$T = new Template(MG_getTemplatePath($album_id)); $T->set_file(array('page' => 'album_page.thtml', 'noitems' => 'album_page_noitems.thtml')); SESS_setVar('mediagallery.album.page', $page + 1); $T->set_var(array('site_url' => $_MG_CONF['site_url'], 'birdseed' => $birdseed, 'birdseed_ul' => $birdseedUL, 'album_title' => PLG_replaceTags($MG_albums[$album_id]->title, 'mediagallery', 'album_title'), 'url_slideshow' => $url_slideshow, 'table_columns' => $columns_per_page, 'table_column_width' => intval(100 / $columns_per_page) . '%', 'top_pagination' => COM_printPageNavigation($_MG_CONF['site_url'] . '/album.php?aid=' . $album_id . '&sort=' . $sortOrder, $page + 1, ceil($total_items_in_album / $media_per_page)), 'bottom_pagination' => COM_printPageNavigation($_MG_CONF['site_url'] . '/album.php?aid=' . $album_id . '&sort=' . $sortOrder, $page + 1, ceil($total_items_in_album / $media_per_page)), 'page_number' => sprintf("%s %d %s %d", $LANG_MG03['page'], $current_print_page, $LANG_MG03['of'], $total_print_pages), 'jumpbox' => $album_jumpbox, 'album_jumpbox_raw' => $album_jumpbox_raw, 'album_id' => $album_id, 'lbslideshow' => $lbSlideShow, 'album_description' => $MG_albums[$album_id]->display_album_desc ? PLG_replaceTags($MG_albums[$album_id]->description, 'mediagallery', 'album_description') : '', 'album_id_display' => $MG_albums[0]->owner_id || $_MG_CONF['enable_media_id'] == 1 ? $LANG_MG03['album_id_display'] . $album_id : '', 'lang_slideshow' => $lang_slideshow, 'select_adminbox' => $admin_box, 'admin_box_items' => $admin_box_items, 'admin_menu' => $admin_menu, 'select_sortbox' => $sort_box, 'select_sortbox_raw' => $sort_box_raw, 'album_last_update' => $album_last_update[0], 'album_owner' => $ownername, 'media_count' => $MG_albums[$album_id]->getMediaCount(), 'lang_search' => $LANG_MG01['search'])); if ($MG_albums[$album_id]->enable_rss) { $rssfeedname = sprintf($_MG_CONF['rss_feed_name'] . "%06d", $album_id); $feedUrl = MG_getFeedUrl($rssfeedname . '.rss'); $rsslink = '<a href="' . $feedUrl . '"' . ' type="application/rss+xml">'; $rsslink .= '<img src="' . MG_getImageFile('feed.png') . '" style="border:none;" alt=""/></a>'; $T->set_var('rsslink', $rsslink); } else { $T->set_var('rsslink', ''); } $subscribe = ''; if (!COM_isAnonUser()) { if (PLG_isSubscribed('mediagallery', '', $album_id, $_USER['uid'])) { $subscribe = '<a class="subscribelink" href="' . $_MG_CONF['site_url'] . '/subscription.php?op=unsubscribe&sid=' . $album_id . '">' . $LANG01['unsubscribe'] . '</a>'; $subscribe_url = $_MG_CONF['site_url'] . '/subscription.php?op=unsubscribe&sid=' . $album_id; $subscribe_text = $LANG01['unsubscribe']; } else { $subscribe = '<a class="subscribelink" href="' . $_MG_CONF['site_url'] . '/subscription.php?op=subscribe&sid=' . $album_id . '">' . $LANG01['subscribe'] . '</a>'; $subscribe_url = $_MG_CONF['site_url'] . '/subscription.php?op=subscribe&sid=' . $album_id; $subscribe_text = $LANG01['subscribe']; } $T->set_var('subscribe', $subscribe); $T->set_var('subscribe_url', $subscribe_url); $T->set_var('subscribe_text', $subscribe_text); } PLG_templateSetVars('mediagallery', $T); if ($total_media == 0) { $T->set_var(array('lang_no_image' => $LANG_MG03['no_media_objects']));
$topicResults = DB_query($sql); $totalresults = DB_numRows($topicResults); // Retrieve forum details and category name $sql = "SELECT forum.forum_name,forum.forum_id AS forum, category.cat_name,category.id,forum.is_readonly,forum.grp_id,forum.rating_post,forum.rating_view FROM {$_TABLES['ff_forums']} forum "; $sql .= "LEFT JOIN {$_TABLES['ff_categories']} category on category.id=forum.forum_cat "; $sql .= "WHERE forum.forum_id = " . (int) $forum; $category = DB_fetchArray(DB_query($sql)); if ($totalresults < 1 && $skipForum == false) { $errMsg .= '<div class="pluginAlert" style="padding:10px;margin:10px;">' . $LANG_GF02['msg05'] . '</div>'; } $canPost = _ff_canPost($category); $subscribe = ''; $forumsubscribed = ''; if (!COM_isAnonUser() && $skipForum == false) { // Check for user subscription status $sub_check = PLG_isSubscribed('forum', $forum, 0, $uid); if ($sub_check == false) { $subscribelinkimg = '<img src="' . _ff_getImage('forumnotify_on') . '" style="vertical-align:middle;" alt="' . $LANG_GF01['FORUMSUBSCRIBE'] . '" title="' . $LANG_GF01['FORUMSUBSCRIBE'] . '"/>'; $subscribelink = $_CONF['site_url'] . '/forum/index.php?op=subscribe&forum=' . $forum; $subcribelanguage = $LANG_GF01['FORUMSUBSCRIBE']; $sub_option = 'subscribe_forum'; } else { $subscribelinkimg = '<img src="' . _ff_getImage('forumnotify_off') . '" alt="' . $LANG_GF01['FORUMUNSUBSCRIBE'] . '" title="' . $LANG_GF01['FORUMUNSUBSCRIBE'] . '" style="vertical-align:middle;"/>'; $subscribelink = $_CONF['site_url'] . '/forum/notify.php?filter=2'; $subcribelanguage = $LANG_GF01['FORUMUNSUBSCRIBE']; $sub_option = 'unsubscribe_forum'; $formsubscribed = TRUE; } $token = SEC_createToken(); $topiclisting->set_var(array('subscribelink' => $subscribelink, 'subscribelinkimg' => $subscribelinkimg, 'forumsubscribed' => $forumsubscribed, 'LANG_subscribe' => $subcribelanguage, 'forum' => $forum, 'suboption' => $sub_option, 'token' => $token, 'token_name' => CSRF_TOKEN)); }
/** * Displays the comment form * * @param string $title Title of comment * @param string $comment Text of comment * @param string $sid ID of object comment belongs to * @param int $pid ID of parent comment * @param string $type Type of object comment is posted to * @param string $mode Mode, e.g. 'preview' * @param string $postmode Indicates if comment is plain text or HTML * @return string HTML for comment form * */ function CMT_commentForm($title, $comment, $sid, $pid = '0', $type, $mode, $postmode) { global $_CONF, $_TABLES, $_USER, $LANG03, $LANG12, $LANG_LOGIN, $LANG_ACCESS; $retval = ''; $cid = 0; $edit_comment = ''; $filter = sanitizer::getInstance(); $AllowedElements = $filter->makeAllowedElements($_CONF['htmlfilter_comment']); $filter->setAllowedelements($AllowedElements); $filter->setNamespace('glfusion', 'comment'); // never trust $uid ... if (COM_isAnonUser()) { $uid = 1; } else { $uid = $_USER['uid']; } $commentuid = $uid; if (($mode == 'edit' || $mode == 'preview_edit') && isset($_REQUEST['cid'])) { $cid = COM_applyFilter($_REQUEST['cid']); $commentuid = DB_getItem($_TABLES['comments'], 'uid', "cid = " . (int) $cid); } if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_CONF['commentsloginrequired'] == 1)) { $retval .= SEC_loginRequiredForm(); return $retval; } else { COM_clearSpeedlimit($_CONF['commentspeedlimit'], 'comment'); $last = 0; if ($mode != 'edit' && $mode != 'preview' && $mode != 'preview_new' && $mode != 'preview_edit') { //not edit mode or preview changes $last = COM_checkSpeedlimit('comment'); } if ($last > 0) { $retval .= COM_showMessageText($LANG03[7] . $last . $LANG03[8], $LANG12[26], false); } else { if (empty($postmode)) { $postmode = $_CONF['comment_postmode']; } $AllowedElements = $filter->makeAllowedElements($_CONF['htmlfilter_comment']); $filter->setPostmode($postmode); $filter->setCensorData(true); $filter->setAllowedElements($AllowedElements); $comment = $filter->filterHTML($comment); $display_comment = $filter->displayText($comment); $edit_comment = $filter->editableText($comment); $filter->setPostmode('text'); $title = $filter->displayText($title); $title = $filter->editableText($title); $filter->setPostmode($postmode); $_POST['title'] = $title; $_POST['comment'] = $display_comment; // Preview mode: if (($mode == $LANG03[14] || $mode == 'preview' || $mode == 'preview_new' || $mode == 'preview_edit') && !empty($title) && !empty($comment)) { $start = new Template($_CONF['path_layout'] . 'comment'); $start->set_file(array('comment' => 'startcomment.thtml')); $start->set_var('hide_if_preview', 'style="display:none"'); // Clean up all the vars $A = array(); foreach ($_POST as $key => $value) { if ($key == 'pid' || $key == 'cid') { $A[$key] = (int) COM_applyFilter($_POST[$key], true); } else { if ($key == 'title' || $key == 'comment') { // these have already been filtered above $A[$key] = $_POST[$key]; } else { if ($key == 'username') { $A[$key] = @htmlspecialchars(COM_checkWords(strip_tags($_POST[$key])), ENT_QUOTES, COM_getEncodingt()); } else { $A[$key] = COM_applyFilter($_POST[$key]); } } } } //correct time and username for edit preview if ($mode == 'preview' || $mode == 'preview_new' || $mode == 'preview_edit') { $A['nice_date'] = DB_getItem($_TABLES['comments'], 'UNIX_TIMESTAMP(date)', "cid = " . (int) $cid); if ($_USER['uid'] != $commentuid) { $A['username'] = DB_getItem($_TABLES['users'], 'username', "uid = " . (int) $commentuid); } } if (empty($A['username'])) { $A['username'] = DB_getItem($_TABLES['users'], 'username', "uid = " . (int) $uid); } $author_id = PLG_getItemInfo($type, $sid, 'author'); $thecomments = CMT_getComment($A, 'flat', $type, 'ASC', false, true, 0, $author_id); $start->set_var('comments', $thecomments); $retval .= '<a name="comment_entry"></a>'; $retval .= COM_startBlock($LANG03[14]) . $start->finish($start->parse('output', 'comment')) . COM_endBlock(); } else { if ($mode == 'preview_new' || $mode == 'preview_edit') { $retval .= COM_showMessageText($LANG03[12], $LANG03[17], true); $mode = 'error'; } } $comment_template = new Template($_CONF['path_layout'] . 'comment'); $comment_template->set_file('form', 'commentform.thtml'); if ($mode == 'preview_new') { $comment_template->set_var('mode', 'new'); $comment_template->set_var('show_anchor', ''); } else { if ($mode == 'preview_edit') { $comment_template->set_var('mode', 'edit'); $comment_template->set_var('show_anchor', ''); } else { $comment_template->set_var('mode', $mode); $comment_template->set_var('show_anchor', 1); } } $comment_template->set_var('start_block_postacomment', COM_startBlock($LANG03[1])); if ($_CONF['show_fullname'] == 1) { $comment_template->set_var('lang_username', $LANG_ACCESS['name']); } else { $comment_template->set_var('lang_username', $LANG03[5]); } $comment_template->set_var('sid', $sid); $comment_template->set_var('pid', $pid); $comment_template->set_var('type', $type); if ($mode == 'edit' || $mode == 'preview_edit') { //edit modes $comment_template->set_var('start_block_postacomment', COM_startBlock($LANG03[41])); $comment_template->set_var('cid', '<input type="hidden" name="cid" value="' . @htmlspecialchars(COM_applyFilter($_REQUEST['cid']), ENT_COMPAT, COM_getEncodingt()) . '"/>'); } else { $comment_template->set_var('start_block_postacomment', COM_startBlock($LANG03[1])); $comment_template->set_var('cid', ''); } $comment_template->set_var('CSRF_TOKEN', SEC_createToken()); $comment_template->set_var('token_name', CSRF_TOKEN); if (!COM_isAnonUser()) { $comment_template->set_var('uid', $_USER['uid']); $name = COM_getDisplayName($_USER['uid'], $_USER['username'], $_USER['fullname']); $comment_template->set_var('username', $name); $comment_template->set_var('action_url', $_CONF['site_url'] . '/users.php?mode=logout'); $comment_template->set_var('lang_logoutorcreateaccount', $LANG03[03]); $comment_template->set_var('username_disabled', 'disabled="disabled"'); $comment_template->set_var('suballowed', true); $isSub = 0; if ($mode == 'preview_edit' || $mode == 'preview_new') { $isSub = isset($_POST['subscribe']) ? 1 : 0; } else { if (PLG_isSubscribed('comment', $type, $sid)) { $isSub = 1; } } if ($isSub == 0) { $subchecked = ''; } else { $subchecked = 'checked="checked"'; } $comment_template->set_var('subchecked', $subchecked); } else { //Anonymous user $comment_template->set_var('uid', 1); if (isset($_POST['username'])) { $name = $filter->sanitizeUsername(COM_applyFilter($_POST['username'])); //for preview } else { $name = $LANG03[24]; //anonymous user } $usernameblock = '<input type="text" name="username" size="16" value="' . $name . '" maxlength="32"/>'; $comment_template->set_var('username', $name); // $usernameblock); $comment_template->set_var('action_url', $_CONF['site_url'] . '/users.php?mode=new'); $comment_template->set_var('lang_logoutorcreateaccount', $LANG03[04]); $comment_template->set_var('username_disabled', ''); } if ($postmode == 'html') { $comment_template->set_var('htmlmode', true); } $comment_template->set_var('lang_title', $LANG03[16]); $comment_template->set_var('title', @htmlspecialchars($title, ENT_COMPAT, COM_getEncodingt())); $comment_template->set_var('lang_comment', $LANG03[9]); $comment_template->set_var('comment', $edit_comment); $comment_template->set_var('lang_postmode', $LANG03[2]); $comment_template->set_var('postmode', $postmode); $comment_template->set_var('postmode_options', COM_optionList($_TABLES['postmodes'], 'code,name', $postmode)); $comment_template->set_var('allowed_html', $filter->getAllowedHTML() . '<br/>' . COM_AllowedAutotags('', false, 'glfusion', 'comment')); $comment_template->set_var('lang_importantstuff', $LANG03[18]); $comment_template->set_var('lang_instr_line1', $LANG03[19]); $comment_template->set_var('lang_instr_line2', $LANG03[20]); $comment_template->set_var('lang_instr_line3', $LANG03[21]); $comment_template->set_var('lang_instr_line4', $LANG03[22]); $comment_template->set_var('lang_instr_line5', $LANG03[23]); if ($mode == 'edit' || $mode == 'preview_edit') { //editing comment or preview changes $comment_template->set_var('lang_preview', $LANG03[28]); } else { //new comment $comment_template->set_var('lang_preview', $LANG03[14]); } if (function_exists('msg_replaceEmoticons')) { $comment_template->set_var('smilies', msg_showsmilies()); } $comment_template->unset_var('save_type'); PLG_templateSetVars('comment', $comment_template); if ($mode == 'preview_edit' || $mode == 'edit' && $_CONF['skip_preview'] == 1) { //for editing $comment_template->set_var('save_type', 'saveedit'); $comment_template->set_var('lang_save', $LANG03[29]); $comment_template->set_var('save_option', '<input type="submit" name="saveedit" value="' . $LANG03[29] . '"/>'); } elseif ($_CONF['skip_preview'] == 1 || $mode == 'preview_new') { //new comment $comment_template->set_var('save_type', 'savecomment'); $comment_template->set_var('lang_save', $LANG03[11]); $comment_template->set_var('save_option', '<input type="submit" name="savecomment" value="' . $LANG03[11] . '"/>'); } $comment_template->set_var('end_block', COM_endBlock()); $comment_template->parse('output', 'form'); $retval .= $comment_template->finish($comment_template->get_var('output')); } } return $retval; }