/** * Show a simple and clear message page which contains no widget * * @param string $title Page title. HTML will be escaped. * @param string $msg Message to display. HTML is allowed and the caller must make sure it's valid. * @deprecated */ public function showMsgPage($title, $msg) { // This function basically duplicates the more common function in vB5_ApplicationAbstract. The latter // doesn't handle early flush, but frankly that's overkill for a simple message page. Better to get // everything running the same code. vB5_ApplicationAbstract::showMsgPage($title, $msg); }
public static function init($configFile) { parent::init($configFile); self::$instance = new vB5_Frontend_Application(); self::$instance->router = new vB5_Frontend_Routing(); self::$instance->router->setRoutes(); $styleid = vB5_Template_Stylevar::instance()->getPreferredStyleId(); if ($styleid) { vB::getCurrentSession()->set('styleid', $styleid); } self::ajaxCharsetConvert(); self::setHeaders(); return self::$instance; }
/** * Gets the styles to be used ordered by preference */ protected function getStylePreference() { $this->stylePreference = array(); try { $router = vB5_ApplicationAbstract::instance()->getRouter(); if (!empty($router)) { $arguments = $router->getArguments(); // #1 check for a forced style in current route if (!empty($arguments) and !empty($arguments['forceStyleId']) and intval($arguments['forceStyleId'])) { $this->stylePreference[] = $arguments['forceStyleId']; } } } catch (vB5_Exception $e) { // the application instance might not be initialized yet, so just ignore this first check } // #2 check for a style cookie (style chooser in footer) // If style is set in querystring, the routing component will set this cookie (VBV-3322) $cookieStyleId = vB5_Cookie::get('userstyleid', vB5_Cookie::TYPE_UINT); if (!empty($cookieStyleId)) { $this->stylePreference[] = $cookieStyleId; } // #3 check for user defined style $userStyleId = vB5_User::get('styleid'); if (!empty($userStyleId)) { $this->stylePreference[] = $userStyleId; } // #4 check for a route style which is not forced if (!empty($arguments) and isset($arguments['routeStyleId']) and is_int($arguments['routeStyleId'])) { $this->stylePreference[] = $arguments['routeStyleId']; } // #5 check for the overall site default style $defaultStyleId = vB5_Template_Options::instance()->get('options.styleid'); if ($defaultStyleId) { $this->stylePreference[] = $defaultStyleId; } // Moved from Api_Interface_Collapsed::init, it was calling getPreferredStyleId when the forced // style set by the route wasn't ready yet. (see VBV-3324) if (!empty($this->stylePreference[0])) { // If style is -1 then fetch site default styleid if ($this->stylePreference[0] == '-1') { $this->stylePreference[0] = $defaultStyleId; } vB::getCurrentSession()->set('styleid', $this->stylePreference[0]); } }
/** * This handles all saves of social group data. */ public function actionSocialgroup() { $fields = array('title', 'description', 'nodeid', 'filedataid', 'invite_usernames', 'parentid', 'invite_userids', 'group_type', 'viewperms', 'commentperms', 'moderate_topics', 'autoparselinks', 'disablesmilies', 'allow_post', 'approve_subscription', 'group_type'); // forum options map $channelOpts = array('allowsmilies' => 'disablesmilies', 'allowposting' => 'allow_post'); $input = array(); foreach ($fields as $field) { if (isset($_POST[$field])) { $input[$field] = $_POST[$field]; } } //If this is the "permission" step, we must pass the four checkboxes if (isset($_POST['next']) and $_POST['next'] == 'contributors') { foreach (array('moderate_comments', 'autoparselinks', 'disablesmilies', 'allow_post', 'approve_subscription', 'moderate_topics') as $field) { // channeloptions if ($idx = array_search($field, $channelOpts)) { // some options means totally the oppositve than the bf when enable, tweak then if (isset($_POST[$field])) { $input['options'][$idx] = in_array($field, array('disablesmilies')) ? 0 : 1; } else { $input['options'][$idx] = in_array($field, array('disablesmilies')) ? 1 : 0; } } if (!isset($_POST[$field])) { $input[$field] = 0; } } } // default input values $input['displayorder'] = 1; $api = Api_InterfaceAbstract::instance(); if (count($input) > 1) { if (!isset($input['nodeid']) or intval($input['nodeid']) == 0) { $nodeid = $api->callApi('socialgroup', 'createSocialGroup', array($input)); $url = vB5_Template_Options::instance()->get('options.frontendurl') . '/sgadmin/create/settings'; if (is_array($nodeid) and array_key_exists('errors', $nodeid)) { $message = $api->callApi('phrase', 'fetch', array('phrases' => $nodeid['errors'][0][0])); if (empty($message)) { $message = $api->callApi('phrase', 'fetch', array('phrases' => 'pm_ajax_error_desc')); } vB5_ApplicationAbstract::handleFormError(array_pop($message), $url); } if (!is_numeric($nodeid) and !empty($nodeid['errors'])) { $urlparams = array('sgaction' => 'create', 'action2' => 'settings'); $url = $api->callApi('route', 'getUrl', array('sgadmin', $urlparams, array())); header('Location: ' . vB5_Template_Options::instance()->get('options.frontendurl') . $url); vB5_Cookie::set('sgadmin_error', $nodeid['errors'][0][0]); if (isset($input['title'])) { vB5_Cookie::set('sg_title', $input['title']); } if (isset($input['description'])) { vB5_Cookie::set('sg_description', $input['description']); } die; } if ($nodeid and !empty($nodeid['errors'])) { $urlparams = array('sgaction' => 'create', 'action2' => 'settings'); $url = $api->callApi('route', 'getUrl', array('sgadmin', $urlparams, array())); header('Location: ' . vB5_Template_Options::instance()->get('options.frontendurl') . $url); vB5_Cookie::set('sgadmin_error', $nodeid['errors'][0][0]); if (isset($input['title'])) { vB5_Cookie::set('sg_title', $input['title']); } if (isset($input['description'])) { vB5_Cookie::set('sg_description', $input['description']); } die; } } else { if (isset($input['invite_usernames']) and $input['nodeid']) { $inviteUnames = explode(',', $input['invite_usernames']); $inviteIds = isset($input['invite_userids']) ? $input['invite_userids'] : array(); $nodeid = $input['nodeid']; $api->callApi('user', 'inviteMembers', array($inviteIds, $inviteUnames, $nodeid, 'sg_member_to')); } else { $nodeid = $input['nodeid']; unset($input['nodeid']); $update = $api->callApi('content_channel', 'update', array($nodeid, $input)); // set group type nodeoptions if (empty($update['errors']) and isset($input['group_type'])) { $bitfields = array(); switch ($input['group_type']) { case 2: $bitfields['invite_only'] = 1; $bitfields['approve_membership'] = 0; break; case 1: $bitfields['invite_only'] = 0; $bitfields['approve_membership'] = 0; break; default: $bitfields['invite_only'] = 0; $bitfields['approve_membership'] = 1; break; } $api->callApi('node', 'setNodeOptions', array($nodeid, $bitfields)); } //if this is for the permission page we handle differently } } // set_exception_handler(array('vB5_ApplicationAbstract','handleException')); // // if (!is_numeric($nodeid) AND !empty($nodeid['errors'])) // { // throw new exception($nodeid['errors'][0][0]); // } } else { if (isset($_POST['nodeid'])) { $nodeid = $_POST['nodeid']; if (isset($_POST['next']) and $_POST['next'] == 'contributors') { $updates = array(); foreach (array('allow_post', 'moderate_comments', 'autoparselinks', 'disablesmilies', 'approve_subscription') as $bitfield) { if (empty($_POST[$bitfield])) { $updates[$bitfield] = 0; } else { $updates[$bitfield] = 1; } } $api->callApi('node', 'setNodeOptions', array($nodeid, $updates)); $updates = array(); if (isset($_POST['viewperms'])) { $updates['viewperms'] = $_POST['viewperms']; } if (isset($_POST['commentperms'])) { $updates['commentperms'] = $_POST['commentperms']; } if (!empty($updates)) { $results = $api->callApi('node', 'setNodePerms', array($nodeid, $updates)); } } } else { $nodeid = 0; } } //If the user clicked Next we go to the permissions page. Otherwise we go to the node. if (isset($_POST['btnSubmit'])) { if (isset($_POST['next'])) { $action2 = $_POST['next']; } else { $action2 = 'permissions'; } if (isset($_POST['sgaction'])) { $sgaction = $_POST['sgaction']; } else { $sgaction = 'admin'; } $urlparams = array('nodeid' => $nodeid, 'sgaction' => $sgaction, 'action2' => $action2); $url = $api->callApi('route', 'getUrl', array('sgadmin', $urlparams, array())); } else { $node = $api->callApi('node', 'getNode', array('nodeid' => $nodeid)); $url = $api->callApi('route', 'getUrl', array($node['routeid'], array('nodeid' => $nodeid, 'title' => $node['title'], 'urlident' => $node['urlident']), array())); } header('Location: ' . vB5_Template_Options::instance()->get('options.frontendurl') . $url); }
public function actionKillActivation() { $data = array('u' => !empty($_GET['u']) ? intval($_GET['u']) : 0, 'i' => !empty($_GET['i']) ? trim($_GET['i']) : ''); $api = Api_InterfaceAbstract::instance(); $result = $api->callApi('user', 'killActivation', array('userid' => $data['u'], 'activateid' => $data['i'])); $phraseController = vB5_Template_Phrase::instance(); $phraseController->register('registration'); if (!empty($result['errors']) and is_array($result['errors'])) { $phraseArgs = is_array($result['errors'][0]) ? $result['errors'][0] : array($result['errors'][0]); } else { $phraseArgs = is_array($result) ? $result : array($result); } $messagevar = call_user_func_array(array($phraseController, 'getPhrase'), $phraseArgs); vB5_ApplicationAbstract::showMsgPage($phraseController->getPhrase('registration'), $messagevar); }
/** * Forgot password form action * Reset url = /auth/lostpw/?action=pwreset&userid=<n>&activationid=<xxxxx> */ public function actionLostpw() { $input = array('email' => isset($_POST['email']) ? trim(strval($_POST['email'])) : '', 'hvinput' => isset($_POST['humanverify']) ? (array) $_POST['humanverify'] : array(), 'action' => isset($_REQUEST['action']) ? trim($_REQUEST['action']) : '', 'userid' => isset($_REQUEST['userid']) ? trim(strval($_REQUEST['userid'])) : '', 'activationid' => isset($_REQUEST['activationid']) ? trim($_REQUEST['activationid']) : ''); if (isset($_POST['recaptcha_challenge_field']) and $_POST['recaptcha_challenge_field']) { $input['hvinput']['recaptcha_challenge_field'] = $_POST['recaptcha_challenge_field']; } if (isset($_POST['recaptcha_response_field']) and $_POST['recaptcha_response_field']) { $input['hvinput']['recaptcha_response_field'] = $_POST['recaptcha_response_field']; } $api = Api_InterfaceAbstract::instance(); if ($input['action'] == 'pwreset') { $response = $api->callApi('user', 'resetPassword', array('userid' => $input['userid'], 'activationid' => $input['activationid'])); if (isset($response['errors'])) { $phraseController = vB5_Template_Phrase::instance(); $phraseController->register('error'); //call message first so that we pull both phrases at the same time $message = call_user_func_array(array($phraseController, 'getPhrase'), $response['errors'][0]); $title = $phraseController->getPhrase('error'); } else { $title = $response['password_reset']; $message = $response['resetpw_message']; } vB5_ApplicationAbstract::showMsgPage($title, $message); } else { $response = $api->callApi('user', 'emailPassword', array('userid' => 0, 'email' => $input['email'], 'hvinput' => $input['hvinput'])); $this->sendAsJson(array('response' => $response)); } }
/** * Returns the sitebuilder template markup required for using sitebuilder * * @param int The page id */ public function actionActivateSitebuilder() { $sb = array(); $pageId = isset($_REQUEST['pageid']) ? intval($_REQUEST['pageid']) : 0; if ($pageId > 0) { $api = Api_InterfaceAbstract::instance(); //should change this to take the route data regardless of what it is to //avoid further breakage for other information we may store with a route. $arguments = array('pageid' => $pageId, 'nodeid' => isset($_REQUEST['nodeid']) ? intval($_REQUEST['nodeid']) : 0, 'userid' => isset($_REQUEST['userid']) ? intval($_REQUEST['userid']) : ''); $page = $api->callApi('page', 'fetchPageById', array($pageId, $arguments)); $loadMenu = !empty($_REQUEST['loadMenu']); if ($page) { $router = vB5_ApplicationAbstract::instance()->getRouter(); $page['routeInfo'] = array('routeId' => $router->getRouteId(), 'arguments' => $arguments); $queryParameters = $router->getQueryParameters(); $arguments = array_merge($queryParameters, $arguments); foreach ($arguments as $key => $value) { $page[$key] = $value; } $templates = array('css' => '', 'menu' => '', 'main' => '', 'extra' => ''); if ($loadMenu) { $templates['css'] = vB5_Template::staticRenderAjax('stylesheet_block', array('cssFiles' => array('sitebuilder-after.css'))); $templates['menu'] = vB5_Template::staticRenderAjax('admin_sitebuilder_menu'); } $templates['main'] = vB5_Template::staticRenderAjax('admin_sitebuilder', array('page' => $page)); // output $sb['templates'] = array(); $sb['css_links'] = array(); foreach ($templates as $key => $value) { if (!empty($value)) { $sb['templates'][$key] = $value['template']; $sb['css_links'] = array_merge($sb['css_links'], $value['css_links']); } } } } return $sb; }
protected static function getRouteInfo() { $router = vB5_ApplicationAbstract::instance()->getRouter(); if (!empty($router)) { $arguments = $router->getArguments(); return array('routeId' => $router->getRouteId(), 'arguments' => $arguments, 'queryParameters' => $router->getQueryParameters()); } return array(); }
public function index($pageid) { //the api init can redirect. We need to make sure that happens before we echo anything $api = Api_InterfaceAbstract::instance(); $top = ''; // We should not cache register page for guest. See VBV-7695. if (vB5_Request::get('cachePageForGuestTime') > 0 and !vB5_User::get('userid') and (empty($_REQUEST['routestring']) or $_REQUEST['routestring'] != 'register' and $_REQUEST['routestring'] != 'lostpw')) { // languageid should be in the pagekey to fix VBV-8095 $fullPageKey = 'vBPage_' . md5(serialize($_REQUEST)) . '_' . vB::getCurrentSession()->get('languageid'); $styleid = vB5_Cookie::get('userstyleid', vB5_Cookie::TYPE_UINT); if (!empty($styleid)) { $fullPageKey .= '_' . $styleid; } $fullPage = vB_Cache::instance(vB_Cache::CACHE_LARGE)->read($fullPageKey); if (!empty($fullPage)) { echo $fullPage; exit; } } $preheader = vB5_ApplicationAbstract::getPreheader(); $top .= $preheader; if (vB5_Request::get('useEarlyFlush')) { echo $preheader; flush(); } $router = vB5_ApplicationAbstract::instance()->getRouter(); $arguments = $router->getArguments(); $userAction = $router->getUserAction(); $pageKey = $router->getPageKey(); $api->callApi('page', 'preload', array($pageKey)); if (!empty($userAction)) { $api->callApi('wol', 'register', array($userAction['action'], $userAction['params'], $pageKey, vB::getRequest()->getScriptPath(), !empty($arguments['nodeid']) ? $arguments['nodeid'] : 0)); } if (isset($arguments['pagenum'])) { $arguments['pagenum'] = intval($arguments['pagenum']) > 0 ? intval($arguments['pagenum']) : 1; } $pageid = (int) (isset($arguments['pageid']) ? $arguments['pageid'] : (isset($arguments['contentid']) ? $arguments['contentid'] : 0)); if ($pageid < 1) { // @todo This needs to output a user-friendly "page not found" page throw new Exception('Could not find page.'); } $page = $api->callApi('page', 'fetchPageById', array($pageid, $arguments)); if (!$page) { // @todo This needs to output a user-friendly "page not found" page throw new Exception('Could not find page.'); } // Go to the first new / unread post for this user in this topic if (!empty($_REQUEST['goto']) and $_REQUEST['goto'] == 'newpost' and !empty($arguments['nodeid']) and !empty($arguments['channelid'])) { if ($this->vboptions['threadmarking'] and vB5_User::get('userid')) { // Database read marking $channelRead = $api->callApi('node', 'getNodeReadTime', array($arguments['channelid'])); $topicRead = $api->callApi('node', 'getNodeReadTime', array($arguments['nodeid'])); $topicView = max($topicRead, $channelRead, time() - $this->vboptions['markinglimit'] * 86400); } else { // Cookie read marking $topicView = intval(vB5_Cookie::fetchBbarrayCookie('discussion_view', $arguments['nodeid'])); if (!$topicView) { $topicView = vB5_User::get('lastvisit'); } } $topicView = intval($topicView); // Get the first unread reply $goToNodeId = $api->callApi('node', 'getFirstChildAfterTime', array($arguments['nodeid'], $topicView)); if (empty($goToNodeId)) { $thread = $api->callApi('node', 'getNodes', array(array($arguments['nodeid']))); if (!empty($thread) and isset($thread[$arguments['nodeid']])) { $goToNodeId = $thread[$arguments['nodeid']]['lastcontentid']; } } if ($goToNodeId) { // Redirect to the new post $urlCache = vB5_Template_Url::instance(); $urlKey = $urlCache->register($router->getRouteId(), array('nodeid' => $arguments['nodeid']), array('p' => $goToNodeId)); $replacements = $urlCache->finalBuildUrls(array($urlKey)); $url = $replacements[$urlKey]; if ($url) { $url .= '#post' . $goToNodeId; if (headers_sent()) { echo '<script type="text/javascript">window.location = "' . $url . '";</script>'; } else { header('Location: ' . $url); } exit; } } } $page['routeInfo'] = array('routeId' => $router->getRouteId(), 'arguments' => $arguments, 'queryParameters' => $router->getQueryParameters()); $page['crumbs'] = $router->getBreadcrumbs(); $page['headlinks'] = $router->getHeadLinks(); $page['pageKey'] = $pageKey; // default value for pageSchema $page['pageSchema'] = 'http://schema.org/WebPage'; $queryParameters = $router->getQueryParameters(); /* * VBV-12506 * this is where we would add other things to clean up dangerous query params. * For VBV-12486, I'll just unset anything here that can't use vb:var in the templates, * but really we should just make a whitelist of expected page object parameters that * come from the query string and unset EVERYTHING else. For the expected ones, we * should also force the value into the expected (and hopefully safer) range */ /* * VBV-12506 * $doNotReplaceWithQueryParams is a list of parameters that the page object usually * gets naturally/internally, and we NEVER want to replace with a user provided query * parameter. (In fact, *when* exactly DO we want to do this???) * If we don't do this, it's a potential XSS vulnerability for the items that we * cannot send through vb:var for whatever reason (title for ex) * and even if they *are* sent through vb:var, the replacements can sometimes just * break the page even when it's sent through vb:var (for example, ?pagetemplateid=%0D, * the new line this inserts in var pageData = {...} in the header template tends to * break things (tested on Chrome). * Furthermore, any script that uses the pageData var would get the user injected data * that might cause more problems down the line. * Parameter Notes: * 'titleprefix' * As these two should already be html escaped, we don't want to double escape * them. So we can't us vb:var in the templates. As such, we must prevent a * malicious querystring from being injected into the page object here. * 'title' * Similar to above, but channels are allowed to have HTML in the title, so * they are intentinoally not escaped in the DB, and the templates can't use * vb:var. * 'pageid', 'channelid', 'nodeid' * These are usually set in the arguments, so the array_merge below usually * takes care of not passing a pageid query string through to the page object, * but I'm leaving them in just in case. */ $doNotReplaceWithQueryParams = array('titleprefix', 'title', 'pageid', 'channelid', 'nodeid', 'pagetemplateid', 'url', 'pagenum', 'tagCloudTitle'); foreach ($doNotReplaceWithQueryParams as $key) { unset($queryParameters[$key]); } $arguments = array_merge($queryParameters, $arguments); foreach ($arguments as $key => $value) { $page[$key] = $value; } $options = vB5_Template_Options::instance(); $page['phrasedate'] = $options->get('miscoptions.phrasedate'); $page['optionsdate'] = $options->get('miscoptions.optionsdate'); // if no meta description, use node data or global one instead, prefer node data if (empty($page['metadescription']) and !empty($page['nodedescription'])) { $page['metadescription'] = $page['nodedescription']; } if (empty($page['metadescription'])) { $page['metadescription'] = $options->get('options.description'); } $config = vB5_Config::instance(); // Non-persistent notices @todo - change this to use vB_Cookie $page['ignore_np_notices'] = vB5_ApplicationAbstract::getIgnoreNPNotices(); $templateCache = vB5_Template_Cache::instance(); $templater = new vB5_Template($page['screenlayouttemplate']); //IMPORTANT: If you add any variable to the page object here, // please make sure you add them to other controllers which create page objects. // That includes at a minimum the search controller (in two places currently) // and vB5_ApplicationAbstract::showErrorPage $templater->registerGlobal('page', $page); $page = $this->outputPage($templater->render(), false); $fullPage = $top . $page; if (!empty($fullPageKey) and is_string($fullPageKey)) { vB_Cache::instance(vB_Cache::CACHE_LARGE)->write($fullPageKey, $fullPage, vB5_Request::get('cachePageForGuestTime'), 'vbCachedFullPage'); } // these are the templates rendered for this page $loadedTemplates = vB5_Template::getRenderedTemplates(); $api->callApi('page', 'savePreCacheInfo', array($pageKey)); if (!vB5_Request::get('useEarlyFlush')) { echo $fullPage; } else { echo $page; } }
public function actionSavePrivacySettings() { $userId = intval($_REQUEST['userid']); if ($userId > 0) { // privacy settings $options = array(); $userInfo = array('privacy_options' => $_POST['privacyOptions']); $tempOptions = array(); $options['moderatefollowers'] = isset($_POST['follower_request']) ? false : true; $api = Api_InterfaceAbstract::instance(); $response = $api->callApi('user', 'save', array('userid' => $userId, 'password' => '', 'user' => $userInfo, 'options' => $options, 'adminoptions' => array(), 'userfield' => array())); $url = vB5_Template_Options::instance()->get('options.frontendurl') . '/settings/privacy'; if (is_array($response) and array_key_exists('errors', $response)) { $message = $api->callApi('phrase', 'fetch', array('phrases' => $response['errors'][0][0])); vB5_ApplicationAbstract::handleFormError(array_pop($message), $url); } else { // and get back to settings header('Location: ' . $url); } } }
public function setRoutes() { $this->processQueryString(); //TODO: this is a very basic and straight forward way of parsing the URI, we need to improve it //$path = isset($_SERVER['PATH_INFO']) ? $_SERVER['PATH_INFO'] : ''; if (isset($_GET['routestring'])) { $path = $_GET['routestring']; // remove it from $_GET unset($_GET['routestring']); // remove it from $_SERVER parse_str($_SERVER['QUERY_STRING'], $queryStringParameters); unset($queryStringParameters['routestring']); $_SERVER['QUERY_STRING'] = http_build_query($queryStringParameters, '', '&'); // Additional parameters of http_build_query() is required. See VBV-6272. } else { if (isset($_SERVER['PATH_INFO'])) { $path = $_SERVER['PATH_INFO']; } else { $path = ''; } } if (strlen($path) and $path[0] == '/') { $path = substr($path, 1); } //If there is an invalid image, js, or css request we wind up here. We can't process any of them if (strlen($path) > 2) { $ext = strtolower(substr($path, -4)); if ($ext == '.gif' or $ext == '.png' or $ext == '.jpg' or $ext == '.css' or strtolower(substr($path, -3)) == '.js') { header("HTTP/1.0 404 Not Found"); die(''); } } try { $message = ''; // Start with no error. $route = Api_InterfaceAbstract::instance()->callApi('route', 'getRoute', array('pathInfo' => $path, 'queryString' => $_SERVER['QUERY_STRING'])); } catch (Exception $e) { $message = $e->getMessage(); if ($message != 'no_vb5_database') { /* Some other exception happened */ vB5_ApplicationAbstract::handleException($e, true); } } if (isset($route['errors'])) { $message = $route['errors'][0][1]; if ($message != 'no_vb5_database') { /* Some other exception happened */ throw new vB5_Exception($message); } } if ($message == 'no_vb5_database') { /* Seem we dont have a valid vB5 database */ // TODO: as we removed baseurl from config.php, we need to find a way redirecting user to installer correctly. header('Location: core/install/index.php'); exit; } if (!empty($route)) { if (isset($route['redirect'])) { header('Location: ' . vB5_Template_Options::instance()->get('options.frontendurl') . $route['redirect'], true, 301); exit; } else { if (isset($route['internal_error'])) { vB5_ApplicationAbstract::handleException($route['internal_error']); } else { if (isset($route['banned_info'])) { vB5_ApplicationAbstract::handleBannedUsers($route['banned_info']); } else { if (isset($route['no_permission'])) { vB5_ApplicationAbstract::handleNoPermission(); } else { if (isset($route['forum_closed'])) { vB5_ApplicationAbstract::showMsgPage('', $route['forum_closed'], 'bbclosedreason'); // Use 'bbclosedreason' as state param here to match the one specified in vB_Api_State::checkBeforeView() die; } else { $this->routeId = $route['routeid']; $this->routeGuid = $route['routeguid']; $this->controller = $route['controller']; $this->action = $route['action']; $this->template = $route['template']; $this->arguments = $route['arguments']; $this->queryParameters = $route['queryParameters']; $this->pageKey = $route['pageKey']; if (!empty($route['userAction']) and is_array($route['userAction'])) { $this->userAction['action'] = array_shift($route['userAction']); $this->userAction['params'] = $route['userAction']; } else { $this->userAction = false; } $this->breadcrumbs = $route['breadcrumbs']; $this->headlinks = $route['headlinks']; if (!in_array($this->action, $this->whitelist)) { vB5_ApplicationAbstract::checkState($route); } return; } } } } } } else { // if no route was matched, try to parse route as /controller/method $stripped_path = preg_replace('/[^a-z0-9\\/-]+/i', '', trim(strval($path), '/')); if (strpos($stripped_path, '/')) { list($controller, $method) = explode('/', strtolower($stripped_path), 2); } else { $controller = $stripped_path; $method = 'index'; } $controller = preg_replace_callback('#(?:^|-)(.)#', function ($matches) { return strtoupper($matches[1]); }, strtolower($controller)); $method = preg_replace_callback('#(?:^|-)(.)#', function ($matches) { return strtoupper($matches[1]); }, strtolower($method)); $controllerClass = 'vB5_Frontend_Controller_' . $controller; $controllerMethod = 'action' . $method; if (class_exists($controllerClass) and method_exists($controllerClass, $controllerMethod)) { $this->controller = strtolower($controller); $this->action = $controllerMethod; $this->template = ''; $this->arguments = array(); $this->queryParameters = array(); if (!in_array($this->action, $this->whitelist)) { vB5_ApplicationAbstract::checkState(array('controller' => $this->controller, 'action' => $this->action)); } return; } } //this could be a legacy file that we need to proxy. The relay controller will handle //cases where this is not a valid file. Only handle files in the "root directory". We'll //handle deeper paths via more standard routes. if (strpos($path, '/') === false) { $this->controller = 'relay'; $this->action = 'legacy'; $this->template = ''; $this->arguments = array($path); $this->queryParameters = array(); return; } vB5_ApplicationAbstract::checkState(); throw new vB5_Exception_404("invalid_page_url"); }
function actionResult() { //the api init can redirect. We need to make sure that happens before we echo anything $api = Api_InterfaceAbstract::instance(); $top = ''; if (vB5_Request::get('cachePageForGuestTime') > 0 and !vB5_User::get('userid')) { $fullPageKey = md5(serialize($_REQUEST)); $fullPage = vB_Cache::instance()->read($fullPageKey); if (!empty($fullPage)) { echo $fullPage; exit; } } $preheader = vB5_ApplicationAbstract::getPreheader(); $top .= $preheader; if (vB5_Request::get('useEarlyFlush')) { echo $preheader; flush(); } $serverData = array_merge($_GET, $_POST); $router = vB5_ApplicationAbstract::instance()->getRouter(); $arguments = $router->getArguments(); $userAction = $router->getUserAction(); if (!empty($userAction)) { $api->callApi('wol', 'register', array($userAction['action'], $userAction['params'])); } // if Human verification is required, and we don't have 'q' set in serverData (means the user is using // the quick search box), we redirect user to advanced search page with HV $requirehv = $api->callApi('hv', 'fetchRequireHvcheck', array('search')); if (!empty($serverData['AdvSearch']) or $requirehv and isset($serverData['q'])) { $adv_search = $api->callApi('route', 'getRoute', array('pathInfo' => 'advanced_search', 'queryString' => ''), true); $arguments = $adv_search['arguments']; } elseif ($requirehv) { // Advanced search form submitted if (empty($serverData['humanverify'])) { $serverData['humanverify'] = array(); } $return = $api->callApi('hv', 'verifyToken', array($serverData['humanverify'], 'search')); if ($return !== true) { $adv_search = $api->callApi('route', 'getRoute', array('pathInfo' => 'advanced_search', 'queryString' => ''), true); $arguments = $adv_search['arguments']; $error = $return['errors'][0][0]; } } $pageid = (int) (isset($arguments['pageid']) ? $arguments['pageid'] : $arguments['contentid']); $page = $api->callApi('page', 'fetchPageById', array($pageid, $arguments)); if (!$page) { echo 'Could not find page.'; exit; } $phrases = $api->callApi('phrase', 'fetch', array(array('advanced_search', 'search_results'))); $page['crumbs'] = array(0 => array('title' => $phrases['advanced_search'], 'url' => vB5_Template_Runtime::buildUrl('advanced_search', array(), array(), array('noBaseUrl' => true))), 1 => array('title' => $phrases['search_results'], 'url' => '')); // avoid search page itself being indexed $page['noindex'] = 1; if (!empty($serverData['cookie'])) { $serverData['searchJSON'] = '{"specific":[' . $_COOKIE[$serverData['cookie']] . ']}'; } if (!empty($serverData['searchJSON'])) { if (is_string($serverData['searchJSON'])) { if (preg_match('/[^\\x00-\\x7F]/', $serverData['searchJSON'])) { $serverData['searchJSON'] = vB5_String::toUtf8($serverData['searchJSON'], vB5_String::getTempCharset()); } $serverData['searchJSON'] = json_decode($serverData['searchJSON'], true); } if (!empty($serverData['searchJSON'])) { if (!empty($serverData['searchJSON']['keywords'])) { $serverData['searchJSON']['keywords'] = str_replace(array('"', '\\'), '', $serverData['searchJSON']['keywords']); $serverData['searchJSON']['keywords'] = filter_var($serverData['searchJSON']['keywords'], FILTER_SANITIZE_STRING); } $serverData['searchJSON'] = json_encode($serverData['searchJSON']); } else { $serverData['searchJSON'] = ''; } $page['searchJSON'] = $serverData['searchJSON']; $extra = array('searchJSON' => !empty($serverData['searchJSON']) ? $serverData['searchJSON'] : '{}'); if (!empty($serverData['AdvSearch'])) { $extra['AdvSearch'] = 1; } $page['url'] = str_replace('&', '&', vB5_Route::buildUrl('search', array(), $extra)); //$page['searchJSONStructure'] = json_decode($page['searchJSON'],true); $page['crumbs'][0]['url'] = vB5_Template_Runtime::buildUrl('advanced_search', array(), array('searchJSON' => $page['searchJSON']), array('noBaseUrl' => true)); } elseif (!empty($serverData['q'])) { $serverData['q'] = str_replace(array('"', '\\'), '', $serverData['q']); $serverData['q'] = filter_var($serverData['q'], FILTER_SANITIZE_STRING); $searchType = ''; if (!empty($serverData['type'])) { $serverData['type'] = str_replace(array('"', '\\'), '', $serverData['type']); $serverData['type'] = filter_var($serverData['type'], FILTER_SANITIZE_STRING); $searchType = ',"type":"' . $serverData['type'] . '"'; } $page['searchJSON'] = '{"keywords":"' . $serverData['q'] . '","sort":"title"' . $searchType . '}'; $extra = array('q' => $serverData['q']); if (!empty($serverData['AdvSearch'])) { $extra['AdvSearch'] = 1; } $page['url'] = str_replace('&', '&', vB5_Route::buildUrl('search', array(), $extra)); $page['searchStr'] = $serverData['q']; $page['crumbs'][0]['url'] = vB5_Template_Runtime::buildUrl('advanced_search', array(''), array('searchJSON' => $page['searchJSON']), array('noBaseUrl' => true)); } elseif (!empty($serverData['r'])) { unset($page['crumbs'][0]); $page['url'] = str_replace('&', '&', vB5_Route::buildUrl('search', array(), array('r' => $serverData['r']))); $page['resultId'] = $serverData['r']; if (!empty($serverData['p']) && is_numeric($serverData['p'])) { $page['currentPage'] = intval($serverData['p']); } $page['crumbs'][0]['url'] = vB5_Template_Runtime::buildUrl('advanced_search', array(), array('r' => $serverData['r']), array('noBaseUrl' => true)); } else { return $this->actionIndex(); } $page['ignore_np_notices'] = vB5_ApplicationAbstract::getIgnoreNPNotices(); if (!empty($error)) { $page['error'] = $error; } $templater = new vB5_Template($page['screenlayouttemplate']); $templater->registerGlobal('page', $page); $page = $this->outputPage($templater->render(), false); $fullPage = $top . $page; if (vB5_Request::get('cachePageForGuestTime') > 0 and !vB5_User::get('userid')) { vB_Cache::instance()->write($fullPageKey, $fullPage, vB5_Request::get('cachePageForGuestTime')); } if (!vB5_Request::get('useEarlyFlush')) { echo $fullPage; } else { echo $page; } }