public function process() { vB::$vbulletin->input->clean_array_gpc('p', array('userid' => TYPE_UINT, 'tab' => TYPE_NOHTML, 'mindateline' => TYPE_UNIXTIME, 'maxdateline' => TYPE_UNIXTIME, 'minscore' => TYPE_NUM, 'minid' => TYPE_STR, 'maxid' => TYPE_STR, 'pagenumber' => TYPE_UINT, 'perpage' => TYPE_UINT)); vB::$vbulletin->GPC['ajax'] = 1; vB_dB_Assertor::init(vB::$vbulletin->db, vB::$vbulletin->userinfo); vB_ProfileCustomize::getUserTheme(vB::$vbulletin->GPC['userid']); $userhastheme = vB_ProfileCustomize::getUserThemeType(vB::$vbulletin->GPC['userid']) == 1 ? 1 : 0; $showusercss = vB::$vbulletin->userinfo['options'] & vB::$vbulletin->bf_misc_useroptions['showusercss'] ? 1 : 0; if ($userhastheme and $showusercss) { define('AS_PROFILE', true); } $userinfo = verify_id('user', vB::$vbulletin->GPC['userid'], 1, 1); $this->fetchMemberStreamSql(vB::$vbulletin->GPC['tab'], $userinfo['userid']); $this->processExclusions(); $this->setPage(1, vB::$vbulletin->GPC['perpage']); $result = $this->fetchStream(); $this->processAjax($result); }
public static function getBGValue($image_url) { //sometimes we have the word 'none' if (strtolower($image_url) == 'none') { return 'none'; } //it might be a color; $result = self::getValidColor($colorval); if ($result) { return $result; } //Let's see if it's an image. First clean it. $image_url = self::cleanImageLoc($image_url); if (!$image_url) { return false; } //if it's in the form url(<something) then we just return. if (strtolower(substr($image_url, 0, 4)) == 'url(') { return $image_url; } //If it's attachment.php..., we return that. if (strtolower(substr($image_url, 0, 10)) == 'attachment') { return 'url(' . $image_url . ')'; } //If it starts with ./ or http:, we wrap that in url(. if (strtolower(substr($image_url, 0, 1)) == './' or strtolower(substr($image_url, 0, 7)) == 'http://') { return 'url(' . $image_url . ')'; } // If we have in the form integer, integer we turn that into an URL // that's a v386 setting meaning albumid, pictureid $result = preg_match("/^([0-9]+),([0-9]+)\$/", $image_url, $picture); if ($result) { if (!self::$session_url and class_exists('vB', false)) { self::$session_url = vB::getCurrentSession()->get('sessionurl'); } return "url(picture.php?albumid={$picture['1']}&pictureid={$picture['2']})"; } return 'none'; }
$navbar = render_navbar_template($navbits); $templatename = 'MEMBERINFO'; $show['pmlink'] =& $show['pm']; // VBIV-12742 Lets be consistant with the name. ($hook = vBulletinHook::fetch_hook('member_complete')) ? eval($hook) : false; //Now we need to get the css theme information if applicable if ($show_customize_profile) { $themes = vB_ProfileCustomize::getThemes(); if (empty($themes)) { $canusetheme = false; if (!$cancustomize) { $show_customize_profile = false; } } } $themes[-1] = vB_ProfileCustomize::getDefaultTheme(); $themes[-1]['title'] = $vbphrase['site_default_theme']; $themes[-1]['thumbnail'] = 'default_theme.png'; //We need to get the themes in rows of 4, and we also need to generate the //json version of the theme array we'll use for setting the events; $i = 0; $themelist = ''; $themeblock = array(); if ($show_customize_profile) { $themerow = array(); foreach ($themes as $themeid => $theme) { $theme['themeid'] = $themeid; $themerow[] = $theme; $i++; $themeblock[] = "\"{$themeid}\":\"profiletheme_{$themeid}\""; if ($i > 3) {
} // ############################################################################# // get the confirm close dialog box // if ($_REQUEST['do'] == 'getconfirmclosebox') { if (intval($vbulletin->userinfo['userid'])) { echo vB_ProfileCustomize::getConfirmCloseBox(); } } // ############################################################################# // get the confirm close dialog box // if ($_REQUEST['do'] == 'getprofiledialog') { $vbulletin->input->clean_array_gpc('r', array('phrase' => TYPE_STR)); if ($vbulletin->GPC_exists['phrase']) { echo vB_ProfileCustomize::getProfileDialog($vbulletin->GPC['phrase']); } } // ############################################################################# // Autosave editor content if ($_POST['do'] == 'autosave') { $vbulletin->input->clean_array_gpc('p', array('contenttypeid' => TYPE_NOHTML, 'contentid' => TYPE_UINT, 'parentcontentid' => TYPE_UINT, 'pagetext' => TYPE_STR, 'title' => TYPE_NOHTML, 'posthash' => TYPE_NOHTML, 'poststarttime' => TYPE_UINT, 'wysiwyg' => TYPE_BOOL, 'parsetype' => TYPE_STR)); if (!$vbulletin->userinfo['userid']) { echo 'NO USERID'; exit; } if (!vB_Types::instance()->getContentTypeID($vbulletin->GPC['contenttypeid'])) { echo 'INVALID CONTENTTYPEID'; exit; } if (!$vbulletin->GPC['pagetext']) {
require_once './vb/profilecustomize.php'; /* cssuid = 0 if calling user has view others customisation enabled (so will see all customised profiles) cssuid > 0 if calling user has view others customisation disabled (so will only see their own customised profile as cssuid = calling userid) cssuid = -1 means if the calling user has view others customisation disabled, they will always see the style default, not any admin set default. The -1 option is mainly for testing. Its not a value current passed by default vbulletin, but plugins could make use of it if they wanted. */ if ($vbulletin->options['socnet'] & $vbulletin->bf_misc_socnet['enable_profile_styling'] and ($vbulletin->GPC['cssuid'] == 0 or $vbulletin->GPC['cssuid'] == $vbulletin->GPC['userid'])) { vB_ProfileCustomize::setPermissions($permissions['usercsspermissions']); vB_ProfileCustomize::setStylevars($vbulletin->stylevars); $theme = vB_ProfileCustomize::getUserTheme($vbulletin->GPC['userid']); } else { if ($vbulletin->GPC['cssuid'] != -1) { $theme = vB_ProfileCustomize::getSiteDefaultTheme(); } else { $theme = vB_ProfileCustomize::getSiteDefaultTheme(false); } } foreach ($theme as $varname => $setting) { if ($varname == 'font_family' and $setting == 'default') { $templater->register($varname, vB::$vbulletin->stylevars['font']['family']); } else { if (preg_match('#<\\s*script.*>#i', $value) > 0) { continue; } else { if (preg_match("#_(color|border)\$#", $varname)) { //color values are validated heavily on input and tend to //get destroyed by when escaped. } else { //IE6 will accept "javascript:" and "vbscript:" urls. Unfortunately it will do so even if the //url strings are encoded. We remove whitespace from the string to avoid attempts