/** * Sends the reply notification to users subscribed to this issue. * * @param array Info about this issue * @param array Info about this note (including text) */ function send_issue_reply_notification($issue, $issuenote) { global $vbulletin, $db, $vbphrase; if ($issuenote['type'] != 'user' and $issuenote['type'] != 'petition') { // only send if the note is a "normal" note type return; } $project = fetch_project_info($issue['projectid']); $previousnote = $db->query_first("\r\n\t\tSELECT MAX(dateline) AS dateline\r\n\t\tFROM " . TABLE_PREFIX . "pt_issuenote AS issuenote\r\n\t\tWHERE issuenote.issueid = {$issue['issueid']}\r\n\t\t\tAND issuenote.dateline < {$issuenote['dateline']}\r\n\t\t\tAND issuenote.visible = 'visible'\r\n\t\t\tAND issuenote.type IN ('user', 'petition')\r\n\t"); $notifications = $db->query_read_slave("\r\n\t\tSELECT user.*\r\n\t\tFROM " . TABLE_PREFIX . "pt_issuesubscribe AS issuesubscribe\r\n\t\tINNER JOIN " . TABLE_PREFIX . "user AS user ON (issuesubscribe.userid = user.userid)\r\n\t\tLEFT JOIN " . TABLE_PREFIX . "usergroup AS usergroup ON (usergroup.usergroupid = user.usergroupid)\r\n\t\tLEFT JOIN " . TABLE_PREFIX . "usertextfield AS usertextfield ON (usertextfield.userid = user.userid)\r\n\t\tWHERE issuesubscribe.issueid = {$issue['issueid']}\r\n\t\t\tAND issuesubscribe.subscribetype = 'instant'\r\n\t\t\tAND (usergroup.genericoptions & " . $vbulletin->bf_ugp_genericoptions['isnotbannedgroup'] . ")\r\n\t\t\t" . ($issuenote['userid'] ? "AND CONCAT(' ', IF(usertextfield.ignorelist IS NULL, '', usertextfield.ignorelist), ' ') NOT LIKE ' " . intval($issuenote['userid']) . " '" : '') . "\r\n\t\t\tAND user.userid <> {$issuenote['userid']}\r\n\t\t\tAND user.lastactivity >= " . intval($previousnote['dateline']) . "\r\n\t"); if ($db->num_rows($notifications) == 0) { return; } require_once DIR . '/includes/functions_misc.php'; require_once DIR . '/includes/class_bbcode_alt.php'; $plaintext_parser =& new vB_BbCodeParser_PlainText($vbulletin, fetch_tag_list()); $pagetext_cache = array(); // used to cache the results per languageid for speed $evalemail = array(); $email_texts = $vbulletin->db->query_read_slave("\r\n\t\tSELECT text, languageid, fieldname\r\n\t\tFROM " . TABLE_PREFIX . "phrase\r\n\t\tWHERE fieldname IN ('emailsubject', 'emailbody') AND varname = 'notify_pt'\r\n\t"); while ($email_text = $vbulletin->db->fetch_array($email_texts)) { $emails["{$email_text['languageid']}"]["{$email_text['fieldname']}"] = $email_text['text']; } foreach ($emails as $languageid => $email_text) { // lets cycle through our array of notify phrases $text_message = str_replace("\\'", "'", addslashes(iif(empty($email_text['emailbody']), $emails['-1']['emailbody'], $email_text['emailbody']))); $text_message = replace_template_variables($text_message); $text_subject = str_replace("\\'", "'", addslashes(iif(empty($email_text['emailsubject']), $emails['-1']['emailsubject'], $email_text['emailsubject']))); $text_subject = replace_template_variables($text_subject); $evalemail["{$languageid}"] = ' $message = "' . $text_message . '"; $subject = "' . $text_subject . '"; '; } vbmail_start(); while ($notification = $vbulletin->db->fetch_array($notifications)) { // check that this user has the correct permissions to view if (verify_issue_perms($issue, $notification) === false or verify_issue_note_perms($issue, $issuenote, $notification) === false) { continue; } $notification['username'] = unhtmlspecialchars($notification['username']); $notification['languageid'] = iif($notification['languageid'] == 0, $vbulletin->options['languageid'], $notification['languageid']); // parse the page text into plain text, taking selected language into account if (!isset($pagetext_cache["{$notification['languageid']}"])) { $plaintext_parser->set_parsing_language($notification['languageid']); $pagetext_cache["{$notification['languageid']}"] = $plaintext_parser->parse($issuenote['pagetext'], 'pt'); } $pagetext = $pagetext_cache["{$notification['languageid']}"]; eval(empty($evalemail["{$notification['languageid']}"]) ? $evalemail["-1"] : $evalemail["{$notification['languageid']}"]); vbmail($notification['email'], $subject, $message); } unset($plaintext_parser, $pagetext_cache); vbmail_end(); }
/** * Sends Thread subscription Notifications * * @param integer The Thread ID * @param integer The User ID making the Post * @param integer The Post ID of the new post * */ function exec_send_notification($threadid, $userid, $postid) { // $threadid = threadid to send from; // $userid = userid of who made the post // $postid = only sent if post is moderated -- used to get username correctly global $vbulletin, $message, $postusername; if (!$vbulletin->options['enableemail']) { return; } // include for fetch_phrase require_once DIR . '/includes/functions_misc.php'; $threadinfo = fetch_threadinfo($threadid); $foruminfo = fetch_foruminfo($threadinfo['forumid']); // get last reply time if ($postid) { $dateline = $vbulletin->db->query_first("\n\t\t\tSELECT dateline, pagetext\n\t\t\tFROM " . TABLE_PREFIX . "post\n\t\t\tWHERE postid = {$postid}\n\t\t"); $pagetext_orig = $dateline['pagetext']; $lastposttime = $vbulletin->db->query_first("\n\t\t\tSELECT MAX(dateline) AS dateline\n\t\t\tFROM " . TABLE_PREFIX . "post AS post\n\t\t\tWHERE threadid = {$threadid}\n\t\t\t\tAND dateline < {$dateline['dateline']}\n\t\t\t\tAND visible = 1\n\t\t"); } else { $lastposttime = $vbulletin->db->query_first("\n\t\t\tSELECT MAX(postid) AS postid, MAX(dateline) AS dateline\n\t\t\tFROM " . TABLE_PREFIX . "post AS post\n\t\t\tWHERE threadid = {$threadid}\n\t\t\t\tAND visible = 1\n\t\t"); $pagetext = $vbulletin->db->query_first("\n\t\t\tSELECT pagetext\n\t\t\tFROM " . TABLE_PREFIX . "post\n\t\t\tWHERE postid = {$lastposttime['postid']}\n\t\t"); $pagetext_orig = $pagetext['pagetext']; unset($pagetext); } $threadinfo['title'] = unhtmlspecialchars($threadinfo['title']); $foruminfo['title_clean'] = unhtmlspecialchars($foruminfo['title_clean']); $temp = $vbulletin->userinfo['username']; if ($postid) { $postinfo = fetch_postinfo($postid); $vbulletin->userinfo['username'] = unhtmlspecialchars($postinfo['username']); } else { $vbulletin->userinfo['username'] = unhtmlspecialchars(!$vbulletin->userinfo['userid'] ? $postusername : $vbulletin->userinfo['username']); } require_once DIR . '/includes/class_bbcode_alt.php'; $plaintext_parser =& new vB_BbCodeParser_PlainText($vbulletin, fetch_tag_list()); $pagetext_cache = array(); // used to cache the results per languageid for speed $mod_emails = fetch_moderator_newpost_emails('newpostemail', $foruminfo['parentlist'], $language_info); ($hook = vBulletinHook::fetch_hook('newpost_notification_start')) ? eval($hook) : false; $useremails = $vbulletin->db->query_read_slave("\n\t\tSELECT user.*, subscribethread.emailupdate, subscribethread.subscribethreadid\n\t\tFROM " . TABLE_PREFIX . "subscribethread AS subscribethread\n\t\tINNER JOIN " . TABLE_PREFIX . "user AS user ON (subscribethread.userid = user.userid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "usergroup AS usergroup ON (usergroup.usergroupid = user.usergroupid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "usertextfield AS usertextfield ON (usertextfield.userid = user.userid)\n\t\tWHERE subscribethread.threadid = {$threadid} AND\n\t\t\tsubscribethread.emailupdate IN (1, 4) AND\n\t\t\tsubscribethread.canview = 1 AND\n\t\t\t" . ($userid ? "CONCAT(' ', IF(usertextfield.ignorelist IS NULL, '', usertextfield.ignorelist), ' ') NOT LIKE '% " . intval($userid) . " %' AND" : '') . "\n\t\t\tuser.usergroupid <> 3 AND\n\t\t\tuser.userid <> " . intval($userid) . " AND\n\t\t\tuser.lastactivity >= " . intval($lastposttime['dateline']) . " AND\n\t\t\t(usergroup.genericoptions & " . $vbulletin->bf_ugp_genericoptions['isnotbannedgroup'] . ")\n\t"); vbmail_start(); $evalemail = array(); while ($touser = $vbulletin->db->fetch_array($useremails)) { if (!($vbulletin->usergroupcache["{$touser['usergroupid']}"]['genericoptions'] & $vbulletin->bf_ugp_genericoptions['isnotbannedgroup'])) { continue; } else { if (in_array($touser['email'], $mod_emails)) { // this user already received an email about this post via // a new post email for mods -- don't send another continue; } } $touser['username'] = unhtmlspecialchars($touser['username']); $touser['languageid'] = iif($touser['languageid'] == 0, $vbulletin->options['languageid'], $touser['languageid']); $touser['auth'] = md5($touser['userid'] . $touser['subscribethreadid'] . $touser['salt'] . COOKIE_SALT); if (empty($evalemail)) { $email_texts = $vbulletin->db->query_read_slave("\n\t\t\t\tSELECT text, languageid, fieldname\n\t\t\t\tFROM " . TABLE_PREFIX . "phrase\n\t\t\t\tWHERE fieldname IN ('emailsubject', 'emailbody') AND varname = 'notify'\n\t\t\t"); while ($email_text = $vbulletin->db->fetch_array($email_texts)) { $emails["{$email_text['languageid']}"]["{$email_text['fieldname']}"] = $email_text['text']; } require_once DIR . '/includes/functions_misc.php'; foreach ($emails as $languageid => $email_text) { // lets cycle through our array of notify phrases $text_message = str_replace("\\'", "'", addslashes(iif(empty($email_text['emailbody']), $emails['-1']['emailbody'], $email_text['emailbody']))); $text_message = replace_template_variables($text_message); $text_subject = str_replace("\\'", "'", addslashes(iif(empty($email_text['emailsubject']), $emails['-1']['emailsubject'], $email_text['emailsubject']))); $text_subject = replace_template_variables($text_subject); $evalemail["{$languageid}"] = ' $message = "' . $text_message . '"; $subject = "' . $text_subject . '"; '; } } // parse the page text into plain text, taking selected language into account if (!isset($pagetext_cache["{$touser['languageid']}"])) { $plaintext_parser->set_parsing_language($touser['languageid']); $pagetext_cache["{$touser['languageid']}"] = $plaintext_parser->parse($pagetext_orig, $foruminfo['forumid']); } $pagetext = $pagetext_cache["{$touser['languageid']}"]; if ($threadinfo['prefixid']) { // need prefix in correct language $threadinfo['prefix_plain'] = fetch_phrase("prefix_{$threadinfo['prefixid']}_title_plain", 'global', '', false, true, $touser['languageid'], false) . ' '; } else { $threadinfo['prefix_plain'] = ''; } ($hook = vBulletinHook::fetch_hook('newpost_notification_message')) ? eval($hook) : false; eval(iif(empty($evalemail["{$touser['languageid']}"]), $evalemail["-1"], $evalemail["{$touser['languageid']}"])); if ($touser['emailupdate'] == 4 and !empty($touser['icq'])) { // instant notification by ICQ $touser['email'] = $touser['icq'] . '@pager.icq.com'; } vbmail($touser['email'], $subject, $message); } unset($plaintext_parser, $pagetext_cache); $vbulletin->userinfo['username'] = $temp; vbmail_end(); }
/** * Processes a raw template for conditionals, phrases etc into PHP code for eval() * * @param string Template * * @return string */ function compile_template($template) { $orig_template = $template; $template = addslashes($template); $template = process_template_conditionals($template); $template = process_template_phrases('phrase', $template, 'parse_phrase_tag'); if (!function_exists('replace_template_variables')) { require_once DIR . '/includes/functions_misc.php'; } $template = replace_template_variables($template, false); ($hook = vBulletinHook::fetch_hook('template_compile')) ? eval($hook) : false; $template = str_replace('\\\\$', '\\$', $template); if (function_exists('token_get_all')) { $tokens = @token_get_all('<?php $var = "' . $template . '"; ?>'); foreach ($tokens as $token) { if (is_array($token)) { switch ($token[0]) { case T_INCLUDE: case T_INCLUDE_ONCE: case T_REQUIRE: case T_REQUIRE_ONCE: global $vbphrase; echo "<p> </p><p> </p>"; print_form_header('', '', 0, 1, '', '65%'); print_table_header($vbphrase['vbulletin_message']); print_description_row($vbphrase['file_inclusion_not_permitted']); print_table_footer(2, construct_button_code($vbphrase['go_back'], 'javascript:history.back(1)')); print_cp_footer(); exit; } } } } if (function_exists('verify_demo_template')) { verify_demo_template($template); } return $template; }
function post_save_each($doquery = true) { $blogid = intval($this->fetch_field('blogid')); $userid = intval($this->fetch_field('userid')); $blogtextid = $this->fetch_field('blogtextid'); $postedby_userid = intval($this->fetch_field('postedby_userid')); require_once(DIR . '/vb/search/indexcontroller/queue.php'); vb_Search_Indexcontroller_Queue::indexQueue('vBBlog', 'BlogEntry', 'index', $blogid); vb_Search_Indexcontroller_Queue::indexQueue('vBBlog', 'BlogComment', 'group_data_change', $blogid); if (!$condition AND $this->info['addtags']) { // invalidate users tag cloud $dataman =& datamanager_init('Blog_User', $this->registry, ERRTYPE_SILENT); $info = array('bloguserid' => $userid); $dataman->set_existing($info); $dataman->set('tagcloud', ''); $dataman->save(); } $this->build_category_counters(); build_blog_stats(); // Insert entry for moderation if ($this->fetch_field('state') == 'moderation') { /*insert query*/ $this->dbobject->query_write(" INSERT IGNORE INTO " . TABLE_PREFIX . "blog_moderation (primaryid, type, dateline) VALUES ($blogid, 'blogid', " . TIMENOW . ") "); } // Insert entry for moderation if (!$this->condition AND ($this->fetch_field('state') == 'moderation' OR $this->fetch_field('state') == 'draft') OR $this->fetch_field('pending')) { $userinfo = array('bloguserid' => $userid); $userdata =& datamanager_init('Blog_user', $this->registry, ERRTYPE_SILENT); $userdata->set_existing($userinfo); if ($this->fetch_field('state') == 'moderation' OR $this->fetch_field('state') == 'draft') { $userdata->set($this->fetch_field('state'), $this->fetch_field('state') . ' + 1', false); } if ($this->fetch_field('pending')) { $userdata->set('pending', 'pending + 1', false); } $userdata->save(); } // Send Email Notification if (((!$this->condition AND !$this->fetch_field('pending')) OR $this->info['send_notification']) AND ($this->fetch_field('state') == 'visible' OR $this->fetch_field('state') == 'moderation') AND $this->registry->options['enableemail']) { $lastposttime = $this->dbobject->query_first(" SELECT MAX(dateline) AS dateline FROM " . TABLE_PREFIX . "blog AS blog WHERE blogid = $blogid AND dateline < " . $this->fetch_field('dateline') . " AND state = 'visible' "); $entrytitle = unhtmlspecialchars($this->fetch_field('title')); if (defined('VBBLOG_PERMS') AND $this->registry->userinfo['userid'] == $this->fetch_field('userid')) { $blogtitle = unhtmlspecialchars($this->registry->userinfo['blog_title']); $username = unhtmlspecialchars($this->registry->userinfo['username']); $userinfo =& $this->registry->userinfo; } else { if (!defined('VBBLOG_PERMS')) { // Tell the fetch_userinfo plugin that we need the blog fields in case this class is being called by a non blog script define('VBBLOG_PERMS', true); } $userinfo = fetch_userinfo($this->fetch_field('userid'), 1); cache_permissions($userinfo, false); $blogtitle = unhtmlspecialchars($userinfo['blog_title']); if ($userinfo['userid'] != $this->fetch_field('userid')) { $userinfo2 = fetch_userinfo($this->fetch_field('userid'), 1); $username = unhtmlspecialchars($userinfo2['username']); } else { $username = unhtmlspecialchars($userinfo['username']); } } require_once(DIR . '/includes/class_bbcode_alt.php'); $plaintext_parser = new vB_BbCodeParser_PlainText($this->registry, fetch_tag_list()); $pagetext_cache = array(); // used to cache the results per languageid for speed $pagetext_orig =& $this->fetch_field('pagetext', 'blog_text'); ($hook = vBulletinHook::fetch_hook('blog_user_notification_start')) ? eval($hook) : false; $useremails = $this->dbobject->query_read_slave(" SELECT user.*, blog_subscribeuser.blogsubscribeuserid, bm.blogmoderatorid, ignored.relationid AS ignoreid, buddy.relationid AS buddyid, bu.isblogmoderator, IF(displaygroupid=0, user.usergroupid, displaygroupid) AS displaygroupid FROM " . TABLE_PREFIX . "blog_subscribeuser AS blog_subscribeuser INNER JOIN " . TABLE_PREFIX . "user AS user ON (blog_subscribeuser.userid = user.userid) LEFT JOIN " . TABLE_PREFIX . "blog_moderator AS bm ON (bm.userid = user.userid) LEFT JOIN " . TABLE_PREFIX . "userlist AS buddy ON (buddy.userid = $userid AND buddy.relationid = user.userid AND buddy.type = 'buddy') LEFT JOIN " . TABLE_PREFIX . "userlist AS ignored ON (ignored.userid = $userid AND ignored.relationid = user.userid AND ignored.type = 'ignore') LEFT JOIN " . TABLE_PREFIX . "blog_user AS bu ON (bu.bloguserid = user.userid) WHERE blog_subscribeuser.bloguserid = $userid AND " . ($userid == $postedby_userid ? "blog_subscribeuser.userid <> $userid AND" : "") . " blog_subscribeuser.type = 'email' AND user.usergroupid <> 3 AND user.lastactivity >= " . intval($lastposttime['dateline']) . " "); vbmail_start(); $setoptions = $this->fetch_field('options'); $evalemail = array(); while ($touser = $this->dbobject->fetch_array($useremails)) { cache_permissions($touser, false); // only send private entries to contacts and moderators if ($setoptions["{$this->bitfields['options']['private']}"] AND !$touser['buddyid'] AND !$touser['blogmoderatorid'] AND !is_member_of_blog($touser, $userinfo)) { continue; } if (!($this->registry->usergroupcache["$touser[usergroupid]"]['genericoptions'] & $this->registry->bf_ugp_genericoptions['isnotbannedgroup'])) { continue; } if ($this->fetch_field('state') == 'moderation') { if ($touser['userid'] != $userid AND !can_moderate_blog('canmoderateentries', $touser)) { continue; } } if (!empty($this->info['categories'])) { prepare_blog_category_permissions($touser); if (array_intersect($touser['blogcategorypermissions']['cantview'], $this->info['categories']) AND $userinfo['userid'] != $touser['userid']) { continue; } } if (!($touser['permissions']['vbblog_general_permissions'] & $this->registry->bf_ugp_vbblog_general_permissions['blog_canviewothers'])) { continue; } else if ( !$touser['blogmoderatorid'] AND !($touser['permissions']['adminpermissions'] & $this->registry->bf_ugp_adminpermissions['cancontrolpanel']) AND !($touser['permissions']['adminpermissions'] & $this->registry->bf_ugp_adminpermissions['ismoderator']) AND (!$userinfo['ignore_canviewmyblog'] OR !$touser['ignoreid']) AND (!$userinfo['buddy_canviewmyblog'] OR !$touser['buddyid']) AND (!$userinfo['member_canviewmyblog'] OR (!$userinfo['buddy_canviewmyblog'] AND $touser['budyid']) OR (!$userinfo['ignore_canviewmyblog'] AND $touser['ignoreid'])) AND !is_member_of_blog($touser, $userinfo) ) { continue; } $touser['username'] = unhtmlspecialchars($touser['username']); $touser['languageid'] = iif($touser['languageid'] == 0, $this->registry->options['languageid'], $touser['languageid']); $touser['auth'] = md5($touser['userid'] . $touser['blogsubscribeuserid'] . $touser['salt'] . COOKIE_SALT); if (empty($evalemail)) { $email_texts = $this->dbobject->query_read_slave(" SELECT text, languageid, fieldname FROM " . TABLE_PREFIX . "phrase WHERE fieldname IN ('emailsubject', 'emailbody') AND varname = 'blog_user_notify' "); while ($email_text = $this->dbobject->fetch_array($email_texts)) { $emails["$email_text[languageid]"]["$email_text[fieldname]"] = $email_text['text']; } require_once(DIR . '/includes/functions_misc.php'); foreach ($emails AS $languageid => $email_text) { // lets cycle through our array of notify phrases $text_message = str_replace("\\'", "'", addslashes(iif(empty($email_text['emailbody']), $emails['-1']['emailbody'], $email_text['emailbody']))); $text_message = replace_template_variables($text_message); $text_subject = str_replace("\\'", "'", addslashes(iif(empty($email_text['emailsubject']), $emails['-1']['emailsubject'], $email_text['emailsubject']))); $text_subject = replace_template_variables($text_subject); $evalemail["$languageid"] = ' $message = "' . $text_message . '"; $subject = "' . $text_subject . '"; '; } } // parse the page text into plain text, taking selected language into account if (!isset($pagetext_cache["$touser[languageid]"])) { $plaintext_parser->set_parsing_language($touser['languageid']); $pagetext_cache["$touser[languageid]"] = $plaintext_parser->parse($pagetext_orig); } $pagetext = $pagetext_cache["$touser[languageid]"]; ($hook = vBulletinHook::fetch_hook('blog_user_notification_message')) ? eval($hook) : false; eval(iif(empty($evalemail["$touser[languageid]"]), $evalemail["-1"], $evalemail["$touser[languageid]"])); vbmail($touser['email'], $subject, $message); } unset($plaintext_parser, $pagetext_cache); vbmail_end(); } $this->post_save_each_blogtext($doquery); if ($this->fetch_field('dateline') <= TIMENOW) { $this->insert_dupehash($this->fetch_field('blogid')); } if ($this->condition AND $this->info['emailupdate'] == 'none' AND ($userid != $this->registry->userinfo['userid'] OR ($userid == $this->registry->userinfo['userid'] AND $this->existing['entrysubscribed']))) { $this->dbobject->query_write(" DELETE FROM " . TABLE_PREFIX . "blog_subscribeentry WHERE blogid = $blogid AND userid = $userid "); } else if ($this->info['emailupdate'] == 'email' OR $this->info['emailupdate'] == 'usercp') { $this->dbobject->query_write(" REPLACE INTO " . TABLE_PREFIX . "blog_subscribeentry (blogid, dateline, type, userid) VALUES ($blogid, " . TIMENOW . ", '" . $this->info['emailupdate'] . "', $userid) "); } ($hook = vBulletinHook::fetch_hook('blog_fpdata_postsave')) ? eval($hook) : false; }
$pmdm->pre_save(); if (empty($pmdm->errors)) { $pmdm->save(); ($hook = vBulletinHook::fetch_hook('private_insertpm_complete')) ? eval($hook) : false; } unset($pmdm); } } else { if ($status == -1) { // deleted if ($vbulletin->GPC['send_deleted']) { if (!isset($evalemail_deleted["{$user['languageid']}"])) { $email_text = $db->query_first("\n\t\t\t\t\t\t\tSELECT text\n\t\t\t\t\t\t\tFROM " . TABLE_PREFIX . "phrase\n\t\t\t\t\t\t\tWHERE fieldname = 'emailbody'\n\t\t\t\t\t\t\t\tAND varname = 'moderation_deleted'\n\t\t\t\t\t\t\t\tAND languageid IN(-1,0,{$chosenlanguage})\n\t\t\t\t\t\t\tORDER BY languageid DESC\n\t\t\t\t\t\t"); $email_subject = $db->query_first("\n\t\t\t\t\t\t\tSELECT text\n\t\t\t\t\t\t\tFROM " . TABLE_PREFIX . "phrase\n\t\t\t\t\t\t\tWHERE fieldname = 'emailsubject'\n\t\t\t\t\t\t\t\tAND varname = 'moderation_deleted'\n\t\t\t\t\t\t\t\tAND languageid IN(-1,0,{$chosenlanguage})\n\t\t\t\t\t\t\tORDER BY languageid DESC\n\t\t\t\t\t\t"); $text_message = replace_template_variables(str_replace("\\'", "'", addslashes($email_text['text']))); $text_subject = replace_template_variables(str_replace("\\'", "'", addslashes($email_subject['text']))); $evalemail_deleted["{$user['languageid']}"] = ' $message = "' . $text_message . '"; $subject = "' . $text_subject . '"; '; } eval($evalemail_deleted["{$user['languageid']}"]); vbmail($user['email'], $subject, $message, true); } $userdm =& datamanager_init('User', $vbulletin, ERRTYPE_SILENT); $userdm->set_existing($user); $userdm->delete(); unset($userdm); } } // else, do nothing
/** * Sends email notifications for discussions. * * @param int $discussion - The discussion being updated * @param int $messageid - Id of the message that triggered the update * @param string $postusername - Optional username displayed on post */ function exec_send_sg_notification($discussionid, $gmid = false, $postusername = false) { global $vbulletin; if (!$vbulletin->options['enableemail']) { return; } $discussion = fetch_socialdiscussioninfo($discussionid); // if there are no subscribers, no need to send notifications if (!$discussion['subscribers']) { return; } // if the discussion is moderated or deleted, don't send notification if ('deleted' == $discussion['state'] or 'moderation' == $discussion['state']) { return; } $group = fetch_socialgroupinfo($discussion['groupid']); if (!$gmid) { // get last gmid from discussion $gmid = $vbulletin->db->query_first("\n\t\t\tSELECT MAX(gmid) AS gmid\n\t\t\tFROM " . TABLE_PREFIX . "groupmessage AS groupmessage\n\t\t\tWHERE discussionid = {$discussion['discussionid']}\n\t\t\t\tAND state = 'visible'\n\t\t"); $gmid = $gmid['gmid']; } // get message details $gmessage = fetch_groupmessageinfo($gmid); if (!$gmessage) { return; } // get post time of previous message - if a user hasn't been active since then we won't resend a notification $lastposttime = ($lastposttime = $vbulletin->db->query_first("\n\t\t\tSELECT MAX(dateline) AS dateline\n\t\t\tFROM " . TABLE_PREFIX . "groupmessage AS groupmessage\n\t\t\tWHERE discussionid = {$discussion['discussionid']}\n\t\t\t\tAND dateline < {$gmessage['dateline']}\n\t\t\t\tAND state = 'visible'\n\t")) ? $lastposttime['dateline'] : $gmessage['dateline']; $discussion['title'] = unhtmlspecialchars($discussion['title']); $group['name'] = unhtmlspecialchars($group['name']); // temporarily use postusername in userinfo if (!$postusername) { // get current user name if user exists if ($gmessage['postuserid'] and $userinfo = fetch_userinfo($gmessage['postuserid'])) { $postusername = $userinfo['username']; } else { $postusername = $gmessage['postusername']; } } $postusername = unhtmlspecialchars($postusername); $userid = $gmessage['postuserid']; ($hook = vBulletinHook::fetch_hook('newpost_sg_notification_start')) ? eval($hook) : false; $useremails = $vbulletin->db->query_read_slave("\n\t\tSELECT user.*, subscribediscussion.emailupdate, subscribediscussion.subscribediscussionid, IF(socialgroupmember.userid IS NOT NULL,1,0) ismember\n\t\tFROM " . TABLE_PREFIX . "subscribediscussion AS subscribediscussion\n\t\tINNER JOIN " . TABLE_PREFIX . "user AS user ON (subscribediscussion.userid = user.userid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "usergroup AS usergroup ON (usergroup.usergroupid = user.usergroupid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "usertextfield AS usertextfield ON (usertextfield.userid = user.userid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "socialgroupmember AS socialgroupmember ON (socialgroupmember.userid = user.userid AND socialgroupmember.groupid = {$group['groupid']})\n\t\tWHERE subscribediscussion.discussionid = {$discussion['discussionid']}\n\t\t AND subscribediscussion.emailupdate = 1\n\t\t AND " . ($gmessage['postuserid'] ? " CONCAT(' ', IF(usertextfield.ignorelist IS NULL, '', usertextfield.ignorelist), ' ') NOT LIKE ' " . intval($userid) . " '" : '') . "\n\t\t AND user.usergroupid <> 3\n\t\t AND user.userid <> " . intval($userid) . "\n\t\t AND user.lastactivity >= " . intval($lastposttime) . "\n\t\t AND (usergroup.genericoptions & " . $vbulletin->bf_ugp_genericoptions['isnotbannedgroup'] . ")\n\t"); vbmail_start(); // parser for plaintexting the message pagetext require_once DIR . '/includes/class_bbcode_alt.php'; $plaintext_parser =& new vB_BbCodeParser_PlainText($vbulletin, fetch_tag_list()); $pagetext_cache = array(); // used to cache the results per languageid for speed $evalemail = array(); while ($touser = $vbulletin->db->fetch_array($useremails)) { // check user can view discussion $permissions = cache_permissions($touser, false); if (!($vbulletin->usergroupcache["{$touser['usergroupid']}"]['genericoptions'] & $vbulletin->bf_ugp_genericoptions['isnotbannedgroup']) or !($permissions['forumpermissions'] & $vbulletin->bf_ugp_forumpermissions['canview']) or !($permissions['socialgrouppermissions'] & $vbulletin->bf_ugp_socialgrouppermissions['canviewgroups']) or $group['options'] & $vbulletin->bf_misc_socialgroupoptions['join_to_view'] and !$touser['ismember'] and !($permissions['socialgrouppermissions'] & $vbulletin->bf_ugp_socialgrouppermissions['canalwayscreatediscussion']) and !($permissions['socialgrouppermissions'] & $vbulletin->bf_ugp_socialgrouppermissions['canalwayspostmessage'])) { continue; } $touser['username'] = unhtmlspecialchars($touser['username']); $touser['languageid'] = iif($touser['languageid'] == 0, $vbulletin->options['languageid'], $touser['languageid']); $touser['auth'] = md5($touser['userid'] . $touser['subscribediscussionid'] . $touser['salt'] . COOKIE_SALT); if (empty($evalemail)) { $email_texts = $vbulletin->db->query_read_slave("\n\t\t\t\tSELECT text, languageid, fieldname\n\t\t\t\tFROM " . TABLE_PREFIX . "phrase\n\t\t\t\tWHERE fieldname IN ('emailsubject', 'emailbody') AND varname = 'notify_discussion'\n\t\t\t"); while ($email_text = $vbulletin->db->fetch_array($email_texts)) { $emails["{$email_text['languageid']}"]["{$email_text['fieldname']}"] = $email_text['text']; } require_once DIR . '/includes/functions_misc.php'; foreach ($emails as $languageid => $email_text) { // lets cycle through our array of notify phrases $text_message = str_replace("\\'", "'", addslashes(iif(empty($email_text['emailbody']), $emails['-1']['emailbody'], $email_text['emailbody']))); $text_message = replace_template_variables($text_message); $text_subject = str_replace("\\'", "'", addslashes(iif(empty($email_text['emailsubject']), $emails['-1']['emailsubject'], $email_text['emailsubject']))); $text_subject = replace_template_variables($text_subject); $evalemail["{$languageid}"] = ' $message = "' . $text_message . '"; $subject = "' . $text_subject . '"; '; } } // parse the page text into plain text, taking selected language into account if (!isset($pagetext_cache["{$touser['languageid']}"])) { $plaintext_parser->set_parsing_language($touser['languageid']); $pagetext_cache["{$touser['languageid']}"] = $plaintext_parser->parse($gmessage['pagetext']); } $pagetext = $pagetext_cache["{$touser['languageid']}"]; ($hook = vBulletinHook::fetch_hook('new_sg_message_notification_message')) ? eval($hook) : false; eval(iif(empty($evalemail["{$touser['languageid']}"]), $evalemail["-1"], $evalemail["{$touser['languageid']}"])); vbmail($touser['email'], $subject, $message); } $vbulletin->db->free_result($useremails); unset($plaintext_parser, $pagetext_cache); vbmail_end(); }
/** * Processes a raw template for conditionals, phrases etc into PHP code for eval() * * @param string Template * * @return string */ function compile_template($template, &$errors = array()) { $orig_template = $template; $template = preg_replace('#[\\x00-\\x08\\x0B\\x0C\\x0E-\\x1F]#', '', $template); $new_syntax = (strpos($template, '<vb:') !== false OR strpos($template, '{vb:') !== false); $old_syntax = (strpos($template, '<if') !== false OR strpos($template, '<phrase') !== false); $maybe_old_syntax = preg_match('/(^|[^{])\$[a-z0-9_]+\[?/si', $template); if (!$new_syntax AND ($old_syntax OR $maybe_old_syntax)) { $template = addslashes($template); $template = process_template_conditionals($template); $template = process_template_phrases('phrase', $template, 'parse_phrase_tag'); $template = process_seo_urls($template); if (!function_exists('replace_template_variables') OR !function_exists('validate_string_for_interpolation')) { require_once(DIR . '/includes/functions_misc.php'); } //only check the old style syntax, the new style doesn't use string interpolation and isn't affected //by this exploit. The new syntax doesn't 100% pass this check. if(!validate_string_for_interpolation($template)) { global $vbphrase; echo "<p> </p><p> </p>"; print_form_header('', '', 0, 1, '', '65%'); print_table_header($vbphrase['vbulletin_message']); print_description_row($vbphrase['template_text_not_safe']); print_table_footer(2, construct_button_code($vbphrase['go_back'], 'javascript:history.back(1)')); print_cp_footer(); exit; } $template = replace_template_variables($template, false); $template = str_replace('\\\\$', '\\$', $template); if (function_exists('token_get_all')) { $tokens = @token_get_all('<?php $var = "' . $template . '"; ?>'); foreach ($tokens AS $token) { if (is_array($token)) { switch ($token[0]) { case T_INCLUDE: case T_INCLUDE_ONCE: case T_REQUIRE: case T_REQUIRE_ONCE: { global $vbphrase; echo "<p> </p><p> </p>"; print_form_header('', '', 0, 1, '', '65%'); print_table_header($vbphrase['vbulletin_message']); print_description_row($vbphrase['file_inclusion_not_permitted']); print_table_footer(2, construct_button_code($vbphrase['go_back'], 'javascript:history.back(1)')); print_cp_footer(); exit; } } } } } } else { require_once(DIR . '/includes/class_template_parser.php'); $parser = new vB_TemplateParser($orig_template); try { $parser->validate($errors); } catch (vB_Exception_TemplateFatalError $e) { global $vbphrase; echo "<p> </p><p> </p>"; print_form_header('', '', 0, 1, '', '65%'); print_table_header($vbphrase['vbulletin_message']); print_description_row($vbphrase[$e->getMessage()]); print_table_footer(2, construct_button_code($vbphrase['go_back'], 'javascript:history.back(1)')); print_cp_footer(); exit; } $template = $parser->compile(); // TODO: Reimplement these - if done, $session[], $bbuserinfo[], $vboptions will parse in the template without using {vb:raw, which isn't what we // necessarily want to happen /* if (!function_exists('replace_template_variables')) { require_once(DIR . '/includes/functions_misc.php'); } $template = replace_template_variables($template, false); */ } if (function_exists('verify_demo_template')) { verify_demo_template($template); } ($hook = vBulletinHook::fetch_hook('template_compile')) ? eval($hook) : false; return $template; }
/** * Fetches a specific type of phrase from the database * * @param string Varname of the phrase to be fetched * @param integer Phrase Type ID of the phrase to be fetched * @param string String to be removed from the beginning of specified phrase varname (varname = 'moo_thing', strreplace = 'moo_' => varname = 'thing') * @param boolean Whether or not to parse any quotes in the fetched text ready for eval() * @param boolean Fetch phrase from all languages (?) * @param integer Desired language ID from which to pull the phrase text * @param boolean If true, converts '{1}' and '{2}' into '%1$s' and '%2$s' etc., in preparation for sprintf() parsing * * @return string */ function fetch_phrase($phrasename, $fieldname, $strreplace = '', $doquotes = true, $alllanguages = false, $languageid = -1, $dobracevars = true) { // we need to do some caching in this function I believe global $vbulletin, $vbphrase; static $phrase_cache; if (!empty($strreplace)) { if (strpos("{$phrasename}", $strreplace) === 0) { $phrasename = substr($phrasename, strlen($strreplace)); } } $languageid = intval($languageid); if (!isset($phrase_cache["{$fieldname}-{$phrasename}"])) { $getphrases = $vbulletin->db->query_read_slave("\n\t\t\tSELECT text, languageid, special\n\t\t\tFROM " . TABLE_PREFIX . "phrase AS phrase\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "phrasetype USING (fieldname)\n\t\t\tWHERE phrase.fieldname = '" . $vbulletin->db->escape_string($fieldname) . "'\n\t\t\t\tAND varname = '" . $vbulletin->db->escape_string($phrasename) . "' " . iif(!$alllanguages, "AND languageid IN (-1, 0, " . ($languageid > 0 ? $languageid : intval(LANGUAGEID)) . ")")); while ($getphrase = $vbulletin->db->fetch_array($getphrases)) { $phrase_cache["{$fieldname}-{$phrasename}"]["{$getphrase['languageid']}"] = $getphrase['text']; $phrase_cache["{$fieldname}-{$phrasename}"]['special'] = $getphrase['special']; } unset($getphrase); $vbulletin->db->free_result($getphrases); } $phrase =& $phrase_cache["{$fieldname}-{$phrasename}"]; $special = $phrase['special']; if ($languageid == -1) { // didn't pass in a languageid as this is the default value so use the browsing user's languageid $languageid = LANGUAGEID; } else { if ($languageid == 0) { // the user is using forum default $languageid = $vbulletin->options['languageid']; } } if (isset($phrase["{$languageid}"])) { $messagetext = $phrase["{$languageid}"]; } else { if (isset($phrase[0])) { $messagetext = $phrase[0]; } else { if (isset($phrase['-1'])) { $messagetext = $phrase['-1']; } else { if (isset($vbphrase["{$phrasename}"]) and (VB_AREA == 'Upgrade' or VB_AREA == 'Install')) { $messagetext = $vbphrase["{$phrasename}"]; } else { $messagetext = "Could not find phrase '{$phrasename}'."; } } } } if ($dobracevars) { $messagetext = str_replace('%', '%%', $messagetext); $messagetext = preg_replace('#\\{([0-9]+)\\}#sU', '%\\1$s', $messagetext); } if ($doquotes) { $messagetext = str_replace("\\'", "'", addslashes($messagetext)); if ($special) { // these phrases have variables in them. Thus, they could have variables like $vboptions that need to be replaced $messagetext = replace_template_variables($messagetext, false); } } return $messagetext; }
public static function compile(vB_DomNode $main_node, vB_TemplateParser $parser) { $true_value = ''; $else_value = ''; $elseif_conditions = array(); $write_location = 'true'; $child_nodes = $main_node->childNodes(); foreach (array_keys($child_nodes) AS $key) { // find the 3 types of conditional values: if (true), elseif, else (false) // use a switch with references so we can write to a single variable for each case $node =& $child_nodes["$key"]; switch ($write_location) { case 'true': $location_ref =& $true_value; break; case 'else': $location_ref =& $else_value; break; case 'elseif': $keys = array_keys($elseif_conditions); $key = end($keys); $location_ref =& $elseif_conditions[$key]['value']; } if ($node->type == 'text') { $location_ref .= $parser->_escape_string($node->value); } else if ($node->type == 'tag') { switch ($node->value) { case 'elseif': // found an elseif tag, make a new entry $elseif_conditions[] = array( 'condition' => $node->attributes['condition'], 'value' => '' ); $write_location = 'elseif'; break; case 'else': // move to else $write_location = 'else'; break; default: // any other tag -- this isn't related to this if $location_ref .= $parser->_default_node_handler($node); break; } } else if ($node->type == 'curly') { $location_ref .= $parser->_default_node_handler($node); } } // merge the 2 types with conditions (true, elseif) together $conditions = array_merge(array( 0 => array( 'condition' => $main_node->attributes['condition'], 'value' => $true_value )), $elseif_conditions); // now loop through these conditions. Elseif can not be handled by a ternary // operator, so emulate it via if{}else{if{}else{}. $output = "'';"; if (!function_exists('replace_template_variables')) { require_once(DIR . '/includes/functions_misc.php'); } $condition_value = replace_template_variables($condition_value, true); foreach ($conditions AS $condition) { $output .= ' if (' . replace_template_variables($condition['condition'], true) . ') { ' .$parser->outputVar . " .= '" . $condition['value'] . "';" . ' } else'; } $output .= ' { ' . $parser->outputVar . " .= '" . $else_value . "';" . ' }'; $output .= $parser->outputVar . " .= ''"; return $output; }
// get bits for faq text cache $faqtext = array(); if (is_array($ifaqcache["{$faqparent}"])) { fetch_faq_text_array($ifaqcache["{$faqparent}"]); } else { eval(standard_error(fetch_error('invalidid', $vbphrase['faq_item'], $vbulletin->options['contactuslink']))); } // $censorchars is used in the vb_censor_explain phrase $censorchars = $vbulletin->options['censorchar'] . $vbulletin->options['censorchar'] . $vbulletin->options['censorchar'] . $vbulletin->options['censorchar'] . $vbulletin->options['censorchar']; require_once DIR . '/includes/functions_misc.php'; // display FAQs $faq = array(); foreach ($ifaqcache["{$faqparent}"] as $faq) { if ($faq['displayorder'] > 0) { $text = str_replace(array("\\'", '\\\\$'), array("'", '\\$'), addslashes($faq['text'])); eval('$faq[\'text\'] = "' . replace_template_variables($text) . '";'); construct_faq_item($faq, $find, $replace, $replace); } } $faqtitle = $faqcache["{$faqparent}"]['title']; $show['faqtitle'] = iif($faqtitle, true, false); // get navbar stuff $parents = array(); fetch_faq_parents($faqcache["{$faqparent}"]['faqname']); foreach (array_reverse($parents) as $key => $val) { // fix for bug #1660 if (isset($navbits["{$key}"])) { unset($navbits["{$key}"]); } $navbits["{$key}"] = $val; }
function vbseo_get_email_templates($emailtpl) { global $vbulletin; $evalemail = array(); $email_texts = $vbulletin->db->query_read("\nSELECT text, languageid, varname\nFROM " . vbseo_tbl_prefix('phrase') . "\nWHERE varname LIKE '{$emailtpl}%'\n"); while ($email_text = $vbulletin->db->fetch_array($email_texts)) { $emails["{$email_text['languageid']}"]["{$email_text['varname']}"] = $email_text['text']; } require_once DIR . '/includes/functions_misc.' . VBSEO_VB_EXT; foreach ($emails as $languageid => $email_text) { $text_message = str_replace("\\'", "'", addslashes(iif(empty($email_text[$emailtpl . '_msg']), $emails['-1'][$emailtpl . '_msg'], $email_text[$emailtpl . '_msg']))); $text_message = replace_template_variables($text_message); $text_subject = str_replace("\\'", "'", addslashes(iif(empty($email_text[$emailtpl . '_subj']), $emails['-1'][$emailtpl . '_subj'], $email_text[$emailtpl . '_subj']))); $text_subject = replace_template_variables($text_subject); $evalemail["{$languageid}"] = ' $msg = "' . $text_message . '"; $subj = "' . $text_subject . '"; '; } return $evalemail; }