/** * Get the form to add a bookmark / set breadcrumbs. * * @param mixed Where the form should go to * @return tempcode The form */ function add_bookmark_form($post_url) { $title = get_page_title('ADD_BOOKMARK'); require_lang('zones'); require_code('character_sets'); $url = base64_decode(get_param('url', '', true)); $url = convert_to_internal_encoding($url, 'UTF-8'); // Note that this is intentionally passed in to not be a short URL $page_link = convert_to_internal_encoding(url_to_pagelink($url, false, false), 'UTF-8'); $default_title = get_param('title', '', true); $default_title = convert_to_internal_encoding($default_title, 'UTF-8'); $default_title = preg_replace('#\\s.\\s' . str_replace('#', '\\#', preg_quote(get_site_name())) . '$#s', '', $default_title); $default_title = preg_replace('#^' . str_replace('#', '\\#', preg_quote(get_site_name())) . '\\s.\\s#s', '', $default_title); $default_title_2 = @preg_replace('#\\s.\\s' . str_replace('#', '\\#', preg_quote(get_site_name())) . '$#su', '', $default_title); $default_title_2 = @preg_replace('#^' . str_replace('#', '\\#', preg_quote(get_site_name())) . '\\s.\\s#su', '', $default_title_2); if ($default_title_2 !== false) { $default_title = $default_title_2; } if (!is_string($default_title)) { $default_title = ''; } require_code('form_templates'); $rows = $GLOBALS['SITE_DB']->query_select('bookmarks', array('DISTINCT b_folder'), array('b_owner' => get_member()), 'ORDER BY b_folder'); $list = new ocp_tempcode(); $list->attach(form_input_list_entry('', false, do_lang_tempcode('NA_EM'))); $list->attach(form_input_list_entry('!', true, do_lang_tempcode('ROOT_EM'))); foreach ($rows as $row) { if ($row['b_folder'] != '') { $list->attach(form_input_list_entry($row['b_folder'])); } } $fields = new ocp_tempcode(); $fields->attach(form_input_list(do_lang_tempcode('OLD_BOOKMARK_FOLDER'), do_lang_tempcode('DESCRIPTION_OLD_BOOKMARK_FOLDER'), 'folder', $list, NULL, false, false)); $fields->attach(form_input_line(do_lang_tempcode('ALT_FIELD', do_lang_tempcode('NEW_BOOKMARK_FOLDER')), do_lang_tempcode('DESCRIPTION_NEW_BOOKMARK_FOLDER'), 'folder_new', '', false)); $fields->attach(form_input_line(do_lang_tempcode('TITLE'), do_lang_tempcode('DESCRIPTION_TITLE'), 'title', $default_title == '' ? '' : substr($default_title, 0, 200), true)); $fields->attach(form_input_line(do_lang_tempcode('PAGE_LINK'), do_lang_tempcode('DESCRIPTION_PAGE_LINK_BOOKMARK'), 'page_link', $page_link, true)); $submit_name = do_lang_tempcode('ADD_BOOKMARK'); breadcrumb_set_parents(array(array('_SELF:_SELF:misc', do_lang_tempcode('MANAGE_BOOKMARKS')))); $javascript = 'standardAlternateFields(\'folder\',\'folder_new\'); var title=document.getElementById(\'title\'); if (((title.value==\'\') || (title.value==\'0\')) && (window.opener)) title.value=getInnerHTML(window.opener.document.getElementsByTagName(\'title\')[0]); '; return do_template('FORM_SCREEN', array('_GUID' => '7e94bb97008de4fa0fffa2b5f91c95eb', 'TITLE' => $title, 'HIDDEN' => '', 'TEXT' => '', 'FIELDS' => $fields, 'URL' => $post_url, 'SUBMIT_NAME' => $submit_name, 'JAVASCRIPT' => $javascript)); }
/** * Add comments to the specified resource. * * @param boolean Whether this resource allows comments (if not, this function does nothing - but it's nice to move out this common logic into the shared function) * @param ID_TEXT The type (download, etc) that this commenting is for * @param ID_TEXT The ID of the type that this commenting is for * @param mixed The URL to where the commenting will pass back to (to put into the comment topic header) (URLPATH or Tempcode) * @param ?string The title to where the commenting will pass back to (to put into the comment topic header) (NULL: don't know, but not first post so not important) * @param ?string The name of the forum to use (NULL: default comment forum) * @param boolean Whether to not require a captcha * @param ?BINARY Whether the post is validated (NULL: unknown, find whether it needs to be marked unvalidated initially). This only works with the OCF driver (hence is the last parameter). * @param boolean Whether to force allowance * @param boolean Whether to skip a success message * @param boolean Whether posts made should not be shared * @return boolean Whether a hidden post has been made */ function actualise_post_comment($allow_comments, $content_type, $content_id, $content_url, $content_title, $forum = NULL, $avoid_captcha = false, $validated = NULL, $explicit_allow = false, $no_success_message = false, $private = false) { if (!$explicit_allow) { if (get_option('is_on_comments') == '0' || !$allow_comments) { return false; } if (!has_specific_permission(get_member(), 'comment', get_page_name())) { return false; } } if (running_script('preview')) { return false; } $forum_tie = get_option('is_on_strong_forum_tie') == '1'; if (addon_installed('captcha')) { if (array_key_exists('post', $_POST) && $_POST['post'] != '' && !$avoid_captcha) { require_code('captcha'); enforce_captcha(); } } $post_title = post_param('title', NULL); if (is_null($post_title) && !$forum_tie) { return false; } $post = post_param('post', NULL); if ($post == do_lang('POST_WARNING')) { $post = ''; } if ($post == do_lang('THREADED_REPLY_NOTICE', do_lang('POST_WARNING'))) { $post = ''; } if ($post == '' && $post_title !== '') { $post = $post_title; $post_title = ''; } if ($post === '') { warn_exit(do_lang_tempcode('NO_PARAMETER_SENT', 'post')); } if (is_null($post)) { $post = ''; } $email = trim(post_param('email', '')); if ($email != '') { $body = '> ' . str_replace(chr(10), chr(10) . '> ', $post); if (substr($body, -2) == '> ') { $body = substr($body, 0, strlen($body) - 2); } if (get_page_name() != 'tickets') { $post .= '[staff_note]'; } $post .= "\n\n" . '[email subject="Re: ' . comcode_escape($post_title) . ' [' . get_site_name() . ']" body="' . comcode_escape($body) . '"]' . $email . '[/email]' . "\n\n"; if (get_page_name() != 'tickets') { $post .= '[/staff_note]'; } } $content_title = strip_comcode($content_title); if (is_null($forum)) { $forum = get_option('comments_forum_name'); } $content_url_flat = is_object($content_url) ? $content_url->evaluate() : $content_url; $_parent_id = post_param('parent_id', ''); $parent_id = $_parent_id == '' ? NULL : intval($_parent_id); $poster_name_if_guest = post_param('poster_name_if_guest', ''); list($topic_id, $is_hidden) = $GLOBALS['FORUM_DRIVER']->make_post_forum_topic($forum, $content_type . '_' . $content_id, get_member(), $post_title, $post, $content_title, do_lang('COMMENT'), $content_url_flat, NULL, NULL, $validated, $explicit_allow ? 1 : NULL, $explicit_allow, $poster_name_if_guest, $parent_id, false, !$private && $post != '' ? 'comment_posted' : NULL, !$private && $post != '' ? $content_type . '_' . $content_id : NULL); if (!is_null($topic_id)) { if (!is_integer($forum)) { $forum_id = $GLOBALS['FORUM_DRIVER']->forum_id_from_name($forum); } else { $forum_id = (int) $forum; } if (get_forum_type() == 'ocf' && !is_null($GLOBALS['LAST_POST_ID'])) { $extra_review_ratings = array(); global $REVIEWS_STRUCTURE; if (array_key_exists($content_type, $REVIEWS_STRUCTURE)) { $reviews_rating_criteria = $REVIEWS_STRUCTURE[$content_type]; } else { $reviews_rating_criteria[] = ''; } foreach ($reviews_rating_criteria as $rating_type) { // Has there actually been any rating? $rating = post_param_integer('review_rating__' . fix_id($rating_type), NULL); if (!is_null($rating)) { if ($rating > 10 || $rating < 1) { log_hack_attack_and_exit('VOTE_CHEAT'); } $GLOBALS['SITE_DB']->query_insert('review_supplement', array('r_topic_id' => $GLOBALS['LAST_TOPIC_ID'], 'r_post_id' => $GLOBALS['LAST_POST_ID'], 'r_rating_type' => $rating_type, 'r_rating_for_type' => $content_type, 'r_rating_for_id' => $content_id, 'r_rating' => $rating)); } } } } if (!$private && $post != '') { list(, $submitter, , $safe_content_url, $cma_info) = get_details_behind_feedback_code($content_type, $content_id); $content_type_title = $content_type; if (!is_null($cma_info) && isset($cma_info['content_type_label'])) { $content_type_title = do_lang($cma_info['content_type_label']); } // Notification require_code('notifications'); $username = $GLOBALS['FORUM_DRIVER']->get_username(get_member()); $subject = do_lang('NEW_COMMENT_SUBJECT', get_site_name(), $content_title == '' ? ocp_mb_strtolower($content_type_title) : $content_title, array($post_title, $username), get_site_default_lang()); $username = $GLOBALS['FORUM_DRIVER']->get_username(get_member()); $message_raw = do_lang('NEW_COMMENT_BODY', comcode_escape(get_site_name()), comcode_escape($content_title == '' ? ocp_mb_strtolower($content_type_title) : $content_title), array($post_title == '' ? do_lang('NO_SUBJECT') : $post_title, post_param('post'), comcode_escape($content_url_flat), comcode_escape($username)), get_site_default_lang()); dispatch_notification('comment_posted', $content_type . '_' . $content_id, $subject, $message_raw); // Is the user gonna automatically enable notifications for this? if (get_forum_type() == 'ocf') { $auto_monitor_contrib_content = $GLOBALS['OCF_DRIVER']->get_member_row_field(get_member(), 'm_auto_monitor_contrib_content'); if ($auto_monitor_contrib_content == 1) { enable_notifications('comment_posted', $content_type . '_' . $content_id); } } // Activity $real_content_type = convert_ocportal_type_codes('feedback_type_code', $content_type, 'cma_hook'); if (may_view_content_behind_feedback_code($GLOBALS['FORUM_DRIVER']->get_guest_id(), $real_content_type, $content_id)) { if (is_null($submitter)) { $submitter = $GLOBALS['FORUM_DRIVER']->get_guest_id(); } $activity_type = is_null($submitter) || is_guest($submitter) ? '_ADDED_COMMENT_ON' : 'ADDED_COMMENT_ON'; if ($content_title == '') { syndicate_described_activity($activity_type . '_UNTITLED', ocp_mb_strtolower($content_type_title), $content_type_title, '', url_to_pagelink(is_object($safe_content_url) ? $safe_content_url->evaluate() : $safe_content_url), '', '', convert_ocportal_type_codes('feedback_type_code', $content_type, 'addon_name'), 1, NULL, false, $submitter); } else { syndicate_described_activity($activity_type, $content_title, ocp_mb_strtolower($content_type_title), $content_type_title, url_to_pagelink(is_object($safe_content_url) ? $safe_content_url->evaluate() : $safe_content_url), '', '', convert_ocportal_type_codes('feedback_type_code', $content_type, 'addon_name'), 1, NULL, false, $submitter); } } } if ($post != '' && $forum_tie && !$no_success_message) { require_code('site2'); assign_refresh($GLOBALS['FORUM_DRIVER']->topic_url($GLOBALS['FORUM_DRIVER']->find_topic_id_for_topic_identifier($forum, $content_type . '_' . $content_id), $forum), 0.0); } if ($post != '' && !$no_success_message) { attach_message(do_lang_tempcode('SUCCESS')); } return $is_hidden; }
/** * Render a menu branch to tempcode. * * @param array The menu branch map * @param SHORT_TEXT An identifier for the menu (will be used as a unique id by menu javascript code) * @param MEMBER The member the menu is being built as * @param integer The depth into the menu that this branch resides at * @param ID_TEXT The menu type (determines what templates get used) * @param boolean Whether to generate Comcode with admin privilege * @param array Array of all other branches * @param integer The level * @return array A pair: array of parameters of the menu branch (or NULL if unrenderable, or Tempcode of something to attach), and whether it is expanded */ function render_menu_branch($branch, $codename, $source_member, $level, $type, $as_admin, $all_branches, $the_level = 1) { global $REDIRECTED_TO; $caption = mixed(); // Initialise type to mixed if (is_string($branch['caption']) && strpos($branch['caption'], '[') !== false) { $caption = comcode_to_tempcode($branch['caption'], $source_member, $as_admin); } else { $caption = $branch['caption']; } if (!is_null($branch['only_on_page']) && $branch['only_on_page'] != '') { if (strpos($branch['only_on_page'], '{') !== false) { require_code('tempcode_compiler'); $branch['only_on_page'] = static_evaluate_tempcode(template_to_tempcode($branch['only_on_page'])); } if ($branch['only_on_page'] != '' && !match_key_match($branch['only_on_page'])) { return array(NULL, false); } // We are not allowed to render this on this page } $current_zone = false; $current_page = false; $expand_this = false; $tooltip = array_key_exists('caption_long', $branch) ? $branch['caption_long'] : ''; if (is_null($tooltip)) { $tooltip = ''; } // Caused by corrupt in DB. translate table join failed due to corrupt lang string reference $dp = $GLOBALS['ZONE']['zone_default_page']; $url = mixed(); // Spacers if ($branch['type'] == 'blank') { return array(do_template('MENU_SPACER_' . filter_naughty_harsh($type), array('MENU' => $codename, 'TOP_LEVEL' => $the_level == 1, 'THE_LEVEL' => strval($the_level), 'CURRENT' => $current_page, 'CURRENT_ZONE' => $current_zone), NULL, false, 'MENU_SPACER_tree'), false); } // Normal branches... $users_current_zone = get_zone_name(); // Work out the final URL to use $url = $branch['special']; if (is_object($url)) { if (isset($url->seq_parts) && isset($url->seq_parts[0]) && $url->seq_parts[0][3] == 'PAGE_LINK') { $url = $url->seq_parts[0][1][0]; if (is_object($url)) { $url = $url->evaluate(); } } elseif (isset($url->bits) && isset($url->bits[0]) && $url->bits[0][2] == 'PAGE_LINK') { $url = $url->bits[0][3][0]; if (is_object($url)) { $url = $url->evaluate(); } } elseif (substr($url->evaluate(), 0, strlen(get_base_url())) == get_base_url()) { $page_link = url_to_pagelink($url->evaluate(), true, true); if ($page_link != '') { $url = $page_link; } } } if (!is_object($url)) { $parts = array(); if (preg_match('#([\\w-]*):([\\w-]+|[^/]|$)((:(.*))*)#', $url, $parts) != 0 && $parts[1] != 'mailto') { $page_link = $url; list($zone_name, $map, $hash) = page_link_decode($url); if ($zone_name == 'forum' && get_forum_type() != 'ocf') { return array(NULL, false); } if (!isset($map['page'])) { $map['page'] = get_zone_default_page($zone_name); } // If we need to check access if (array_key_exists('check_perms', $branch['modifiers'])) { if (!has_zone_access(get_member(), $zone_name)) { return array(NULL, false); } if (!has_page_access(get_member(), $map['page'], $zone_name)) { return array(NULL, false); } } // Scan for Tempcode symbols etc foreach ($map as $key => $val) { if (strpos($val, '{') !== false) { require_code('tempcode_compiler'); $map[$key] = template_to_tempcode($val); } } $url = build_url($map, $zone_name, NULL, false, false, false, $hash); // See if this is current page $somewhere_definite = false; $_parts = array(); foreach ($all_branches as $_branch) { if (!is_string($_branch['special'])) { continue; } if (preg_match('#([\\w-]*):([\\w-]+|[^/]|$)((:(.*))*)#', $_branch['special'], $_parts) != 0) { if ($_parts[1] == $users_current_zone) { $somewhere_definite = true; } } } $current_zone = $zone_name == $users_current_zone || !is_null($REDIRECTED_TO) && $zone_name == $REDIRECTED_TO['r_to_zone'] && !$somewhere_definite; // This code is a bit smart, as zone menus usually have a small number of zones on them - redirects will be counted into the zone redirected to, so long as there is no more suitable zone and so long as it is not a transparent redirect if ($zone_name == $users_current_zone || !is_null($REDIRECTED_TO) && $zone_name == $REDIRECTED_TO['r_to_zone'] && array_key_exists('page', $map) && $map['page'] == $REDIRECTED_TO['r_to_page']) { $current_page = true; foreach ($map as $k => $v) { if (is_integer($v)) { $v = strval($v); } if (is_object($v)) { $v = $v->evaluate(); } if ($v == '' && $k == 'page') { $v = 'start'; if ($zone_name == $users_current_zone) { global $ZONE; $v = $ZONE['zone_default_page']; } } $pv = get_param($k, $k == 'page' ? $dp : NULL, true); if ($pv !== $v && ($k != 'page' || is_null($REDIRECTED_TO) || !is_null($REDIRECTED_TO) && ($v !== $REDIRECTED_TO['r_to_page'] || $zone_name != $REDIRECTED_TO['r_to_zone'])) && ($k != 'type' || $v != 'misc') && ($v != $dp || $k != 'page' || get_param('page', '') != '') && substr($k, 0, 5) != 'keep_') { $current_page = false; break; } } } } else { $page_link = ''; $sym_pos = mixed(); $sym_pos = is_null($url) ? false : strpos($url, '{$'); if ($sym_pos !== false) { $_url = new ocp_tempcode(); $len = strlen($url); $prev = 0; do { $p_len = $sym_pos + 1; $balance = 1; while ($p_len < $len && $balance != 0) { if ($url[$p_len] == '{') { $balance++; } elseif ($url[$p_len] == '}') { $balance--; } $p_len++; } $_url->attach(substr($url, $prev, $sym_pos - $prev)); $_ret = new ocp_tempcode(); $_ret->parse_from($url, $sym_pos, $p_len); $_url->attach($_ret); $prev = $p_len; $sym_pos = strpos($url, '{$', $sym_pos + 1); } while ($sym_pos !== false); $_url->attach(substr($url, $prev)); $url = $_url; } } } else { $page_link = NULL; } // Children $children = new ocp_tempcode(); $display = 'block'; if ($branch['type'] == 'drawer') { $new_children = array(); foreach ($branch['children'] as $i => $child) { list($children2, $_expand_this) = render_menu_branch($child, $codename, $source_member, $level + 1, $type, $as_admin, $all_branches, $the_level + 1); if ($_expand_this) { $expand_this = true; } if ($children2 !== '' && !is_null($children2)) { $new_children[] = $children2; } } $num = count($new_children); foreach ($new_children as $i => $child) { if (is_object($child)) { $children->attach($child); } else { $children->attach(do_template('MENU_BRANCH_' . filter_naughty_harsh($type), $child + array('POSITION' => strval($i), 'LAST' => $i == $num - 1, 'BRETHREN_COUNT' => strval($num)), NULL, false, 'MENU_BRANCH_tree')); } } if ($children->is_empty()) { return array(NULL, false); } // Nothing here! if (!array_key_exists('expanded', $branch['modifiers']) && !$expand_this && !$current_page) { $display = has_js() ? 'none' : 'block'; // We remap to 'none' using JS. If no JS, it remains visible. Once we have learn't we have JS, we don't need to do it again } else { $display = 'block'; } } // Data cleanups $escape = is_string($caption) && !array_key_exists('comcode', $branch['modifiers']); if ($escape) { $caption = escape_html($caption); } // Access key if ($page_link === '_SEARCH:help') { $accesskey = '6'; } elseif ($page_link === '_SEARCH:rules') { $accesskey = '7'; } elseif ($page_link === '_SEARCH:staff:type=misc') { $accesskey = '5'; } else { $accesskey = ''; } // Other properties $popup = array_key_exists('popup', $branch['modifiers']); $popup_width = ''; $popup_height = ''; if ($popup) { $popup_width = strval($branch['width']); $popup_height = strval($branch['height']); } $new_window = array_key_exists('new_window', $branch['modifiers']); // Render! $rendered_branch = array('RANDOM' => substr(md5(uniqid('')), 0, 7), 'CAPTION' => $caption, 'IMG' => array_key_exists('img', $branch) ? $branch['img'] : '', 'URL' => $url, 'PAGE_LINK' => $page_link, 'ACCESSKEY' => $accesskey, 'POPUP' => $popup, 'POPUP_WIDTH' => $popup_width, 'POPUP_HEIGHT' => $popup_height, 'NEW_WINDOW' => $new_window, 'TOOLTIP' => $tooltip, 'CHILDREN' => $children, 'DISPLAY' => $display, 'MENU' => $codename, 'TOP_LEVEL' => $the_level == 1, 'THE_LEVEL' => strval($the_level), 'CURRENT' => $current_page, 'CURRENT_ZONE' => $current_zone); return array($rendered_branch, $current_page || $expand_this); }
/** * The actualiser to set match-key access. * * @return tempcode The UI */ function set_keys_access() { $GLOBALS['HELPER_PANEL_PIC'] = 'pagepics/matchkeysecurity'; $GLOBALS['HELPER_PANEL_TUTORIAL'] = 'tut_permissions'; $title = get_page_title('PAGE_MATCH_KEY_ACCESS'); // Delete to cleanup $GLOBALS['SITE_DB']->query('DELETE FROM ' . $GLOBALS['SITE_DB']->get_table_prefix() . 'group_page_access WHERE page_name LIKE \'' . db_encode_like('%:%') . '\''); $mkeylang = collapse_2d_complexity('id', 'k_message', $GLOBALS['SITE_DB']->query_select('match_key_messages', array('id', 'k_message'))); $GLOBALS['SITE_DB']->query_delete('match_key_messages'); $groups = $GLOBALS['FORUM_DRIVER']->get_usergroup_list(false, true); foreach ($_POST as $key => $val) { if (get_magic_quotes_gpc()) { $val = stripslashes($val); } // See if we can tidy it back to a page-link (assuming it's not one already) $page_link = url_to_pagelink($val, true); if ($page_link != '') { $val = $page_link; } if (substr($key, 0, 4) == 'key_' && $val != '') { foreach (array_keys($groups) as $gid) { if (post_param_integer('p_' . substr($key, 4) . '__' . strval($gid), 0) == 1) { $GLOBALS['SITE_DB']->query_insert('group_page_access', array('zone_name' => '/', 'page_name' => $val, 'group_id' => $gid)); } } } if (substr($key, 0, 5) == 'mkey_' && $val != '') { $id = substr($key, 5); if (substr($id, 0, 4) == 'new_' || !array_key_exists(intval($id), $mkeylang)) { $GLOBALS['SITE_DB']->query_insert('match_key_messages', array('k_message' => insert_lang(post_param('msg_' . $id), 2), 'k_match_key' => $val)); } else { $GLOBALS['SITE_DB']->query_insert('match_key_messages', array('k_message' => lang_remap($mkeylang[intval($id)], post_param('msg_' . $id)), 'k_match_key' => $val)); unset($mkeylang[intval($id)]); } } } foreach ($mkeylang as $lid) { delete_lang($lid); } decache('main_sitemap'); breadcrumb_set_parents(array(array('_SELF:_SELF:keys', do_lang_tempcode('PAGE_MATCH_KEY_ACCESS')))); breadcrumb_set_self(do_lang_tempcode('DONE')); // Show it worked / Refresh $url = build_url(array('page' => '_SELF', 'type' => 'keys'), '_SELF'); return redirect_screen($title, $url, do_lang_tempcode('SUCCESS')); }
/** * Show a banner according to GET parameter specification. * * @param boolean Whether to return a result rather than outputting * @param ?string Whether we are displaying or click-processing (NULL: get from URL param) * @set "click" "" * @param ?string Specific banner to display (NULL: get from URL param) (blank: randomise) * @param ?string Banner type to display (NULL: get from URL param) * @param ?integer Whether we are only showing our own banners, rather than allowing external rotation ones (NULL: get from URL param) * @param ?string The banner advertisor who is actively displaying the banner (calling up this function) and hence is rewarded (NULL: get from URL param) (blank: our own site) * @return ?tempcode Result (NULL: we weren't asked to return the result) */ function banners_script($ret = false, $type = NULL, $dest = NULL, $b_type = NULL, $internal_only = NULL, $source = NULL) { require_code('images'); require_lang('banners'); // If this is being called for a click through if (is_null($type)) { $type = get_param('type', ''); } if ($type == 'click') { // Input parameters if (is_null($source)) { $source = get_param('source', ''); } if (is_null($dest)) { $dest = get_param('dest', ''); } // Has the banner been clicked before? $test = $GLOBALS['SITE_DB']->query_value('banner_clicks', 'MAX(c_date_and_time)', array('c_ip_address' => get_ip_address(), 'c_banner_id' => $dest)); $unique = is_null($test) || $test < time() - 60 * 60 * 24; // Find the information about the dest $rows = $GLOBALS['SITE_DB']->query_select('banners', array('site_url', 'hits_to', 'campaign_remaining'), array('name' => $dest)); if (!array_key_exists(0, $rows)) { fatal_exit(do_lang_tempcode('MISSING_RESOURCE')); } $myrow = $rows[0]; $url = $myrow['site_url']; $page_link = url_to_pagelink($url); if ($page_link != '') { $keep = symbol_tempcode('KEEP', array(strpos($url, '?') === false ? '1' : '0')); $url .= $keep->evaluate(); } if ($unique) { if (get_db_type() != 'xml') { $GLOBALS['SITE_DB']->query('UPDATE ' . get_table_prefix() . 'banners SET hits_to=(hits_to+1) WHERE ' . db_string_equal_to('name', $dest), 1); } $campaignremaining = $myrow['campaign_remaining']; if (!is_null($campaignremaining)) { if (get_db_type() != 'xml') { $GLOBALS['SITE_DB']->query('UPDATE ' . get_table_prefix() . 'banners SET campaign_remaining=(campaign_remaining-1) WHERE ' . db_string_equal_to('name', $dest), 1); } } } // Find the information about the source if ($source != '' && $unique) { $rows = $GLOBALS['SITE_DB']->query_select('banners', array('hits_from', 'campaign_remaining'), array('name' => $source)); if (!array_key_exists(0, $rows)) { fatal_exit(do_lang_tempcode('BANNER_MISSING_SOURCE')); } $myrow = $rows[0]; if (get_db_type() != 'xml') { $GLOBALS['SITE_DB']->query('UPDATE ' . get_table_prefix() . 'banners SET hits_from=(hits_from+1) WHERE ' . db_string_equal_to('name', $source), 1); } $campaignremaining = $myrow['campaign_remaining']; if (!is_null($campaignremaining)) { if (get_db_type() != 'xml') { $GLOBALS['SITE_DB']->query('UPDATE ' . get_table_prefix() . 'banners SET campaign_remaining=(campaign_remaining+1) WHERE ' . db_string_equal_to('name', $source), 1); } } } // Log the click load_user_stuff(); $GLOBALS['SITE_DB']->query_insert('banner_clicks', array('c_date_and_time' => time(), 'c_member_id' => get_member(), 'c_ip_address' => get_ip_address(), 'c_source' => $source, 'c_banner_id' => $dest)); if (strpos($url, chr(10)) !== false || strpos($url, chr(13)) !== false) { log_hack_attack_and_exit('HEADER_SPLIT_HACK'); } header('Location: ' . $url); } else { if (is_null($dest)) { $dest = get_param('dest', ''); } if (is_null($b_type)) { $b_type = get_param('b_type', ''); } if (is_null($internal_only)) { $internal_only = get_param_integer('internal_only', 0); } if ($internal_only == 0 && $dest == '' && $b_type == '') { $adcode = get_option('money_ad_code'); if ($adcode != '' && (0 == $GLOBALS['SITE_DB']->query_value('banners', 'COUNT(*)', array('validated' => 1)) || mt_rand(0, 100) > intval(get_option('advert_chance')))) { if ($ret) { return make_string_tempcode($adcode); } $echo = do_template('BASIC_HTML_WRAP', array('_GUID' => 'fd6fc24384dd13e7931ceb369a500672', 'TITLE' => do_lang_tempcode('BANNER'), 'CONTENT' => $adcode)); $echo->evaluate_echo(); return NULL; } } // A community banner then... // ========================== // Input parameters (clicks-in from source site) if (is_null($source)) { $source = get_param('source', ''); } // To allow overriding to specify a specific banner if ($dest != '') { $myquery = 'SELECT * FROM ' . get_table_prefix() . 'banners WHERE ' . db_string_equal_to('name', $dest); } else { $myquery = 'SELECT * FROM ' . get_table_prefix() . 'banners WHERE ((the_type<>' . strval(BANNER_CAMPAIGN) . ') OR (campaign_remaining>0)) AND ((expiry_date IS NULL) OR (expiry_date>' . strval(time()) . ')) AND ' . db_string_not_equal_to('name', $source) . ' AND validated=1 AND ' . db_string_equal_to('b_type', $b_type); } // Run Query $rows = $GLOBALS['SITE_DB']->query($myquery, 500, NULL, true); if (is_null($rows)) { $rows = array(); } // Error, but tolerate it as it could be on each page load // Filter out what we don't have permission for if (get_option('use_banner_permissions', true) === '1') { load_user_stuff(); require_code('permissions'); $groups = _get_where_clause_groups(get_member()); if (!is_null($groups)) { $perhaps = collapse_1d_complexity('category_name', $GLOBALS['SITE_DB']->query('SELECT category_name FROM ' . get_table_prefix() . 'group_category_access WHERE ' . db_string_equal_to('module_the_name', 'banners') . ' AND (' . $groups . ')')); $new_rows = array(); foreach ($rows as $row) { if (in_array($row['name'], $perhaps)) { $new_rows[] = $row; } } $rows = $new_rows; } } // Are we allowed to show default banners? $counter = 0; $show_defaults = true; while (array_key_exists($counter, $rows)) { $myrow = $rows[$counter]; if ($myrow['the_type'] == BANNER_CAMPAIGN) { $show_defaults = false; } $counter++; } // Count the total of all importance_modulus entries $tally = 0; $counter = 0; $bound = array(); while (array_key_exists($counter, $rows)) { $myrow = $rows[$counter]; if ($myrow['the_type'] == 2 && !$show_defaults) { $myrow['importance_modulus'] = 0; } $tally += $myrow['importance_modulus']; $bound[$counter] = $tally; $counter++; } if ($tally == 0) { load_user_stuff(); require_code('permissions'); if (has_actual_page_access(NULL, 'cms_banners') && has_submit_permission('mid', get_member(), get_ip_address(), 'cms_banners')) { $add_banner_url = build_url(array('page' => 'cms_banners', 'type' => 'ad'), get_module_zone('cms_banners')); } else { $add_banner_url = new ocp_tempcode(); } $content = do_template('BANNERS_NONE', array('_GUID' => 'b786ec327365d1ef38134ce401db9dd2', 'ADD_BANNER_URL' => $add_banner_url)); if ($ret) { return $content; } $echo = do_template('BASIC_HTML_WRAP', array('_GUID' => '00c8549b88dac8a1291450eb5b681d80', 'TARGET' => '_top', 'TITLE' => do_lang_tempcode('BANNER'), 'CONTENT' => $content)); $echo->evaluate_echo(); return NULL; } // Choose which banner to show from the results $rand = mt_rand(0, $tally); for ($i = 0; $i < $counter; $i++) { if ($rand <= $bound[$i]) { break; } } $name = $rows[$i]['name']; // Update the counts (ones done per-view) if (get_db_type() != 'xml') { $GLOBALS['SITE_DB']->query('UPDATE ' . get_table_prefix() . 'banners SET views_to=(views_to+1) WHERE ' . db_string_equal_to('name', $name), 1, NULL, false, true); } if ($source != '') { if (get_db_type() != 'xml') { $GLOBALS['SITE_DB']->query('UPDATE ' . get_table_prefix() . 'banners SET views_from=(views_from+1) WHERE ' . db_string_equal_to('name', $name), 1, NULL, false, true); } } // Display! $img = $rows[$i]['img_url']; $caption = get_translated_tempcode($rows[$i]['caption']); $content = show_banner($name, $rows[$i]['b_title_text'], $caption, $img, $source, $rows[$i]['site_url'], $rows[$i]['b_type']); if ($ret) { return $content; } $echo = do_template('BASIC_HTML_WRAP', array('_GUID' => 'd23424ded86c850f4ae0006241407ff9', 'TITLE' => do_lang_tempcode('BANNER'), 'CONTENT' => $content)); $echo->evaluate_echo(); } return NULL; }
/** * Add a menu item from details in POST. * * @param ID_TEXT The name of the menu the item is on * @param integer The ID of the menu item (i.e. what it is referenced as in POST) * @param array The map of IDs on the menu (ID=>parent) * @param ?integer The ID of the parent branch (NULL: no parent) * @param array The map of menu id=>string language IDs employed by items before the edit * @param integer The order this branch has in the editor (and due to linearly moving through, the number of branches shown assembled ready) */ function add_menu_item($menu, $id, &$ids, $parent, &$old_menu_bits, &$order) { // Load in details of menu item $caption = post_param('caption_' . strval($id), ''); // Default needed to workaround Opera problem $caption_long = post_param('caption_long_' . strval($id), ''); // Default needed to workaround Opera problem $page_only = post_param('match_tags_' . strval($id), ''); // Default needed to workaround Opera problem $theme_img_code = post_param('theme_img_code_' . strval($id), ''); // Default needed to workaround Opera problem $check_permissions = post_param_integer('check_perms_' . strval($id), 0); $branch_type = post_param('branch_type_' . strval($id), 'branch_plus'); // Default needed to workaround Opera problem if ($branch_type == 'branch_plus') { $expanded = 1; } else { $expanded = 0; } $new_window = post_param_integer('new_window_' . strval($id), 0); /* if ($branch_type=='page') {*/ $url = post_param('url_' . strval($id), ''); // See if we can tidy it back to a page-link if (preg_match('#^\\w+$#', $url) != 0) { $url = ':' . $url; } // So users do not have to think about zones $page_link = url_to_pagelink($url, true); if ($page_link != '') { $url = $page_link; } elseif (strpos($url, ':') === false) { $url = fixup_protocolless_urls($url); } // } else $url=''; $menu_save_map = array('i_menu' => $menu, 'i_order' => $order, 'i_parent' => $parent, 'i_url' => $url, 'i_check_permissions' => $check_permissions, 'i_expanded' => $expanded, 'i_new_window' => $new_window, 'i_page_only' => $page_only, 'i_theme_img_code' => $theme_img_code); // Save if (array_key_exists($id, $old_menu_bits)) { $lang_code = $old_menu_bits[$id]['i_caption']; $lang_code_2 = $old_menu_bits[$id]['i_caption_long']; $menu_save_map += array('i_caption' => $lang_code, 'i_caption_long' => $lang_code_2); unset($old_menu_bits[$id]); $insert_id = $id; $GLOBALS['SITE_DB']->query_update('menu_items', $menu_save_map, array('id' => $id)); lang_remap($lang_code, $caption); lang_remap($lang_code_2, $caption_long); } else { $lang_code = insert_lang($caption, 1); $lang_code_2 = insert_lang($caption_long, 1); $menu_save_map += array('i_caption' => $lang_code, 'i_caption_long' => $lang_code_2); $insert_id = $GLOBALS['SITE_DB']->query_insert('menu_items', $menu_save_map, true); } // Menu item children $my_kids = array(); foreach ($ids as $new_id => $child_parent) { if (strval($id) == $child_parent) { $my_kids[] = $new_id; } } foreach ($my_kids as $new_id) { $this->add_menu_item($menu, $new_id, $ids, $insert_id, $old_menu_bits, $order); $order++; } }
/** * Convert the specified comcode (text format) into a tempcode tree. You shouldn't output the tempcode tree to the browser, as it looks really horrible. If you are in a rare case where you need to output directly (not through templates), you should call the evaluate method on the tempcode object, to convert it into a string. * * @param LONG_TEXT The comcode to convert * @param MEMBER The member the evaluation is running as. This is a security issue, and you should only run as an administrator if you have considered where the comcode came from carefully * @param boolean Whether to explicitly execute this with admin rights. There are a few rare situations where this should be done, for data you know didn't come from a member, but is being evaluated by one. * @param ?integer The position to conduct wordwrapping at (NULL: do not conduct word-wrapping) * @param ?string A special identifier that can identify this resource in a sea of our resources of this class; usually this can be ignored, but may be used to provide a binding between Javascript in evaluated comcode, and the surrounding environment (NULL: no explicit binding) * @param object The database connection to use * @param boolean Whether to parse so as to create something that would fit inside a semihtml tag. It means we generate HTML, with Comcode written into it where the tag could never be reverse-converted (e.g. a block). * @param boolean Whether this is being pre-parsed, to pick up errors before row insertion. * @param boolean Whether to treat this whole thing as being wrapped in semihtml, but apply normal security otherwise. * @param boolean Whether we are only doing this parse to find the title structure * @param boolean Whether to only check the Comcode. It's best to use the check_comcode function which will in turn use this parameter. * @param ?array A list of words to highlight (NULL: none) * @param ?MEMBER The member we are running on behalf of, with respect to how attachments are handled; we may use this members attachments that are already within this post, and our new attachments will be handed to this member (NULL: member evaluating) * @return tempcode The tempcode generated */ function comcode_text_to_tempcode($comcode, $source_member, $as_admin, $wrap_pos, $pass_id, $connection, $semiparse_mode, $preparse_mode, $is_all_semihtml, $structure_sweep, $check_only, $highlight_bits = NULL, $on_behalf_of_member = NULL) { global $ADVERTISING_BANNERS, $ALLOWED_ENTITIES, $POTENTIALLY_EMPTY_TAGS, $CODE_TAGS, $REVERSABLE_TAGS, $PUREHTML_TAGS, $DANGEROUS_TAGS, $VALID_COMCODE_TAGS, $BLOCK_TAGS, $POTENTIAL_JS_NAUGHTY_ARRAY, $TEXTUAL_TAGS, $LEET_FILTER, $IMPORTED_CUSTOM_COMCODE, $REPLACE_TARGETS; $wml = false; // removed feature from ocPortal now $print_mode = get_param_integer('wide_print', 0) == 1; $len = strlen($comcode); if (function_exists('set_time_limit') && ini_get('max_execution_time') != '0') { @set_time_limit(300); } $allowed_html_seqs = array('<table>', '<table class="[^"]*">', '<table class="[^"]*" summary="[^"]*">', '<table summary="[^"]*">', '</table>', '<tr>', '</tr>', '<td>', '</td>', '<th>', '</th>', '<pre>', '</pre>', '<br />', '<br/>', '<br >', '<br>', '<p>', '</p>', '<p />', '<b>', '</b>', '<u>', '</u>', '<i>', '</i>', '<em>', '</em>', '<strong>', '</strong>', '<li>', '</li>', '<ul>', '</ul>', '<ol>', '</ol>', '<del>', '</del>', '<dir>', '</dir>', '<s>', '</s>', '</a>', '</font>', '<!--', '<h1 id="main_page_title">', '<h1 class="main_page_title">', '<h1 id="main_page_title" class="main_page_title">', '</h1>', '<img (class="inline_image" )?alt="[^"]*" src="[^"]*" (complete="true" )*/>', '<img src=["\'][^"\'<>]*["\']( border=["\'][^"\'<>]*["\'])?( alt=["\'][^"\'<>]*["\'])?( )?(/)?' . '>', '<a href=["\'][^"\'<>]*["\']( target=["\'][^"\'<>]*["\'])?' . '>'); // HTML tag may actually be used in very limited conditions: only the following HTML seqs will come out as HTML. This is, unless the blacklist filter is used instead. if ($as_admin) { $comcode_dangerous = true; $comcode_dangerous_html = true; } else { $comcode_dangerous = $GLOBALS['MICRO_BOOTUP'] == 0 && has_specific_permission($source_member, 'comcode_dangerous'); $comcode_dangerous_html = false; if (has_specific_permission($source_member, 'allow_html') && ($is_all_semihtml || strpos($comcode, '[html') !== false || strpos($comcode, '[semihtml') !== false)) { $comcode_dangerous_html = true; /*foreach (array_keys($POTENTIALLY_EMPTY_TAGS) as $tag) // Find whether we really need to enable the computational-expensive filtering. Code disabled, not sure why this would have ever worked! { if (($tag!='html') && ($tag!='semihtml') && (strpos($comcode,'['.$tag)!==false)) { $comcode_dangerous_html=false; break; } }*/ } } if (is_null($pass_id)) { $pass_id = strval(mt_rand(0, 32000)); } // This is a unique ID that refers to this specific piece of comcode global $COMCODE_ATTACHMENTS; if (!array_key_exists($pass_id, $COMCODE_ATTACHMENTS)) { $COMCODE_ATTACHMENTS[$pass_id] = array(); } // Tag level $current_tag = ''; $attribute_map = array(); $tag_output = new ocp_tempcode(); $continuation = ''; $close = mixed(); // Properties that come from our tag $white_space_area = true; $textual_area = true; $formatting_allowed = true; $in_html = false; $in_semihtml = $is_all_semihtml; $in_separate_parse_section = false; // Not escaped because it has to be passed to a secondary filter $in_code_tag = false; $code_nest_stack = 0; // Our state $status = CCP_NO_MANS_LAND; $lax = $GLOBALS['LAX_COMCODE'] || function_exists('get_member') && $source_member != get_member() || count($_POST) == 0; // if we don't want to produce errors for technically invalid Comcode $tag_stack = array(); $pos = 0; $line_starting = true; $just_ended = false; $none_wrap_length = 0; $just_new_line = true; // So we can detect lists starting right away $just_title = false; global $NUM_LINES; $NUM_LINES = 0; $queued_tempcode = new ocp_tempcode(); $mindless_mode = false; // If we're doing a semi parse mode and going over a tag we don't actually process $tag_raw = ''; if (!is_null($wrap_pos) && strtolower(get_charset()) == 'utf-8') { $wrap_pos *= 2; } $stupidity_mode = get_value('stupidity_mode'); // bork or leet if ($comcode_dangerous) { $stupidity_mode = get_param('stupidity_mode', ''); } if ($stupidity_mode == 'leet') { $LEET_FILTER = array('B' => '8', 'C' => '(', 'E' => '3', 'G' => '9', 'I' => '1', 'L' => '1', 'O' => '0', 'P' => '9', 'S' => '5', 'U' => '0', 'V' => '\\/', 'Z' => '2'); } $smilies = $GLOBALS['FORUM_DRIVER']->find_emoticons(); // We'll be needing the smiley array $shortcuts = array('(EUR-)' => '€', '{f.}' => 'ƒ', '-|-' => '†', '=|=' => '‡', '{%o}' => '‰', '{~S}' => 'Š', '{~Z}' => 'Ž', '(TM)' => '™', '{~s}' => 'š', '{~z}' => 'ž', '{.Y.}' => 'Ÿ', '(c)' => '©', '(r)' => '®', '---' => '—', '--' => '–', '...' => '…', '-->' => '→', '<--' => '←'); // Text syntax possibilities, that get maintained as our cursor moves through the text block $list_indent = 0; $list_type = 'ul'; if ($is_all_semihtml) { filter_html($as_admin, $source_member, $pos, $len, $comcode, false, false); } // Pre-filter the whole lot (note that this means during general output we do no additional filtering) while ($pos < $len) { $next = $comcode[$pos]; ++$pos; // State machine switch ($status) { case CCP_NO_MANS_LAND: if ($next == '[') { // Look ahead to make sure it's a valid tag. If it's not then it's considered normal user input, not a tag at all $dif = $pos < $len && $comcode[$pos] == '/' ? 1 : 0; $ahead = substr($comcode, $pos + $dif, MAX_COMCODE_TAG_LOOK_AHEAD_LENGTH); $equal_pos = strpos($ahead, '='); $space_pos = strpos($ahead, ' '); $end_pos = strpos($ahead, ']'); $lax_end_pos = strpos($ahead, '['); $cl_pos = strpos($ahead, chr(10)); if ($equal_pos === false) { $equal_pos = MAX_COMCODE_TAG_LOOK_AHEAD_LENGTH + 3; } if ($space_pos === false) { $space_pos = MAX_COMCODE_TAG_LOOK_AHEAD_LENGTH + 3; } if ($end_pos === false) { $end_pos = MAX_COMCODE_TAG_LOOK_AHEAD_LENGTH + 3; } if ($lax_end_pos === false) { $lax_end_pos = MAX_COMCODE_TAG_LOOK_AHEAD_LENGTH + 3; } if ($cl_pos === false) { $cl_pos = MAX_COMCODE_TAG_LOOK_AHEAD_LENGTH + 3; } $use_pos = min($equal_pos, $space_pos, $end_pos, $lax_end_pos, $cl_pos); $potential_tag = strtolower(substr($ahead, 0, $use_pos)); if ($use_pos != 22 && (!$in_semihtml || $dif == 1 || $potential_tag != 'html' && $potential_tag != 'semihtml') && (!$in_html || $dif == 1 && $potential_tag == 'html') && (!$in_code_tag || isset($CODE_TAGS[$potential_tag]) && $potential_tag == $current_tag) && (!$structure_sweep || $potential_tag != 'contents')) { if ($in_code_tag) { if ($dif == 1) { $code_nest_stack--; } else { $code_nest_stack++; } $ok = $code_nest_stack == -1; } else { $ok = true; } if ($ok) { if (!isset($VALID_COMCODE_TAGS[$potential_tag])) { if (!$IMPORTED_CUSTOM_COMCODE) { _custom_comcode_import($connection); } } if (isset($VALID_COMCODE_TAGS[$potential_tag]) && strtolower(substr($ahead, 0, 2)) != 'i ') { if ($comcode[$pos] != '/' || count($tag_stack) == 0) { $mindless_mode = $semiparse_mode && (!isset($REVERSABLE_TAGS[$potential_tag]) || is_string($REVERSABLE_TAGS[$potential_tag]) && preg_match($REVERSABLE_TAGS[$potential_tag], substr($comcode, $pos, 100)) != 0) && !isset($PUREHTML_TAGS[$potential_tag]); } else { $mindless_mode = $tag_stack[count($tag_stack) - 1][7]; } $close = false; $current_tag = ''; if ($GLOBALS['XSS_DETECT']) { ocp_mark_as_escaped($continuation); } $tag_output->attach($continuation); $continuation = ''; if ($just_new_line || isset($BLOCK_TAGS[$potential_tag])) { list($close_list, $list_indent) = _close_open_lists($list_indent, $list_type); if ($GLOBALS['XSS_DETECT']) { ocp_mark_as_escaped($close_list); } $tag_output->attach($close_list); } $status = CCP_STARTING_TAG; if ($mindless_mode) { if ($comcode[$pos] != '/') { if (array_key_exists($potential_tag, $BLOCK_TAGS)) { $tag_raw = '​<kbd title="' . escape_html($potential_tag) . '" class="ocp_keep_block">['; } else { $tag_raw = '​<kbd title="' . escape_html($potential_tag) . '" class="ocp_keep">['; } } else { $tag_raw = '['; } } else { $tag_raw = ''; } continue; } } } else { if ($use_pos != 22 && (($in_semihtml || $in_html) && ($potential_tag == 'html' || $potential_tag == 'semihtml')) && !$in_code_tag) { $ahc = strpos($ahead, ']'); if ($ahc !== false) { $pos += $ahc + 1; continue; } } } } if ($in_html || $in_semihtml && !$in_code_tag && ($next == '<' || $next == '>' || $next == '"')) { if ($next == chr(10)) { ++$NUM_LINES; } if (!$comcode_dangerous_html && $next == '<') { $close = strpos($comcode, '>', $pos - 1); $portion = substr($comcode, $pos - 1, $close - $pos + 2); $seq_ok = false; foreach ($allowed_html_seqs as $allowed_html_seq) { if (preg_match('#^' . $allowed_html_seq . '$#', $portion) != 0) { $seq_ok = true; } } if (!$seq_ok) { // $next='<'; //OLD STYLE if ($close !== false) { $pos = $close + 1; } // NEW STYLE continue; } } if (substr($comcode, $pos - 1, 4) == '<!--') { $continuation .= '<!--'; $pos += 3; } else { $continuation .= $mindless_mode && $in_code_tag ? escape_html($next) : $next; } } else { // Text-format possibilities if ($just_new_line && $formatting_allowed && !$wml) { if ($continuation != '') { if ($GLOBALS['XSS_DETECT']) { ocp_mark_as_escaped($continuation); } $tag_output->attach($continuation); $continuation = ''; } // List $found_list = false; $old_list_indent = $list_indent; if ($pos + 2 < $len && is_numeric($next) && (is_numeric($comcode[$pos]) && $comcode[$pos + 1] == ')' && $comcode[$pos + 2] == ' ' || $comcode[$pos] == ')' && $comcode[$pos + 1] == ' ') && ($list_type == '1' && $list_indent != 0 || preg_match('#^[^\\n]*\\n\\d+\\) #', substr($comcode, $pos + 1)) != 0)) { if ($list_indent != 0 && $list_type != '1') { list($temp_tpl, $old_list_indent) = _close_open_lists($list_indent, $list_type); if ($GLOBALS['XSS_DETECT']) { ocp_mark_as_escaped($temp_tpl); } $tag_output->attach($temp_tpl); } $list_indent = 1; $found_list = true; $scan_pos = $pos; $list_type = '1'; } elseif ($pos + 2 < $len && ord($next) >= ord('a') && ord($next) <= ord('z') && $comcode[$pos] == ')' && $comcode[$pos + 1] == ' ' && ($list_type == 'a' && $list_indent != 0 || preg_match('#^[^\\n]*\\n[a-z]+\\) #', substr($comcode, $pos + 1)) != 0)) { if ($list_indent != 0 && $list_type != 'a') { list($temp_tpl, $old_list_indent) = _close_open_lists($list_indent, $list_type); if ($GLOBALS['XSS_DETECT']) { ocp_mark_as_escaped($temp_tpl); } $tag_output->attach($temp_tpl); } $list_indent = 1; $found_list = true; $scan_pos = $pos; $list_type = 'a'; } elseif ($next == ' ') { if ($old_list_indent != 0 && $list_type != 'ul') { list($temp_tpl, $old_list_indent) = _close_open_lists($list_indent, $list_type); if ($GLOBALS['XSS_DETECT']) { ocp_mark_as_escaped($temp_tpl); } $tag_output->attach($temp_tpl); } $scan_pos = $pos - 1; $list_indent = 0; while ($scan_pos < $len) { $scan_next = $comcode[$scan_pos]; if ($scan_next == '-' && $scan_pos + 1 < $len && $comcode[$scan_pos + 1] == ' ') { $found_list = true; break; } else { if ($scan_next == ' ') { ++$list_indent; } else { break; } } ++$scan_pos; } if (!$found_list) { $list_indent = 0; } else { $list_type = 'ul'; } } else { list($close_list, $list_indent) = _close_open_lists($list_indent, $list_type); if ($GLOBALS['XSS_DETECT']) { ocp_mark_as_escaped($close_list); } $tag_output->attach($close_list); $old_list_indent = 0; if ($next == '-' && !$just_title) { $scan_pos = $pos; $found_rule = true; while ($scan_pos < $len) { $scan_next = $comcode[$scan_pos]; if ($scan_next != '-') { if ($scan_next == chr(10)) { ++$NUM_LINES; break; } else { $found_rule = false; } } ++$scan_pos; } if ($found_rule) { $_temp_tpl = do_template('COMCODE_TEXTCODE_LINE'); $tag_output->attach($_temp_tpl); $pos = $scan_pos + 1; $just_ended = true; $none_wrap_length = 0; continue; } } } // List handling if ($list_indent == $old_list_indent && $old_list_indent != 0) { $temp_tpl = '</li>'; if ($GLOBALS['XSS_DETECT']) { ocp_mark_as_escaped($temp_tpl); } $tag_output->attach($temp_tpl); } for ($i = $list_indent; $i < $old_list_indent; ++$i) { $temp_tpl = '</li>'; if ($GLOBALS['XSS_DETECT']) { ocp_mark_as_escaped($temp_tpl); } $tag_output->attach($temp_tpl); $temp_tpl = $list_type == 'ul' ? '</ul>' : '</ol>'; if ($GLOBALS['XSS_DETECT']) { ocp_mark_as_escaped($temp_tpl); } $tag_output->attach($temp_tpl); } if ($list_indent < $old_list_indent && $list_indent != 0) { $temp_tpl = '</li>'; if ($GLOBALS['XSS_DETECT']) { ocp_mark_as_escaped($temp_tpl); } $tag_output->attach($temp_tpl); } if ($found_list) { if ($list_indent - $old_list_indent > 1 && !$lax) { return comcode_parse_error($preparse_mode, array('CCP_LIST_JUMPYNESS'), $pos, $comcode, $check_only); } for ($i = $old_list_indent; $i < $list_indent; ++$i) { switch ($list_type) { case 'ul': if ($i < $list_indent - 1) { $temp_tpl = '<ul><li>'; } else { $temp_tpl = '<ul>'; } if ($GLOBALS['XSS_DETECT']) { ocp_mark_as_escaped($temp_tpl); } $tag_output->attach($temp_tpl); break; case '1': if ($i < $list_indent - 1) { $temp_tpl = '<ol type="1"><li>'; } else { $temp_tpl = '<ol type="1">'; } if ($GLOBALS['XSS_DETECT']) { ocp_mark_as_escaped($temp_tpl); } $tag_output->attach($temp_tpl); break; case 'a': if ($i < $list_indent - 1) { $temp_tpl = '<ol type="a"><li>'; } else { $temp_tpl = '<ol type="a">'; } if ($GLOBALS['XSS_DETECT']) { ocp_mark_as_escaped($temp_tpl); } $tag_output->attach($temp_tpl); break; } } $temp_tpl = '<li>'; if ($GLOBALS['XSS_DETECT']) { ocp_mark_as_escaped($temp_tpl); } $tag_output->attach($temp_tpl); $just_ended = true; $none_wrap_length = 0; $next = ''; $pos = $scan_pos + 2; } } if ($next == chr(10) && $white_space_area && $print_mode && $list_indent == 0) { $tag_output->attach($queued_tempcode); $queued_tempcode = new ocp_tempcode(); } if ($next == chr(10) && $white_space_area && !$in_semihtml && (!$just_ended || $semiparse_mode || substr($comcode, $pos, 3) == ' - ')) { ++$NUM_LINES; $line_starting = true; if ($GLOBALS['XSS_DETECT']) { ocp_mark_as_escaped($continuation); } $tag_output->attach($continuation); $continuation = ''; $just_new_line = true; $none_wrap_length = 0; if ($list_indent == 0 && !$just_ended) { $temp_tpl = '<br />'; if ($GLOBALS['XSS_DETECT']) { ocp_mark_as_escaped($temp_tpl); } $tag_output->attach($temp_tpl); } } else { $just_new_line = false; if ($next == ' ' && $white_space_area && !$in_semihtml) { if ($line_starting || $pos > 1 && $comcode[$pos - 2] == ' ') { $next = ' '; ++$none_wrap_length; } else { $none_wrap_length = 0; } $continuation .= $mindless_mode && $in_code_tag ? escape_html($next) : $next; } elseif ($next == "\t" && $white_space_area && !$in_semihtml) { if ($GLOBALS['XSS_DETECT']) { ocp_mark_as_escaped($continuation); } $tag_output->attach($continuation); $continuation = ''; $tab_tpl = do_template('COMCODE_TEXTCODE_TAB'); $_tab_tpl = $tab_tpl->evaluate(); $none_wrap_length += strlen($_tab_tpl); $tag_output->attach($tab_tpl); } else { if ($next == ' ' || $next == "\t" || $just_ended) { $none_wrap_length = 0; } else { if (!is_null($wrap_pos) && $none_wrap_length >= $wrap_pos && (strtolower(get_charset()) != 'utf-8' || preg_replace(array('#[\\x09\\x0A\\x0D\\x20-\\x7E]#', '#[\\xC2-\\xDF][\\x80-\\xBF]#', '#\\xE0[\\xA0-\\xBF][\\x80-\\xBF]#', '#[\\xE1-\\xEC\\xEE\\xEF][\\x80-\\xBF]{2}#', '#\\xED[\\x80-\\x9F][\\x80-\\xBF]#', '#\\xF0[\\x90-\\xBF][\\x80-\\xBF]{2}#', '#[\\xF1-\\xF3][\\x80-\\xBF]{3}#', '#\\xF4[\\x80-\\x8F][\\x80-\\xBF]{2}#'), array('', '', '', '', '', '', '', ''), $continuation) == '') && $textual_area && !$in_semihtml) { if ($GLOBALS['XSS_DETECT']) { ocp_mark_as_escaped($continuation); } $tag_output->attach($continuation); $continuation = ''; $temp_tpl = '<br />'; if ($GLOBALS['XSS_DETECT']) { ocp_mark_as_escaped($temp_tpl); } $tag_output->attach($temp_tpl); $none_wrap_length = 0; } elseif ($textual_area) { ++$none_wrap_length; } } $line_starting = false; $just_ended = false; $differented = false; // If somehow via lookahead we've changed this to HTML and thus won't use it in raw form // Variable lookahead if (!$in_code_tag && ($next == '{' && isset($comcode[$pos]) && ($comcode[$pos] == '$' || $comcode[$pos] == '+' || $comcode[$pos] == '!'))) { if ($comcode_dangerous) { if (!$in_code_tag && (!$semiparse_mode || in_tag_stack($tag_stack, array('url', 'img', 'flash')))) { if ($GLOBALS['XSS_DETECT']) { ocp_mark_as_escaped($continuation); } $tag_output->attach($continuation); $continuation = ''; if ($comcode[$pos] == '+') { $p_end = $pos + 5; while ($p_end < $len) { $p_portion = substr($comcode, $pos - 1, $p_end - ($pos - 1) + 5); if (substr_count($p_portion, '{+START') == substr_count($p_portion, '{+END')) { break; } $p_end++; } $p_len = 1; while ($pos + $p_len < $len) { $p_portion = substr($comcode, $pos - 1, $p_len); if (substr_count(str_replace('{', ' { ', $p_portion), '{') == substr_count(str_replace('}', ' } ', $p_portion), '}')) { break; } // str_replace is to workaround a Quercus bug #4494 $p_len++; } $p_len--; $p_portion = substr($comcode, $pos + $p_len, $p_end - ($pos + $p_len)); require_code('tempcode_compiler'); $ret = template_to_tempcode(substr($comcode, $pos - 1, $p_len + 1) . '{DIRECTIVE_EMBEDMENT}' . substr($comcode, $p_end, 6)); $attaches_before = count($COMCODE_ATTACHMENTS[$pass_id]); $ret->singular_bind('DIRECTIVE_EMBEDMENT', comcode_text_to_tempcode($p_portion, $source_member, $as_admin, $wrap_pos, $pass_id, $connection, $semiparse_mode, $preparse_mode, $in_semihtml, $structure_sweep, $check_only, $highlight_bits, $on_behalf_of_member)); for ($attach_inspect = $attaches_before; $attach_inspect < count($COMCODE_ATTACHMENTS[$pass_id]); $attach_inspect++) { $COMCODE_ATTACHMENTS[$pass_id][$attach_inspect]['marker'] += $pos + $p_len; } $pos = $p_end + 6; } elseif ($comcode[$pos] == '!') { $p_len = $pos; $balance = 1; while ($p_len < $len && $balance != 0) { if ($comcode[$p_len] == '{') { $balance++; } elseif ($comcode[$p_len] == '}') { $balance--; } $p_len++; } $ret = new ocp_tempcode(); $less_pos = $pos - 1; $ret->parse_from($comcode, $less_pos, $p_len); $pos = $p_len; if ($ret->parameterless(0) && $pos < $len) { $matches = array(); if (preg_match('#\\{\\!([\\w\\d\\_\\:]+)(\\}|$)#U', substr($comcode, $less_pos, $p_len - $less_pos), $matches) != 0) { $temp_lang_string = $matches[1]; $ret = comcode_lang_string($temp_lang_string); // Recreate as a Comcode lang string } } } else { $p_len = $pos; $balance = 1; while ($p_len < $len && $balance != 0) { if ($comcode[$p_len] == '{') { $balance++; } elseif ($comcode[$p_len] == '}') { $balance--; } $p_len++; } $ret = new ocp_tempcode(); $less_pos = $pos - 1; $ret->parse_from($comcode, $less_pos, $p_len); $pos = $p_len; } $differented = true; if ($pos <= $len || !$lax) { $tag_output->attach($ret); } } } else { if ($comcode[$pos] == '$' && $pos < $len - 2 && $comcode[$pos + 1] == ',' && strpos($comcode, '}', $pos) !== false) { $pos = strpos($comcode, '}', $pos) + 1; $differented = true; } } } // Escaping of comcode tag starts lookahead if ($next == '\\' && !$in_code_tag) { if ($pos != $len && ($comcode[$pos] == '"' || substr($comcode, $pos - 1, 6) == '"')) { if ($semiparse_mode) { $continuation .= '\\'; } if ($comcode[$pos] == '"') { $continuation .= $mindless_mode ? '"' : '"'; ++$pos; } else { $continuation .= '"'; $pos += 6; } $differented = true; } elseif ($pos != $len && $comcode[$pos] == '[') { if ($semiparse_mode) { $continuation .= '\\'; } $continuation .= '['; ++$pos; $differented = true; } elseif ($pos != $len && $comcode[$pos] == '{') { if ($semiparse_mode) { $continuation .= '\\'; } $continuation .= '{'; ++$pos; $differented = true; } elseif ($pos == $len || $comcode[$pos] == '\\') { if ($semiparse_mode) { $continuation .= '\\'; } $continuation .= '\\'; ++$pos; $differented = true; } } if (!$differented) { if (($textual_area || $in_semihtml) && trim($next) != '' && !$wml) { // Emoticon lookahead foreach ($smilies as $smiley => $imgcode) { if ($in_semihtml) { $smiley = ' ' . $smiley . ' '; } if ($next == $smiley[0]) { if (substr($comcode, $pos - 1, strlen($smiley)) == $smiley) { if ($GLOBALS['XSS_DETECT']) { ocp_mark_as_escaped($continuation); } $tag_output->attach($continuation); $continuation = ''; $pos += strlen($smiley) - 1; $differented = true; $tag_output->attach(do_emoticon($imgcode)); break; } } } } } if (trim($next) != '' && !$in_code_tag && !$differented) { // CEDI pages if ($pos < $len && $next == '[' && $pos + 1 < $len && $comcode[$pos] == '[' && !$semiparse_mode && addon_installed('cedi')) { $matches = array(); if (preg_match('#^\\[([^\\[\\]]*)\\]\\]#', substr($comcode, $pos, 200), $matches) != 0) { $cedi_page_name = $matches[1]; if ($GLOBALS['XSS_DETECT']) { ocp_mark_as_escaped($continuation); } $tag_output->attach($continuation); $continuation = ''; $hash_pos = strpos($cedi_page_name, '#'); if ($hash_pos !== false) { $jump_to = substr($cedi_page_name, $hash_pos + 1); $cedi_page_name = substr($cedi_page_name, 0, $hash_pos); } else { $jump_to = ''; } $cedi_page_url = build_url(array('page' => 'cedi', 'type' => 'misc', 'find' => $cedi_page_name), get_module_zone('cedi')); if ($jump_to != '') { $cedi_page_url->attach('#' . $jump_to); } $tag_output->attach(do_template('COMCODE_CEDI_LINK', array('_GUID' => 'ebcd7ba5290c5b2513272a53b4d666e5', 'URL' => $cedi_page_url, 'TEXT' => $cedi_page_name))); $pos += strlen($matches[1]) + 3; $differented = true; } } // Usernames if ($pos < $len && $next == '{' && $pos + 1 < $len && $comcode[$pos] == '{' && !$in_code_tag && !$semiparse_mode) { $matches = array(); if (preg_match('#^\\{([^"{}&\'\\$<>]+)\\}\\}#', substr($comcode, $pos, 80), $matches) != 0) { $username = $matches[1]; if ($username[0] == '?') { $username_info = true; $username = substr($username, 1); } else { $username_info = false; } $this_member_id = $GLOBALS['FORUM_DRIVER']->get_member_from_username($username); if (!is_null($this_member_id) && !is_guest($this_member_id)) { if ($GLOBALS['XSS_DETECT']) { ocp_mark_as_escaped($continuation); } $tag_output->attach($continuation); $continuation = ''; $poster_url = $GLOBALS['FORUM_DRIVER']->member_profile_url($this_member_id, false, true); if (get_forum_type() == 'ocf' && $username_info) { require_lang('ocf'); require_code('ocf_members2'); $details = ocf_show_member_box($this_member_id); $tag_output->attach(do_template('HYPERLINK_TOOLTIP', array('_GUID' => 'd8f4f4ac70bd52b3ef9ee74ae9c5e085', 'TOOLTIP' => $details, 'CAPTION' => $username, 'URL' => $poster_url, 'NEW_WINDOW' => false))); } else { $tag_output->attach(hyperlink($poster_url, $username)); } $pos += strlen($matches[1]) + 3; $differented = true; } } } } if ($textual_area && !$in_code_tag && trim($next) != '' && !$differented) { // Shortcut lookahead if (!$differented) { if ($in_semihtml && substr($comcode, $pos - 1, 3) == '-->') { $continuation .= '-->'; $pos += 2; break; } foreach ($shortcuts as $code => $replacement) { if ($next == $code[0] && substr($comcode, $pos - 1, strlen($code)) == $code) { if ($GLOBALS['XSS_DETECT']) { ocp_mark_as_escaped($continuation); } $tag_output->attach($continuation); $continuation = ''; $pos += strlen($code) - 1; $differented = true; if ($GLOBALS['XSS_DETECT']) { ocp_mark_as_escaped($replacement); } $tag_output->attach($replacement); break; } } } } if ($textual_area && !$in_code_tag && trim($next) != '' && !$differented) { // Table syntax if (!$differented) { if ($pos < $len && $comcode[$pos] == '|') { $end_tbl = strpos($comcode, chr(10) . '|}', $pos); if ($end_tbl !== false) { $end_fst_line_pos = strpos($comcode, chr(10), $pos); $caption = substr($comcode, $pos + 2, max($end_fst_line_pos - $pos - 2, 0)); $pos += strlen($caption) + 1; $rows = preg_split('#(\\|-|\\|\\})#Um', substr($comcode, $pos, $end_tbl - $pos)); if (preg_match('#(^|\\s)floats($|\\s)#', $caption) != 0) { $caption = preg_replace('#(^|\\s)floats($|\\s)#', '', $caption); $ratios = array(); $ratios_matches = array(); if (preg_match('#(^|\\s)([\\d\\.]+%(:[\\d\\.]+%)*)($|\\s)#', $caption, $ratios_matches) != 0) { $ratios = explode(':', $ratios_matches[2]); $caption = str_replace($ratios_matches[0], '', $caption); } foreach ($rows as $h => $row) { if ($h != 0) { $tag_output->attach(do_template('BLOCK_SEPARATOR')); } $cells = preg_split('/(\\n\\! | \\!\\! |\\n\\| | \\|\\| )/', $row, -1, PREG_SPLIT_DELIM_CAPTURE); array_shift($cells); // First one is non-existant empty $spec = true; // Find which to float $to_float = NULL; foreach ($cells as $i => $cell) { if (!$spec) { if (strpos($cell, '!') !== false || is_null($to_float)) { $to_float = $i; } } $spec = !$spec; } $tag_output->attach(do_template('COMCODE_FAKE_TABLE_WRAP_START')); // Do floated one $i_dir_1 = $to_float == 1 ? 'left' : 'right'; $i_dir_2 = $to_float != 1 ? 'left' : 'right'; if (preg_match('#(^|\\s)wide($|\\s)#', $caption) != 0) { $tag_output->attach(do_template('COMCODE_FAKE_TABLE_WIDE_START', array('_GUID' => 'ced8c3a142f74296a464b085ba6891c9', 'WIDTH' => array_key_exists($to_float == 1 ? 0 : count($cells) - 1, $ratios) ? $ratios[$to_float == 1 ? 0 : count($cells) - 1] : (count($cells) == 2 ? '0' : float_to_raw_string(97.0 / (floatval(count($cells)) / 2.0 - 1.0), 2) . '%'), 'FLOAT' => $i_dir_1, 'PADDING' => $to_float == 1 ? '' : '-left', 'PADDING_AMOUNT' => count($cells) == 2 ? '0' : float_to_raw_string(3.0 / (floatval(count($cells) - 2) / 2.0), 2)))); } else { $tag_output->attach(do_template('COMCODE_FAKE_TABLE_START', array('_GUID' => '90be72fcbb6b9d8a312da0bee5b86cb3', 'WIDTH' => array_key_exists($to_float, $ratios) ? $ratios[$to_float] : '', 'FLOAT' => $i_dir_1, 'PADDING' => $to_float == 1 ? '' : '-left', 'PADDING_AMOUNT' => count($cells) == 2 ? '0' : float_to_raw_string(3.0 / (floatval(count($cells) - 2.0) / 2.0), 2)))); } $attaches_before = count($COMCODE_ATTACHMENTS[$pass_id]); $tag_output->attach(comcode_text_to_tempcode(isset($cells[$to_float]) ? rtrim($cells[$to_float]) : '', $source_member, $as_admin, 60, $pass_id, $connection, $semiparse_mode, $preparse_mode, $in_semihtml, $structure_sweep, $check_only, $highlight_bits, $on_behalf_of_member)); for ($attach_inspect = $attaches_before; $attach_inspect < count($COMCODE_ATTACHMENTS[$pass_id]); $attach_inspect++) { $COMCODE_ATTACHMENTS[$pass_id][$attach_inspect]['marker'] += strpos($comcode, $cells[$to_float], $pos); } $tag_output->attach(do_template('COMCODE_FAKE_TABLE_END')); // Do non-floated ones $cell_i = 0; foreach ($cells as $i => $cell) { if ($i % 2 == 1) { if ($i != $to_float) { if (preg_match('#(^|\\s)wide($|\\s)#', $caption) != 0) { $tag_output->attach(do_template('COMCODE_FAKE_TABLE_WIDE2_START', array('_GUID' => '9bac42a1b62c5c9a2f758639fcb3bb2f', 'WIDTH' => array_key_exists($cell_i, $ratios) ? $ratios[$cell_i] : float_to_raw_string(97.0 / (floatval(count($cells)) / 2.0), 2) . '%', 'PADDING_AMOUNT' => count($cells) == 2 ? '0' : float_to_raw_string(3.0 / (floatval(count($cells) - 2) / 2.0), 2), 'FLOAT' => $i_dir_1, 'PADDING' => $to_float == 1 || $cell_i != 0 ? '-left' : ''))); } else { $tag_output->attach(do_template('COMCODE_FAKE_TABLE_2_START', array('_GUID' => '0f15f9d5554635ed7ac154c9dc5c72b8', 'WIDTH' => array_key_exists($cell_i, $ratios) ? $ratios[$cell_i] : '', 'FLOAT' => $i_dir_1, 'PADDING' => $to_float == 1 || $cell_i != 0 ? '-left' : '', 'PADDING_AMOUNT' => count($cells) == 2 ? '0' : float_to_raw_string(3.0 / (floatval(count($cells) - 2) / 2.0), 2)))); } $attaches_before = count($COMCODE_ATTACHMENTS[$pass_id]); $tag_output->attach(comcode_text_to_tempcode(rtrim($cell), $source_member, $as_admin, 60, $pass_id, $connection, $semiparse_mode, $preparse_mode, $in_semihtml, $structure_sweep, $check_only, $highlight_bits, $on_behalf_of_member)); for ($attach_inspect = $attaches_before; $attach_inspect < count($COMCODE_ATTACHMENTS[$pass_id]); $attach_inspect++) { $COMCODE_ATTACHMENTS[$pass_id][$attach_inspect]['marker'] += strpos($comcode, $cell, $pos); } $tag_output->attach(do_template('COMCODE_FAKE_TABLE_END')); } $cell_i++; } } $tag_output->attach(do_template('COMCODE_FAKE_TABLE_WRAP_END')); } } else { $ratios = array(); $ratios_matches = array(); if (preg_match('#(^|\\s)([\\d\\.]+%(:[\\d\\.]+%)*)($|\\s)#', $caption, $ratios_matches) != 0) { $ratios = explode(':', $ratios_matches[2]); $caption = str_replace($ratios_matches[0], '', $caption); } if (preg_match('#(^|\\s)wide($|\\s)#', $caption) != 0) { $tag_output->attach(do_template('COMCODE_REAL_TABLE_START', array('SUMMARY' => preg_replace('#(^|\\s)wide($|\\s)#', '', $caption)))); } else { $tag_output->attach(do_template('COMCODE_REAL_TABLE_START_SUMMARY', array('_GUID' => '0c5674fba61ba14b4b9fa39ea31ff54f', 'CAPTION' => $caption))); } foreach ($rows as $table_row) { $tag_output->attach(do_template('COMCODE_REAL_TABLE_ROW_START')); $cells = preg_split('/(\\n\\! | \\!\\! |\\n\\| | \\|\\| )/', $table_row, -1, PREG_SPLIT_DELIM_CAPTURE); array_shift($cells); // First one is non-existant empty $spec = true; $c_type = ''; $cell_i = 0; foreach ($cells as $i => $cell) { if ($spec) { $c_type = strpos($cell, '!') !== false ? 'th' : 'td'; } else { $attaches_before = count($COMCODE_ATTACHMENTS[$pass_id]); $_mid = comcode_text_to_tempcode(rtrim($cell), $source_member, $as_admin, 60, $pass_id, $connection, $semiparse_mode, $preparse_mode, $in_semihtml, $structure_sweep, $check_only, $highlight_bits, $on_behalf_of_member); for ($attach_inspect = $attaches_before; $attach_inspect < count($COMCODE_ATTACHMENTS[$pass_id]); $attach_inspect++) { $COMCODE_ATTACHMENTS[$pass_id][$attach_inspect]['marker'] += strpos($comcode, $cell, $pos); } $tag_output->attach(do_template('COMCODE_REAL_TABLE_CELL', array('_GUID' => '6640df8b503f65e3d36f595b0acf7600', 'WIDTH' => array_key_exists($cell_i, $ratios) ? $ratios[$cell_i] : '', 'C_TYPE' => $c_type, 'MID' => $_mid, 'PADDING' => $cell_i == 0 ? '' : '-left', 'PADDING_AMOUNT' => count($cells) == 2 ? '0' : float_to_raw_string(5.0 / (floatval(count($cells) - 2) / 2.0), 2)))); $cell_i++; } $spec = !$spec; } $tag_output->attach(do_template('COMCODE_REAL_TABLE_ROW_END')); } $tag_output->attach(do_template('COMCODE_REAL_TABLE_END')); } $pos = $end_tbl + 3; $differented = true; } } } // Advertising $b_all = true; // leave true - for test purposes only if (!$differented && !$semiparse_mode && !$in_code_tag && addon_installed('banners') && ($b_all || !has_specific_permission($source_member, 'banner_free'))) { // Pick up correctly, including permission filtering if (is_null($ADVERTISING_BANNERS)) { $rows = $GLOBALS['SITE_DB']->query('SELECT * FROM ' . get_table_prefix() . 'banners b LEFT JOIN ' . get_table_prefix() . 'banner_types t ON b.b_type=t.id WHERE t_comcode_inline=1 AND ' . db_string_not_equal_to('b_title_text', ''), NULL, NULL, true); if (!is_null($rows)) { // Filter out what we don't have permission for if (get_option('use_banner_permissions', true) == '1') { require_code('permissions'); $groups = _get_where_clause_groups($source_member); if (!is_null($groups)) { $perhaps = collapse_1d_complexity('category_name', $GLOBALS['SITE_DB']->query('SELECT category_name FROM ' . get_table_prefix() . 'group_category_access WHERE ' . db_string_equal_to('module_the_name', 'banners') . ' AND (' . $groups . ')')); $new_rows = array(); foreach ($rows as $row) { if (in_array($row['name'], $perhaps)) { $new_rows[] = $row; } } $rows = $new_rows; } } $ADVERTISING_BANNERS = array(); foreach ($rows as $row) { $trigger_text = $row['b_title_text']; foreach (explode(',', $trigger_text) as $t) { if (trim($t) != '') { $ADVERTISING_BANNERS[trim($t)] = $row; } } } } } // Apply if (!is_null($ADVERTISING_BANNERS)) { foreach ($ADVERTISING_BANNERS as $ad_trigger => $ad_bits) { if (strtolower($next) == strtolower($ad_trigger[0])) { if (strtolower(substr($comcode, $pos - 1, strlen($ad_trigger))) == strtolower($ad_trigger)) { require_code('banners'); if ($GLOBALS['XSS_DETECT']) { ocp_mark_as_escaped($continuation); } $tag_output->attach($continuation); $continuation = ''; $differented = true; $ad_text = show_banner($ad_bits['name'], $ad_bits['b_title_text'], get_translated_tempcode($ad_bits['caption']), $ad_bits['img_url'], '', $ad_bits['site_url'], $ad_bits['b_type']); $embed_output = _do_tags_comcode('tooltip', array('param' => $ad_text, 'url' => url_is_local($ad_bits['site_url']) && $ad_bits['site_url'] != '' ? get_custom_base_url() . '/' . $ad_bits['site_url'] : $ad_bits['site_url']), substr($comcode, $pos - 1, strlen($ad_trigger)), $comcode_dangerous, $pass_id, $pos, $source_member, $as_admin, $connection, $comcode, $wml, $structure_sweep, $semiparse_mode, $highlight_bits); $pos += strlen($ad_trigger) - 1; $tag_output->attach($embed_output); } } } } } // Search highlighting lookahead if (!$differented && !is_null($highlight_bits)) { foreach ($highlight_bits as $highlight_bit) { if (strtolower($next) == strtolower($highlight_bit[0])) { if (strtolower(substr($comcode, $pos - 1, strlen($highlight_bit))) == strtolower($highlight_bit)) { if ($GLOBALS['XSS_DETECT']) { ocp_mark_as_escaped($continuation); } $tag_output->attach($continuation); $continuation = ''; $differented = true; $embed_output = _do_tags_comcode('highlight', array(), escape_html(substr($comcode, $pos - 1, strlen($highlight_bit))), $comcode_dangerous, $pass_id, $pos, $source_member, $as_admin, $connection, $comcode, $wml, $structure_sweep, $semiparse_mode, $highlight_bits); $pos += strlen($highlight_bit) - 1; $tag_output->attach($embed_output); break; } } } } // Link lookahead if (!$differented && !$in_code_tag) { if (!$in_semihtml && $next == 'h' && (substr($comcode, $pos - 1, strlen('http://')) == 'http://' || substr($comcode, $pos - 1, strlen('https://')) == 'https://' || substr($comcode, $pos - 1, strlen('ftp://')) == 'ftp://')) { $link_end_pos = strpos($comcode, ' ', $pos - 1); $link_end_pos_2 = strpos($comcode, chr(10), $pos - 1); $link_end_pos_3 = strpos($comcode, '[', $pos - 1); $link_end_pos_4 = strpos($comcode, ')', $pos - 1); $link_end_pos_5 = strpos($comcode, '"', $pos - 1); $link_end_pos_6 = strpos($comcode, '>', $pos - 1); $link_end_pos_7 = strpos($comcode, '<', $pos - 1); $link_end_pos_8 = strpos($comcode, '.' . chr(10), $pos - 1); $link_end_pos_9 = strpos($comcode, ', ', $pos - 1); $link_end_pos_10 = strpos($comcode, '. ', $pos - 1); $link_end_pos_11 = strpos($comcode, "'", $pos - 1); if ($link_end_pos_2 !== false && ($link_end_pos === false || $link_end_pos_2 < $link_end_pos)) { $link_end_pos = $link_end_pos_2; } if ($link_end_pos_3 !== false && ($link_end_pos === false || $link_end_pos_3 < $link_end_pos)) { $link_end_pos = $link_end_pos_3; } if ($link_end_pos_4 !== false && ($link_end_pos === false || $link_end_pos_4 < $link_end_pos)) { $link_end_pos = $link_end_pos_4; } if ($link_end_pos_5 !== false && ($link_end_pos === false || $link_end_pos_5 < $link_end_pos)) { $link_end_pos = $link_end_pos_5; } if ($link_end_pos_6 !== false && ($link_end_pos === false || $link_end_pos_6 < $link_end_pos)) { $link_end_pos = $link_end_pos_6; } if ($link_end_pos_7 !== false && ($link_end_pos === false || $link_end_pos_7 < $link_end_pos)) { $link_end_pos = $link_end_pos_7; } if ($link_end_pos_8 !== false && ($link_end_pos === false || $link_end_pos_8 < $link_end_pos)) { $link_end_pos = $link_end_pos_8; } if ($link_end_pos_9 !== false && ($link_end_pos === false || $link_end_pos_9 < $link_end_pos)) { $link_end_pos = $link_end_pos_9; } if ($link_end_pos_10 !== false && ($link_end_pos === false || $link_end_pos_10 < $link_end_pos)) { $link_end_pos = $link_end_pos_10; } if ($link_end_pos_11 !== false && ($link_end_pos === false || $link_end_pos_11 < $link_end_pos)) { $link_end_pos = $link_end_pos_11; } if ($link_end_pos === false) { $link_end_pos = strlen($comcode); } $auto_link = preg_replace('#(keep|for)_session=[\\d\\w]*#', 'filtered=1', substr($comcode, $pos - 1, $link_end_pos - $pos + 1)); if (substr($auto_link, -3) != '://') { if (substr($auto_link, -1) == '.') { $auto_link = substr($auto_link, 0, strlen($auto_link) - 1); $link_end_pos--; } $auto_link_tempcode = new ocp_tempcode(); $auto_link_tempcode->attach($auto_link); if (!$check_only) { $link_captions_title = $GLOBALS['SITE_DB']->query_value_null_ok('url_title_cache', 't_title', array('t_url' => $auto_link)); if (is_null($link_captions_title) || substr($link_captions_title, 0, 1) == '!') { $GLOBALS['COMCODE_PARSE_URLS_CHECKED']++; if ($GLOBALS['NO_LINK_TITLES'] || $GLOBALS['COMCODE_PARSE_URLS_CHECKED'] >= MAX_URLS_TO_READ) { $link_captions_title = $auto_link; } else { $link_captions_title = ''; $downloaded_at_link = http_download_file($auto_link, 3000, false); if (is_string($downloaded_at_link) && $GLOBALS['HTTP_DOWNLOAD_MIME_TYPE'] !== NULL && strpos($GLOBALS['HTTP_DOWNLOAD_MIME_TYPE'], 'html') !== false && $GLOBALS['HTTP_MESSAGE'] == '200') { $matches = array(); if (preg_match('#\\s*<title[^>]*\\s*>\\s*(.*)\\s*\\s*<\\s*/title\\s*>#miU', $downloaded_at_link, $matches) != 0) { require_code('character_sets'); $link_captions_title = trim(str_replace('–', '-', str_replace('—', '-', @html_entity_decode(convert_to_internal_encoding($matches[1]), ENT_QUOTES, get_charset())))); if ((strpos(strtolower($link_captions_title), 'login') !== false || strpos(strtolower($link_captions_title), 'log in') !== false) && substr($auto_link, 0, strlen(get_base_url())) == get_base_url()) { $link_captions_title = ''; } // don't show login screen titles for our own website. Better to see the link verbatim } } $GLOBALS['SITE_DB']->query_insert('url_title_cache', array('t_url' => substr($auto_link, 0, 255), 't_title' => substr($link_captions_title, 0, 255)), false, true); // To stop weird race-like conditions } } $embed_output = mixed(); $link_handlers = find_all_hooks('systems', 'comcode_link_handlers'); foreach (array_keys($link_handlers) as $link_handler) { require_code('hooks/systems/comcode_link_handlers/' . $link_handler); $link_handler_ob = object_factory('Hook_comcode_link_handler_' . $link_handler, true); if (is_null($link_handler_ob)) { continue; } $embed_output = $link_handler_ob->bind($auto_link, $link_captions_title, $comcode_dangerous, $pass_id, $pos, $source_member, $as_admin, $connection, $comcode, $wml, $structure_sweep, $semiparse_mode, $highlight_bits); if (!is_null($embed_output)) { break; } } if (is_null($embed_output)) { $page_link = url_to_pagelink($auto_link, true); if ($link_captions_title == '') { $link_captions_title = $auto_link; } if ($page_link != '') { $embed_output = _do_tags_comcode('page', array('param' => $page_link), make_string_tempcode(escape_html($link_captions_title)), $comcode_dangerous, $pass_id, $pos, $source_member, $as_admin, $connection, $comcode, $wml, $structure_sweep, $semiparse_mode, $highlight_bits); } else { $embed_output = _do_tags_comcode('url', array('param' => $link_captions_title), $auto_link_tempcode, $comcode_dangerous, $pass_id, $pos, $source_member, $as_admin, $connection, $comcode, $wml, $structure_sweep, $semiparse_mode, $highlight_bits); } } } else { $embed_output = new ocp_tempcode(); } if ($GLOBALS['XSS_DETECT']) { ocp_mark_as_escaped($continuation); } $tag_output->attach($continuation); $continuation = ''; $tag_output->attach($embed_output); $pos += $link_end_pos - $pos; $differented = true; } } } } if (!$differented) { if ($stupidity_mode != '' && $textual_area) { if ($stupidity_mode == 'leet' && mt_rand(0, 1) == 1) { if (array_key_exists(strtoupper($next), $LEET_FILTER)) { $next = $LEET_FILTER[strtoupper($next)]; } } elseif ($stupidity_mode == 'bork' && mt_rand(0, 60) == 1) { $next .= '-bork-bork-bork-'; } } if (!$in_separate_parse_section && (!$in_semihtml || !$comcode_dangerous_html && !$is_all_semihtml)) { if ($next == '&') { $ahead = substr($comcode, $pos, 20); $ahead_lower = strtolower($ahead); $matches = array(); $entity = preg_match('#^(\\#)?([\\w]*);#', $ahead_lower, $matches) != 0; // If it is a SAFE entity, use it if ($entity && !$in_code_tag) { if ($matches[1] == '' && ($in_semihtml || isset($ALLOWED_ENTITIES[$matches[2]]))) { $pos += strlen($matches[2]) + 1; $continuation .= '&' . $matches[2] . ';'; } elseif (is_numeric($matches[2]) && $matches[1] == '#') { $matched_entity = intval(base_convert($matches[2], 16, 10)); if ($matched_entity < 127 && array_key_exists(chr($matched_entity), $POTENTIAL_JS_NAUGHTY_ARRAY)) { $continuation .= escape_html($next); } else { $pos += strlen($matches[2]) + 2; $continuation .= '&#' . $matches[2] . ';'; } } else { $continuation .= '&'; } } else { $continuation .= '&'; } } else { $continuation .= escape_html($next); } } else { $continuation .= $next; } } } } } break; case CCP_IN_TAG_NAME: if ($mindless_mode && $next != '[') { $tag_raw .= $next; } if ($next == '=') { $status = CCP_IN_TAG_BETWEEN_ATTRIBUTE_NAME_VALUE_RIGHT; $current_attribute_name = 'param'; } elseif (trim($next) == '') { $status = CCP_IN_TAG_BETWEEN_ATTRIBUTES; } elseif ($next == '[') { if (!$lax) { return comcode_parse_error($preparse_mode, array('CCP_TAG_OPEN_ANOMALY'), $pos, $comcode, $check_only); } $next = ']'; $pos--; } if ($next == ']') { if ($close) { if ($formatting_allowed) { list($close_list, $list_indent) = _close_open_lists($list_indent, $list_type); if ($GLOBALS['XSS_DETECT']) { ocp_mark_as_escaped($close_list); } $tag_output->attach($close_list); } if (count($tag_stack) == 0) { if ($lax) { $status = CCP_NO_MANS_LAND; break; } return comcode_parse_error($preparse_mode, array('CCP_NO_CLOSE', $current_tag), strrpos(substr($comcode, 0, $pos), '['), $comcode, $check_only); } $has_it = false; foreach (array_reverse($tag_stack) as $t) { if ($t[0] == $current_tag) { $has_it = true; break; } if ($in_semihtml && ($current_tag == 'html' || $current_tag == 'semihtml')) { // Only search one level for this break; } } if ($has_it) { $_last = array_pop($tag_stack); if ($_last[0] != $current_tag) { if (!$lax) { return comcode_parse_error($preparse_mode, array('CCP_NO_CLOSE_MATCH', $current_tag, $_last[0]), $pos, $comcode, $check_only); } do { $embed_output = _do_tags_comcode($_last[0], $_last[1], $tag_output, $comcode_dangerous, $pass_id, $pos, $source_member, $as_admin, $connection, $comcode, $wml, $structure_sweep, $semiparse_mode, NULL, NULL, $in_semihtml, $is_all_semihtml); $in_code_tag = false; $white_space_area = $_last[3]; $in_separate_parse_section = $_last[4]; $formatting_allowed = $_last[5]; $textual_area = $_last[6]; $tag_output = $_last[2]; $tag_output->attach($embed_output); $mindless_mode = $_last[7]; $comcode_dangerous = $_last[8]; $comcode_dangerous_html = $_last[9]; if (count($tag_stack) == 0) { $status = CCP_NO_MANS_LAND; break 2; } $_last = array_pop($tag_stack); } while ($_last[0] != $current_tag); } } else { $extraneous_semihtml = !$is_all_semihtml && !$in_semihtml || $current_tag != 'html' && $current_tag != 'semihtml'; if (!$lax && $extraneous_semihtml) { $_last = array_pop($tag_stack); return comcode_parse_error($preparse_mode, array('CCP_NO_CLOSE_MATCH', $current_tag, $_last[0]), $pos, $comcode, $check_only); } $status = CCP_NO_MANS_LAND; break; } // Do the comcode for this tag if ($in_semihtml) { foreach ($_last[1] as $index => $conv) { $_last[1][$index] = @html_entity_decode(str_replace('<br />', chr(10), $conv), ENT_QUOTES, get_charset()); } } $mindless_mode = $_last[7]; if ($mindless_mode) { $embed_output = $tag_output; } elseif (!$check_only) { $_structure_sweep = false; if ($structure_sweep) { $_structure_sweep = !in_tag_stack($tag_stack, array('title')); } $embed_output = _do_tags_comcode($_last[0], $_last[1], $tag_output, $comcode_dangerous, $pass_id, $pos, $source_member, $as_admin, $connection, $comcode, $wml, $_structure_sweep, $semiparse_mode, $highlight_bits, NULL, $in_semihtml, $is_all_semihtml); } else { $embed_output = new ocp_tempcode(); } $in_code_tag = false; $white_space_area = $_last[3]; $in_separate_parse_section = $_last[4]; $formatting_allowed = $_last[5]; $textual_area = $_last[6]; $tag_output = $_last[2]; $comcode_dangerous = $_last[8]; $comcode_dangerous_html = $_last[9]; if ($print_mode && $_last[0] == 'exp_thumb') { $queued_tempcode->attach($embed_output); } else { $tag_output->attach($embed_output); } $just_ended = isset($BLOCK_TAGS[$current_tag]); if ($current_tag == 'title') { if (strlen($comcode) > $pos + 1 && $comcode[$pos] == chr(10) && $comcode[$pos + 1] == chr(10)) { $NUM_LINES += 2; $pos += 2; $just_new_line = true; } } if ($current_tag == 'html') { $in_html = false; } elseif ($current_tag == 'semihtml') { $in_semihtml = false; } $status = CCP_NO_MANS_LAND; } else { if ($current_tag == 'title') { $just_new_line = false; list($close_list, $list_indent) = _close_open_lists($list_indent, $list_type); if ($GLOBALS['XSS_DETECT']) { ocp_mark_as_escaped($close_list); } $tag_output->attach($close_list); } array_push($tag_stack, array($current_tag, $attribute_map, $tag_output, $white_space_area, $in_separate_parse_section, $formatting_allowed, $textual_area, $mindless_mode, $comcode_dangerous, $comcode_dangerous_html)); list($tag_output, $comcode_dangerous, $comcode_dangerous_html, $white_space_area, $formatting_allowed, $in_separate_parse_section, $textual_area, $attribute_map, $status, $in_html, $in_semihtml, $pos, $in_code_tag) = _opened_tag($mindless_mode, $as_admin, $source_member, $attribute_map, $current_tag, $pos, $comcode_dangerous, $comcode_dangerous_html, $in_separate_parse_section, $in_html, $in_semihtml, $close, $len, $comcode); if ($in_code_tag) { $code_nest_stack = 0; } } $tag_output->attach($tag_raw); if ($close && $mindless_mode) { $temp_tpl = '</kbd>​'; if ($GLOBALS['XSS_DETECT']) { ocp_mark_as_escaped($temp_tpl); } $tag_output->attach($temp_tpl); } } elseif ($status == CCP_IN_TAG_NAME) { $current_tag .= strtolower($next); } break; case CCP_STARTING_TAG: if ($mindless_mode && $next != '[') { $tag_raw .= $next; } if ($next == '[') { if (!$lax) { return comcode_parse_error($preparse_mode, array('CCP_TAG_OPEN_ANOMALY'), $pos, $comcode, $check_only); } $status = CCP_NO_MANS_LAND; $pos--; } elseif ($next == ']') { if (!$lax) { return comcode_parse_error($preparse_mode, array('CCP_TAG_CLOSE_ANOMALY'), $pos, $comcode, $check_only); } $status = CCP_NO_MANS_LAND; } elseif ($next == '/') { $close = true; } else { $current_tag .= strtolower($next); $status = CCP_IN_TAG_NAME; } break; case CCP_IN_TAG_BETWEEN_ATTRIBUTES: if ($mindless_mode && $next != '[') { $tag_raw .= $next; } if ($next == ']') { if ($current_tag == 'title') { $just_new_line = false; list($close_list, $list_indent) = _close_open_lists($list_indent, $list_type); if ($GLOBALS['XSS_DETECT']) { ocp_mark_as_escaped($close_list); } $tag_output->attach($close_list); } array_push($tag_stack, array($current_tag, $attribute_map, $tag_output, $white_space_area, $in_separate_parse_section, $formatting_allowed, $textual_area, $mindless_mode, $comcode_dangerous, $comcode_dangerous_html)); list($tag_output, $comcode_dangerous, $comcode_dangerous_html, $white_space_area, $formatting_allowed, $in_separate_parse_section, $textual_area, $attribute_map, $status, $in_html, $in_semihtml, $pos, $in_code_tag) = _opened_tag($mindless_mode, $as_admin, $source_member, $attribute_map, $current_tag, $pos, $comcode_dangerous, $comcode_dangerous_html, $in_separate_parse_section, $in_html, $in_semihtml, $close, $len, $comcode); if ($in_code_tag) { $code_nest_stack = 0; } $tag_output->attach($tag_raw); } elseif ($next == '[') { if (!$lax) { return comcode_parse_error($preparse_mode, array('CCP_TAG_OPEN_ANOMALY'), $pos, $comcode, $check_only); } if ($current_tag == 'title') { $just_new_line = false; list($close_list, $list_indent) = _close_open_lists($list_indent, $list_type); if ($GLOBALS['XSS_DETECT']) { ocp_mark_as_escaped($close_list); } $tag_output->attach($close_list); } array_push($tag_stack, array($current_tag, $attribute_map, $tag_output, $white_space_area, $in_separate_parse_section, $formatting_allowed, $textual_area, $mindless_mode, $comcode_dangerous, $comcode_dangerous_html)); list($tag_output, $comcode_dangerous, $comcode_dangerous_html, $white_space_area, $formatting_allowed, $in_separate_parse_section, $textual_area, $attribute_map, $status, $in_html, $in_semihtml, $pos, $in_code_tag) = _opened_tag($mindless_mode, $as_admin, $source_member, $attribute_map, $current_tag, $pos, $comcode_dangerous, $comcode_dangerous_html, $in_separate_parse_section, $in_html, $in_semihtml, $close, $len, $comcode); if ($in_code_tag) { $code_nest_stack = 0; } $tag_output->attach($tag_raw); $pos--; } elseif (trim($next) != '') { $status = CCP_IN_TAG_ATTRIBUTE_NAME; $current_attribute_name = $next; } break; case CCP_IN_TAG_ATTRIBUTE_NAME: if ($mindless_mode && $next != '[') { $tag_raw .= $next; } if ($next == '[') { $status = CCP_NO_MANS_LAND; $pos--; if (!$lax) { return comcode_parse_error($preparse_mode, array('CCP_TAG_OPEN_ANOMALY'), $pos, $comcode, $check_only); } if ($current_tag == 'title') { $just_new_line = false; list($close_list, $list_indent) = _close_open_lists($list_indent, $list_type); if ($GLOBALS['XSS_DETECT']) { ocp_mark_as_escaped($close_list); } $tag_output->attach($close_list); } array_push($tag_stack, array($current_tag, $attribute_map, $tag_output, $white_space_area, $in_separate_parse_section, $formatting_allowed, $textual_area, $mindless_mode, $comcode_dangerous, $comcode_dangerous_html)); list($tag_output, $comcode_dangerous, $comcode_dangerous_html, $white_space_area, $formatting_allowed, $in_separate_parse_section, $textual_area, $attribute_map, $status, $in_html, $in_semihtml, $pos, $in_code_tag) = _opened_tag($mindless_mode, $as_admin, $source_member, $attribute_map, $current_tag, $pos, $comcode_dangerous, $comcode_dangerous_html, $in_separate_parse_section, $in_html, $in_semihtml, $close, $len, $comcode); if ($in_code_tag) { $code_nest_stack = 0; } $tag_output->attach($tag_raw); } elseif ($next == ']') { if ($attribute_map == array() && !$lax) { return comcode_parse_error($preparse_mode, array('CCP_TAG_CLOSE_ANOMALY'), $pos, $comcode, $check_only); } if ($attribute_map != array()) { $at_map_keys = array_keys($attribute_map); $old_attribute_name = $at_map_keys[count($at_map_keys) - 1]; $attribute_map[$old_attribute_name] .= ' ' . $current_attribute_name; } array_push($tag_stack, array($current_tag, $attribute_map, $tag_output, $white_space_area, $in_separate_parse_section, $formatting_allowed, $textual_area, $mindless_mode, $comcode_dangerous, $comcode_dangerous_html)); list($tag_output, $comcode_dangerous, $comcode_dangerous_html, $white_space_area, $formatting_allowed, $in_separate_parse_section, $textual_area, $attribute_map, $status, $in_html, $in_semihtml, $pos, $in_code_tag) = _opened_tag($mindless_mode, $as_admin, $source_member, $attribute_map, $current_tag, $pos, $comcode_dangerous, $comcode_dangerous_html, $in_separate_parse_section, $in_html, $in_semihtml, $close, $len, $comcode); if ($in_code_tag) { $code_nest_stack = 0; } $tag_output->attach($tag_raw); } elseif ($next == '=') { $status = CCP_IN_TAG_BETWEEN_ATTRIBUTE_NAME_VALUE_RIGHT; } elseif ($next != ' ') { $current_attribute_name .= strtolower($next); } else { $status = CCP_IN_TAG_BETWEEN_ATTRIBUTE_NAME_VALUE_LEFT; } break; case CCP_IN_TAG_BETWEEN_ATTRIBUTE_NAME_VALUE_LEFT: if ($mindless_mode && $next != '[' && $next != ']') { $tag_raw .= $next; } if ($next == '=') { $status = CCP_IN_TAG_BETWEEN_ATTRIBUTE_NAME_VALUE_RIGHT; } elseif (trim($next) != '') { if (!$lax) { return comcode_parse_error($preparse_mode, array('CCP_ATTRIBUTE_ERROR', $current_attribute_name, $current_tag), $pos, $comcode, $check_only); } if ($next == '[') { $status = CCP_IN_TAG_BETWEEN_ATTRIBUTES; $pos--; } elseif ($next == ']') { $status = CCP_IN_TAG_BETWEEN_ATTRIBUTES; $pos--; } } break; case CCP_IN_TAG_BETWEEN_ATTRIBUTE_NAME_VALUE_RIGHT: if ($mindless_mode && $next != '[' && $next != ']') { $tag_raw .= $next; } if ($next == '[') { if (!$lax) { return comcode_parse_error($preparse_mode, array('CCP_TAG_OPEN_ANOMALY'), $pos, $comcode, $check_only); } $status = CCP_IN_TAG_BETWEEN_ATTRIBUTES; $pos--; } elseif ($next == ']') { if (!$lax) { return comcode_parse_error($preparse_mode, array('CCP_TAG_CLOSE_ANOMALY'), $pos, $comcode, $check_only); } $status = CCP_IN_TAG_BETWEEN_ATTRIBUTES; $pos--; } elseif ($next == '"' || $in_semihtml && substr($comcode, $pos - 1, 6) == '"') { if ($next != '"') { $pos += 5; if ($mindless_mode) { $tag_raw .= 'quot;'; } } $status = CCP_IN_TAG_ATTRIBUTE_VALUE; $current_attribute_value = ''; } elseif ($next != '') { $status = CCP_IN_TAG_ATTRIBUTE_VALUE_NO_QUOTE; $current_attribute_value = $next; } break; case CCP_IN_TAG_ATTRIBUTE_VALUE_NO_QUOTE: if ($mindless_mode && $next != ']') { $tag_raw .= $next; } if ($next == ' ') { $status = CCP_IN_TAG_BETWEEN_ATTRIBUTES; if (isset($attribute_map[$current_attribute_name]) && !$lax) { return comcode_parse_error($preparse_mode, array('CCP_DUPLICATE_ATTRIBUTES', $current_attribute_name, $current_tag), $pos, $comcode, $check_only); } $attribute_map[$current_attribute_name] = $current_attribute_value; } elseif ($next == ']') { if (isset($attribute_map[$current_attribute_name]) && !$lax) { return comcode_parse_error($preparse_mode, array('CCP_DUPLICATE_ATTRIBUTES', $current_attribute_name, $current_tag), $pos, $comcode, $check_only); } $status = CCP_IN_TAG_BETWEEN_ATTRIBUTES; $attribute_map[$current_attribute_name] = $current_attribute_value; $pos--; } else { $current_attribute_value .= $next; } break; case CCP_IN_TAG_ATTRIBUTE_VALUE: if ($mindless_mode) { $tag_raw .= $next; } if ($next == '"' || $in_semihtml && substr($comcode, $pos - 1, 6) == '"') { if ($next != '"') { $pos += 5; if ($mindless_mode) { $tag_raw .= 'quot;'; } } $status = CCP_IN_TAG_BETWEEN_ATTRIBUTES; if (isset($attribute_map[$current_attribute_name]) && !$lax) { return comcode_parse_error($preparse_mode, array('CCP_DUPLICATE_ATTRIBUTES', $current_attribute_name, $current_tag), $pos, $comcode, $check_only); } $attribute_map[$current_attribute_name] = $current_attribute_value; } else { if ($next == '\\') { if ($comcode[$pos] == '"') { if ($mindless_mode) { $tag_raw .= '"'; } $current_attribute_value .= '"'; ++$pos; } elseif (substr($comcode, $pos - 1, 6) == '"') { if ($mindless_mode) { $tag_raw .= '"'; } $current_attribute_value .= '"'; $pos += 6; } elseif ($comcode[$pos] == '\\') { if ($mindless_mode) { $tag_raw .= '\\'; } $current_attribute_value .= '\\'; ++$pos; } else { $current_attribute_value .= $next; } } else { $current_attribute_value .= $next; } } break; } } if ($GLOBALS['XSS_DETECT']) { ocp_mark_as_escaped($continuation); } $tag_output->attach($continuation); $continuation = ''; list($close_list, $list_indent) = _close_open_lists($list_indent, $list_type); if ($GLOBALS['XSS_DETECT']) { ocp_mark_as_escaped($close_list); } $tag_output->attach($close_list); if ($status != CCP_NO_MANS_LAND || count($tag_stack) != 0) { if (!$lax) { $stack_top = array_pop($tag_stack); return comcode_parse_error($preparse_mode, array('CCP_BROKEN_END', is_null($stack_top) ? $current_tag : $stack_top[0]), $pos, $comcode, $check_only); } else { while (count($tag_stack) > 0) { $_last = array_pop($tag_stack); /*if ($_last[0]=='title') Not sure about this { $_structure_sweep=false; break; }*/ $embed_output = _do_tags_comcode($_last[0], $_last[1], $tag_output, $comcode_dangerous, $pass_id, $pos, $source_member, $as_admin, $connection, $comcode, $wml, $structure_sweep, $semiparse_mode, NULL, NULL, $in_semihtml, $is_all_semihtml); $in_code_tag = false; $white_space_area = $_last[3]; $in_separate_parse_section = $_last[4]; $formatting_allowed = $_last[5]; $textual_area = $_last[6]; $tag_output = $_last[2]; $tag_output->attach($embed_output); $mindless_mode = $_last[7]; $comcode_dangerous = $_last[8]; $comcode_dangerous_html = $_last[9]; } } } // $tag_output->left_attach('<div class="xhtml_validator_off">'); // $tag_output->attach('</div>'); return $tag_output; }