/** * Verifies the title is valid and sets up the title for saving (wordwrap, censor, etc). * * @param string Title text * * @param bool Whether the title is valid */ function verify_title(&$title) { // replace html-encoded spaces with actual spaces $title = preg_replace('/&#(0*32|x0*20);/', ' ', $title); $title = trim($title); if ($this->registry->options['titlemaxchars'] and $title != $this->existing['title']) { if (!empty($this->info['show_title_error'])) { if (($titlelen = vbstrlen($title)) > $this->registry->options['titlemaxchars']) { // title too long $this->error('title_toolong', $titlelen, $this->registry->options['titlemaxchars']); return false; } } else { if (empty($this->info['is_automated'])) { // not showing the title length error, just chop it $title = vbchop($title, $this->registry->options['titlemaxchars']); } } } require_once DIR . '/includes/functions_newpost.php'; // censor, remove all caps subjects, and htmlspecialchars title $title = fetch_no_shouting_text(fetch_censored_text($title)); // do word wrapping $title = fetch_word_wrapped_string($title); return true; }
/** * Prepares properties for rendering. */ protected function prepareProperties() { parent::prepareProperties(); // vB_View_Content has already htmlspecialchars_uni($this->title) so we should not htmlspecialchars_uni again here. Fixed bug #29663 // $this->title = htmlspecialchars_uni($this->title); $this->css = new vB_View('vbcms_article_css'); $this->author_phrase = new vB_Phrase('vbcms', 'author'); if ($this->pagelist AND sizeof($this->pagelist) > 1) { // create a route $route = new vBCms_Route_Content(); $route->setSegments(array('node' => $this->nodesegment, 'action' => vB_Router::getUserAction('vBCms_Controller_Content', 'View'))); $pagelist = $this->pagelist; $pagelist[1] = $this->title; $this->pagelist = $pagelist; $pages = array(); foreach ($this->pagelist AS $pagenum => $title) { $route->setParameter(0, $pagenum); $title = $title ? $title : new vB_Phrase('vbcms', 'page_x', $pagenum); // undo the 'stop_parse' from the [page] bbcode and strip bbcode and html $title = vbchop(strip_tags(strip_bbcode(str_replace(array('[', ']'), array('[', ']'), $title))), 75); $pages[$pagenum] = array( 'url' => $route->getCurrentURL(null, array($pagenum)), 'title' => htmlspecialchars_uni($title), 'selected' => ($pagenum == $this->current_page) ? 1 : 0 ); } if ($this->current_page > 1) { $this->prev_page_url = $pages[$this->current_page - 1]['url']; $this->prev_page_phrase = new vB_Phrase('vbcms', 'previous'); } if ($this->current_page < sizeof($pages)) { $this->next_page_url = $pages[$this->current_page + 1]['url']; $this->next_page_phrase = new vB_Phrase('vbcms', 'next'); } $this->pagelist = $pages; } else { $this->pagelist = false; } }
$userdata->set_info('coppauser', $vbulletin->GPC['coppauser']); $userdata->set('parentemail', $vbulletin->GPC['parentemail']); // easy stuff $userdata->set('icq', $vbulletin->GPC['icq']); $userdata->set('msn', $vbulletin->GPC['msn']); $userdata->set('aim', $vbulletin->GPC['aim']); $userdata->set('yahoo', $vbulletin->GPC['yahoo']); $userdata->set('skype', $vbulletin->GPC['skype']); $userdata->set('homepage', $vbulletin->GPC['homepage']); $userdata->set('birthday', $vbulletin->GPC); $userdata->set('showbirthday', $vbulletin->GPC['showbirthday']); // custom profile fields $userdata->set_userfields($vbulletin->GPC['userfield']); if ($vbulletin->userinfo['usertitle'] != $vbulletin->GPC['customtext'] and !($permissions['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel']) and $vbulletin->options['ctMaxChars'] > 0) { // only trim title if changing custom title and not an admin $vbulletin->GPC['customtext'] = vbchop($vbulletin->GPC['customtext'], $vbulletin->options['ctMaxChars']); } // custom user title $userdata->set_usertitle($vbulletin->GPC['customtext'], $vbulletin->GPC['resettitle'], $vbulletin->usergroupcache[$vbulletin->userinfo['displaygroupid']], $permissions['genericpermissions'] & $vbulletin->bf_ugp_genericpermissions['canusecustomtitle'] ? true : false, $permissions['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel'] ? true : false); ($hook = vBulletinHook::fetch_hook('profile_updateprofile')) ? eval($hook) : false; // save the data $userdata->save(); if ($vbulletin->session->vars['profileupdate']) { $vbulletin->session->set('profileupdate', 0); } if (empty($vbulletin->GPC['gotopassword'])) { $vbulletin->url = 'usercp.php' . $vbulletin->session->vars['sessionurl_q']; } else { $vbulletin->url = 'profile.php?' . $vbulletin->session->vars['sessionurl'] . 'do=editpassword'; } eval(print_standard_redirect('redirect_updatethanks'));
} ($hook = vBulletinHook::fetch_hook('private_start')) ? eval($hook) : false; // ############################### start update folders ############################### // update the user's custom pm folders if ($_POST['do'] == 'updatefolders') { $vbulletin->input->clean_gpc('p', 'folder', TYPE_ARRAY_NOHTML); if (!empty($vbulletin->GPC['folder'])) { $oldpmfolders = unserialize($vbulletin->userinfo['pmfolders']); $pmfolders = array(); $updatefolders = array(); $old_count = count($oldpmfolders); foreach ($vbulletin->GPC['folder'] as $folderid => $foldername) { $folderid = intval($folderid); if ($foldername != '') { //limit the title to something sane. $pmfolders["{$folderid}"] = vbchop($foldername, $char_limit); } else { if (isset($oldpmfolders["{$folderid}"])) { $updatefolders[] = $folderid; } } } $new_count = count($pmfolders); //its possible, though unlikely, that there is a legitimate user out there //with too many folders. Rather than preventing them from saving anything, //we'll just prevent them from adding any folders if they are over the limit //if they just change some titles or delete some but not enough folders (or //even delete some and add no more than they deleted) we'll let it slide. if ($new_count > $folder_limit and $new_count > $old_count) { eval(standard_error(fetch_error('folder_limit_exceeded', $folder_limit))); }
/** * Trims a string to the specified length while keeping whole words * * @param string String to be trimmed * @param integer Number of characters to aim for in the trimmed string * @param boolean Append "..." to shortened text * * @return string */ function fetch_trimmed_title($title, $chars = -1, $append = true) { global $vbulletin; if ($chars == -1) { $chars = $vbulletin->options['lastthreadchars']; } if ($chars) { // limit to 10 lines (\n{240}1234567890 does weird things to the thread preview) $titlearr = preg_split('#(\r\n|\n|\r)#', $title); $title = ''; $i = 0; foreach ($titlearr AS $key) { $title .= "$key \n"; $i++; if ($i >= 10) { break; } } $title = trim($title); unset($titlearr); if (vbstrlen($title) > $chars) { $title = vbchop($title, $chars); if (($pos = strrpos($title, ' ')) !== false) { $title = substr($title, 0, $pos); } if ($append) { $title .= '...'; } } //$title = fetch_soft_break_string($title); } return $title; }
/** * Handles an [email] tag. Creates a link to email an address. * * @param string If tag has option, the displayable email name. Else, the email address. * @param string If tag has option, the email address. * * @return string HTML representation of the tag. */ protected function handle_bbcode_email($text, $link = '') { $rightlink = trim($link); if (empty($rightlink)) { // no option -- use param $rightlink = trim($text); } $rightlink = str_replace(array('`', '"', "'", '['), array('`', '"', ''', '['), $this->stripSmilies($rightlink)); if (!trim($link) or $text == $rightlink) { $tmp = vB_String::unHtmlSpecialChars($text); if (vB_String::vbStrlen($tmp) > 55 and $this->isWysiwyg() == false) { $text = vB_String::htmlSpecialCharsUni(vbchop($tmp, 36) . '...' . substr($tmp, -14)); } } // remove double spaces -- fixes issues with wordwrap $rightlink = str_replace(' ', '', $rightlink); // email hyperlink (mailto:) if (vB_String::isValidEmail($rightlink)) { return "<a href=\"mailto:{$rightlink}\">{$text}</a>"; } else { return $text; } }
($threadinfo['visible'] == 0 OR $postinfo['visible'] == 0) AND can_moderate($foruminfo['forumid'], 'canmoderateposts') ) ) ) { $quote_postids[] = $postinfo['postid']; // fetch the quoted post title $newpost['title'] = htmlspecialchars_uni(vbchop(fetch_quote_title($postinfo['title'], $threadinfo['title']), $vbulletin->options['titlemaxchars'])); $specifiedpost = 1; // the post we're replying to we explicitly picked } else { $newpost['title'] = htmlspecialchars_uni(vbchop(fetch_quote_title('', $threadinfo['title']), $vbulletin->options['titlemaxchars'])); } if ($quote_postids) { $newpost['message'] = fetch_quotable_posts($quote_postids, $threadinfo['threadid'], $unquoted_post_count, $quoted_post_ids, 'only'); $quote_count = count($quoted_post_ids); if ($quote_count > 1 OR ($quote_count == 1 AND $vbulletin->GPC['noquote']) OR ($quote_count == 1 AND $quoted_post_ids[0] != $postinfo['postid'])) { // quoting more than one post, one post and noquote is set, or one post that isn't this post -- using MQ, // so when we post, remove the posts from the MQ cookie that are in this thread $multiquote_empty = 'only'; } } }
/** * Selected values for custom fields defined for the calendar that contains this event * * @param array Customfield data from $_POST */ function set_userfields(&$userfields) { if (!($calendarid = $this->fetch_field('calendarid'))) { trigger_error('Calendarid must be set before userfields.', E_USER_ERROR); } $customcalfields = $this->dbobject->query_read("\n\t\t\tSELECT *\n\t\t\tFROM " . TABLE_PREFIX . "calendarcustomfield\n\t\t\tWHERE calendarid = {$calendarid}\n\t\t\tORDER BY calendarcustomfieldid\n\t\t"); $customfields = array(); while ($custom = $this->dbobject->fetch_array($customcalfields)) { $customfield =& $userfields["f{$custom['calendarcustomfieldid']}"]; $optional = vbchop($userfields["o{$custom['calendarcustomfieldid']}"], $custom['length'] ? $custom['length'] : 255); if ($custom['allowentry'] and !empty($optional)) { $option =& $optional; } else { $option =& $customfield; } if ($custom['required'] and !$option) { $this->error('requiredfieldmissing', $custom['title']); return false; } $custom['options'] = unserialize($custom['options']); unset($chosenoption); if (is_array($custom['options'])) { foreach ($custom['options'] as $index => $value) { if ($index == $option) { $chosenoption = $value; break; } } } if ($chosenoption == '' and $custom['allowentry']) { $chosenoption = htmlspecialchars_uni($optional); } $customfields["{$custom['calendarcustomfieldid']}"] = $chosenoption; } $this->set('customfields', $customfields); }
/** * Handles a [url] tag. Creates a link to another web page. * * @param string If tag has option, the displayable name. Else, the URL. * @param string If tag has option, the URL. * * @return string HTML representation of the tag. */ function handle_bbcode_url($text, $link) { $rightlink = trim($link); if (empty($rightlink)) { // no option -- use param $rightlink = trim($text); } $rightlink = str_replace(array('`', '"', "'", '['), array('`', '"', ''', '['), $this->strip_smilies($rightlink)); // remove double spaces -- fixes issues with wordwrap $rightlink = str_replace(' ', '', $rightlink); if (!preg_match('#^[a-z0-9]+(?<!about|javascript|vbscript|data):#si', $rightlink)) { $rightlink = "http://{$rightlink}"; } if (!trim($link) or str_replace(' ', '', $text) == $rightlink) { $tmp = unhtmlspecialchars($rightlink); if (vbstrlen($tmp) > 55 and $this->is_wysiwyg() == false) { $text = htmlspecialchars_uni(vbchop($tmp, 36) . '...' . substr($tmp, -14)); } else { // under the 55 chars length, don't wordwrap this $text = str_replace(' ', '', $text); } } // standard URL hyperlink return "<a href=\"{$rightlink}\" target=\"_blank\">{$text}</a>"; }
/** * Handles a [url] tag. Creates a link to another web page. * * @param string If tag has option, the displayable name. Else, the URL. * @param string If tag has option, the URL. * * @return string HTML representation of the tag. */ function handle_bbcode_url($text, $link) { $rightlink = trim($link); if (empty($rightlink)) { // no option -- use param $rightlink = trim($text); } $rightlink = str_replace(array('`', '"', "'", '['), array('`', '"', ''', '['), $this->strip_smilies($rightlink)); // remove double spaces -- fixes issues with wordwrap $rightlink = str_replace(' ', '', $rightlink); if (!preg_match('#^[a-z0-9]+(?<!about|javascript|vbscript|data):#si', $rightlink)) { $rightlink = "http://{$rightlink}"; } if (!trim($link) or str_replace(' ', '', $text) == $rightlink) { $tmp = unhtmlspecialchars($rightlink); if (vbstrlen($tmp) > 55 and $this->is_wysiwyg() == false) { $text = htmlspecialchars_uni(vbchop($tmp, 36) . '...' . substr($tmp, -14)); } else { // under the 55 chars length, don't wordwrap this $text = str_replace(' ', '', $text); } } static $current_url, $current_host, $allowed, $friendlyurls = array(); if (!isset($current_url)) { $current_url = @vB_String::parseUrl($this->registry->options['bburl']); } $is_external = $this->registry->options['url_nofollow']; if ($this->registry->options['url_nofollow']) { if (!isset($current_host)) { $current_host = preg_replace('#:(\\d)+$#', '', VB_HTTP_HOST); $allowed = preg_split('#\\s+#', $this->registry->options['url_nofollow_whitelist'], -1, PREG_SPLIT_NO_EMPTY); $allowed[] = preg_replace('#^www\\.#i', '', $current_host); $allowed[] = preg_replace('#^www\\.#i', '', $current_url['host']); } $target_url = preg_replace('#^([a-z0-9]+:(//)?)#', '', $rightlink); foreach ($allowed as $host) { if (stripos($target_url, $host) !== false) { $is_external = false; } } } // API need to convert link to vb:action/param1=val1/param2=val2... if (defined('VB_API') and VB_API === true) { $current_link = @vB_String::parseUrl($rightlink); if ($current_link !== false) { $current_link['host'] = strtolower($current_link['host']); $current_url['host'] = strtolower($current_url['host']); if (($current_link['host'] == $current_url['host'] or 'www.' . $current_link['host'] == $current_url['host'] or $current_link['host'] == 'www.' . $current_url['host']) and (!$current_url['path'] or stripos($current_link['path'], $current_url['path']) !== false)) { // This is a vB link. if ($current_link['path'] == $current_url['path'] or $current_link['path'] . '/' == $current_url['path'] or $current_link['path'] == $current_url['path'] . '/') { $rightlink = 'vb:index'; } else { // Get a list of declared friendlyurl classes if (!$friendlyurls) { require_once DIR . '/includes/class_friendly_url.php'; $classes = get_declared_classes(); foreach ($classes as $classname) { if (strpos($classname, 'vB_Friendly_Url_') !== false) { $reflect = new ReflectionClass($classname); $props = $reflect->getdefaultProperties(); if ($classname == 'vB_Friendly_Url_vBCms') { $props['idvar'] = $props['ignorelist'][] = $this->registry->options['route_requestvar']; $props['script'] = 'content.php'; $props['rewrite_segment'] = 'content'; } if ($props['idvar']) { $friendlyurls[$classname]['idvar'] = $props['idvar']; $friendlyurls[$classname]['idkey'] = $props['idkey']; $friendlyurls[$classname]['titlekey'] = $props['titlekey']; $friendlyurls[$classname]['ignorelist'] = $props['ignorelist']; $friendlyurls[$classname]['script'] = $props['script']; $friendlyurls[$classname]['rewrite_segment'] = $props['rewrite_segment']; } } $friendlyurls['vB_Friendly_Url_vBCms']['idvar'] = $this->registry->options['route_requestvar']; $friendlyurls['vB_Friendly_Url_vBCms']['ignorelist'][] = $this->registry->options['route_requestvar']; $friendlyurls['vB_Friendly_Url_vBCms']['script'] = 'content.php'; $friendlyurls['vB_Friendly_Url_vBCms']['rewrite_segment'] = 'content'; $friendlyurls['vB_Friendly_Url_vBCms2']['idvar'] = $this->registry->options['route_requestvar']; $friendlyurls['vB_Friendly_Url_vBCms2']['ignorelist'][] = $this->registry->options['route_requestvar']; $friendlyurls['vB_Friendly_Url_vBCms2']['script'] = 'list.php'; $friendlyurls['vB_Friendly_Url_vBCms2']['rewrite_segment'] = 'list'; } } /* * FRIENDLY_URL_OFF * showthread.php?t=1234&p=2 * * FRIENDLY_URL_BASIC * showthread.php?1234-Thread-Title/page2&pp=2 * * FRIENDLY_URL_ADVANCED * showthread.php/1234-Thread-Title/page2?pp=2 * * FRIENDLY_URL_REWRITE * /threads/1234-Thread-Title/page2?pp=2 */ // Try to get the script name // FRIENDLY_URL_OFF, FRIENDLY_URL_BASIC or FRIENDLY_URL_ADVANCED $scriptname = ''; if (preg_match('#([^/]+)\\.php#si', $current_link['path'], $matches)) { $scriptname = $matches[1]; } else { // Build a list of rewrite_segments foreach ($friendlyurls as $v) { $rewritesegments .= "|{$v['rewrite_segment']}"; } $pat = '#/(' . substr($rewritesegments, 1) . ')/#si'; if (preg_match($pat, $current_link['path'], $matches)) { $uri = $matches[1]; } // Decide the type of the url $urltype = null; foreach ($friendlyurls as $v) { if ($v['rewrite_segment'] == $uri) { $urltype = $v; break; } } // Convert $uri back to correct scriptname $scriptname = str_replace('.php', '', $urltype['script']); } if ($scriptname) { $oldrightlink = $rightlink; $rightlink = "vb:{$scriptname}"; // Check if it's FRIENDLY_URL_BASIC or FRIENDLY_URL_ADVANCED if (preg_match('#(?:\\?|/)(\\d+).*?(?:/page(\\d+)|$)#si', $oldrightlink, $matches)) { // Decide the type of the url $urltype = null; foreach ($friendlyurls as $v) { if ($v['script'] == $scriptname . '.php') { $urltype = $v; break; } } if ($urltype) { $rightlink .= "/{$urltype['idvar']}={$matches['1']}"; } if ($matches[2]) { $rightlink .= "/page=2"; } } if (preg_match_all('#([a-z0-9_]+)=([a-z0-9_\\+]+)#si', $current_link['query'], $matches)) { foreach ($matches[0] as $match) { $rightlink .= "/{$match}"; } } } } } } } // standard URL hyperlink return "<a href=\"{$rightlink}\" target=\"_blank\"" . ($is_external ? ' rel="nofollow"' : '') . ">{$text}</a>"; }
//allow repeated loads of 16Mb database object $folder_limit = 1000; $char_limit = 200; ($hook = vBulletinHook::fetch_hook('usersub_doeditfolders')) ? eval($hook) : false; if (!empty($vbulletin->GPC['folderlist'])) { $old_count = count($folders); foreach ($vbulletin->GPC['folderlist'] as $folderid => $title) { $folderid = intval($folderid); if (empty($title)) { if ($folders["{$folderid}"]) { $deletefolders .= iif($deletefolders, ',', '') . $folderid; } unset($folders["{$folderid}"]); } else { //limit the title to something sane. $folders["{$folderid}"] = vbchop($title, $char_limit); } } $new_count = count($folders); //its possible, though unlikely, that there is a legitimate user out there //with too many folders. Rather than preventing them from saving anything, //we'll just prevent them from adding any folders if they are over the limit //if they just change some titles or delete some but not enough folders (or //even delete some and add no more than they deleted) we'll let it slide. if ($new_count > $folder_limit and $new_count > $old_count) { eval(standard_error(fetch_error('folder_limit_exceeded', $folder_limit))); } if ($deletefolders) { $db->query_write("\n\t\t\t\tUPDATE " . TABLE_PREFIX . "subscribethread\n\t\t\t\tSET folderid = 0\n\t\t\t\tWHERE folderid IN ({$deletefolders}) AND\n\t\t\t\t\tuserid = " . $vbulletin->userinfo['userid']); } if (!empty($folders)) {
/** * Handles a [url] tag. Creates a link to another web page. * * @param string If tag has option, the displayable name. Else, the URL. * @param string If tag has option, the URL. * * @return string HTML representation of the tag. */ function handle_bbcode_url($text, $link) { $rightlink = trim($link); if (empty($rightlink)) { // no option -- use param $rightlink = trim($text); } $rightlink = str_replace(array('`', '"', "'", '['), array('`', '"', ''', '['), $this->strip_smilies($rightlink)); // remove double spaces -- fixes issues with wordwrap $rightlink = str_replace(' ', '', $rightlink); if (!preg_match('#^[a-z0-9]+(?<!about|javascript|vbscript|data):#si', $rightlink)) { $rightlink = "http://$rightlink"; } if (!trim($link) OR str_replace(' ', '', $text) == $rightlink) { $tmp = unhtmlspecialchars($rightlink); if (vbstrlen($tmp) > 55 AND $this->is_wysiwyg() == false) { $text = htmlspecialchars_uni(vbchop($tmp, 36) . '...' . substr($tmp, -14)); } else { // under the 55 chars length, don't wordwrap this $text = str_replace(' ', '', $text); } } static $current_url, $current_host, $allowed; $is_external = $this->registry->options['url_nofollow']; if ($this->registry->options['url_nofollow']) { if (!isset($current_url)) { $current_url = @parse_url($this->registry->options['bburl']); $current_host = preg_replace('#:(\d)+$#', '', VB_HTTP_HOST); $allowed = preg_split('#\s+#', $this->registry->options['url_nofollow_whitelist'], -1, PREG_SPLIT_NO_EMPTY); $allowed[] = preg_replace('#^www\.#i', '', $current_host); $allowed[] = preg_replace('#^www\.#i', '', $current_url['host']); } $target_url = preg_replace('#^([a-z0-9]+:(//)?)#', '', $rightlink); foreach ($allowed AS $host) { if (stripos($target_url, $host) !== false) { $is_external = false; } } } // standard URL hyperlink return "<a href=\"$rightlink\" target=\"_blank\"" . ($is_external ? ' rel="nofollow"' : '') . ">$text</a>"; }
{ // defaults in here if we're doing a quote etc if ($bloginfo['issubscribed']) { $notification = array($bloginfo['emailupdate'] => 'selected="selected"'); } else { $notification = array($vbulletin->userinfo['blog_subscribeothers'] => 'selected="selected"'); } // Handle Quote if ($blogtextinfo) { $title = unhtmlspecialchars($blogtextinfo['title']); $title = preg_replace('#^(' . preg_quote($vbphrase['reply_prefix'], '#') . '\s*)+#i', '', $title); $title = htmlspecialchars_uni(vbchop($title, $vbulletin->options['titlemaxchars'])); require_once(DIR . '/includes/functions_newpost.php'); $originalposter = fetch_quote_username($blogtextinfo['username'] . ";bt$blogtextinfo[blogtextid]"); $pagetext = trim(strip_quotes(htmlspecialchars_uni($blogtextinfo['pagetext']))); $templater = vB_Template::create('blog_blogpost_quote'); $templater->register('originalposter', $originalposter); $templater->register('pagetext', $pagetext); $blog['message'] = $templater->render(true); } unset($blogtextinfo); } ($hook = vBulletinHook::fetch_hook('blog_post_comment_start')) ? eval($hook) : false;