[\\]]*?["\\[])#i', '$1' . $pre_repl . '$3', $_POST['message']); do { $_pmsg = $_POST['message']; $_POST['message'] = preg_replace('#(://[^\\"\\]]*?/)([^/\\"\\]]*/)\\.\\./#', '$1', $_POST['message']); } while ($_POST['message'] != $_pmsg); } } } $newpost_name = ''; if ($sec == 'blog_fpdata_presave' || $sec == 'blog_textdata_start' || $sec == 'blog_data_start') { $newpost_name = 'blog'; } if ($sec == 'newpost_process' || $sec == 'newpost_complete') { $newpost_name = 'newpost'; } if ($sec == 'visitormessagedata_start') { $newpost_name = 'message'; } $clean_redir = $newpost_name ? 1 : 0; if (!$newpost_name && $sec == 'postdata_presave') { $newpost_name = 'edit'; } $may_addttl = $clean_redir && (!isset($_POST['vbseo_is_retrtitle']) || isset($_POST['vbseo_retrtitle'])); $force_addttl = $newpost_name && (isset($_POST['vbseo_is_retrtitle']) && isset($_POST['vbseo_retrtitle'])); $addttl = VBSEO_REWRITE_EXT_ADDTITLE && ($force_addttl || $may_addttl); global ${$newpost_name}; if (isset(${$newpost_name})) { $pmsg_a =& ${$newpost_name}; if (isset($pmsg_a['message'])) { $pmsg =& $pmsg_a['message']; } } if ($clean_redir) { vbseo_get_options(); $redurl = $vboptions['bburl2'] . '/' . VBSEO_REDIRECT_URI . '?redirect='; $pmsg = preg_replace('#' . preg_quote($redurl, '#') . '([^"\\]\\[]*)#eis', 'urldecode(\'$1\')', $pmsg); } if ($addttl) { preg_match_all('#\\[url=?\\"?(.*?)\\"?\\](.+?)\\[\\/url\\]#is', $pmsg, $lmatch); for ($i = 0; $i < count($lmatch[0]); $i++) { $ul = trim($lmatch[1][$i]); $ulin = trim($lmatch[2][$i]); if ($ul && !@strstr($ulin, $ul)) { continue; } if (!@strstr($ulin, '://')) { $ulin = 'http://' . $ulin; } if (!$ul) { $ul = $ulin; } if (preg_match('#^http://#', $ulin) && (!VBSEO_REWRITE_EXT_ADDTITLE_BLACKLIST || !preg_match('#' . VBSEO_REWRITE_EXT_ADDTITLE_BLACKLIST . '#i', $ulin))) { vbseo_reverse_formats(); $matchfull = preg_quote('http://' . VBSEO_HTTP_HOST, '#'); $ismatch = false; if (VBSEO_REWRITE_THREADS_ADDTITLE_POST) { $ismatch |= preg_match('#' . $matchfull . '[^"]*?/' . VBSEO_FIND_P_FORMAT . '#is', $ulin); } $ismatch |= preg_match('#' . $matchfull . '[^"]*?/' . VBSEO_FIND_MT_FORMAT . '#is', $ulin); $ismatch |= preg_match('#' . $matchfull . '[^"]*?/' . VBSEO_FIND_T_FORMAT . '#is', $ulin); $ulin_shot = str_replace(VBSEO_TOPREL_FULL, '', $ulin); if (($arr = vbseo_check_url('VBSEO_URL_FORUM_PAGENUM', $ulin_shot)) || ($arr = vbseo_check_url('VBSEO_URL_FORUM', $ulin_shot))) { if (!isset($arr['forum_id']) && (isset($arr['forum_path']) || isset($arr['forum_title']))) { $arr['forum_id'] = vbseo_reverse_forumtitle($arr); } vbseo_get_forum_info(); if (!vbseo_forum_is_public($vbseo_gcache['forum'][$arr['forum_id']])) { $ismatch = true; } } if (!$ismatch) { $pret = vbseo_http_query_full($ulin); $ptitle = vbseo_get_page_title($pret['content'], defined('VBSEO_MAX_TITLE_LENGTH') ? VBSEO_MAX_TITLE_LENGTH : 0); $pcharset = vbseo_get_page_charset($pret['content'], $pret['headers']); $ptitle = vbseo_convert_charset($ptitle, $pcharset); if ($ptitle && $ptitle != $vboptions['bbtitle']) { $pmsg = str_replace($lmatch[0][$i], '[url=' . $ulin . ']' . $ptitle . '[/url]', $pmsg); } } } } } $trackback = VBSEO_EXT_TRACKBACK && ($sec == 'newpost_complete' || $sec == 'threadmanage_update'); $pingback = VBSEO_EXT_PINGBACK && $sec == 'newpost_complete'; if ($pingback || $trackback) { global $found_object_ids; if (!$vboptions['bburl2'] || !$vbseo_gcache['forum']) { vbseo_get_options(); vbseo_prepare_seo_replace(); vbseo_get_forum_info(); } $r_post_id = $pmsg_a['postid']; if (!$r_post_id && $GLOBALS['threadinfo']) { $r_post_id = $GLOBALS['threadinfo']['firstpostid']; } unset($vbseo_gcache['post'][$r_post_id]); $found_object_ids['prepostthread_ids'] = array($r_post_id); vbseo_get_post_thread_info($r_post_id); $threadid = $vbseo_gcache['post'][$r_post_id]['threadid']; vbseo_get_thread_info($threadid); $forumid = $vbseo_gcache['thread'][$threadid]['forumid']; $vbseo_url_ = vbseo_thread_url_postid($r_post_id); $vbseo_url_t = vbseo_thread_url($threadid); if (!strstr($vbseo_url_, '://')) { $vbseo_url_ = $vboptions['bburl2'] . '/' . $vbseo_url_; } if (!strstr($vbseo_url_t, '://')) { $vbseo_url_t = $vboptions['bburl2'] . '/' . $vbseo_url_t; } if (THIS_SCRIPT == 'newthread') { $vbulletin->db->query_write("INSERT INTO " . vbseo_tbl_prefix('vbseo_serviceupdate') . "\n(s_threadid, s_updated)\nVALUES\n('{$threadid}', 0)\n"); } } if ($sec == 'blog_fpdata_postsave') { global $blogman; if ($blogman && ($bid = $blogman->blog['blogid'])) { $vbulletin->db->query_write("INSERT INTO " . vbseo_tbl_prefix('vbseo_serviceupdate') . "\n(s_threadid, s_updated, s_type)\nVALUES\n('{$bid}', 0, 1)\n"); } } if ($trackback && $_REQUEST['sendtrackbacks']) { $tracurls = explode(' ', $_REQUEST['sendtrackbacks']); $tdetails = vbseo_get_thread_details($r_post_id); $tdetails['pagetext'] = preg_replace('#\\[.+?\\]#', '', $tdetails['pagetext']); vbseo_extra_inc('linkback'); foreach ($tracurls as $turl) { if (trim($turl)) { $turl = trim($turl); if (!preg_match('#^http://#', $turl)) { continue; } if (vbseo_pingback_exists($turl, $threadid)) { continue; } $snippet = vbseo_utf8_substr($tdetails['pagetext'], 0, VBSEO_SNIPPET_LENGTH); $res_success = vbseo_do_trackback($turl, $vbseo_url_t, $vbseo_gcache['thread'][$threadid]['title'], $vboptions['bbtitle'], $snippet . '...'); vbseo_store_pingback($vbseo_url_, $turl, 1, $r_postid, 0, $threadid, 0, $_REQUEST['subject'], $snippet, 0, $res_success, 1, false); } } } if ($pingback && vbseo_forum_is_public($vbseo_gcache['forum'][$forumid])) { vbseo_extra_inc('linkback'); preg_match_all('#\\[url=?\\"?(.*?)\\"?\\]#is', $pmsg, $lmatch); for ($i = 0; $i < count($lmatch[0]); $i++) { $ulin = $lmatch[1][$i]; if (preg_match('#^http://#', $ulin) && !strstr($ulin, VBSEO_HTTP_HOST) && (!VBSEO_REWRITE_EXT_ADDTITLE_BLACKLIST || !preg_match('#' . VBSEO_REWRITE_EXT_ADDTITLE_BLACKLIST . '#i', $ulin))) { if (vbseo_pingback_exists($ulin, $threadid)) { continue; } $res_success = vbseo_do_pingback($vbseo_url_, $ulin); if ($res_success >= 0) { vbseo_store_pingback($vbseo_url_, $ulin, 0, $r_postid, 0, $threadid, 0, $_REQUEST['subject'], $snippet, 0, $res_success, 1); } } } } switch ($sec) { case 'blog_entry_start': vbseo_prepend_template('blog_show_entry', '".(($blog[message] = vbseo_process_content_area($blog[message])) ? "":"")."'); vbseo_prepend_template('blog_comment', '".(($response[message] = vbseo_process_content_area($response[message])) ? "":"")."'); break; case 'blog_entry_complete': if (VBSEO_BOOKMARK_BLOG && vbseo_tpl_exists('blog_show_entry')) { $vbseo_url_b = vbseo_http_s_url('http://' . $_SERVER['HTTP_HOST'] . $_SERVER['VBSEO_URI']); $book_t = urlencode($GLOBALS['blog']['title']); $bmlist = vbseo_get_bookmarks(); $vbseo_post_bookmarks = ''; foreach ($bmlist as $bm) { $blink = str_replace('%url%', urlencode($vbseo_url_b), str_replace('%title%', $book_t, $bm[0])); eval('$vbseo_post_bookmarks .= "' . fetch_template('vbseo_blog_bmarkentry') . '";'); } $vbseo_post_bookmarks = str_replace('"', '\\"', $vbseo_post_bookmarks); $bsection_tpl = str_replace('<!--VBSEO_BOOKMARKS-->', $vbseo_post_bookmarks, fetch_template('vbseo_blog_bmarksection')); if (VBSEO_BOOKMARK_BLOG == 1) { $snr = '#(\\"\\.\\(\\(\\$show\\[\'blograting\'\\]\\) \\? \\(\\".*?)(<[^>]*?id=\\\\"blog_title)#is'; $pm = vbseo_tpl_match('blog_show_entry', $snr); $pm[1] = str_replace('id=\\"blograting\\" style=\\"float:$stylevar[right]\\">', 'id=\\"blograting\\" style=\\"text-align:center\\">', $pm[1]); $bsection = str_replace('<!--BLOG_RATING-->', $pm[1], $bsection_tpl); vbseo_modify_template('blog_show_entry', $snr, $bsection . '$2'); } else { vbseo_modify_template('blog_show_entry', '#("\\.\\(\\(\\$' . 'categorybits)#is', $bsection_tpl . '$1', false, '<!--VBSEO_BOOKMARKS-->'); } vbseo_modify_template('blog_show_entry', '#(<div id=\\\\"blog_message\\\\" style=\\\\")(.*?</div>)#', "\$1min-height:60px;\$2\n<br style=\\\"clear:both\\\" />"); } break; case 'global_start': if (!$vbulletin->userinfo['userid'] && VBSEO_CODE_CLEANUP_PREVIEW && THIS_SCRIPT == 'forumdisplay') { $vbulletin->options['threadpreview'] = 0; $vbseo_gcache['var']['vboptchanged'] = true; } if (!$vbulletin->userinfo['userid'] && VBSEO_FORUMJUMP_OFF && $vbulletin && (THIS_SCRIPT == 'forumdisplay' || THIS_SCRIPT == 'showthread')) { $vbulletin->options['useforumjump'] = 0; $vbseo_gcache['var']['vboptchanged'] = true; } if (VBSEO_CATEGORY_ANCHOR_LINKS) { vbseo_modify_template('forumhome_forumbit_level1_nopost', 'href=\\"forumdisplay', 'id=\\"".$forum[\'nametitle\']."\\" name=\\"".$forum[\'nametitle\']."\\" href=\\"forumdisplay'); } if (VBSEO_IN_REFBACK && (THIS_SCRIPT == 'showthread' || THIS_SCRIPT == 'showpost')) { $vbseo_ref = $_SERVER['HTTP_REFERER']; if ($vbseo_ref && !strstr(strtolower($vbseo_ref), VBSEO_HTTP_HOST) && !strstr(strtolower($vbseo_ref), str_replace('www.', '', VBSEO_HTTP_HOST))) { if (!defined('VBSEO_REFBACK_BLACKLIST') || !preg_match('#' . VBSEO_REFBACK_BLACKLIST . '#i', $vbseo_ref)) { vbseo_extra_inc('linkback'); vbseo_ping_proc($vbseo_ref, VBSEO_TOPREL_FULL . VBSEO_REQURL, 2); } } } break; case 'memberlist_bit': global $userinfo, $usercache; $usercache[$userinfo['userid']] = array('userid' => $userinfo['userid'], 'username' => $userinfo['username']); break; case 'ajax_start': if ($_POST['do'] == 'linkbackmod' && ($linkid = addslashes($_POST['id']))) { $ilink = $vbulletin->db->query_first("\nSELECT l.*, t.forumid\nFROM " . vbseo_tbl_prefix('vbseo_linkback') . " l\nLEFT JOIN " . vbseo_tbl_prefix('thread') . " t ON t.threadid = l.t_threadid\nWHERE t_id='{$linkid}'"); $ismod = can_moderate($ilink['forumid'], 'vbseo_linkbacks') || $vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['ismoderator']; if ($ismod) { vbseo_extra_inc('linkback'); if ($_POST['action'] == 'mod') { $vbulletin->db->query_write("\nUPDATE " . vbseo_tbl_prefix('vbseo_linkback') . "\nSET t_approve=IF(t_approve,0,1)\nWHERE t_id='{$linkid}'"); if (!$ilink['t_approve']) { vbseo_send_notification_pingback($ilink['t_threadid'], $ilink['t_postid'], $ilink['t_src_url'], $ilink['t_title'], $ilink['t_text'], 1, 0); } } if ($_POST['action'] == 'ban') { $purl = parse_url($ilink['t_src_url']); if ($purl['host']) { $bdom = str_replace('www.', '', $purl['host']); vbseo_linkback_bandomain($bdom, 1); $vbulletin->db->query_write("\nUPDATE " . vbseo_tbl_prefix('vbseo_linkback') . "\nSET t_deleted = 1\nWHERE t_src_url LIKE 'http%" . addslashes($bdom) . "/%'"); } } if ($_POST['action'] == 'del') { $vbulletin->db->query_write("\nUPDATE " . vbseo_tbl_prefix('vbseo_linkback') . "\nSET t_deleted = 1\nWHERE t_id = '{$linkid}'"); } vbseo_linkback_approve($linkid); header('Content-Type: text/plain;'); header('Connection: Close'); echo $ilink['t_approve'] ? '0' : '1'; } exit; } if ($_POST['do'] == 'updatelinkback') { $vbulletin->input->clean_array_gpc('p', array('linkid' => TYPE_UINT, 'title' => TYPE_STR)); $linkid = $vbulletin->GPC['linkid']; $ilink = $vbulletin->db->query_first("\nSELECT *\nFROM " . vbseo_tbl_prefix('vbseo_linkback') . " l\nWHERE t_id='" . addslashes($linkid) . "'"); $ismod = can_moderate($ilink['forumid'], 'vbseo_linkbacks') || $vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['ismoderator']; if ($ismod) { $ltitle = convert_urlencoded_unicode($vbulletin->GPC['title']); $vbulletin->db->query_write("\nUPDATE " . vbseo_tbl_prefix('vbseo_linkback') . " l\nSET t_title = '" . addslashes($ltitle) . "'\nWHERE t_id = '" . addslashes($linkid) . "'"); } $xml = new vB_AJAX_XML_Builder($vbulletin, 'text/xml'); $xml->add_tag('linkhtml', $ltitle); $xml->print_xml(); } break; case 'forumadmin_update_save': global $vboptions, $forumcache; vbseo_get_options(); vbseo_prepare_seo_replace(); $vboptions['vbseo_opt'] = array(); $forumcache2 = $forumcache; $forumcache = ''; vbseo_get_forum_info(true); $forumcache = $forumcache2; vbseo_check_datastore(true); break; case 'private_insertpm_process': global $pmdm; if (is_object($pmdm) && strstr($pmdm->pmtext['message'], '[post]')) { vbseo_startup(); $pmdm->pmtext['message'] = preg_replace('#\\[post\\](\\d+)\\[\\/post\\]#', '[url]' . $vboptions['bburl2'] . '/showthread.php?p=$1#post$1[/url]', $pmdm->pmtext['message']); $GLOBALS['VBSEO_REWRITE_TEXTURLS'] = 1; $pmdm->pmtext['message'] = make_crawlable($pmdm->pmtext['message']); unset($GLOBALS['VBSEO_REWRITE_TEXTURLS']); } break; case 'cache_templates': global $globaltemplates, $show, $bbuserinfo; if ($_REQUEST['ajax']) { if (THIS_SCRIPT == 'blog_post') { $globaltemplates[] = 'blog_comment'; } if (THIS_SCRIPT == 'group') { $globaltemplates[] = 'socialgroups_message'; } if (THIS_SCRIPT == 'album') { $globaltemplates[] = 'picturecomment_message'; } if (THIS_SCRIPT == 'visitormessage') { $globaltemplates[] = 'memberinfo_visitormessage'; } } if (THIS_SCRIPT == 'blog' && $_REQUEST['do'] == 'blog') { $globaltemplates[] = 'vbseo_blog_bmarkentry'; $globaltemplates[] = 'vbseo_blog_bmarksection'; } if (THIS_SCRIPT == 'moderation') { $globaltemplates[] = 'vbseo_linkbacks'; $globaltemplates[] = 'vbseo_linkbackbit'; } if (THIS_SCRIPT == 'showthread' && (VBSEO_IN_PINGBACK || VBSEO_IN_TRACKBACK || VBSEO_IN_REFBACK)) { $globaltemplates[] = 'vbseo_linkbacks'; $globaltemplates[] = 'vbseo_linkbackbit'; $globaltemplates[] = 'vbseo_linkbackmenu'; $globaltemplates[] = 'vbseo_linkbackmenu_entry'; } if (THIS_SCRIPT == 'misc' && $_REQUEST['do'] == 'pingtrackback') { vbseo_safe_redirect('misc.' . VBSEO_VB_EXT . '?do=linkbacks', array('do')); } if (THIS_SCRIPT == 'misc' && $_REQUEST['do'] == 'linkbacks') { $globaltemplates[] = 'vbseo_help_linkback'; } break; case 'member_infractionbit': $GLOBALS['vbseo_gcache']['post'][$dat_proc['postid']] = $dat_proc; break; case 'parse_templates': vbseo_modify_template('socialgroups_grouplist_bit', '#.$#s', '$0".(($GLOBALS[\'vbseo_gcache\'][\'groups\'][$group[\'groupid\']]=$group)?\'\':\'\')."'); vbseo_modify_template('memberinfo_socialgroupbit', '#.$#s', '$0".(($GLOBALS[\'vbseo_gcache\'][\'groups\'][$socialgroup[\'groupid\']]=$socialgroup)?\'\':\'\')."'); vbseo_modify_template('blog_entry_profile', '#.$#s', '$0".(($GLOBALS[\'vbseo_gcache\'][\'blog\'][$this->blog[\'blogid\']]=$this->blog)?\'\':\'\')."'); vbseo_modify_template('blog_entry_profile', '#.$#s', '$0".(($GLOBALS[\'vblog_categories\']=$this->categories)?\'\':\'\')."'); vbseo_modify_template('album_picturebit', '#.$#s', '$0".(($GLOBALS[\'vbseo_gcache\'][\'pic\'][$picture[\'pictureid\']]=$picture)?\'\':\'\')."'); vbseo_modify_template('albumbit', '#.$#s', '$0".(($GLOBALS[\'vbseo_gcache\'][\'album\'][$album[\'albumid\']]=$album)?\'\':\'\')."'); vbseo_modify_template('memberinfo_albumbit', '#.$#s', '$0".(($GLOBALS[\'vbseo_gcache\'][\'album\'][$album[\'albumid\']]=$album)?\'\':\'\')."'); vbseo_prepend_template('memberinfo_visitormessage', '".(($message[message] = vbseo_process_content_area($message[message])) ? "":"")."'); vbseo_prepend_template('socialgroups_message', '".(($message[message] = vbseo_process_content_area($message[message])) ? "":"")."'); vbseo_prepend_template('picturecomment_message', '".(($message[message] = vbseo_process_content_area($message[message])) ? "":"")."'); vbseo_prepend_template('pt_issuenotebit_user', '".(($note[message] = vbseo_process_content_area($note[message])) ? "":"")."'); vbseo_prepend_template('newpost_preview', '".(($previewmessage = vbseo_process_content_area($previewmessage)) ? "":"")."'); if ((THIS_SCRIPT == 'blog' || THIS_SCRIPT == 'blog_post') && VBSEO_PERMALINK_BLOG > 0) { vbseo_modify_template('blog_comment', '#(blogipaddress.*?)(</div>)#s', '$1 <a href=\\"#comment$response[blogtextid]\\"><img src=\\"$stylevar[imagesfolder]/vbseo/anchor.png\\" border=\\"0\\" alt=\\"$vbphrase[vbseo_permalink]\\" class=\\"inlineimg\\" /></a> $2', 0); vbseo_modify_template('blog_comment', '#(OR \\$show\\[\\\'reportlink\\\'\\])#s', '$1 OR 1', 0); } if (THIS_SCRIPT == 'member' || THIS_SCRIPT == 'visitormessage') { $vmurl = $_GET['tab'] && $_GET['tab'] != 'visitor_messaging' ? 'member.php?u=' . $_GET['u'] : ''; $vmurl .= '#vmessage$message[vmid]'; if (VBSEO_PERMALINK_PROFILE == 2) { vbseo_modify_template('memberinfo_visitormessage', '#\\$message\\[date\\]#s', '<a href=\\"' . $vmurl . '\\">$0</a>', 0); } else { if (VBSEO_PERMALINK_PROFILE == 1) { vbseo_modify_template('memberinfo_visitormessage', '#message\\[time\\].*?\\)\\)\\.\\"#s', '$0 - <a href=\\"' . $vmurl . '\\">$vbphrase[vbseo_permalink]</a>', 0); } } vbseo_modify_template('MEMBERINFO', '#(vBulletin\\.register_control\\(\\\\"vB_TabCtrl\\\\", \\\\"profile_tabs\\\\", \\\\"\\$selected_tab\\\\")#s', "var vbseo_opentab=document.location.hash;\nvbseo_opentab = vbseo_opentab.substring(1,vbseo_opentab.length);\n" . '$1 ? \\"$selected_tab\\" : vbseo_opentab'); } if (THIS_SCRIPT == 'album') { if (VBSEO_PERMALINK_ALBUM == 2) { vbseo_modify_template('picturecomment_message', '#\\$message\\[date\\]#s', '<a href=\\"#picturecomment$message[commentid]\\">$0</a>', 0); } else { if (VBSEO_PERMALINK_ALBUM == 1) { vbseo_modify_template('picturecomment_message', '#message\\[time\\].*?\\)\\)\\.\\"#s', '$0 - <a href=\\"#picturecomment$message[commentid]\\">$vbphrase[vbseo_permalink]</a>', 0); } } } if (THIS_SCRIPT == 'group') { $_plink = 'group.' . VBSEO_VB_EXT . '?groupid=' . $_REQUEST['groupid'] . '#gmessage$message[gmid]'; if (VBSEO_PERMALINK_GROUPS == 2) { vbseo_modify_template('socialgroups_message', '#\\$message\\[date\\]#s', '<a href=\\"' . $_plink . '\\">$0</a>', 0); } else { if (VBSEO_PERMALINK_GROUPS == 1) { vbseo_modify_template('socialgroups_message', '#message\\[time\\].*?\\)\\)\\.\\"#s', '$0 - <a href=\\"' . $_plink . '\\">$vbphrase[vbseo_permalink]</a>', 0); } } } if (VBSEO_IN_PINGBACK || VBSEO_IN_TRACKBACK || VBSEO_IN_REFBACK) { if (can_moderate(0, 'vbseo_linkbacks')) { vbseo_modify_template('USERCP_SHELL', '#(do=viewposts&type=moderated.*?</tr>)#is', '$1 <tr> <td class=\\"".($navclass[moderatedlinkbacks]?$navclass[moderatedlinkbacks]:"alt2")."\\"><a class=\\"smallfont\\" href=\\"moderation.php?$session[sessionurl]do=viewlinkbacks\\">$vbphrase[vbseo_moderated_linkbacks]</a></td> </tr>'); } } if (!$vbulletin->userinfo['userid']) { if (VBSEO_CODE_CLEANUP_MEMBER_DROPDOWN) { if (THIS_SCRIPT == 'showthread') { $tplpostbit = vbseo_get_postbit_tpl(); vbseo_modify_template($tplpostbit, '#<script[^>]+?>[^<]*?postmenu_\\$post.*?</script>#is', ''); vbseo_modify_template($tplpostbit, '#<div class=\\\\"vbmenu_popup.*?</div>#is', ''); } if (THIS_SCRIPT == 'blog') { $blog_tpls = array('blog_sidebar_user', 'blog_entry_with_userinfo', 'blog_entry_without_userinfo', 'blog_list_blogs_blog'); foreach ($blog_tpls as $_btpl) { vbseo_modify_template($_btpl, '#<script[^>]+?>[^<]*?blogusermenu.*?</script>#is', ''); vbseo_modify_template($_btpl, '#<div class=\\\\"vbmenu_popup.*?</div>#is', ''); } } } if (THIS_SCRIPT == 'index') { if (VBSEO_CODE_CLEANUP_LASTPOST == 2) { vbseo_modify_template('FORUMHOME', '#<td[^<]+?vbphrase\\[last_post\\]</td>#is', ''); vbseo_modify_template('forumhome_forumbit_level1_nopost', '#<td[^<]+?vbphrase\\[last_post\\].*?</td>#is', ''); vbseo_modify_template('FORUMDISPLAY', '#<td[^<]+?(<span[^<]+?)?(<a[^<]+?)?vbphrase\\[last_post\\].*?</td>#is', ''); vbseo_modify_template('forumhome_forumbit_level2_post', '#<td[^<]+?forum\\[lastpostinfo\\].*?</td>#is', ''); vbseo_modify_template('forumhome_forumbit_level1_post', '#<td[^<]+?forum\\[lastpostinfo\\].*?</td>#is', ''); vbseo_modify_template('threadbit', '#\\(\\(\\$show\\[\'threadmoved\'.*?/td>\\s*"\\)\\)\\.#is', ''); } if (VBSEO_CODE_CLEANUP_LASTPOST == 1) { vbseo_modify_template('threadbit', '#<a href=[^>]*?->[^>]*?->[^>]*?lastpostid.*?</a>#is', ''); vbseo_modify_template('forumhome_lastpostby', '#<a href=[^>]*?->[^>]*?->[^>]*?lastpostid.*?</a>#is', ''); $vbphrase['by_x'] = strip_tags($vbphrase['by_x']); } vbseo_modify_template('threadbit', '#<a href=\\\\"misc\\.php\\?do=whoposted.*?>(.*?)</a>#is', '$1'); } } break; case 'moderation_start': if ($_REQUEST['do'] == 'viewlinkbacks') { global $navbar, $navclass, $HTML, $navbits, $headinclude, $header, $footer, $db, $show, $navclass, $notices, $pmbox, $notifications_total; if (!can_moderate(0, 'vbseo_linkbacks')) { print_no_permission(); } vbseo_startup(); $vbseolinkbackbits = ''; $perpage = 20; $pagenumber = $_GET['page'] ? $_GET['page'] : 1; $vbseodb = vbseo_get_db(); $tp = $vbseodb->vbseodb_query_first("\nSELECT COUNT(*) as cnt\nFROM " . vbseo_tbl_prefix('vbseo_linkback') . "\nWHERE t_incoming=1 AND t_deleted=0 AND t_approve=0"); $totalposts = $tp['cnt']; $vbseopings = $vbseodb->vbseodb_query($q = "\nSELECT t_id, t_time, t_src_url, t_dest_url, t_type, t_postid, t_postcount, t_threadid, t_page, t_title, t_text, t_approve, forumid\nFROM " . vbseo_tbl_prefix('vbseo_linkback') . "\nLEFT JOIN " . vbseo_tbl_prefix('thread') . " on threadid=t_threadid\nWHERE t_incoming=1 AND t_deleted=0 AND t_approve=0\nORDER BY t_time " . (preg_match('#^(asc|desc)$#i', VBSEO_DEFAULT_LINKBACKS_ORDER) ? VBSEO_DEFAULT_LINKBACKS_ORDER : "DESC") . " LIMIT " . ($pagenumber - 1) * $perpage . "," . $perpage); $pagenav = construct_page_nav($pagenumber, $perpage, $totalposts, "moderation.php?do=viewlinkbacks"); while ($vbseoping = @$vbseodb->funcs['fetch_assoc']($vbseopings)) { if (can_moderate($vbseoping['forumid'], 'vbseo_linkbacks')) { $vbseoping['postno'] = $vbseoping['t_postcount']; $vbseoping['ismod'] = 1; $vbseoping['date'] = vbdate($vbulletin->options['dateformat'], $vbseoping['t_time'], true); $vbseoping['time'] = vbdate($vbulletin->options['timeformat'], $vbseoping['t_time'], true); $vbseoping['t_src_url'] = htmlentities($vbseoping['t_src_url']); $vbseoping['t_dest_url'] = htmlentities($vbseoping['t_dest_url']); $vbseoping['t_text_nohtml'] = htmlspecialchars(strip_tags($vbseoping['t_text'])); $vbseoping['t_title_html'] = htmlspecialchars($vbseoping['t_title']); eval('$vbseolinkbackbits .= "' . fetch_template('vbseo_linkbackbit') . '";'); } } if ($vbseolinkbackbits) { eval('$HTML = "' . fetch_template('vbseo_linkbacks') . '";'); } else { $HTML = $vbphrase['vbseo_no_linkbacks_found']; } unset($vbseolinkbackbits); $navbits[''] = $vbphrase['moderation']; $navbits = construct_navbits($navbits); construct_usercp_nav('moderatedlinkbacks'); eval('$navbar = "' . fetch_template('navbar') . '";'); eval('print_output("' . fetch_template('USERCP_SHELL') . '");'); } break; case 'misc_start': if ($_REQUEST['do'] == 'linkbacks') { global $navbits, $headinclude, $header, $footer; $navbits = construct_navbits(array('faq.' . VBSEO_VB_EXT . $vbulletin->session->vars['sessionurl_q'] => $vbphrase['faq'], '' => $vbphrase['vbseo_linkbacks'])); @extract($GLOBALS); @eval('$navbar = "' . fetch_template('navbar') . '";'); @eval('print_output("' . fetch_template('vbseo_help_linkback') . '");'); } break; case 'archive_forum_thread': if ($GLOBALS['pda'] == 'vbseo') { $GLOBALS['pda'] = false; } break; case 'archive_navigation': if (VBSEO_ARCHIVE_ORDER_DESC && !$GLOBALS['pda']) { $GLOBALS['pda'] = 'vbseo'; } break; case 'forumrules': $pingrules = '<div>" . construct_phrase("$vbphrase[vbseo_trackback_is_x]", "misc.".VBSEO_VB_EXT."?do=linkbacks#trackbacks", "' . iif(VBSEO_EXT_TRACKBACK, $vbphrase['on'], $vbphrase['off']) . '") . "</div> <div>" . construct_phrase("$vbphrase[vbseo_pingback_is_x]", "misc.".VBSEO_VB_EXT."?do=linkbacks#pingbacks", "' . iif(VBSEO_EXT_PINGBACK, $vbphrase['on'], $vbphrase['off']) . '") . "</div> <div>" . construct_phrase("$vbphrase[vbseo_refback_is_x]", "misc.".VBSEO_VB_EXT."?do=linkbacks#refbacks", "' . iif(VBSEO_IN_REFBACK, $vbphrase['on'], $vbphrase['off']) . '") . "</div>'; vbseo_modify_template('forumrules', '#(html_code_is_x.*?</div>)#s', '$1' . $pingrules, 0, '<!--LINKBACK_POSTRULES-->'); break; case 'showthread_complete': global $onload; if (!$onload) { $onload = "if (is_ie || is_moz) { var cpost=document.location.hash;if(cpost){ if(cobj = fetch_object(cpost.substring(1,cpost.length)))cobj.scrollIntoView(true); }}"; } if (VBSEO_IN_PINGBACK || VBSEO_IN_TRACKBACK || VBSEO_IN_REFBACK) { global $vbseo_bookmarks, $vbseo_linkback_menu, $vbseo_linkback_menu_list, $show, $vbseo_linkback_uri, $thread; $vbseo_url_t = urlencode($vboptions['bburl2'] . '/' . vbseo_thread_url($thread['threadid'])); $book_t = urlencode($thread['title']); $is_public = vbseo_forum_is_public($GLOBALS['forum'], $GLOBALS['foruminfo'], false, true); if ($is_public && VBSEO_BOOKMARK_THREAD) { $bmlist = vbseo_get_bookmarks(); $vbseo_bookmarks = ''; $bmno = 0; foreach ($bmlist as $bm) { $vbseo_bookmarks .= '<tr><td class="vbmenu_option"><img class="inlineimg" src="' . $bm[1] . '" alt="' . $bm[2] . '" /> <a href="' . str_replace('%url%', $vbseo_url_t, str_replace('%title%', $book_t, $bm[0])) . '" target="_blank">' . $bm[2] . '</a><a name="vbseodm_' . $bmno++ . '"></a></td></tr>'; } } eval('$vbseo_linkback_menu = "' . fetch_template('vbseo_linkbackmenu_entry') . '";'); vbseo_modify_template('SHOWTHREAD', '#(<td[^>]*?threadtools)#i', '\\$vbseo_linkback_menu$1', 0, '<!--LINKBACK_MENU-->'); eval('$vbseo_linkback_menu_list = "' . fetch_template('vbseo_linkbackmenu') . '";'); if (!vbseo_tpl_search('SHOWTHREAD', '$vbseo_linkback_menu_list')) { vbseo_modify_template('SHOWTHREAD', '#(</body>)#is', '\\$vbseo_linkback_menu_list' . '$1'); } if ($_GET['nojs']) { preg_match('#<table.*?>(.*?)</table>#is', $vbseo_linkback_menu, $vbseo_m); $vbseo_m[1] = str_replace('vbmenu_option', 'alt1', $vbseo_m[1]); $vbseo_m[1] = str_replace('<td', '<td colspan="2"', $vbseo_m[1]); vbseo_modify_template('SHOWTHREAD', "#(sendtofriend\\.gif.*?sendtofriend\\.gif.*?</tr>)#is", "\$1" . addslashes($vbseo_m[1])); } } break; case 'showthread_post_start': global $vbseolinkbacks, $vbcollapse, $vbseo_linkback_uri, $thread, $db, $show, $found_object_ids; if (defined('VBSEO_PRIVATE_REDIRECT_POSTID')) { vbseo_get_options(); if (!($mode_nonlinear = vbseo_is_threadedmode())) { vbseo_get_forum_info(); $r_post_id = VBSEO_PRIVATE_REDIRECT_POSTID; $found_object_ids['prepostthread_ids'] = array($r_post_id); $parr = vbseo_get_post_thread_info($r_post_id, true); $threadid = $parr[$r_post_id]['threadid']; vbseo_get_thread_info($threadid); $excpars = array('p', 'page'); $vbse_rurl = vbseo_thread_url_postid($r_post_id, isset($_GET['page']) ? $_GET['page'] : 1, $mode_nonlinear); if ($vbse_rurl) { vbseo_url_autoadjust($vbse_rurl, $excpars, false); } } } if (VBSEO_IN_PINGBACK || VBSEO_IN_TRACKBACK || VBSEO_IN_REFBACK) { $vbseolinkbacks = ''; vbseo_get_options(); vbseo_get_forum_info(); $vbseo_gcache['thread'][$thread['threadid']] = $thread; $vbseo_linkback_uri = vbseo_thread_url($thread['threadid']); if (!strstr($vbseo_linkback_uri, '://')) { $vbseo_linkback_uri = preg_replace('#/$#', '', $vbulletin->options['bburl']) . '/' . $vbseo_linkback_uri; } $showactusers = $vboptions['showthreadusers'] == 1 || $vboptions['showthreadusers'] == 2 || ($vboptions['showthreadusers'] > 2 and $vbulletin->userinfo['userid']); if (!vbseo_tpl_search('SHOWTHREAD', '$vbseolinkbacks')) { $search_for = $showactusers ? '".(($show[\'activeusers\']' : '$similarthreads'; if (!vbseo_tpl_search('SHOWTHREAD', $search_for)) { $search_for = '<!-- currently active users -->'; } vbseo_modify_template('SHOWTHREAD', $search_for, "\$vbseolinkbacks\n{$search_for}"); } $vbseolinkbackbits = ''; $vbseo_linkbacks_no = 0; $ismod = can_moderate($thread['forumid'], 'vbseo_linkbacks') || $vbulletin && $vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['ismoderator']; if ($thread['vbseo_linkbacks_no'] || $ismod) { $vbseodb = vbseo_get_db(); $vbseopings = $vbseodb->vbseodb_query("\nSELECT t_id, t_time, t_src_url, t_dest_url, t_type, t_postid, t_postcount, t_threadid, t_page, t_title, t_text, t_approve\nFROM " . vbseo_tbl_prefix('vbseo_linkback') . "\nWHERE t_incoming=1 AND t_deleted=0 AND t_wait=0\nAND " . ($ismod ? '' : 't_approve>0 AND ') . "t_threadid = '" . $thread['threadid'] . "' " . "ORDER BY t_time " . (preg_match('#^(asc|desc)$#i', VBSEO_DEFAULT_LINKBACKS_ORDER) ? VBSEO_DEFAULT_LINKBACKS_ORDER : "DESC")); while ($vbseoping = @$vbseodb->funcs['fetch_assoc']($vbseopings)) { $vbseoping['postno'] = $vbseoping['t_postcount']; $vbseoping['ismod'] = $ismod; $vbseoping['date'] = vbdate($vbulletin->options['dateformat'], $vbseoping['t_time'], true); $vbseoping['time'] = vbdate($vbulletin->options['timeformat'], $vbseoping['t_time'], true); $vbseoping['t_text_nohtml'] = htmlspecialchars(strip_tags($vbseoping['t_text'])); $vbseoping['t_title_html'] = htmlspecialchars($vbseoping['t_title']); if ($vbseoping['t_postid']) { $vbseo_gcache['postpings'][$vbseoping['t_postid']]++; } else { $vbseo_gcache['postcounts'][vbseo_thread_pagenum($vbseoping['t_page'] - 1, 0) + 1]++; } eval('$vbseolinkbackbits .= "' . fetch_template('vbseo_linkbackbit') . '";'); $vbseo_linkbacks_no++; } if ($vbseo_linkbacks_no) { eval('$vbseolinkbacks = "' . fetch_template('vbseo_linkbacks') . '";'); if ($showactusers) { $vbseolinkbacks = '<br />' . $vbseolinkbacks; } else { $vbseolinkbacks = $vbseolinkbacks . '<br />'; } } unset($vbseolinkbackbits); } } break; case 'postbit_display_complete': global $thread, $vbseo_lastmod; if (!isset($vbseo_lastmod) || $dat_proc['dateline'] > $vbseo_lastmod) { $vbseo_lastmod = $dat_proc['dateline']; } $dat_proc['preposts'] = $dat_proc['postcount']; $postcache[$dat_proc['postid']] = $dat_proc; $vbseo_gcache['thread'][$thread['threadid']] = $thread; $vbseo_postbit_pingback = VBSEO_POSTBIT_PINGBACK > 0 && THIS_SCRIPT != 'private' && THIS_SCRIPT != 'member'; $vbseo_bookmark = VBSEO_BOOKMARK_POST; if ($vbseo_postbit_pingback || $vbseo_bookmark) { if (!$vboptions['bburl2']) { vbseo_get_options(); vbseo_prepare_seo_replace(); vbseo_get_forum_info(); } $GLOBALS['post']['linkbacksno'] = $vbseo_gcache['postpings'][$GLOBALS['post']['postid']] + $vbseo_gcache['postcounts'][$GLOBALS['post']['postcount']]; $tplpostbit = vbseo_get_postbit_tpl(); if (!defined('VBSEO_POSTBIT_PINGBACK_CHG_' . $tplpostbit) && vbseo_tpl_exists($tplpostbit)) { define('VBSEO_POSTBIT_PINGBACK_CHG_' . $tplpostbit, 1); $is_public = vbseo_forum_is_public($GLOBALS['forum'], $GLOBALS['foruminfo'], false, true); if ($is_public && $vbseo_bookmark && THIS_SCRIPT == 'showthread' && ($bmlist = vbseo_get_bookmarks())) { $vbseo_url_t = urlencode($vboptions['bburl2'] . '/' . vbseo_thread_url($thread['threadid'], $_GET['page']) . '#') . '$post[postid]'; $vbseo_url_t_iis = urlencode($vboptions['bburl2'] . '/' . vbseo_thread_url($thread['threadid'], $_GET['page'])); $book_t = urlencode($thread['title']); $vbseo_post_bookmarks = ''; foreach ($bmlist as $bm) { $vbseo_post_bookmarks .= '<a href=\\"' . str_replace('%url%', $vbseo_url_t, str_replace('%title%', $book_t, $bm[0])) . '\\" target=\\"_blank\\"><img src=\\"' . $bm[1] . '\\" alt=\\"' . $bm[3] . '\\" border=\\"0\\" /></a>'; } $search_for = '<!--VBSEO_BOOKMARKS-->'; if (!vbseo_tpl_search($tplpostbit, $search_for)) { $search_for = '".(($post[\'editlink\'])'; } vbseo_modify_template($tplpostbit, $search_for, '<div style=\\"float:$stylevar[left]\\">' . $vbseo_post_bookmarks . "</div>\n" . $search_for); } if ($vbseo_postbit_pingback) { $pingtpl = '".($post[\'linkbacksno\']?"<a href=\\"' . ($_POST['ajax'] || THIS_SCRIPT != 'showthread' ? 'showthread.' . VBSEO_VB_EXT . '?p=$post[postid]' : "") . '#linkbacks\\"><img class=\\"inlineimg\\" src=\\"images/vbseo/post_linkback.gif\\" alt=\\"".construct_phrase("$vbphrase[vbseo_no_links_to_this_post]",$post[linkbacksno])."\\" border=\\"0\\" /></a> ":"")."'; $pingtpl2 = '<a href=\\"' . ($_POST['ajax'] || THIS_SCRIPT != 'showthread' ? 'showthread.' . VBSEO_VB_EXT . '?p=$post[postid]' : '#post$post[postid]') . '\\" title=\\"".$vbphrase[\'vbseo_link_to_this_post\']."\\">".$vbphrase[\'vbseo_permalink\']."</a>'; if (VBSEO_POSTBIT_PINGBACK == 1) { $pingtpl .= $pingtpl2; } if (vbseo_tpl_search($tplpostbit, '<!--PERMALINK_INFO-->')) { vbseo_modify_template($tplpostbit, '<!--PERMALINK_INFO-->', $pingtpl); } else { if (VBSEO_POSTBIT_PINGBACK == 1) { vbseo_modify_template($tplpostbit, '#(\\$show\\[\'messageicon\'\\] OR \\$post\\[\'title\'\\])(.*?)(<div.*?</div>)#s', '$1 OR 1$2<table cellspacing=\\"0\\" cellpadding=\\"0\\" width=\\"100%\\" border=\\"0\\"> <tr><td>$3</td> <td><div class=\\"smallfont\\" style=\\"float:right\\">' . $pingtpl . '</div></td> </tr></table>'); } else { vbseo_modify_template($tplpostbit, '#("\\.\\(\\(\\$show\\[\'postcount\'\\])#s', $pingtpl . '$1'); } if (VBSEO_POSTBIT_PINGBACK == 3) { vbseo_modify_template($tplpostbit, '#("\\.\\(\\(\\$show\\[\'postcount\'\\].*?</a>)#s', '$1 (<b>' . $pingtpl2 . '</b>)'); } } } } } break; case 'forumhome_complete': global $vbseo_onload; if (!$onload) { $vbseo_onload = " onload=\"if (is_ie || is_moz) { var cpost=document.location.hash;if(cpost){ if(cobj = fetch_object(cpost.substring(1,cpost.length)))cobj.scrollIntoView(true); }}\""; vbseo_modify_template('FORUMHOME', '<body>', '<body$vbseo_onload>'); } if (!is_array($GLOBALS['birthdays'])) { preg_match_all('#<a href="[^"]*?member\\.php\\?u=(\\d+)".*?>(.+?)<#', $GLOBALS['birthdays'], $birthm); foreach ($birthm[1] as $k => $v) { $GLOBALS['usercache'][$v] = array('userid' => $v, 'username' => $birthm[2][$k]); } } break; case 'threadmanage_update': global $threadinfo; if ($threadinfo['title'] != $_REQUEST['title']) { $vbseodb = vbseo_get_db(); $vbseodb->vbseodb_query("UPDATE " . vbseo_tbl_prefix('post') . "\nSET title = '" . $vbseodb->vbseodb_escape_string('re: ' . $_REQUEST['title']) . "'\nWHERE threadid = " . intval($threadinfo['threadid']) . " AND\ntitle = '" . $vbseodb->vbseodb_escape_string('re: ' . $threadinfo['title']) . "'"); } break; case 'editpost_edit_complete': case 'newreply_form_complete': case 'newthread_form_complete': case 'threadmanage_complete': global $db, $disablesmiliesoption, $threadmanagement, $posticons; if (VBSEO_REWRITE_EXT_ADDTITLE) { $disablesmiliesoption = '<div><label for="qr_retrtitle"><input type="checkbox" name="vbseo_retrtitle" value="1" id="qr_retrtitle" ' . ($_POST['vbseo_retrtitle'] || !isset($_POST['vbseo_is_retrtitle']) ? ' checked' : '') . '/>' . $vbphrase['vbseo_auto_retrieve_titles'] . '</label> <input type="hidden" name="vbseo_is_retrtitle" value="1" /></div>' . $disablesmiliesoption; } if (VBSEO_EXT_TRACKBACK && in_array($sec, array('newthread_form_complete', 'threadmanage_complete', 'newreply_form_complete')) && (!$GLOBALS['threadinfo']['threadid'] || $GLOBALS['threadinfo']['open'] == 1)) { $vbseodb = vbseo_get_db(); $vbseopings = $vbseodb->vbseodb_query("\nSELECT t_time, t_dest_url, t_approve\nFROM " . vbseo_tbl_prefix('vbseo_linkback') . "\nWHERE t_incoming=0 AND t_type=1 AND t_threadid = '" . (isset($GLOBALS['threadinfo']) ? $GLOBALS['threadinfo']['threadid'] : $thread['threadid']) . "'\nORDER BY t_time DESC"); $plist = ''; while ($vbseoping = @$vbseodb->funcs['fetch_assoc']($vbseopings)) { $plist .= '<li><strong>' . (strlen($vbseoping['t_dest_url']) > 50 ? substr($vbseoping['t_dest_url'], 0, 50) . '...' : $vbseoping['t_dest_url']) . '</strong></li>'; } if ($plist) { $plist = "<div>" . $vbphrase[vbseo_already_pinged] . ":<ul type=\"disc\">{$plist}</ul></div>"; } $tracklegend = ' <fieldset class="fieldset"> <legend>' . $vbphrase['vbseo_trackback'] . '</legend> <div style="padding:' . $stylevar['formspacer'] . 'px"> ' . $vbphrase['vbseo_send_trackbacks_to'] . ': <div><label for="trackbackto"><input type="text" class="bginput" size="50" name="sendtrackbacks" value="' . $_REQUEST['sendtrackbacks'] . '" id="trackbackto" tabindex="1" /></label> </div> ' . $plist . ' </div> </fieldset> '; if (in_array($sec, array('threadmanage_complete', 'newreply_form_complete', 'newthread_form_complete'))) { $posticons = $tracklegend . $posticons; } } break; } if (VBSEO_GOOGLE_AD_SEC) { $sps = $usps = array(); switch ($sec) { case 'forumdisplay_complete': $sps[] =& $GLOBALS['threadbits']; break; case 'forumbit_display': $sps[] =& $GLOBALS['forum']['title']; break; case 'forumhome_complete': $sps[] =& $GLOBALS['forumbits']; break; case 'postbit_display_complete': $GLOBALS['post']['title_original'] = $GLOBALS['post']['title']; $GLOBALS['post']['message_original'] = $GLOBALS['post']['message']; $sps[] =& $GLOBALS['post']['message']; $sps[] =& $GLOBALS['post']['title']; $usps[] =& $GLOBALS['post']['signature']; $usps[] =& $GLOBALS['post']['musername']; break; } for ($i = 0; $i < count($sps); $i++) { if ($sps[$i]) { $sps[$i] = vbseo_google_ad_section($sps[$i]); } } for ($i = 0; $i < count($usps); $i++) { if ($usps[$i]) { $usps[$i] = vbseo_google_ad_section($usps[$i], true); } } } }
/** * Verify that the current user has basic rights to manipulate tags for this item * * Redirects with appropriate error message if the user can't access the UI. * Its ugly to put it here but the rules very by content type and we want to * hide that from the tag UI. * * @return should not return if the user does not have permissions. */ public function verify_ui_permissions() { global $vbulletin; if (!$vbulletin->options['threadtagging']) { print_no_permission(); } if ( !($this->can_add_tag() OR $this->can_manage_tag()) ) { print_no_permission(); } }
if (!can_delete_all_thanks()) { $using_ajax ? exit : print_no_permission(); } delete_all_thanks($postinfo); ($hook = vBulletinHook::fetch_hook('post_thanks_main_remove_all_thanks_end')) ? eval($hook) : false; if ($using_ajax) { exit; } else { $vbulletin->url = "showthread.php?{$session['sessionurl']}p={$postid}"; eval(print_standard_redirect('redirect_post_thanks')); } } if ($_REQUEST['do'] == 'post_thanks_remove_user') { ($hook = vBulletinHook::fetch_hook('post_thanks_main_remove_user_thanks_start')) ? eval($hook) : false; if (!delete_thanks($postinfo, $vbulletin->userinfo['userid'])) { $using_ajax ? exit : print_no_permission(); } ($hook = vBulletinHook::fetch_hook('post_thanks_main_remove_user_thanks_end')) ? eval($hook) : false; $postinfo['post_thanks_amount'] = $postinfo['post_thanks_amount'] - 1; if ($postinfo['post_thanks_amount'] > 0 && $using_ajax) { $thanks = fetch_thanks($postid, '', true); $postinfo['post_thanks_bit'] = fetch_thanks_bit($forumid, $thanks); $postinfo['post_thanks_amount_formatted'] = vb_number_format($postinfo['post_thanks_amount']); $postinfo['post_thanks_user'] = false; $postinfo['ajax'] = true; $echo = fetch_post_thanks_template($postinfo); echo "{$echo}"; exit; } else { if ($using_ajax) { exit;
/** * Verifies that an issue type is valid. Errors if not. * * @param string Issue type ID * @param integer Project ID. */ function verify_issuetypeid($issuetypeid, $projectid) { global $vbulletin, $vbphrase; $project = fetch_project_info($projectid); if (!$project) { standard_error(fetch_error('invalidid', $vbphrase['issue_type'], $vbulletin->options['contactuslink'])); } $types = $vbulletin->pt_projects["{$project['projectid']}"]['types']; if (!isset($types["{$issuetypeid}"])) { standard_error(fetch_error('invalidid', $vbphrase['issue_type'], $vbulletin->options['contactuslink'])); } $issueperms = fetch_project_permissions($vbulletin->userinfo, $projectid, $issuetypeid); if (!($issueperms['generalpermissions'] & $vbulletin->pt_bitfields['general']['canview'])) { print_no_permission(); } return true; }
function handle_attach($action, $attributes, $content, $params, $node_object) { global $vbulletin, $fr_platform, $db, $contenttype, $images, $nuke_quotes; if ($action == 'validate') { return true; } if (!is_numeric($content)) { return $content; } $attachmentid = intval($content); if ($fr_platform == 'vb40') { $_REQUEST['attachmentid'] = $attachmentid; if (!($attach =& vB_Attachment_Display_Single_Library::fetch_library($vbulletin, $contenttype, true, $attachmentid))) { return ''; } $result = $attach->verify_attachment(); if ($result !== true) { return ''; } $url = $vbulletin->options['bburl'] . '/attachment.php?attachmentid=' . $attachmentid; if (!$nuke_quotes) { $images[] = $url; } return "<img src=\"{$url}\"/>"; } else { if ($fr_platform == 'vb38' || $fr_platform == 'vb37' || $fr_platform == 'vb36') { if (!($attachmentinfo = $db->query_first_slave("\n\t SELECT filename, attachment.postid, attachment.userid, attachmentid, attachment.extension,\n\t " . (!empty($vbulletin->GPC['thumb']) ? 'thumbnail_dateline AS dateline, thumbnail_filesize AS filesize,' : 'attachment.dateline, filesize,') . "\n\t attachment.visible, attachmenttype.newwindow, mimetype, thread.forumid, thread.threadid, thread.postuserid,\n\t post.visible AS post_visible, thread.visible AS thread_visible\n\t {$hook_query_fields}\n\t FROM " . TABLE_PREFIX . "attachment AS attachment\n\t LEFT JOIN " . TABLE_PREFIX . "attachmenttype AS attachmenttype ON (attachmenttype.extension = attachment.extension)\n\t LEFT JOIN " . TABLE_PREFIX . "post AS post ON (post.postid = attachment.postid)\n\t LEFT JOIN " . TABLE_PREFIX . "thread AS thread ON (post.threadid = thread.threadid)\n\t {$hook_query_joins}\n\t WHERE " . ($vbulletin->GPC['postid'] ? "attachment.postid = " . $vbulletin->GPC['postid'] : "attachmentid = " . $attachmentid) . "\n\t {$hook_query_where}\n\t "))) { return ''; } if ($attachmentinfo['postid'] == 0) { // Attachment that is in progress but hasn't been finalized if ($vbulletin->userinfo['userid'] != $attachmentinfo['userid'] and !can_moderate($attachmentinfo['forumid'], 'caneditposts')) { // Person viewing did not upload it return ''; } // else allow user to view the attachment (from the attachment manager for example) } else { $forumperms = fetch_permissions($attachmentinfo['forumid']); $threadinfo = array('threadid' => $attachmentinfo['threadid']); // used for session.inthread $foruminfo = array('forumid' => $attachmentinfo['forumid']); // used for session.inforum # Block attachments belonging to soft deleted posts and threads if (!can_moderate($attachmentinfo['forumid']) and ($attachmentinfo['post_visible'] == 2 or $attachmentinfo['thread_visible'] == 2)) { return ''; } # Block attachments belonging to moderated posts and threads if (!can_moderate($attachmentinfo['forumid'], 'canmoderateposts') and ($attachmentinfo['post_visible'] == 0 or $attachmentinfo['thread_visible'] == 0)) { return ''; } $viewpermission = $forumperms & $vbulletin->bf_ugp_forumpermissions['cangetattachment']; $viewthumbpermission = ($forumperms & $vbulletin->bf_ugp_forumpermissions['cangetattachment'] or $forumperms & $vbulletin->bf_ugp_forumpermissions['canseethumbnails']); if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canview']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewthreads']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewothers']) and ($attachmentinfo['postuserid'] != $vbulletin->userinfo['userid'] or $vbulletin->userinfo['userid'] == 0)) { return ''; } else { if ($vbulletin->GPC['thumb'] and !$viewthumbpermission or !$vbulletin->GPC['thumb'] and !$viewpermission) { return ''; } } // check if there is a forum password and if so, ensure the user has it set verify_forum_password($attachmentinfo['forumid'], $vbulletin->forumcache["{$attachmentinfo['forumid']}"]['password']); if (!$attachmentinfo['visible'] and !can_moderate($attachmentinfo['forumid'], 'canmoderateattachments') and $attachmentinfo['userid'] != $vbulletin->userinfo['userid']) { print_no_permission(); } } $url = $vbulletin->options['bburl'] . '/attachment.php?attachmentid=' . $attachmentid; if (!$nuke_quotes) { $images[] = $url; return "<img src=\"{$url}\"/>"; } else { return ''; } } else { return ''; } } }
/** * Fetches information about the selected blog with permission checks, almost identical to fetch_bloginfo * * @param integer The blog post we want info about * @param mixed Should a permission check be performed as well * * @return array Array of information about the blog or prints an error if it doesn't exist / permission problems */ function verify_blog($blogid, $alert = true, $perm_check = true) { global $vbulletin, $vbphrase; $bloginfo = fetch_bloginfo($blogid); if (!$bloginfo) { if ($alert) { standard_error(fetch_error('invalidid', $vbphrase['blog'], $vbulletin->options['contactuslink'])); } else { return 0; } } if ($perm_check) { if ( ( //belongs to the user and the user can't view own (why?) !($vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canviewown']) AND $bloginfo['userid'] == $vbulletin->userinfo['userid'] ) OR ( //does not belong to the user and the user can't view others. !($vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canviewothers']) AND $bloginfo['userid'] != $vbulletin->userinfo['userid'] ) ) { print_no_permission(); } if ($bloginfo['state'] == 'deleted' AND !can_moderate_blog()) { if (!is_member_of_blog($vbulletin->userinfo, $bloginfo) OR $perm_check === 'modifychild') { // the blog entry is deleted standard_error(fetch_error('invalidid', $vbphrase['blog'], $vbulletin->options['contactuslink'])); } } else if (($bloginfo['pending'] OR $bloginfo['state'] == 'draft') AND !is_member_of_blog($vbulletin->userinfo, $bloginfo)) { // can't view a pending/draft if you aren't the author standard_error(fetch_error('invalidid', $vbphrase['blog'], $vbulletin->options['contactuslink'])); } else if ($bloginfo['state'] == 'moderation' AND !can_moderate_blog('canmoderateentries')) { // the blog entry is awaiting moderation if (!is_member_of_blog($vbulletin->userinfo, $bloginfo) OR $perm_check === 'modifychild') { standard_error(fetch_error('invalidid', $vbphrase['blog'], $vbulletin->options['contactuslink'])); } } else if (in_coventry($bloginfo['userid']) AND !can_moderate_blog()) { standard_error(fetch_error('invalidid', $vbphrase['blog'], $vbulletin->options['contactuslink'])); } else if (!$bloginfo['canviewmyblog']) // Check Socnet permissions { print_no_permission(); } } return $bloginfo; }
function do_upload_photo() { global $vbulletin, $db, $show, $vbphrase, $foruminfo, $userinfo, $albuminfo, $session, $contenttypeid; $vbulletin->input->clean_array_gpc('p', array('caption' => TYPE_STR)); if (empty($albuminfo)) { standard_error(fetch_error('invalidid', $vbphrase['album'], $vbulletin->options['contactuslink'])); } // adding new, can only add in your own if ($userinfo['userid'] != $vbulletin->userinfo['userid']) { print_no_permission(); } $vbulletin->input->clean_gpc('f', 'photo', TYPE_FILE); // format vbulletin expects: $files[name][x]... we only have one per post $vbulletin->GPC['attachment'] = array('name' => array($vbulletin->GPC['photo']['name']), 'tmp_name' => array($vbulletin->GPC['photo']['tmp_name']), 'error' => array($vbulletin->GPC['photo']['error']), 'size' => array($vbulletin->GPC['photo']['size'])); $values['albumid'] = $vbulletin->GPC['albumid']; if (!($attachlib =& vB_Attachment_Store_Library::fetch_library($vbulletin, $contenttypeid, 0, $values))) { json_error("could not create attachment store"); } if (!$attachlib->verify_permissions()) { json_error(ERR_NO_PERMISSION); } $uploadids = $attachlib->upload($vbulletin->GPC['attachment'], array(), $vbulletin->GPC['filedata']); $uploads = explode(',', $uploadids); if (!empty($attachlib->errors)) { $errorlist = ''; foreach ($attachlib->errors as $error) { $filename = htmlspecialchars_uni($error['filename']); $errormessage = $error['error'] ? $error['error'] : $vbphrase["{$error['errorphrase']}"]; json_error($errormessage, RV_UPLOAD_ERROR); } } // Fetch possible destination albums $destination_result = $db->query_read("\n SELECT\n albumid, userid, title, coverattachmentid, state\n FROM " . TABLE_PREFIX . "album\n WHERE\n userid = {$userinfo['userid']}\n "); $destinations = array(); if ($db->num_rows($destination_result)) { while ($album = $db->fetch_array($destination_result)) { $destinations[$album['albumid']] = $album; } } $db->free_result($destination_result); $picture_sql = $db->query_read("\n SELECT\n a.contentid, a.userid, a.caption, a.state, a.dateline, a.attachmentid, a.contenttypeid,\n filedata.extension, filedata.filesize, filedata.thumbnail_filesize, filedata.filedataid\n FROM " . TABLE_PREFIX . "attachment AS a\n INNER JOIN " . TABLE_PREFIX . "filedata AS filedata ON (a.filedataid = filedata.filedataid)\n WHERE\n a.contentid = 0\n AND\n a.attachmentid IN (" . implode(',', $uploads) . ")\n "); while ($picture = $db->fetch_array($picture_sql)) { $attachdata =& datamanager_init('Attachment', $vbulletin, ERRTYPE_ARRAY, 'attachment'); $attachdata->set_existing($picture); $attachdata->set_info('albuminfo', $albuminfo); $attachdata->set_info('destination', $destinations[$albuminfo['albumid']]); $attachdata->set('contentid', $albuminfo['albumid']); $attachdata->set('posthash', ''); $attachdata->set('caption', $vbulletin->GPC['caption']); $attachdata->save(); } // update all albums that pictures were moved to foreach ($destinations as $albumid => $album) { if (sizeof($album['moved_pictures'])) { $albumdata =& datamanager_init('Album', $vbulletin, ERRTYPE_SILENT); $albumdata->set_existing($album); if (!$album['coverattachmentid']) { $albumdata->set('coverattachmentid', array_shift($album['moved_pictures'])); } $albumdata->rebuild_counts(); $albumdata->save(); unset($albumdata); } } $albumdata =& datamanager_init('Album', $vbulletin, ERRTYPE_SILENT); $albumdata->set_existing($albuminfo); $albumdata->rebuild_counts(); if ($new_coverid or $updatecounter) { if ($new_coverid or $cover_moved) { $albumdata->set('coverattachmentid', $new_coverid); } } $albumdata->save(); unset($albumdata); // add to updated list if (can_moderate(0, 'canmoderatepictures') or !$vbulletin->options['albums_pictures_moderation'] and $vbulletin->userinfo['permissions']['albumpermissions'] & $vbulletin->bf_ugp_albumpermissions['picturefollowforummoderation']) { exec_album_updated($vbulletin->userinfo, $albuminfo); } return array('success' => true); }
public function verify_ui_permissions() { global $vbulletin; if (!$vbulletin->options['threadtagging']) { print_no_permission(); } global $vbphrase; $threadinfo = $this->fetch_content_info(); // ********************************************************************************* // check for visible / deleted thread if (!$threadinfo['visible'] and !can_moderate($threadinfo['forumid'], 'canmoderateposts') or $threadinfo['isdeleted'] and !can_moderate($threadinfo['forumid'])) { eval(standard_error(fetch_error('invalidid', $vbphrase['thread'], $this->registry->options['contactuslink']))); } // ********************************************************************************* // jump page if thread is actually a redirect if ($threadinfo['open'] == 10) { $destthreadinfo = fetch_threadinfo($threadinfo['pollid']); exec_header_redirect('thread|js', $destthreadinfo); } // ********************************************************************************* // Tachy goes to coventry if (in_coventry($threadinfo['postuserid']) and !can_moderate($threadinfo['forumid'])) { eval(standard_error(fetch_error('invalidid', $vbphrase['thread'], $this->registry->options['contactuslink']))); } // ********************************************************************************* // get forum info $foruminfo = fetch_foruminfo($threadinfo['forumid']); // ********************************************************************************* // check forum permissions $forumperms = fetch_permissions($threadinfo['forumid']); if (!($forumperms & $this->registry->bf_ugp_forumpermissions['canview']) or !($forumperms & $this->registry->bf_ugp_forumpermissions['canviewthreads'])) { print_no_permission(); } if (!($forumperms & $this->registry->bf_ugp_forumpermissions['canviewothers']) and ($threadinfo['postuserid'] != $this->registry->userinfo['userid'] or $this->registry->userinfo['userid'] == 0)) { print_no_permission(); } // ********************************************************************************* // check if there is a forum password and if so, ensure the user has it set verify_forum_password($foruminfo['forumid'], $foruminfo['password']); // return $show; }
/** * Use vbulletin native system, for throwing error * * @return bool */ public function show_error() { if (!empty($this->error_msg)) { if ('nopermission_loggedin' == $this->error_msg) { print_no_permission(); } standard_error(fetch_error($this->error_msg)); } return false; }
function do_upload_avatar() { global $vbulletin, $db, $show, $vbphrase, $permissions; if (!($permissions['genericpermissions'] & $vbulletin->bf_ugp_genericpermissions['canmodifyprofile'])) { print_no_permission(); } if (!$vbulletin->options['avatarenabled']) { standard_error(fetch_error('avatardisabled')); } if ($vbulletin->userinfo['permissions']['genericpermissions'] & $vbulletin->bf_ugp_genericpermissions['canuseavatar']) { $vbulletin->input->clean_gpc('f', 'upload', TYPE_FILE); // begin custom avatar code require_once DIR . '/includes/class_upload.php'; require_once DIR . '/includes/class_image.php'; $upload = new vB_Upload_Userpic($vbulletin); $upload->data =& datamanager_init('Userpic_Avatar', $vbulletin, ERRTYPE_STANDARD, 'userpic'); $upload->image =& vB_Image::fetch_library($vbulletin); $upload->maxwidth = $vbulletin->userinfo['permissions']['avatarmaxwidth']; $upload->maxheight = $vbulletin->userinfo['permissions']['avatarmaxheight']; $upload->maxuploadsize = $vbulletin->userinfo['permissions']['avatarmaxsize']; $upload->allowanimation = $vbulletin->userinfo['permissions']['genericpermissions'] & $vbulletin->bf_ugp_genericpermissions['cananimateavatar'] ? true : false; if (!$upload->process_upload($vbulletin->GPC['avatarurl'])) { standard_error($upload->fetch_error()); } } // init user data manager $userdata =& datamanager_init('User', $vbulletin, ERRTYPE_STANDARD); $userdata->set_existing($vbulletin->userinfo); $userdata->set('avatarid', 0); ($hook = vBulletinHook::fetch_hook('profile_updateavatar_complete')) ? eval($hook) : false; $userdata->save(); return array('success' => true); }
if (can_moderate($forumid, 'canmassprune')) { exec_header_redirect($vbulletin->config['Misc']['modcpdir'] . '/index.php?' . $vbulletin->session->vars['sessionurl_js'] . 'loc=' . urlencode('thread.php?' . $vbulletin->session->vars['sessionurl_js'] . 'do=prune')); } else { print_no_permission(); } } } // ############################################################################# if ($_REQUEST['do'] == 'modposts') { if (can_moderate(0, 'canmoderateposts')) { exec_header_redirect($vbulletin->config['Misc']['modcpdir'] . '/index.php?' . $vbulletin->session->vars['sessionurl_js'] . 'loc=' . urlencode('moderate.php?' . $vbulletin->session->vars['sessionurl_js'] . 'do=posts')); } else { print_no_permission(); } } // ############################################################################# if ($_REQUEST['do'] == 'modattach') { if (can_moderate(0, 'canmoderateattachments')) { exec_header_redirect($vbulletin->config['Misc']['modcpdir'] . '/index.php?' . $vbulletin->session->vars['sessionurl_js'] . 'loc=' . urlencode('moderate.php?' . $vbulletin->session->vars['sessionurl_js'] . 'do=attachments')); } else { print_no_permission(); } } print_no_permission(); //setup redirects for other options in moderators cp /*======================================================================*\ || #################################################################### || # Downloaded: 22:41, Fri Oct 10th 2008 || # CVS: $RCSfile$ - $Revision: 26399 $ || #################################################################### \*======================================================================*/
public function verify_ui_permissions() { if (!$this->registry->options['vbblog_tagging']) { print_no_permission(); } if ( !($this->can_add_tag() OR $this->can_manage_tag()) ) { print_no_permission(); } }
/** * Reads some context based on general input information */ public function read_input_context() { global $vbulletin; parent::read_input_context(); global $postinfo, $threadinfo, $foruminfo, $pollinfo; global $postid, $threadid, $forumid, $pollid; $vbulletin->input->clean_array_gpc('r', array('postid' => vB_Cleaner::TYPE_UINT, 'threadid' => vB_Cleaner::TYPE_UINT, 'forumid' => vB_Cleaner::TYPE_INT, 'pollid' => vB_Cleaner::TYPE_UINT)); $codestyleid = 0; // Init post/thread/forum values $postinfo = array(); $threadinfo = array(); $foruminfo = array(); // automatically query $postinfo, $threadinfo & $foruminfo if $threadid exists if ($vbulletin->GPC['postid'] and $postinfo = verify_id('post', $vbulletin->GPC['postid'], 0, 1)) { $postid = $postinfo['postid']; $vbulletin->GPC['threadid'] = $postinfo['threadid']; } // automatically query $threadinfo & $foruminfo if $threadid exists if ($vbulletin->GPC['threadid'] and $threadinfo = verify_id('thread', $vbulletin->GPC['threadid'], 0, 1)) { $threadid = $threadinfo['threadid']; $vbulletin->GPC['forumid'] = $forumid = $threadinfo['forumid']; if ($forumid) { $foruminfo = fetch_foruminfo($threadinfo['forumid']); if (($foruminfo['styleoverride'] == 1 or $vbulletin->userinfo['styleid'] == 0) and !defined('BYPASS_STYLE_OVERRIDE')) { $codestyleid = $foruminfo['styleid']; } } if ($vbulletin->GPC['pollid']) { $pollinfo = verify_id('poll', $vbulletin->GPC['pollid'], 0, 1); $pollid = $pollinfo['pollid']; } } else { if ($vbulletin->GPC['forumid']) { $foruminfo = verify_id('forum', $vbulletin->GPC['forumid'], 0, 1); $forumid = $foruminfo['forumid']; if (($foruminfo['styleoverride'] == 1 or $vbulletin->userinfo['styleid'] == 0) and !defined('BYPASS_STYLE_OVERRIDE')) { $codestyleid = $foruminfo['styleid']; } } else { if ($vbulletin->GPC['pollid'] and THIS_SCRIPT == 'poll') { $pollinfo = verify_id('poll', $vbulletin->GPC['pollid'], 0, 1); $pollid = $pollinfo['pollid']; $threadinfo = fetch_threadinfo($pollinfo['threadid']); $threadid = $threadinfo['threadid']; $foruminfo = fetch_foruminfo($threadinfo['forumid']); $forumid = $foruminfo['forumid']; if (($foruminfo['styleoverride'] == 1 or $vbulletin->userinfo['styleid'] == 0) and !defined('BYPASS_STYLE_OVERRIDE')) { $codestyleid = $foruminfo['styleid']; } } } } // ############################################################################# // Redirect if this forum has a link // check if this forum is a link to an outside site if (!empty($foruminfo['link']) and trim($foruminfo['link']) != '' and (THIS_SCRIPT != 'subscription' or $_REQUEST['do'] != 'removesubscription')) { // get permission to view forum $_permsgetter_ = 'forumdisplay'; $forumperms = fetch_permissions($foruminfo['forumid']); if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canview'])) { print_no_permission(); } // add session hash to local links if necessary if (preg_match('#^([a-z0-9_]+\\.php)(\\?.*$)?#i', $foruminfo['link'], $match)) { if ($match[2]) { // we have a ?xyz part, put session url at beginning if necessary $query_string = preg_replace('/([^a-z0-9])(s|sessionhash)=[a-z0-9]{32}(&|&)?/', '\\1', $match[2]); $foruminfo['link'] = $match[1] . '?' . vB::getCurrentSession()->get('sessionurl_js') . substr($query_string, 1); } else { $foruminfo['link'] .= vB::getCurrentSession()->get('sessionurl_q'); } } exec_header_redirect($foruminfo['link'], 301); } $this->force_styleid = $codestyleid; }