/**
* Standard modular run function for search results.
*
* @param string Search string
* @param boolean Whether to only do a META (tags) search
* @param ID_TEXT Order direction
* @param integer Start position in total results
* @param integer Maximum results to return in total
* @param boolean Whether only to search titles (as opposed to both titles and content)
* @param string Where clause that selects the content according to the main search string (SQL query fragment) (blank: full-text search)
* @param SHORT_TEXT Username/Author to match for
* @param ?MEMBER Member-ID to match for (NULL: unknown)
* @param TIME Cutoff date
* @param string The sort type (gets remapped to a field in this function)
* @set title add_date
* @param integer Limit to this number of results
* @param string What kind of boolean search to do
* @set or and
* @param string Where constraints known by the main search code (SQL query fragment)
* @param string Comma-separated list of categories to search under
* @param boolean Whether it is a boolean search
* @return array List of maps (template, orderer)
*/
function run($content, $only_search_meta, $direction, $max, $start, $only_titles, $content_where, $author, $author_id, $cutoff, $sort, $limit_to, $boolean_operator, $where_clause, $search_under, $boolean_search)
{
unset($author_id);
unset($limit_to);
if (!module_installed('catalogues')) {
return array();
}
$remapped_orderer = '';
switch ($sort) {
case 'title':
$remapped_orderer = 'cc_title';
break;
case 'add_date':
$remapped_orderer = 'cc_add_date';
break;
}
require_code('catalogues');
require_lang('catalogues');
// Calculate our where clause (search)
if ($author != '') {
return array();
}
if (!is_null($cutoff)) {
$where_clause .= ' AND ';
$where_clause .= 'cc_add_date>' . strval($cutoff);
}
if (!$GLOBALS['FORUM_DRIVER']->is_super_admin(get_member())) {
$where_clause .= ' AND ';
$where_clause .= 'z.category_name IS NOT NULL';
$where_clause .= ' AND ';
$where_clause .= 'p.category_name IS NOT NULL';
}
$g_or = _get_where_clause_groups(get_member());
// Calculate and perform query
if ($g_or == '') {
$rows = get_search_rows('catalogue_category', 'id', $content, $boolean_search, $boolean_operator, $only_search_meta, $direction, $max, $start, $only_titles, 'catalogue_categories r', array('r.cc_title', 'r.cc_description'), $where_clause, $content_where, $remapped_orderer, 'r.*');
} else {
$rows = get_search_rows('catalogue_category', 'id', $content, $boolean_search, $boolean_operator, $only_search_meta, $direction, $max, $start, $only_titles, 'catalogue_categories r LEFT JOIN ' . $GLOBALS['SITE_DB']->get_table_prefix() . 'group_category_access z ON (' . db_string_equal_to('z.module_the_name', 'catalogues_category') . ' AND z.category_name=r.id AND ' . str_replace('group_id', 'z.group_id', $g_or) . ') LEFT JOIN ' . $GLOBALS['SITE_DB']->get_table_prefix() . 'group_category_access p ON (' . db_string_equal_to('p.module_the_name', 'catalogues_catalogue') . ' AND p.category_name=r.c_name AND ' . str_replace('group_id', 'p.group_id', $g_or) . ')', array('r.cc_title', 'r.cc_description'), $where_clause, $content_where, $remapped_orderer, 'r.*');
}
$out = array();
foreach ($rows as $i => $row) {
$out[$i]['data'] = $row;
unset($rows[$i]);
if ($remapped_orderer != '' && array_key_exists($remapped_orderer, $row)) {
$out[$i]['orderer'] = $row[$remapped_orderer];
} elseif (substr($remapped_orderer, 0, 7) == '_rating') {
$out[$i]['orderer'] = $row['compound_rating'];
}
}
return $out;
}
/**
* Standard modular run function for search results.
*
* @param string Search string
* @param boolean Whether to only do a META (tags) search
* @param ID_TEXT Order direction
* @param integer Start position in total results
* @param integer Maximum results to return in total
* @param boolean Whether only to search titles (as opposed to both titles and content)
* @param string Where clause that selects the content according to the main search string (SQL query fragment) (blank: full-text search)
* @param SHORT_TEXT Username/Author to match for
* @param ?MEMBER Member-ID to match for (NULL: unknown)
* @param TIME Cutoff date
* @param string The sort type (gets remapped to a field in this function)
* @set title add_date
* @param integer Limit to this number of results
* @param string What kind of boolean search to do
* @set or and
* @param string Where constraints known by the main search code (SQL query fragment)
* @param string Comma-separated list of categories to search under
* @param boolean Whether it is a boolean search
* @return array List of maps (template, orderer)
*/
function run($content, $only_search_meta, $direction, $max, $start, $only_titles, $content_where, $author, $author_id, $cutoff, $sort, $limit_to, $boolean_operator, $where_clause, $search_under, $boolean_search)
{
$remapped_orderer = '';
switch ($sort) {
case 'title':
$remapped_orderer = 'the_page';
break;
case 'add_date':
$remapped_orderer = 'the_zone';
// Stucked
break;
}
load_up_all_self_page_permissions(get_member());
$sq = build_search_submitter_clauses('p_submitter', $author_id, $author);
if (is_null($sq)) {
return array();
} else {
$where_clause .= $sq;
}
if (!$GLOBALS['FORUM_DRIVER']->is_super_admin(get_member())) {
$where_clause .= ' AND ';
$where_clause .= 'z.zone_name IS NOT NULL';
}
if (strpos($content, 'panel_') === false) {
$where_clause .= ' AND ';
$where_clause .= '(r.the_page NOT LIKE \'' . db_encode_like('panel\\_%') . '\') AND (r.the_page NOT LIKE \'' . db_encode_like('\\_%') . '\')';
}
if (!is_null($search_under) && $search_under != '!') {
$where_clause .= ' AND ';
$where_clause .= '(' . db_string_equal_to('r.the_zone', $search_under) . ')';
}
if (!has_specific_permission(get_member(), 'see_unvalidated')) {
$where_clause .= ' AND ';
$where_clause .= 'p_validated=1';
}
require_lang('zones');
$g_or = _get_where_clause_groups(get_member(), false);
// Calculate and perform query
if ($g_or == '') {
$rows = get_search_rows('comcode_page', 'the_zone:the_page', $content, $boolean_search, $boolean_operator, $only_search_meta, $direction, $max, $start, $only_titles, 'cached_comcode_pages r LEFT JOIN ' . $GLOBALS['SITE_DB']->get_table_prefix() . 'comcode_pages q ON (q.the_zone=r.the_zone AND q.the_page=r.the_page)', array('r.cc_page_title', 'r.string_index'), $where_clause, $content_where, $remapped_orderer, 'r.*');
} else {
$rows = get_search_rows('comcode_page', 'the_zone:the_page', $content, $boolean_search, $boolean_operator, $only_search_meta, $direction, $max, $start, $only_titles, 'cached_comcode_pages r LEFT JOIN ' . $GLOBALS['SITE_DB']->get_table_prefix() . 'comcode_pages q ON (q.the_zone=r.the_zone AND q.the_page=r.the_page) LEFT JOIN ' . $GLOBALS['SITE_DB']->get_table_prefix() . 'group_zone_access z ON (z.zone_name=r.the_zone AND (' . str_replace('group_id', 'z.group_id', $g_or) . '))', array('r.cc_page_title', 'r.string_index'), $where_clause, $content_where, $remapped_orderer, 'r.*');
}
if (addon_installed('redirects_editor')) {
$redirects = $GLOBALS['SITE_DB']->query_select('redirects', array('*'));
} else {
$redirects = array();
}
$out = array();
$pages_found = array();
foreach ($rows as $i => $row) {
foreach ($redirects as $redirect) {
if ($redirect['r_from_page'] == $row['the_page'] && $redirect['r_from_zone'] == $row['the_zone']) {
continue 2;
}
}
if ($row['the_zone'] == '!') {
continue;
}
if (array_key_exists($row['the_zone'] . ':' . $row['the_page'], $pages_found)) {
continue;
}
$pages_found[$row['the_zone'] . ':' . $row['the_page']] = 1;
$out[$i]['data'] = $row + array('extra' => array($row['the_zone'], $row['the_page'], $limit_to));
if ($remapped_orderer != '' && array_key_exists($remapped_orderer, $row)) {
$out[$i]['orderer'] = $row[$remapped_orderer];
} elseif (substr($remapped_orderer, 0, 7) == '_rating') {
$out[$i]['orderer'] = $row['compound_rating'];
}
if (!has_page_access(get_member(), $row['the_page'], $row['the_zone'])) {
$out[$i]['restricted'] = true;
}
}
if ($author == '') {
// Make sure we record that for all cached Comcode pages, we know of them (only those not cached would not have been under the scope of the current search)
$all_pages = $GLOBALS['SITE_DB']->query_select('cached_comcode_pages', array('the_zone', 'the_page'));
foreach ($all_pages as $row) {
$pages_found[$row['the_zone'] . ':' . $row['the_page']] = 1;
}
// Now, look on disk for non-cached comcode pages
$zones = find_all_zones();
$i = count($out);
if (!is_null($search_under) && $search_under != '!') {
$zones = array($search_under);
}
foreach ($zones as $zone) {
if (!has_zone_access(get_member(), $zone)) {
continue;
}
$pages = find_all_pages($zone, 'comcode/' . user_lang(), 'txt') + find_all_pages($zone, 'comcode_custom/' . user_lang(), 'txt') + find_all_pages($zone, 'comcode/' . get_site_default_lang(), 'txt') + find_all_pages($zone, 'comcode_custom/' . get_site_default_lang(), 'txt');
foreach ($pages as $page => $dir) {
if (!is_string($page)) {
$page = strval($page);
}
if (!array_key_exists($zone . ':' . $page, $pages_found)) {
if (!has_page_access(get_member(), $page, $zone)) {
continue;
}
if (strpos($content, 'panel_') === false) {
if (substr($page, 0, 6) == 'panel_') {
continue;
}
}
if (substr($page, 0, 1) == '_') {
continue;
}
foreach ($redirects as $redirect) {
if ($redirect['r_from_page'] == $page && $redirect['r_from_zone'] == $zone) {
continue 2;
}
}
$path = zone_black_magic_filterer(($dir == 'comcode_custom' ? get_custom_file_base() : get_file_base()) . '/' . $zone . '/pages/' . $dir . '/' . $page . '.txt');
if (!is_null($cutoff) && filemtime($path) < $cutoff) {
continue;
}
$contents = file_get_contents($path, FILE_TEXT);
if ($only_titles) {
$contents = preg_replace('#^.*\\[title(="1")?\\](.*)\\[/title\\].*$#Us', '${2}', $contents);
}
if (in_memory_search_match(array('content' => $content, 'conjunctive_operator' => $boolean_operator), $contents)) {
$out[$i]['data'] = array('the_zone' => $zone, 'the_page' => $page) + array('extra' => array($zone, $page, $limit_to));
if ($remapped_orderer == 'the_page') {
$out[$i]['orderer'] = $page;
} elseif ($remapped_orderer == 'the_zone') {
$out[$i]['orderer'] = $zone;
}
$i++;
$GLOBALS['TOTAL_RESULTS']++;
// Let it cache for next time
if (get_option('is_on_comcode_page_cache') == '1') {
request_page($page, false, $zone, $dir, false, true);
}
}
}
}
}
}
return $out;
}
/**
* The UI to add a poll.
*
* @param ?AUTO_LINK The topic ID to add the poll to (NULL: it is instead gettable from a GET parameter named 'id')
* @return tempcode The UI
*/
function add_poll($topic_id = NULL)
{
if (is_null($topic_id)) {
$topic_id = get_param_integer('id');
}
$map = array('page' => '_SELF', 'type' => '_add_poll', 'id' => $topic_id);
if (get_param_integer('try_validate', 0) == 1) {
$map['try_validate'] = 1;
}
if (get_param('type', 'misc') == '_add_reply' && post_param_integer('validated', 0) == 1) {
$map['re_validate'] = 1;
}
$post_url = build_url($map, '_SELF');
$fields = new ocp_tempcode();
$fields->attach($this->get_poll_form_fields());
// Find polls we can grab
$groups = _get_where_clause_groups(get_member());
if (!is_null($groups)) {
$perhaps = $GLOBALS['SITE_DB']->query('SELECT category_name FROM ' . get_table_prefix() . 'group_category_access WHERE ' . db_string_equal_to('module_the_name', 'forums') . ' AND (' . $groups . ')');
$or_list = '';
foreach ($perhaps as $row) {
if ($or_list != '') {
$or_list .= ' OR ';
}
$or_list .= 't.t_forum_id=' . strval((int) $row['category_name']);
}
if ($or_list != '') {
$polls = $GLOBALS['FORUM_DB']->query('SELECT p.*,t_cache_first_username FROM ' . $GLOBALS['FORUM_DB']->get_table_prefix() . 'f_topics t LEFT JOIN ' . $GLOBALS['FORUM_DB']->get_table_prefix() . 'f_polls p ON p.id=t.t_poll_id WHERE (' . $or_list . ') AND p.id IS NOT NULL ORDER BY id DESC', 30);
} else {
$polls = array();
}
} else {
$polls = $GLOBALS['FORUM_DB']->query('SELECT p.*,t_cache_first_username FROM ' . $GLOBALS['FORUM_DB']->get_table_prefix() . 'f_topics t LEFT JOIN ' . $GLOBALS['FORUM_DB']->get_table_prefix() . 'f_polls p ON p.id=t.t_poll_id WHERE p.id IS NOT NULL ORDER BY id DESC', 30);
}
if (count($polls) != 0) {
$fields->attach(do_template('FORM_SCREEN_FIELD_SPACER', array('SECTION_HIDDEN' => true, 'TITLE' => do_lang_tempcode('ALT_COPY_EXISTING_POLL'))));
$list = new ocp_tempcode();
$list->attach(form_input_list_entry('', true, ''));
foreach ($polls as $poll) {
$list->attach(form_input_list_entry(strval($poll['id']), false, do_lang_tempcode('POLL_IN_LIST', escape_html($poll['po_question']), escape_html($poll['t_cache_first_username']))));
}
$fields->attach(form_input_list(do_lang_tempcode('EXISTING'), do_lang_tempcode('COPY_EXISTING_POLL'), 'existing', $list, NULL, false, false));
$javascript = 'var existing=document.getElementById(\'existing\'); var form=existing.form; var ch_func=function() { var disable_all=(existing.selectedIndex!=0); var i; for (i=0;i<form.elements.length;i++) if ((form.elements[i]!=existing) && (form.elements[i].id!=\'perform_keywordcheck\') && ((form.elements[i].getAttribute(\'type\')==\'checkbox\') || (form.elements[i].getAttribute(\'type\')==\'text\'))) { setRequired(form.elements[i].name,(!disable_all) && ((form.elements[i].id==\'question\') || (form.elements[i].id==\'answer_0\'))); setLocked(form.elements[i].name,disable_all); } }; for (i=0;i<form.elements.length;i++) addEventListenerAbstract(form.elements[i],\'change\',ch_func);';
} else {
$javascript = '';
}
$title = get_page_title('ADD_TOPIC_POLL');
$submit_name = do_lang_tempcode('ADD_TOPIC_POLL');
$topic_info = $GLOBALS['FORUM_DB']->query_select('f_topics', array('*'), array('id' => $topic_id), '', 1);
if (!array_key_exists(0, $topic_info)) {
warn_exit(do_lang_tempcode('MISSING_RESOURCE'));
}
$this->handle_topic_breadcrumbs($topic_info[0]['t_forum_id'], $topic_id, $topic_info[0]['t_cache_first_title'], do_lang_tempcode('ADD_TOPIC_POLL'));
return do_template('FORM_SCREEN', array('_GUID' => 'ce1752a0c5508a061bffbf242a13e5bd', 'HIDDEN' => '', 'TITLE' => $title, 'FIELDS' => $fields, 'TEXT' => '', 'SUBMIT_NAME' => $submit_name, 'URL' => $post_url, 'JAVASCRIPT' => $javascript));
}
/**
* Show a banner according to GET parameter specification.
*
* @param boolean Whether to return a result rather than outputting
* @param ?string Whether we are displaying or click-processing (NULL: get from URL param)
* @set "click" ""
* @param ?string Specific banner to display (NULL: get from URL param) (blank: randomise)
* @param ?string Banner type to display (NULL: get from URL param)
* @param ?integer Whether we are only showing our own banners, rather than allowing external rotation ones (NULL: get from URL param)
* @param ?string The banner advertisor who is actively displaying the banner (calling up this function) and hence is rewarded (NULL: get from URL param) (blank: our own site)
* @return ?tempcode Result (NULL: we weren't asked to return the result)
*/
function banners_script($ret = false, $type = NULL, $dest = NULL, $b_type = NULL, $internal_only = NULL, $source = NULL)
{
require_code('images');
require_lang('banners');
// If this is being called for a click through
if (is_null($type)) {
$type = get_param('type', '');
}
if ($type == 'click') {
// Input parameters
if (is_null($source)) {
$source = get_param('source', '');
}
if (is_null($dest)) {
$dest = get_param('dest', '');
}
// Has the banner been clicked before?
$test = $GLOBALS['SITE_DB']->query_value('banner_clicks', 'MAX(c_date_and_time)', array('c_ip_address' => get_ip_address(), 'c_banner_id' => $dest));
$unique = is_null($test) || $test < time() - 60 * 60 * 24;
// Find the information about the dest
$rows = $GLOBALS['SITE_DB']->query_select('banners', array('site_url', 'hits_to', 'campaign_remaining'), array('name' => $dest));
if (!array_key_exists(0, $rows)) {
fatal_exit(do_lang_tempcode('MISSING_RESOURCE'));
}
$myrow = $rows[0];
$url = $myrow['site_url'];
$page_link = url_to_pagelink($url);
if ($page_link != '') {
$keep = symbol_tempcode('KEEP', array(strpos($url, '?') === false ? '1' : '0'));
$url .= $keep->evaluate();
}
if ($unique) {
if (get_db_type() != 'xml') {
$GLOBALS['SITE_DB']->query('UPDATE ' . get_table_prefix() . 'banners SET hits_to=(hits_to+1) WHERE ' . db_string_equal_to('name', $dest), 1);
}
$campaignremaining = $myrow['campaign_remaining'];
if (!is_null($campaignremaining)) {
if (get_db_type() != 'xml') {
$GLOBALS['SITE_DB']->query('UPDATE ' . get_table_prefix() . 'banners SET campaign_remaining=(campaign_remaining-1) WHERE ' . db_string_equal_to('name', $dest), 1);
}
}
}
// Find the information about the source
if ($source != '' && $unique) {
$rows = $GLOBALS['SITE_DB']->query_select('banners', array('hits_from', 'campaign_remaining'), array('name' => $source));
if (!array_key_exists(0, $rows)) {
fatal_exit(do_lang_tempcode('BANNER_MISSING_SOURCE'));
}
$myrow = $rows[0];
if (get_db_type() != 'xml') {
$GLOBALS['SITE_DB']->query('UPDATE ' . get_table_prefix() . 'banners SET hits_from=(hits_from+1) WHERE ' . db_string_equal_to('name', $source), 1);
}
$campaignremaining = $myrow['campaign_remaining'];
if (!is_null($campaignremaining)) {
if (get_db_type() != 'xml') {
$GLOBALS['SITE_DB']->query('UPDATE ' . get_table_prefix() . 'banners SET campaign_remaining=(campaign_remaining+1) WHERE ' . db_string_equal_to('name', $source), 1);
}
}
}
// Log the click
load_user_stuff();
$GLOBALS['SITE_DB']->query_insert('banner_clicks', array('c_date_and_time' => time(), 'c_member_id' => get_member(), 'c_ip_address' => get_ip_address(), 'c_source' => $source, 'c_banner_id' => $dest));
if (strpos($url, chr(10)) !== false || strpos($url, chr(13)) !== false) {
log_hack_attack_and_exit('HEADER_SPLIT_HACK');
}
header('Location: ' . $url);
} else {
if (is_null($dest)) {
$dest = get_param('dest', '');
}
if (is_null($b_type)) {
$b_type = get_param('b_type', '');
}
if (is_null($internal_only)) {
$internal_only = get_param_integer('internal_only', 0);
}
if ($internal_only == 0 && $dest == '' && $b_type == '') {
$adcode = get_option('money_ad_code');
if ($adcode != '' && (0 == $GLOBALS['SITE_DB']->query_value('banners', 'COUNT(*)', array('validated' => 1)) || mt_rand(0, 100) > intval(get_option('advert_chance')))) {
if ($ret) {
return make_string_tempcode($adcode);
}
$echo = do_template('BASIC_HTML_WRAP', array('_GUID' => 'fd6fc24384dd13e7931ceb369a500672', 'TITLE' => do_lang_tempcode('BANNER'), 'CONTENT' => $adcode));
$echo->evaluate_echo();
return NULL;
}
}
// A community banner then...
// ==========================
// Input parameters (clicks-in from source site)
if (is_null($source)) {
$source = get_param('source', '');
}
// To allow overriding to specify a specific banner
if ($dest != '') {
$myquery = 'SELECT * FROM ' . get_table_prefix() . 'banners WHERE ' . db_string_equal_to('name', $dest);
} else {
$myquery = 'SELECT * FROM ' . get_table_prefix() . 'banners WHERE ((the_type<>' . strval(BANNER_CAMPAIGN) . ') OR (campaign_remaining>0)) AND ((expiry_date IS NULL) OR (expiry_date>' . strval(time()) . ')) AND ' . db_string_not_equal_to('name', $source) . ' AND validated=1 AND ' . db_string_equal_to('b_type', $b_type);
}
// Run Query
$rows = $GLOBALS['SITE_DB']->query($myquery, 500, NULL, true);
if (is_null($rows)) {
$rows = array();
}
// Error, but tolerate it as it could be on each page load
// Filter out what we don't have permission for
if (get_option('use_banner_permissions', true) === '1') {
load_user_stuff();
require_code('permissions');
$groups = _get_where_clause_groups(get_member());
if (!is_null($groups)) {
$perhaps = collapse_1d_complexity('category_name', $GLOBALS['SITE_DB']->query('SELECT category_name FROM ' . get_table_prefix() . 'group_category_access WHERE ' . db_string_equal_to('module_the_name', 'banners') . ' AND (' . $groups . ')'));
$new_rows = array();
foreach ($rows as $row) {
if (in_array($row['name'], $perhaps)) {
$new_rows[] = $row;
}
}
$rows = $new_rows;
}
}
// Are we allowed to show default banners?
$counter = 0;
$show_defaults = true;
while (array_key_exists($counter, $rows)) {
$myrow = $rows[$counter];
if ($myrow['the_type'] == BANNER_CAMPAIGN) {
$show_defaults = false;
}
$counter++;
}
// Count the total of all importance_modulus entries
$tally = 0;
$counter = 0;
$bound = array();
while (array_key_exists($counter, $rows)) {
$myrow = $rows[$counter];
if ($myrow['the_type'] == 2 && !$show_defaults) {
$myrow['importance_modulus'] = 0;
}
$tally += $myrow['importance_modulus'];
$bound[$counter] = $tally;
$counter++;
}
if ($tally == 0) {
load_user_stuff();
require_code('permissions');
if (has_actual_page_access(NULL, 'cms_banners') && has_submit_permission('mid', get_member(), get_ip_address(), 'cms_banners')) {
$add_banner_url = build_url(array('page' => 'cms_banners', 'type' => 'ad'), get_module_zone('cms_banners'));
} else {
$add_banner_url = new ocp_tempcode();
}
$content = do_template('BANNERS_NONE', array('_GUID' => 'b786ec327365d1ef38134ce401db9dd2', 'ADD_BANNER_URL' => $add_banner_url));
if ($ret) {
return $content;
}
$echo = do_template('BASIC_HTML_WRAP', array('_GUID' => '00c8549b88dac8a1291450eb5b681d80', 'TARGET' => '_top', 'TITLE' => do_lang_tempcode('BANNER'), 'CONTENT' => $content));
$echo->evaluate_echo();
return NULL;
}
// Choose which banner to show from the results
$rand = mt_rand(0, $tally);
for ($i = 0; $i < $counter; $i++) {
if ($rand <= $bound[$i]) {
break;
}
}
$name = $rows[$i]['name'];
// Update the counts (ones done per-view)
if (get_db_type() != 'xml') {
$GLOBALS['SITE_DB']->query('UPDATE ' . get_table_prefix() . 'banners SET views_to=(views_to+1) WHERE ' . db_string_equal_to('name', $name), 1, NULL, false, true);
}
if ($source != '') {
if (get_db_type() != 'xml') {
$GLOBALS['SITE_DB']->query('UPDATE ' . get_table_prefix() . 'banners SET views_from=(views_from+1) WHERE ' . db_string_equal_to('name', $name), 1, NULL, false, true);
}
}
// Display!
$img = $rows[$i]['img_url'];
$caption = get_translated_tempcode($rows[$i]['caption']);
$content = show_banner($name, $rows[$i]['b_title_text'], $caption, $img, $source, $rows[$i]['site_url'], $rows[$i]['b_type']);
if ($ret) {
return $content;
}
$echo = do_template('BASIC_HTML_WRAP', array('_GUID' => 'd23424ded86c850f4ae0006241407ff9', 'TITLE' => do_lang_tempcode('BANNER'), 'CONTENT' => $content));
$echo->evaluate_echo();
}
return NULL;
}
/**
* Standard modular run function for search results.
*
* @param string Search string
* @param boolean Whether to only do a META (tags) search
* @param ID_TEXT Order direction
* @param integer Start position in total results
* @param integer Maximum results to return in total
* @param boolean Whether only to search titles (as opposed to both titles and content)
* @param string Where clause that selects the content according to the main search string (SQL query fragment) (blank: full-text search)
* @param SHORT_TEXT Username/Author to match for
* @param ?MEMBER Member-ID to match for (NULL: unknown)
* @param TIME Cutoff date
* @param string The sort type (gets remapped to a field in this function)
* @set title add_date
* @param integer Limit to this number of results
* @param string What kind of boolean search to do
* @set or and
* @param string Where constraints known by the main search code (SQL query fragment)
* @param string Comma-separated list of categories to search under
* @param boolean Whether it is a boolean search
* @return array List of maps (template, orderer)
*/
function run($content, $only_search_meta, $direction, $max, $start, $only_titles, $content_where, $author, $author_id, $cutoff, $sort, $limit_to, $boolean_operator, $where_clause, $search_under, $boolean_search)
{
unset($limit_to);
if (!module_installed('catalogues')) {
return array();
}
$remapped_orderer = '';
switch ($sort) {
case 'rating':
$remapped_orderer = '_rating:catalogues:id';
break;
case 'title':
$remapped_orderer = 'b_cv_value';
break;
case 'add_date':
$remapped_orderer = 'ce_add_date';
break;
case 'relevance':
break;
default:
$remapped_orderer = preg_replace('#[^\\w]#', '', $sort);
break;
}
require_code('catalogues');
require_lang('catalogues');
// Calculate our where clause (search)
$sq = build_search_submitter_clauses('ce_submitter', $author_id, $author);
if (is_null($sq)) {
return array();
} else {
$where_clause .= $sq;
}
if (!is_null($cutoff)) {
$where_clause .= ' AND ';
$where_clause .= 'r.ce_add_date>' . strval($cutoff);
}
if (!$GLOBALS['FORUM_DRIVER']->is_super_admin(get_member())) {
$where_clause .= ' AND ';
$where_clause .= 'z.category_name IS NOT NULL';
$where_clause .= ' AND ';
$where_clause .= 'p.category_name IS NOT NULL';
}
if (!has_specific_permission(get_member(), 'see_unvalidated')) {
$where_clause .= ' AND ';
$where_clause .= 'ce_validated=1';
}
$g_or = _get_where_clause_groups(get_member());
// Calculate and perform query
$catalogue_name = get_param('catalogue_name', '');
$ranges = array();
if ($catalogue_name != '') {
$extra_select = '';
$rows = $GLOBALS['SITE_DB']->query_select('catalogue_fields', array('id', 'cf_name', 'cf_type', 'cf_default'), array('c_name' => $catalogue_name, 'cf_searchable' => 1), 'ORDER BY cf_order');
$table = 'catalogue_entries r';
$trans_fields = array('!');
$nontrans_fields = array();
$title_field = mixed();
require_code('fields');
foreach ($rows as $i => $row) {
$ob = get_fields_hook($row['cf_type']);
$temp = $ob->inputted_to_sql_for_search($row, $i);
if (is_null($temp)) {
list(, , $row_type) = $ob->get_field_value_row_bits($row);
switch ($row_type) {
case 'long_trans':
$trans_fields[] = 'f' . strval($i) . '.cv_value';
$table .= ' JOIN ' . $GLOBALS['SITE_DB']->get_table_prefix() . 'catalogue_efv_long_trans f' . strval($i) . ' ON (f' . strval($i) . '.ce_id=r.id AND f' . strval($i) . '.cf_id=' . strval($row['id']) . ')';
$search_field = 't' . strval(count($trans_fields) - 1) . '.text_original';
//$extra_select.=',t'.strval(count($trans_fields)-1).'.text_original AS f'.strval($i).'_actual_value';
break;
case 'short_trans':
$trans_fields[] = 'f' . strval($i) . '.cv_value';
$table .= ' JOIN ' . $GLOBALS['SITE_DB']->get_table_prefix() . 'catalogue_efv_short_trans f' . strval($i) . ' ON (f' . strval($i) . '.ce_id=r.id AND f' . strval($i) . '.cf_id=' . strval($row['id']) . ')';
$search_field = 't' . strval(count($trans_fields) - 1) . '.text_original';
//$extra_select.=',t'.strval(count($trans_fields)-1).'.text_original AS f'.strval($i).'_actual_value';
break;
case 'long':
$nontrans_fields[] = 'f' . strval($i) . '.cv_value';
$table .= ' JOIN ' . $GLOBALS['SITE_DB']->get_table_prefix() . 'catalogue_efv_long f' . strval($i) . ' ON (f' . strval($i) . '.ce_id=r.id AND f' . strval($i) . '.cf_id=' . strval($row['id']) . ')';
$search_field = 'f' . strval($i) . '.cv_value';
//$extra_select.=',f'.strval($i).'.cv_value AS f'.strval($i).'_actual_value';
break;
case 'short':
$nontrans_fields[] = 'f' . strval($i) . '.cv_value';
$table .= ' JOIN ' . $GLOBALS['SITE_DB']->get_table_prefix() . 'catalogue_efv_short f' . strval($i) . ' ON (f' . strval($i) . '.ce_id=r.id AND f' . strval($i) . '.cf_id=' . strval($row['id']) . ')';
$search_field = 'f' . strval($i) . '.cv_value';
//$extra_select.=',f'.strval($i).'.cv_value AS f'.strval($i).'_actual_value';
break;
case 'float':
//$nontrans_fields[]='f'.strval($i).'.cv_value';
$table .= ' JOIN ' . $GLOBALS['SITE_DB']->get_table_prefix() . 'catalogue_efv_float f' . strval($i) . ' ON (f' . strval($i) . '.ce_id=r.id AND f' . strval($i) . '.cf_id=' . strval($row['id']) . ')';
$search_field = 'f' . strval($i) . '.cv_value';
//$extra_select.=',f'.strval($i).'.cv_value AS f'.strval($i).'_actual_value';
break;
case 'integer':
//$nontrans_fields[]='f'.strval($i).'.cv_value';
$table .= ' JOIN ' . $GLOBALS['SITE_DB']->get_table_prefix() . 'catalogue_efv_integer f' . strval($i) . ' ON (f' . strval($i) . '.ce_id=r.id AND f' . strval($i) . '.cf_id=' . strval($row['id']) . ')';
$search_field = 'f' . strval($i) . '.cv_value';
//$extra_select.=',f'.strval($i).'.cv_value AS f'.strval($i).'_actual_value';
break;
}
$param = get_param('option_' . strval($row['id']), '');
if ($param != '') {
$where_clause .= ' AND ';
if (substr($param, 0, 1) == '=') {
$where_clause .= db_string_equal_to($search_field, substr($param, 1));
} elseif ($row_type == 'integer' || $row_type == 'float') {
if (is_numeric($param)) {
$where_clause .= $search_field . '=' . $param;
} else {
$where_clause .= db_string_equal_to($search_field, $param);
}
} else {
if (db_has_full_text($GLOBALS['SITE_DB']->connection_read) && method_exists($GLOBALS['SITE_DB']->static_ob, 'db_has_full_text_boolean') && $GLOBALS['SITE_DB']->static_ob->db_has_full_text_boolean() && !is_under_radar($param)) {
$temp = db_full_text_assemble($param, true);
} else {
$temp = db_like_assemble($param);
}
$where_clause .= preg_replace('#\\?#', $search_field, $temp);
}
} else {
$param = get_param('option_' . strval($row['id']) . '_ranged', '');
if ($param != '') {
$ranges[$row['id']] = $param;
}
}
} else {
$table .= $temp[2];
$search_field = $temp[3];
if ($temp[4] != '') {
$where_clause .= ' AND ';
$where_clause .= $temp[4];
} else {
$trans_fields = array_merge($trans_fields, $temp[0]);
$non_trans_fields = array_merge($nontrans_fields, $temp[1]);
}
}
if ($i == 0) {
$title_field = $search_field;
}
}
$where_clause .= ' AND ';
$where_clause .= db_string_equal_to('r.c_name', $catalogue_name);
if (is_null($title_field)) {
return array();
}
// No fields in catalogue -- very odd
if ($g_or == '') {
$rows = get_search_rows('catalogue_entry', 'id', $content, $boolean_search, $boolean_operator, $only_search_meta, $direction, $max, $start, $only_titles, $table, $trans_fields, $where_clause, $content_where, str_replace('b_cv_value', $title_field, $remapped_orderer), 'r.*,r.id AS id,r.cc_id AS r_cc_id,' . $title_field . ' AS b_cv_value' . $extra_select, $nontrans_fields);
} else {
$rows = get_search_rows('catalogue_entry', 'id', $content, $boolean_search, $boolean_operator, $only_search_meta, $direction, $max, $start, $only_titles, $table . ' LEFT JOIN ' . $GLOBALS['SITE_DB']->get_table_prefix() . 'group_category_access z ON (' . db_string_equal_to('z.module_the_name', 'catalogues_category') . ' AND z.category_name=r.cc_id AND ' . str_replace('group_id', 'z.group_id', $g_or) . ') LEFT JOIN ' . $GLOBALS['SITE_DB']->get_table_prefix() . 'group_category_access p ON (' . db_string_equal_to('p.module_the_name', 'catalogues_catalogue') . ' AND p.category_name=r.c_name AND ' . str_replace('group_id', 'p.group_id', $g_or) . ')', $trans_fields, $where_clause, $content_where, str_replace('b_cv_value', $title_field, $remapped_orderer), 'r.*,r.id AS id,r.cc_id AS r_cc_id,' . $title_field . ' AS b_cv_value' . $extra_select, $nontrans_fields);
}
} else {
if ($GLOBALS['SITE_DB']->query_value('translate', 'COUNT(*)') > 10000) {
$trans_fields = array();
$join = ' JOIN ' . get_table_prefix() . 'catalogue_efv_short c ON (r.id=c.ce_id AND f.id=c.cf_id)';
$_remapped_orderer = str_replace('b_cv_value', 'c.cv_value', $remapped_orderer);
$extra_select = '';
$non_trans_fields = array('c.cv_value');
} else {
$join = ' LEFT JOIN ' . get_table_prefix() . 'catalogue_efv_short_trans a ON (r.id=a.ce_id AND f.id=a.cf_id) LEFT JOIN ' . get_table_prefix() . 'catalogue_efv_long_trans b ON (r.id=b.ce_id AND f.id=b.cf_id) LEFT JOIN ' . get_table_prefix() . 'catalogue_efv_long d ON (r.id=d.ce_id AND f.id=d.cf_id) LEFT JOIN ' . get_table_prefix() . 'catalogue_efv_short c ON (r.id=c.ce_id AND f.id=c.cf_id)';
//' LEFT JOIN '.get_table_prefix().'catalogue_efv_float g ON (r.id=g.ce_id AND f.id=g.cf_id) LEFT JOIN '.get_table_prefix().'catalogue_efv_integer h ON (r.id=h.ce_id AND f.id=h.cf_id)';
$trans_fields = array('a.cv_value', 'b.cv_value');
$_remapped_orderer = str_replace('b_cv_value', 'b.cv_value', $remapped_orderer);
$extra_select = ',b.cv_value AS b_cv_value';
$non_trans_fields = array('c.cv_value', 'd.cv_value');
}
$where_clause .= ' AND ';
$where_clause .= 'r.c_name NOT LIKE \'\\_%\'';
// Don't want results drawn from the hidden custom-field catalogues
if ($g_or == '') {
$rows = get_search_rows('catalogue_entry', 'id', $content, $boolean_search, $boolean_operator, $only_search_meta, $direction, $max, $start, $only_titles, 'catalogue_fields f LEFT JOIN ' . get_table_prefix() . 'catalogue_entries r ON (r.c_name=f.c_name)' . $join, $trans_fields, $where_clause, $content_where, $_remapped_orderer, 'r.*,r.id AS id,r.cc_id AS r_cc_id' . $extra_select, $non_trans_fields);
} else {
$rows = get_search_rows('catalogue_entry', 'id', $content, $boolean_search, $boolean_operator, $only_search_meta, $direction, $max, $start, $only_titles, 'catalogue_fields f LEFT JOIN ' . get_table_prefix() . 'catalogue_entries r ON (r.c_name=f.c_name)' . $join . ' LEFT JOIN ' . $GLOBALS['SITE_DB']->get_table_prefix() . 'group_category_access z ON (' . db_string_equal_to('z.module_the_name', 'catalogues_category') . ' AND z.category_name=r.cc_id AND ' . str_replace('group_id', 'z.group_id', $g_or) . ') LEFT JOIN ' . $GLOBALS['SITE_DB']->get_table_prefix() . 'group_category_access p ON (' . db_string_equal_to('p.module_the_name', 'catalogues_catalogue') . ' AND p.category_name=r.c_name AND ' . str_replace('group_id', 'p.group_id', $g_or) . ')', $trans_fields, $where_clause, $content_where, $_remapped_orderer, 'r.*,r.id AS id,r.cc_id AS r_cc_id' . $extra_select, $non_trans_fields);
}
}
$out = array();
if (count($rows) == 0) {
return array();
}
global $SEARCH_CATALOGUE_ENTRIES_CATALOGUES;
$query = 'SELECT c.* FROM ' . get_table_prefix() . 'catalogues c';
if (can_arbitrary_groupby()) {
$query .= ' JOIN ' . get_table_prefix() . 'catalogue_entries e ON e.c_name=c.c_name GROUP BY c.c_name';
}
$_catalogues = $GLOBALS['SITE_DB']->query($query);
foreach ($_catalogues as $catalogue) {
$SEARCH_CATALOGUE_ENTRIES_CATALOGUES[$catalogue['c_name']] = $catalogue;
}
if (count($ranges) != 0) {
foreach ($rows as $i => $row) {
$out[$i]['data'] = $row;
unset($rows[$i]);
$catalogue_name = $row['c_name'];
$tpl_set = $catalogue_name;
$display = get_catalogue_entry_map($row, $SEARCH_CATALOGUE_ENTRIES_CATALOGUES[$catalogue_name], 'PAGE', $tpl_set, -1);
foreach ($ranges as $range_id => $range_key) {
$bits = explode('-', $display['_FIELD_' . strval($range_id)]);
if (count($bits) == 2) {
if (intval($bits[0]) >= intval($range_key) || intval($bits[1]) <= intval($range_key)) {
$out[$i]['restricted'] = true;
continue 2;
}
}
}
//$out[$i]['template']=do_template('CATALOGUE_'.$tpl_set.'_ENTRY_EMBED',$display,NULL,false,'CATALOGUE_DEFAULT_ENTRY_EMBED');//put_in_table(hyperlink($url,do_lang('_HERE')),'internal','middle','WIDE',1,do_lang('CATALOGUE_ENTRY').' ('.do_lang('IN',get_translated_text($catalogue['c_title'])).')');
if ($remapped_orderer != '' && array_key_exists($remapped_orderer, $row)) {
$out[$i]['orderer'] = $row[$remapped_orderer];
} elseif (substr($remapped_orderer, 0, 7) == '_rating') {
$out[$i]['orderer'] = $row['compound_rating'];
}
}
} else {
foreach ($rows as $i => $row) {
$out[$i]['data'] = $row;
unset($rows[$i]);
if ($remapped_orderer != '' && array_key_exists($remapped_orderer, $row)) {
$out[$i]['orderer'] = $row[$remapped_orderer];
} elseif (substr($remapped_orderer, 0, 7) == '_rating') {
$out[$i]['orderer'] = $row['compound_rating'];
}
}
}
return $out;
}
/**
* Find if a member has a specified permission
*
* @param MEMBER The member being checked whether to have the permission
* @param ID_TEXT The ID code for the permission being checked for
* @param ?ID_TEXT The ID code for the page being checked (NULL: current page)
* @param ?array A list of cat details to require access to (c-type-1,c-id-1,c-type-2,c-d-2,...) (NULL: N/A)
* @return boolean Whether the member has the permission
*/
function has_specific_permission($member, $permission, $page = NULL, $cats = NULL)
{
if (running_script('upgrader')) {
return true;
}
if ($GLOBALS['IN_MINIKERNEL_VERSION'] == 1) {
return true;
}
if ($page === NULL) {
$page = get_page_name();
}
$groups = _get_where_clause_groups($member);
if ($groups === NULL) {
return true;
}
global $SPECIFIC_PERMISSION_CACHE;
if (isset($SPECIFIC_PERMISSION_CACHE[$member])) {
if ($cats !== NULL) {
$okay = false;
for ($i = 0; $i < intval(floor((double) count($cats) / 2.0)); $i++) {
if (is_null($cats[$i * 2])) {
continue;
}
if (isset($SPECIFIC_PERMISSION_CACHE[$member][$permission][''][$cats[$i * 2 + 0]][$cats[$i * 2 + 1]])) {
$result = $SPECIFIC_PERMISSION_CACHE[$member][$permission][''][$cats[$i * 2 + 0]][$cats[$i * 2 + 1]] == 1;
if (!$result) {
handle_permission_check_logging($member, 'has_specific_permission', array_merge(array($permission, $page), is_null($cats) ? array() : $cats), $result);
return $result;
}
$okay = true;
}
}
if ($okay) {
$result = $okay;
handle_permission_check_logging($member, 'has_specific_permission', array_merge(array($permission, $page), is_null($cats) ? array() : $cats), $result);
return $result;
}
}
if ($page != '') {
if (isset($SPECIFIC_PERMISSION_CACHE[$member][$permission][$page][''][''])) {
$result = $SPECIFIC_PERMISSION_CACHE[$member][$permission][$page][''][''] == 1;
handle_permission_check_logging($member, 'has_specific_permission', array_merge(array($permission, $page), is_null($cats) ? array() : $cats), $result);
return $result;
}
}
if (isset($SPECIFIC_PERMISSION_CACHE[$member][$permission][''][''][''])) {
$result = $SPECIFIC_PERMISSION_CACHE[$member][$permission][''][''][''] == 1;
handle_permission_check_logging($member, 'has_specific_permission', array_merge(array($permission, $page), is_null($cats) ? array() : $cats), $result);
return $result;
}
$result = false;
handle_permission_check_logging($member, 'has_specific_permission', array_merge(array($permission, $page), $cats === NULL ? array() : $cats), $result);
return $result;
}
global $SITE_INFO;
$where = '';
if ($member != get_member()) {
$where .= ' AND ' . db_string_equal_to('specific_permission', $permission);
}
if (isset($SITE_INFO['mysql_old']) && $SITE_INFO['mysql_old'] == '1' || !isset($SITE_INFO['mysql_old']) && is_file(get_file_base() . '/mysql_old')) {
$perhaps = $GLOBALS['SITE_DB']->query('SELECT specific_permission,the_page,module_the_name,category_name,the_value FROM ' . $GLOBALS['SITE_DB']->get_table_prefix() . 'gsp WHERE (' . $groups . ')' . $where, NULL, NULL, false, true);
if (isset($GLOBALS['FORUM_DB']) && $GLOBALS['SITE_DB']->connection_write != $GLOBALS['FORUM_DB']->connection_write && get_forum_type() == 'ocf') {
$perhaps = array_merge($perhaps, $GLOBALS['FORUM_DB']->query('SELECT specific_permission,the_page,module_the_name,category_name,the_value FROM ' . $GLOBALS['FORUM_DB']->get_table_prefix() . 'gsp WHERE (' . $groups . ') AND ' . db_string_equal_to('module_the_name', 'forums') . $where, NULL, NULL, false, true));
}
} else {
$perhaps = $GLOBALS['SITE_DB']->query('SELECT specific_permission,the_page,module_the_name,category_name,the_value FROM ' . $GLOBALS['SITE_DB']->get_table_prefix() . 'gsp WHERE (' . $groups . ')' . $where . ' UNION ALL SELECT specific_permission,the_page,module_the_name,category_name,the_value FROM ' . $GLOBALS['SITE_DB']->get_table_prefix() . 'msp WHERE member_id=' . strval((int) $member) . ' AND active_until>' . strval(time()) . $where, NULL, NULL, false, true);
if (isset($GLOBALS['FORUM_DB']) && $GLOBALS['SITE_DB']->connection_write != $GLOBALS['FORUM_DB']->connection_write && get_forum_type() == 'ocf') {
$perhaps = array_merge($perhaps, $GLOBALS['FORUM_DB']->query('SELECT specific_permission,the_page,module_the_name,category_name,the_value FROM ' . $GLOBALS['FORUM_DB']->get_table_prefix() . 'gsp WHERE (' . $groups . ') AND ' . db_string_equal_to('module_the_name', 'forums') . $where . ' UNION ALL SELECT specific_permission,the_page,module_the_name,category_name,the_value FROM ' . $GLOBALS['FORUM_DB']->get_table_prefix() . 'msp WHERE ' . db_string_equal_to('module_the_name', 'forums') . ' AND member_id=' . strval((int) $member) . ' AND active_until>' . strval(time()) . $where, NULL, NULL, false, true));
}
}
$SPECIFIC_PERMISSION_CACHE[$member] = array();
foreach ($perhaps as $p) {
if (@$SPECIFIC_PERMISSION_CACHE[$member][$p['specific_permission']][$p['the_page']][$p['module_the_name']][$p['category_name']] != 1) {
$SPECIFIC_PERMISSION_CACHE[$member][$p['specific_permission']][$p['the_page']][$p['module_the_name']][$p['category_name']] = $p['the_value'];
}
}
// Note: due to the way the "detect at override level" code works, the "best of" permission system does not hold with inconsistant overriding against all usergroups
$result = has_specific_permission($member, $permission, $page, $cats);
handle_permission_check_logging($member, 'has_specific_permission', array_merge(array($permission, $page), is_null($cats) ? array() : $cats), $result);
if ($member != get_member()) {
unset($SPECIFIC_PERMISSION_CACHE[$member]);
}
return $result;
}
/**
* Get some rows, queried from the database according to the search parameters.
*
* @param ?ID_TEXT The META type used by our content (NULL: Cannot support META search)
* @param ?ID_TEXT The name of the field that retrieved META IDs will relate to (NULL: Cannot support META search)
* @param string Search string
* @param boolean Whether to do a boolean search.
* @param ID_TEXT Boolean operator
* @set OR AND
* @param boolean Whether to only do a META (tags) search
* @param ID_TEXT Order direction
* @param integer Start position in total results
* @param integer Maximum results to return in total
* @param boolean Whether to only search titles (as opposed to both titles and content)
* @param ID_TEXT The table name
* @param array The translateable fields to search over (or an ! which is skipped). The first of these must be the title field or an '!'; if it is '!' then the title field will be the first raw-field
* @param string The WHERE clause
* @param string The WHERE clause that applies specifically for content (this will be duplicated to check against multiple fields). ? refers to the yet-unknown field name
* @param ID_TEXT What to order by
* @param string What to select
* @param ?array The non-translateable fields to search over (NULL: there are none)
* @param ?string The permission module to check category access for (NULL: none)
* @param ?string The field that specifies the permissions ID to check category access for (NULL: none)
* @param boolean Whether the permissions field is a string
* @return array The rows found
*/
function get_search_rows($meta_type, $meta_id_field, $content, $boolean_search, $boolean_operator, $only_search_meta, $direction, $max, $start, $only_titles, $table, $fields, $where_clause, $content_where, $order, $select = '*', $raw_fields = NULL, $permissions_module = NULL, $permissions_field = NULL, $permissions_field_is_string = false)
{
if (substr($where_clause, 0, 5) == ' AND ') {
$where_clause = substr($where_clause, 5);
}
if (substr($where_clause, -5) == ' AND ') {
$where_clause = substr($where_clause, 0, strlen($where_clause) - 5);
}
$where_alternative_matches = array();
$had_limit_imposed = false;
if (!is_null($permissions_module) && !$GLOBALS['FORUM_DRIVER']->is_super_admin(get_member())) {
$g_or = _get_where_clause_groups(get_member());
// this destroys mysqls query optimiser by forcing complexed OR's into the join, so we'll do this in PHP code
// $table.=' LEFT JOIN '.$GLOBALS['SITE_DB']->get_table_prefix().'group_category_access z ON ('.db_string_equal_to('z.module_the_name',$permissions_module).' AND z.category_name='.$permissions_field.(($g_or!='')?(' AND '.str_replace('group_id','z.group_id',$g_or)):'').')';
// $where_clause.=' AND ';
// $where_clause.='z.category_name IS NOT NULL';
$cat_access = list_to_map('category_name', $GLOBALS['SITE_DB']->query('SELECT category_name FROM ' . $GLOBALS['SITE_DB']->get_table_prefix() . 'group_category_access WHERE ' . db_string_equal_to('module_the_name', $permissions_module) . ($g_or != '' ? ' AND (' . $g_or . ')' : '')));
}
if ($only_titles && array_key_exists(0, $fields) && $fields[0] == '') {
return array();
}
if (is_null($raw_fields)) {
$raw_fields = array();
}
$db = substr($table, 0, 2) != 'f_' ? $GLOBALS['SITE_DB'] : $GLOBALS['FORUM_DB'];
// This is so for example catalogue_entries.php can use brackets in it's table specifier whilst avoiding the table prefix after the first bracket. A bit weird, but that's our convention and it does save a small amount of typing
$table_clause = $db->get_table_prefix() . ($table[0] == '(' ? substr($table, 1) : $table);
if ($table[0] == '(') {
$table_clause = '(' . $table_clause;
}
$t_rows = array();
$t_count = 0;
// Rating ordering, via special encoding
if (substr($order, 0, 7) == '_rating') {
list(, $rating_type, $meta_rating_id_field) = explode(':', $order);
$select .= ',(SELECT AVG(rating) FROM ' . get_table_prefix() . 'rating WHERE ' . db_string_equal_to('rating_for_type', $rating_type) . ' AND rating_for_id=' . $meta_rating_id_field . ') AS compound_rating';
$order = 'compound_rating';
}
$translate_join_type = get_value('alternate_search_join_type') === '1' ? 'LEFT JOIN' : 'JOIN';
// Defined-keywords/tags search
if (get_param_integer('keep_just_show_query', 0) == 0 && !is_null($meta_type) && $content != '') {
$keywords_where = preg_replace('#\\?#', 'tm.text_original', build_content_where($content, $boolean_search, $boolean_operator, true));
$keywords_where = str_replace(' AND (tm.text_original IS NOT NULL)', '', $keywords_where);
// Not needed for translate joins, as these won't be NULL's. Fixes performance issue.
if ($keywords_where != '') {
if ($meta_id_field == 'the_zone:the_page') {
$meta_join = 'm.meta_for_id=CONCAT(r.the_zone,\':\',r.the_page)';
} else {
$meta_join = 'm.meta_for_id=r.' . $meta_id_field;
}
$extra_join = '';
foreach ($fields as $i => $field) {
if ($field == '' || $field == '!' || strpos($select, 't1.text_original') === false) {
continue;
}
$extra_join .= ' ' . $translate_join_type . ' ' . $db->get_table_prefix() . 'translate t' . strval($i) . ' ON t' . strval($i) . '.id=' . $field . ' AND ' . db_string_equal_to('t' . strval($i) . '.language', user_lang());
}
if (!db_has_subqueries($db->connection_read) || true) {
$_keywords_query = $table_clause . ' LEFT JOIN ' . $db->get_table_prefix() . 'seo_meta m ON (' . db_string_equal_to('m.meta_for_type', $meta_type) . ' AND ' . $meta_join . ') ' . $translate_join_type . ' ' . $db->get_table_prefix() . 'translate tm ON tm.id=m.meta_keywords AND ' . db_string_equal_to('tm.language', user_lang()) . $extra_join;
$_keywords_query .= ' WHERE ' . $keywords_where;
$_keywords_query .= $where_clause != '' ? ' AND ' . $where_clause : '';
} else {
$_keywords_query = $table_clause . ' LEFT JOIN ' . $db->get_table_prefix() . 'seo_meta m ON (' . db_string_equal_to('m.meta_for_type', $meta_type) . ' AND ' . $meta_join . ') ' . $translate_join_type . ' ' . $db->get_table_prefix() . 'translate tm ON tm.id=m.meta_keywords AND ' . db_string_equal_to('tm.language', user_lang()) . $extra_join;
$_keywords_query .= ' WHERE ' . $keywords_where;
$_keywords_query .= $where_clause != '' ? ' AND tm.id IN (SELECT m.id FROM ' . $table_clause . ' LEFT JOIN ' . $db->get_table_prefix() . 'seo_meta m ON (' . db_string_equal_to('m.meta_for_type', $meta_type) . ' AND ' . $meta_join . ') ' . $translate_join_type . ' ' . $db->get_table_prefix() . 'translate tm ON tm.id=m.meta_keywords AND ' . db_string_equal_to('tm.language', user_lang()) . ' WHERE ' . $where_clause . ' AND ' . $keywords_where . ')' : '';
}
$keywords_query = 'SELECT ' . $select . ' FROM ' . $_keywords_query;
$_count_query_keywords_search = 'SELECT COUNT(*) FROM ' . $_keywords_query;
$group_by_ok = can_arbitrary_groupby() && $meta_id_field === 'id';
if (strpos($table, ' LEFT JOIN') === false) {
$group_by_ok = false;
}
// Don't actually need to do a group by, as no duplication possible
$keywords_query .= $group_by_ok ? ' GROUP BY r.id' : '';
if ($order != '' && $order . ' ' . $direction != 'contextual_relevance DESC') {
$keywords_query .= ' ORDER BY ' . $order;
if ($direction == 'DESC') {
$keywords_query .= ' DESC';
}
}
if ($group_by_ok) {
$_count_query_keywords_search = str_replace('COUNT(*)', 'COUNT(DISTINCT r.id)', $_count_query_keywords_search);
}
$t_keyword_search_rows_count = $db->query_value_null_ok_full($_count_query_keywords_search);
if ($t_keyword_search_rows_count > 500) {
$t_keyword_search_rows = $db->query($keywords_query, $max + $start);
$had_limit_imposed = true;
} else {
$t_keyword_search_rows = $db->query($keywords_query);
}
$t_count += $t_keyword_search_rows_count;
$t_rows = array_merge($t_rows, $t_keyword_search_rows);
} else {
$_count_query_keywords_search = NULL;
}
} else {
$_count_query_keywords_search = NULL;
}
$orig_table_clause = $table_clause;
// Main content search
if (!$only_search_meta) {
if ($content_where != '' || preg_match('#t\\d+\\.text_original#', $where_clause) != 0 || preg_match('#t\\d+\\.text_original#', $select) != 0) {
// Each of the fields represents an 'OR' match, so we put it together into a list ($where_alternative_matches) of specifiers for each. Hopefully we will 'UNION' them rather than 'OR' them as it is much more efficient in terms of table index usage
$where_alternative_matches = array();
foreach ($fields as $i => $field) {
if (strpos($select, 't' . strval($i) . '.text_original') !== false || strpos($where_clause, 't' . strval($i) . '.text_original') !== false) {
$tc_add = ' ' . $translate_join_type . ' ' . $db->get_table_prefix() . 'translate t' . strval($i) . ' ON t' . strval($i) . '.id=' . $field . ' AND ' . db_string_equal_to('t' . strval($i) . '.language', user_lang());
$orig_table_clause .= $tc_add;
}
}
foreach ($fields as $i => $field) {
if ($field == '' || $field == '!') {
continue;
}
if ($field == $order) {
$order = 't' . $i . '.text_original';
}
// Ah, remap to the textual equivalent then
$tc_add = ' ' . $translate_join_type . ' ' . $db->get_table_prefix() . 'translate t' . strval($i) . ' ON t' . strval($i) . '.id=' . $field . ' AND ' . db_string_equal_to('t' . strval($i) . '.language', user_lang());
if (strpos($orig_table_clause, $tc_add) !== false) {
$tc_add = '';
}
if (!$only_titles || $i == 0) {
$where_clause_2 = preg_replace('#\\?#', 't' . strval($i) . '.text_original', $content_where);
$where_clause_2 = str_replace(' AND (t' . strval($i) . '.text_original IS NOT NULL)', '', $where_clause_2);
// Not needed for translate joins, as these won't be NULL's. Fixes performance issue.
$where_clause_3 = $where_clause;
if ($table == 'f_members' && substr($field, 0, 6) == 'field_' && db_has_subqueries($db->connection_read)) {
$where_clause_3 .= ($where_clause == '' ? '' : ' AND ') . 'NOT EXISTS (SELECT * FROM ' . $db->get_table_prefix() . 'f_cpf_perms cpfp WHERE cpfp.member_id=r.id AND cpfp.field_id=' . substr($field, 6) . ' AND cpfp.guest_view=0)';
}
if ($order == '' && db_has_expression_ordering($db->connection_read) && $content_where != '') {
$_select = preg_replace('#\\?#', 't' . strval($i) . '.text_original', $content_where) . ' AS contextual_relevance';
$_select = str_replace(' AND (t' . strval($i) . '.text_original IS NOT NULL)', '', $_select);
// Not needed for translate joins, as these won't be NULL's. Fixes performance issue.
} else {
$_select = '1';
}
$_table_clause = $orig_table_clause . $tc_add;
$where_alternative_matches[] = array($where_clause_2, $where_clause_3, $_select, $_table_clause, 't' . strval($i));
} else {
$_table_clause = $orig_table_clause . $tc_add;
$where_alternative_matches[] = array('1=0', '', '1', $_table_clause, 't' . strval($i));
}
}
if ($content_where != '') {
foreach ($raw_fields as $i => $field) {
if ($only_titles && $i != 0) {
break;
}
$where_clause_2 = preg_replace('#\\?#', $field, $content_where);
$where_clause_3 = $where_clause;
if ($table == 'f_members' && substr($field, 0, 6) == 'field_' && db_has_subqueries($db->connection_read)) {
$where_clause_3 .= ($where_clause == '' ? '' : ' AND ') . 'NOT EXISTS (SELECT * FROM ' . $db->get_table_prefix() . 'f_cpf_perms cpfp WHERE cpfp.member_id=r.id AND cpfp.field_id=' . substr($field, 6) . ' AND cpfp.guest_view=0)';
}
if ($order == '' && db_has_expression_ordering($db->connection_read) && $content_where != '') {
$_select = preg_replace('#\\?#', $field, $content_where) . ' AS contextual_relevance';
} else {
$_select = '1';
}
$_table_clause = $orig_table_clause;
$where_alternative_matches[] = array($where_clause_2, $where_clause_3, $_select, $_table_clause, NULL);
}
}
}
if (count($where_alternative_matches) == 0) {
$where_alternative_matches[] = array($where_clause, '', '', $table_clause, NULL);
} else {
if ($order == '' && db_has_expression_ordering($db->connection_read) && $content_where != '') {
$order = 'contextual_relevance DESC';
}
}
// Work out main query
global $SITE_INFO;
if (isset($SITE_INFO['mysql_old']) && $SITE_INFO['mysql_old'] == '1' || !isset($SITE_INFO['mysql_old']) && is_file(get_file_base() . '/mysql_old')) {
$_query = '';
foreach ($where_alternative_matches as $parts) {
list($where_clause_2, $where_clause_3, $_select, , ) = $parts;
$where_clause_3 = $where_clause_2 . ($where_clause_3 == '' ? '' : ($where_clause_2 == '' ? '' : ' AND ') . $where_clause_3);
$select .= ($_select == '' ? '' : ',') . $_select;
$_query .= $where_clause_3 != '' ? ($_query == '' ? ' WHERE ' : ' OR ') . $where_clause_3 : '';
}
$query = 'SELECT ' . $select . ' FROM ' . $table_clause . $_query;
} else {
$query = '';
foreach ($where_alternative_matches as $parts) {
list($where_clause_2, $where_clause_3, $_select, $_table_clause, $tid) = $parts;
if ($query != '') {
$query .= ' LIMIT ' . strval($max);
$query .= ' UNION ';
}
if (!db_has_subqueries($db->connection_read) || is_null($tid) || $content_where == '' || true) {
$where_clause_3 = $where_clause_2 . ($where_clause_3 == '' ? '' : ($where_clause_2 == '' ? '' : ' AND ') . $where_clause_3);
$query .= 'SELECT ' . $select . ($_select == '' ? '' : ',') . $_select . ' FROM ' . $_table_clause . ($where_clause_3 == '' ? '' : ' WHERE ' . $where_clause_3);
} else {
$query .= 'SELECT ' . $select . ($_select == '' ? '' : ',') . $_select . ' FROM ' . $_table_clause;
if ($where_clause_2 != '' || $where_clause_3 != '') {
$query .= ' WHERE ' . $where_clause_2;
$query .= $where_clause_3 != '' ? ($where_clause_2 == '' ? '' : ' AND ') . $tid . '.id IN (SELECT ' . $tid . '.id FROM ' . $_table_clause . ' WHERE ' . $where_clause_2 . ($where_clause_3 == '' ? '' : ($where_clause_2 == '' ? '' : ' AND ') . $where_clause_3) . ')' : '';
}
}
}
}
// Work out COUNT(*) query using one of a few possible methods. It's not efficient and stops us doing proper merge-sorting between content types (and possible not accurate - if we use an efficient but non-deduping COUNT strategy) if we have to use this, so we only do it if there are too many rows to fetch in one go.
$_query = '';
if (isset($SITE_INFO['mysql_old']) && $SITE_INFO['mysql_old'] == '1' || !isset($SITE_INFO['mysql_old']) && is_file(get_file_base() . '/mysql_old') || strpos(get_db_type(), 'mysql') === false) {
foreach ($where_alternative_matches as $parts) {
list($where_clause_2, $where_clause_3, , $_table_clause, $tid) = $parts;
if (!db_has_subqueries($db->connection_read) || is_null($tid) || $content_where == '' || true) {
$where_clause_3 = $where_clause_2 . ($where_clause_3 == '' ? '' : ($where_clause_2 == '' ? '' : ' AND ') . $where_clause_3);
$_query .= $where_clause_3 != '' ? ($_query == '' ? ' WHERE ' : ' OR ') . $where_clause_3 : '';
} else {
if ($where_clause_2 != '' || $where_clause_3 != '') {
$_query .= ($_query == '' ? ' WHERE ' : ' OR ') . $where_clause_2;
$_query .= $where_clause_3 != '' ? ($where_clause_2 == '' ? '' : ' AND ') . $tid . '.id IN (SELECT ' . $tid . '.id FROM ' . $_table_clause . ' WHERE ' . $where_clause_2 . ($where_clause_3 == '' ? '' : ($where_clause_2 == '' ? '' : ' AND ') . $where_clause_3) . ')' : '';
}
}
}
$_count_query_main_search = 'SELECT COUNT(*) FROM ' . $table_clause . $_query;
} else {
foreach ($where_alternative_matches as $parts) {
list($where_clause_2, $where_clause_3, $_select, $_table_clause, $tid) = $parts;
if ($_query != '') {
$_query .= '+';
}
if (!db_has_subqueries($db->connection_read) || is_null($tid) || $content_where == '' || true) {
$where_clause_3 = $where_clause_2 . ($where_clause_3 == '' ? '' : ($where_clause_2 == '' ? '' : ' AND ') . $where_clause_3);
$_query .= '(SELECT COUNT(*) FROM ' . $_table_clause . ($where_clause_3 == '' ? '' : ' WHERE ' . $where_clause_3) . ')';
} else {
$_query .= '(SELECT COUNT(*) FROM ' . $_table_clause;
if ($where_clause_2 != '' || $where_clause_3 != '') {
$_query .= ' WHERE ' . $where_clause_2;
$_query .= $where_clause_3 != '' ? ($where_clause_2 == '' ? '' : ' AND ') . $tid . '.id IN (SELECT ' . $tid . '.id FROM ' . $_table_clause . ' WHERE ' . $where_clause_2 . ($where_clause_3 == '' ? '' : ($where_clause_2 == '' ? '' : ' AND ') . $where_clause_3) . ')' : '';
}
$_query .= ')';
}
}
$_count_query_main_search = 'SELECT (' . $_query . ')';
}
$group_by_ok = can_arbitrary_groupby() && $meta_id_field === 'id';
if (strpos($table, ' LEFT JOIN') === false) {
$group_by_ok = false;
}
// Don't actually need to do a group by, as no duplication possible. We want to avoid GROUP BY as it forces MySQL to create a temporary table, slowing things down a lot.
$query .= $group_by_ok ? ' GROUP BY r.id' : '';
if ($order != '' && $order . ' ' . $direction != 'contextual_relevance DESC') {
$query .= ' ORDER BY ' . $order;
if ($direction == 'DESC' && substr($order, -4) != ' ASC' && substr($order, -5) != ' DESC') {
$query .= ' DESC';
}
}
if (get_param_integer('keep_show_query', 0) == 1) {
attach_message($query, 'inform');
}
if (get_param_integer('keep_just_show_query', 0) == 1) {
@ini_set('ocproducts.xss_detect', '0');
header('Content-type: text/plain; charset=' . get_charset());
exit($query);
}
if ($group_by_ok) {
$_count_query_main_search = str_replace('COUNT(*)', 'COUNT(DISTINCT r.id)', $_count_query_main_search);
}
$t_main_search_rows_count = $db->query_value_null_ok_full($_count_query_main_search);
if ($t_main_search_rows_count > 500) {
$t_main_search_rows = $db->query($query, $max + $start, NULL, false, true);
$had_limit_imposed = true;
} else {
$t_main_search_rows = $db->query($query, NULL, NULL, false, true);
}
if ($t_main_search_rows === NULL) {
$t_main_search_rows = array();
}
// In case of a failed search query
$t_count += $t_main_search_rows_count;
$t_rows = array_merge($t_rows, $t_main_search_rows);
} else {
$t_main_search_rows = array();
}
// Clean results and return
// NB: We don't use the count_query's any more (except when using huge data sets, see above), because you can't actually just add them because they overlap. So instead we fetch all results and throw some away.
$t_rows = array_merge($t_rows, $t_main_search_rows);
if (count($t_rows) > 0) {
$t_rows_new = array();
if (array_key_exists('id', $t_rows[0]) || array_key_exists('_primary_id', $t_rows[0])) {
$done = array();
foreach ($t_rows as $t_row) {
if (array_key_exists('id', $t_row)) {
if (array_key_exists($t_row['id'], $done)) {
continue;
}
$done[$t_row['id']] = 1;
} elseif (array_key_exists('_primary_id', $t_row)) {
if (array_key_exists($t_row['_primary_id'], $done)) {
continue;
}
$done[$t_row['_primary_id']] = 1;
}
$t_rows_new[] = $t_row;
}
} else {
foreach ($t_rows as $t_row) {
unset($t_row['contextual_relevance']);
foreach ($t_rows_new as $_t_row) {
if ($_t_row == $t_row || array_key_exists('id', $t_row) && array_key_exists('id', $_t_row) && !array_key_exists('_primary_id', $t_row) && !array_key_exists('_primary_id', $_t_row) && $t_row['id'] == $_t_row['id'] || array_key_exists('_primary_id', $t_row) && array_key_exists('_primary_id', $_t_row) && $t_row['_primary_id'] == $_t_row['_primary_id']) {
continue 2;
}
}
$t_rows_new[] = $t_row;
}
}
$t_rows = $t_rows_new;
}
if (get_param_integer('keep_show_query', 0) == 1) {
if (array_key_exists(0, $t_rows) && array_key_exists('id', $t_rows[0])) {
$results = var_export(array_unique(collapse_1d_complexity('id', $t_rows)), true);
} else {
$results = var_export($t_rows, true);
}
attach_message(do_lang('_RESULTS') . ': ' . $results, 'inform');
}
if (isset($cat_access)) {
$before = count($t_rows);
foreach ($t_rows as $i => $row) {
if (!array_key_exists(@strval($row[$permissions_field]), $cat_access)) {
unset($t_rows[$i]);
}
}
}
$final_result_rows = $t_rows;
if (!$had_limit_imposed) {
// More accurate, as filtered for dupes
$t_count = count($t_rows);
}
$GLOBALS['TOTAL_RESULTS'] += $t_count;
array_splice($final_result_rows, $max * 2 + $start);
// We return more than max in case our search hook does some extra in-code filtering (Catalogues, Comcode pages). It shouldn't really but sometimes it has to, and it certainly shouldn't filter more than 50%. Also so our overall ordering can be better.
return $final_result_rows;
}
/**
* Convert the specified comcode (text format) into a tempcode tree. You shouldn't output the tempcode tree to the browser, as it looks really horrible. If you are in a rare case where you need to output directly (not through templates), you should call the evaluate method on the tempcode object, to convert it into a string.
*
* @param LONG_TEXT The comcode to convert
* @param MEMBER The member the evaluation is running as. This is a security issue, and you should only run as an administrator if you have considered where the comcode came from carefully
* @param boolean Whether to explicitly execute this with admin rights. There are a few rare situations where this should be done, for data you know didn't come from a member, but is being evaluated by one.
* @param ?integer The position to conduct wordwrapping at (NULL: do not conduct word-wrapping)
* @param ?string A special identifier that can identify this resource in a sea of our resources of this class; usually this can be ignored, but may be used to provide a binding between Javascript in evaluated comcode, and the surrounding environment (NULL: no explicit binding)
* @param object The database connection to use
* @param boolean Whether to parse so as to create something that would fit inside a semihtml tag. It means we generate HTML, with Comcode written into it where the tag could never be reverse-converted (e.g. a block).
* @param boolean Whether this is being pre-parsed, to pick up errors before row insertion.
* @param boolean Whether to treat this whole thing as being wrapped in semihtml, but apply normal security otherwise.
* @param boolean Whether we are only doing this parse to find the title structure
* @param boolean Whether to only check the Comcode. It's best to use the check_comcode function which will in turn use this parameter.
* @param ?array A list of words to highlight (NULL: none)
* @param ?MEMBER The member we are running on behalf of, with respect to how attachments are handled; we may use this members attachments that are already within this post, and our new attachments will be handed to this member (NULL: member evaluating)
* @return tempcode The tempcode generated
*/
function comcode_text_to_tempcode($comcode, $source_member, $as_admin, $wrap_pos, $pass_id, $connection, $semiparse_mode, $preparse_mode, $is_all_semihtml, $structure_sweep, $check_only, $highlight_bits = NULL, $on_behalf_of_member = NULL)
{
global $ADVERTISING_BANNERS, $ALLOWED_ENTITIES, $POTENTIALLY_EMPTY_TAGS, $CODE_TAGS, $REVERSABLE_TAGS, $PUREHTML_TAGS, $DANGEROUS_TAGS, $VALID_COMCODE_TAGS, $BLOCK_TAGS, $POTENTIAL_JS_NAUGHTY_ARRAY, $TEXTUAL_TAGS, $LEET_FILTER, $IMPORTED_CUSTOM_COMCODE, $REPLACE_TARGETS;
$wml = false;
// removed feature from ocPortal now
$print_mode = get_param_integer('wide_print', 0) == 1;
$len = strlen($comcode);
if (function_exists('set_time_limit') && ini_get('max_execution_time') != '0') {
@set_time_limit(300);
}
$allowed_html_seqs = array('<table>', '<table class="[^"]*">', '<table class="[^"]*" summary="[^"]*">', '<table summary="[^"]*">', '</table>', '<tr>', '</tr>', '<td>', '</td>', '<th>', '</th>', '<pre>', '</pre>', '<br />', '<br/>', '<br >', '<br>', '<p>', '</p>', '<p />', '<b>', '</b>', '<u>', '</u>', '<i>', '</i>', '<em>', '</em>', '<strong>', '</strong>', '<li>', '</li>', '<ul>', '</ul>', '<ol>', '</ol>', '<del>', '</del>', '<dir>', '</dir>', '<s>', '</s>', '</a>', '</font>', '<!--', '<h1 id="main_page_title">', '<h1 class="main_page_title">', '<h1 id="main_page_title" class="main_page_title">', '</h1>', '<img (class="inline_image" )?alt="[^"]*" src="[^"]*" (complete="true" )*/>', '<img src=["\'][^"\'<>]*["\']( border=["\'][^"\'<>]*["\'])?( alt=["\'][^"\'<>]*["\'])?( )?(/)?' . '>', '<a href=["\'][^"\'<>]*["\']( target=["\'][^"\'<>]*["\'])?' . '>');
// HTML tag may actually be used in very limited conditions: only the following HTML seqs will come out as HTML. This is, unless the blacklist filter is used instead.
if ($as_admin) {
$comcode_dangerous = true;
$comcode_dangerous_html = true;
} else {
$comcode_dangerous = $GLOBALS['MICRO_BOOTUP'] == 0 && has_specific_permission($source_member, 'comcode_dangerous');
$comcode_dangerous_html = false;
if (has_specific_permission($source_member, 'allow_html') && ($is_all_semihtml || strpos($comcode, '[html') !== false || strpos($comcode, '[semihtml') !== false)) {
$comcode_dangerous_html = true;
/*foreach (array_keys($POTENTIALLY_EMPTY_TAGS) as $tag) // Find whether we really need to enable the computational-expensive filtering. Code disabled, not sure why this would have ever worked!
{
if (($tag!='html') && ($tag!='semihtml') && (strpos($comcode,'['.$tag)!==false))
{
$comcode_dangerous_html=false;
break;
}
}*/
}
}
if (is_null($pass_id)) {
$pass_id = strval(mt_rand(0, 32000));
}
// This is a unique ID that refers to this specific piece of comcode
global $COMCODE_ATTACHMENTS;
if (!array_key_exists($pass_id, $COMCODE_ATTACHMENTS)) {
$COMCODE_ATTACHMENTS[$pass_id] = array();
}
// Tag level
$current_tag = '';
$attribute_map = array();
$tag_output = new ocp_tempcode();
$continuation = '';
$close = mixed();
// Properties that come from our tag
$white_space_area = true;
$textual_area = true;
$formatting_allowed = true;
$in_html = false;
$in_semihtml = $is_all_semihtml;
$in_separate_parse_section = false;
// Not escaped because it has to be passed to a secondary filter
$in_code_tag = false;
$code_nest_stack = 0;
// Our state
$status = CCP_NO_MANS_LAND;
$lax = $GLOBALS['LAX_COMCODE'] || function_exists('get_member') && $source_member != get_member() || count($_POST) == 0;
// if we don't want to produce errors for technically invalid Comcode
$tag_stack = array();
$pos = 0;
$line_starting = true;
$just_ended = false;
$none_wrap_length = 0;
$just_new_line = true;
// So we can detect lists starting right away
$just_title = false;
global $NUM_LINES;
$NUM_LINES = 0;
$queued_tempcode = new ocp_tempcode();
$mindless_mode = false;
// If we're doing a semi parse mode and going over a tag we don't actually process
$tag_raw = '';
if (!is_null($wrap_pos) && strtolower(get_charset()) == 'utf-8') {
$wrap_pos *= 2;
}
$stupidity_mode = get_value('stupidity_mode');
// bork or leet
if ($comcode_dangerous) {
$stupidity_mode = get_param('stupidity_mode', '');
}
if ($stupidity_mode == 'leet') {
$LEET_FILTER = array('B' => '8', 'C' => '(', 'E' => '3', 'G' => '9', 'I' => '1', 'L' => '1', 'O' => '0', 'P' => '9', 'S' => '5', 'U' => '0', 'V' => '\\/', 'Z' => '2');
}
$smilies = $GLOBALS['FORUM_DRIVER']->find_emoticons();
// We'll be needing the smiley array
$shortcuts = array('(EUR-)' => '€', '{f.}' => 'ƒ', '-|-' => '†', '=|=' => '‡', '{%o}' => '‰', '{~S}' => 'Š', '{~Z}' => 'Ž', '(TM)' => '™', '{~s}' => 'š', '{~z}' => 'ž', '{.Y.}' => 'Ÿ', '(c)' => '©', '(r)' => '®', '---' => '—', '--' => '–', '...' => '…', '-->' => '→', '<--' => '←');
// Text syntax possibilities, that get maintained as our cursor moves through the text block
$list_indent = 0;
$list_type = 'ul';
if ($is_all_semihtml) {
filter_html($as_admin, $source_member, $pos, $len, $comcode, false, false);
}
// Pre-filter the whole lot (note that this means during general output we do no additional filtering)
while ($pos < $len) {
$next = $comcode[$pos];
++$pos;
// State machine
switch ($status) {
case CCP_NO_MANS_LAND:
if ($next == '[') {
// Look ahead to make sure it's a valid tag. If it's not then it's considered normal user input, not a tag at all
$dif = $pos < $len && $comcode[$pos] == '/' ? 1 : 0;
$ahead = substr($comcode, $pos + $dif, MAX_COMCODE_TAG_LOOK_AHEAD_LENGTH);
$equal_pos = strpos($ahead, '=');
$space_pos = strpos($ahead, ' ');
$end_pos = strpos($ahead, ']');
$lax_end_pos = strpos($ahead, '[');
$cl_pos = strpos($ahead, chr(10));
if ($equal_pos === false) {
$equal_pos = MAX_COMCODE_TAG_LOOK_AHEAD_LENGTH + 3;
}
if ($space_pos === false) {
$space_pos = MAX_COMCODE_TAG_LOOK_AHEAD_LENGTH + 3;
}
if ($end_pos === false) {
$end_pos = MAX_COMCODE_TAG_LOOK_AHEAD_LENGTH + 3;
}
if ($lax_end_pos === false) {
$lax_end_pos = MAX_COMCODE_TAG_LOOK_AHEAD_LENGTH + 3;
}
if ($cl_pos === false) {
$cl_pos = MAX_COMCODE_TAG_LOOK_AHEAD_LENGTH + 3;
}
$use_pos = min($equal_pos, $space_pos, $end_pos, $lax_end_pos, $cl_pos);
$potential_tag = strtolower(substr($ahead, 0, $use_pos));
if ($use_pos != 22 && (!$in_semihtml || $dif == 1 || $potential_tag != 'html' && $potential_tag != 'semihtml') && (!$in_html || $dif == 1 && $potential_tag == 'html') && (!$in_code_tag || isset($CODE_TAGS[$potential_tag]) && $potential_tag == $current_tag) && (!$structure_sweep || $potential_tag != 'contents')) {
if ($in_code_tag) {
if ($dif == 1) {
$code_nest_stack--;
} else {
$code_nest_stack++;
}
$ok = $code_nest_stack == -1;
} else {
$ok = true;
}
if ($ok) {
if (!isset($VALID_COMCODE_TAGS[$potential_tag])) {
if (!$IMPORTED_CUSTOM_COMCODE) {
_custom_comcode_import($connection);
}
}
if (isset($VALID_COMCODE_TAGS[$potential_tag]) && strtolower(substr($ahead, 0, 2)) != 'i ') {
if ($comcode[$pos] != '/' || count($tag_stack) == 0) {
$mindless_mode = $semiparse_mode && (!isset($REVERSABLE_TAGS[$potential_tag]) || is_string($REVERSABLE_TAGS[$potential_tag]) && preg_match($REVERSABLE_TAGS[$potential_tag], substr($comcode, $pos, 100)) != 0) && !isset($PUREHTML_TAGS[$potential_tag]);
} else {
$mindless_mode = $tag_stack[count($tag_stack) - 1][7];
}
$close = false;
$current_tag = '';
if ($GLOBALS['XSS_DETECT']) {
ocp_mark_as_escaped($continuation);
}
$tag_output->attach($continuation);
$continuation = '';
if ($just_new_line || isset($BLOCK_TAGS[$potential_tag])) {
list($close_list, $list_indent) = _close_open_lists($list_indent, $list_type);
if ($GLOBALS['XSS_DETECT']) {
ocp_mark_as_escaped($close_list);
}
$tag_output->attach($close_list);
}
$status = CCP_STARTING_TAG;
if ($mindless_mode) {
if ($comcode[$pos] != '/') {
if (array_key_exists($potential_tag, $BLOCK_TAGS)) {
$tag_raw = '​<kbd title="' . escape_html($potential_tag) . '" class="ocp_keep_block">[';
} else {
$tag_raw = '​<kbd title="' . escape_html($potential_tag) . '" class="ocp_keep">[';
}
} else {
$tag_raw = '[';
}
} else {
$tag_raw = '';
}
continue;
}
}
} else {
if ($use_pos != 22 && (($in_semihtml || $in_html) && ($potential_tag == 'html' || $potential_tag == 'semihtml')) && !$in_code_tag) {
$ahc = strpos($ahead, ']');
if ($ahc !== false) {
$pos += $ahc + 1;
continue;
}
}
}
}
if ($in_html || $in_semihtml && !$in_code_tag && ($next == '<' || $next == '>' || $next == '"')) {
if ($next == chr(10)) {
++$NUM_LINES;
}
if (!$comcode_dangerous_html && $next == '<') {
$close = strpos($comcode, '>', $pos - 1);
$portion = substr($comcode, $pos - 1, $close - $pos + 2);
$seq_ok = false;
foreach ($allowed_html_seqs as $allowed_html_seq) {
if (preg_match('#^' . $allowed_html_seq . '$#', $portion) != 0) {
$seq_ok = true;
}
}
if (!$seq_ok) {
// $next='<'; //OLD STYLE
if ($close !== false) {
$pos = $close + 1;
}
// NEW STYLE
continue;
}
}
if (substr($comcode, $pos - 1, 4) == '<!--') {
$continuation .= '<!--';
$pos += 3;
} else {
$continuation .= $mindless_mode && $in_code_tag ? escape_html($next) : $next;
}
} else {
// Text-format possibilities
if ($just_new_line && $formatting_allowed && !$wml) {
if ($continuation != '') {
if ($GLOBALS['XSS_DETECT']) {
ocp_mark_as_escaped($continuation);
}
$tag_output->attach($continuation);
$continuation = '';
}
// List
$found_list = false;
$old_list_indent = $list_indent;
if ($pos + 2 < $len && is_numeric($next) && (is_numeric($comcode[$pos]) && $comcode[$pos + 1] == ')' && $comcode[$pos + 2] == ' ' || $comcode[$pos] == ')' && $comcode[$pos + 1] == ' ') && ($list_type == '1' && $list_indent != 0 || preg_match('#^[^\\n]*\\n\\d+\\) #', substr($comcode, $pos + 1)) != 0)) {
if ($list_indent != 0 && $list_type != '1') {
list($temp_tpl, $old_list_indent) = _close_open_lists($list_indent, $list_type);
if ($GLOBALS['XSS_DETECT']) {
ocp_mark_as_escaped($temp_tpl);
}
$tag_output->attach($temp_tpl);
}
$list_indent = 1;
$found_list = true;
$scan_pos = $pos;
$list_type = '1';
} elseif ($pos + 2 < $len && ord($next) >= ord('a') && ord($next) <= ord('z') && $comcode[$pos] == ')' && $comcode[$pos + 1] == ' ' && ($list_type == 'a' && $list_indent != 0 || preg_match('#^[^\\n]*\\n[a-z]+\\) #', substr($comcode, $pos + 1)) != 0)) {
if ($list_indent != 0 && $list_type != 'a') {
list($temp_tpl, $old_list_indent) = _close_open_lists($list_indent, $list_type);
if ($GLOBALS['XSS_DETECT']) {
ocp_mark_as_escaped($temp_tpl);
}
$tag_output->attach($temp_tpl);
}
$list_indent = 1;
$found_list = true;
$scan_pos = $pos;
$list_type = 'a';
} elseif ($next == ' ') {
if ($old_list_indent != 0 && $list_type != 'ul') {
list($temp_tpl, $old_list_indent) = _close_open_lists($list_indent, $list_type);
if ($GLOBALS['XSS_DETECT']) {
ocp_mark_as_escaped($temp_tpl);
}
$tag_output->attach($temp_tpl);
}
$scan_pos = $pos - 1;
$list_indent = 0;
while ($scan_pos < $len) {
$scan_next = $comcode[$scan_pos];
if ($scan_next == '-' && $scan_pos + 1 < $len && $comcode[$scan_pos + 1] == ' ') {
$found_list = true;
break;
} else {
if ($scan_next == ' ') {
++$list_indent;
} else {
break;
}
}
++$scan_pos;
}
if (!$found_list) {
$list_indent = 0;
} else {
$list_type = 'ul';
}
} else {
list($close_list, $list_indent) = _close_open_lists($list_indent, $list_type);
if ($GLOBALS['XSS_DETECT']) {
ocp_mark_as_escaped($close_list);
}
$tag_output->attach($close_list);
$old_list_indent = 0;
if ($next == '-' && !$just_title) {
$scan_pos = $pos;
$found_rule = true;
while ($scan_pos < $len) {
$scan_next = $comcode[$scan_pos];
if ($scan_next != '-') {
if ($scan_next == chr(10)) {
++$NUM_LINES;
break;
} else {
$found_rule = false;
}
}
++$scan_pos;
}
if ($found_rule) {
$_temp_tpl = do_template('COMCODE_TEXTCODE_LINE');
$tag_output->attach($_temp_tpl);
$pos = $scan_pos + 1;
$just_ended = true;
$none_wrap_length = 0;
continue;
}
}
}
// List handling
if ($list_indent == $old_list_indent && $old_list_indent != 0) {
$temp_tpl = '</li>';
if ($GLOBALS['XSS_DETECT']) {
ocp_mark_as_escaped($temp_tpl);
}
$tag_output->attach($temp_tpl);
}
for ($i = $list_indent; $i < $old_list_indent; ++$i) {
$temp_tpl = '</li>';
if ($GLOBALS['XSS_DETECT']) {
ocp_mark_as_escaped($temp_tpl);
}
$tag_output->attach($temp_tpl);
$temp_tpl = $list_type == 'ul' ? '</ul>' : '</ol>';
if ($GLOBALS['XSS_DETECT']) {
ocp_mark_as_escaped($temp_tpl);
}
$tag_output->attach($temp_tpl);
}
if ($list_indent < $old_list_indent && $list_indent != 0) {
$temp_tpl = '</li>';
if ($GLOBALS['XSS_DETECT']) {
ocp_mark_as_escaped($temp_tpl);
}
$tag_output->attach($temp_tpl);
}
if ($found_list) {
if ($list_indent - $old_list_indent > 1 && !$lax) {
return comcode_parse_error($preparse_mode, array('CCP_LIST_JUMPYNESS'), $pos, $comcode, $check_only);
}
for ($i = $old_list_indent; $i < $list_indent; ++$i) {
switch ($list_type) {
case 'ul':
if ($i < $list_indent - 1) {
$temp_tpl = '<ul><li>';
} else {
$temp_tpl = '<ul>';
}
if ($GLOBALS['XSS_DETECT']) {
ocp_mark_as_escaped($temp_tpl);
}
$tag_output->attach($temp_tpl);
break;
case '1':
if ($i < $list_indent - 1) {
$temp_tpl = '<ol type="1"><li>';
} else {
$temp_tpl = '<ol type="1">';
}
if ($GLOBALS['XSS_DETECT']) {
ocp_mark_as_escaped($temp_tpl);
}
$tag_output->attach($temp_tpl);
break;
case 'a':
if ($i < $list_indent - 1) {
$temp_tpl = '<ol type="a"><li>';
} else {
$temp_tpl = '<ol type="a">';
}
if ($GLOBALS['XSS_DETECT']) {
ocp_mark_as_escaped($temp_tpl);
}
$tag_output->attach($temp_tpl);
break;
}
}
$temp_tpl = '<li>';
if ($GLOBALS['XSS_DETECT']) {
ocp_mark_as_escaped($temp_tpl);
}
$tag_output->attach($temp_tpl);
$just_ended = true;
$none_wrap_length = 0;
$next = '';
$pos = $scan_pos + 2;
}
}
if ($next == chr(10) && $white_space_area && $print_mode && $list_indent == 0) {
$tag_output->attach($queued_tempcode);
$queued_tempcode = new ocp_tempcode();
}
if ($next == chr(10) && $white_space_area && !$in_semihtml && (!$just_ended || $semiparse_mode || substr($comcode, $pos, 3) == ' - ')) {
++$NUM_LINES;
$line_starting = true;
if ($GLOBALS['XSS_DETECT']) {
ocp_mark_as_escaped($continuation);
}
$tag_output->attach($continuation);
$continuation = '';
$just_new_line = true;
$none_wrap_length = 0;
if ($list_indent == 0 && !$just_ended) {
$temp_tpl = '<br />';
if ($GLOBALS['XSS_DETECT']) {
ocp_mark_as_escaped($temp_tpl);
}
$tag_output->attach($temp_tpl);
}
} else {
$just_new_line = false;
if ($next == ' ' && $white_space_area && !$in_semihtml) {
if ($line_starting || $pos > 1 && $comcode[$pos - 2] == ' ') {
$next = ' ';
++$none_wrap_length;
} else {
$none_wrap_length = 0;
}
$continuation .= $mindless_mode && $in_code_tag ? escape_html($next) : $next;
} elseif ($next == "\t" && $white_space_area && !$in_semihtml) {
if ($GLOBALS['XSS_DETECT']) {
ocp_mark_as_escaped($continuation);
}
$tag_output->attach($continuation);
$continuation = '';
$tab_tpl = do_template('COMCODE_TEXTCODE_TAB');
$_tab_tpl = $tab_tpl->evaluate();
$none_wrap_length += strlen($_tab_tpl);
$tag_output->attach($tab_tpl);
} else {
if ($next == ' ' || $next == "\t" || $just_ended) {
$none_wrap_length = 0;
} else {
if (!is_null($wrap_pos) && $none_wrap_length >= $wrap_pos && (strtolower(get_charset()) != 'utf-8' || preg_replace(array('#[\\x09\\x0A\\x0D\\x20-\\x7E]#', '#[\\xC2-\\xDF][\\x80-\\xBF]#', '#\\xE0[\\xA0-\\xBF][\\x80-\\xBF]#', '#[\\xE1-\\xEC\\xEE\\xEF][\\x80-\\xBF]{2}#', '#\\xED[\\x80-\\x9F][\\x80-\\xBF]#', '#\\xF0[\\x90-\\xBF][\\x80-\\xBF]{2}#', '#[\\xF1-\\xF3][\\x80-\\xBF]{3}#', '#\\xF4[\\x80-\\x8F][\\x80-\\xBF]{2}#'), array('', '', '', '', '', '', '', ''), $continuation) == '') && $textual_area && !$in_semihtml) {
if ($GLOBALS['XSS_DETECT']) {
ocp_mark_as_escaped($continuation);
}
$tag_output->attach($continuation);
$continuation = '';
$temp_tpl = '<br />';
if ($GLOBALS['XSS_DETECT']) {
ocp_mark_as_escaped($temp_tpl);
}
$tag_output->attach($temp_tpl);
$none_wrap_length = 0;
} elseif ($textual_area) {
++$none_wrap_length;
}
}
$line_starting = false;
$just_ended = false;
$differented = false;
// If somehow via lookahead we've changed this to HTML and thus won't use it in raw form
// Variable lookahead
if (!$in_code_tag && ($next == '{' && isset($comcode[$pos]) && ($comcode[$pos] == '$' || $comcode[$pos] == '+' || $comcode[$pos] == '!'))) {
if ($comcode_dangerous) {
if (!$in_code_tag && (!$semiparse_mode || in_tag_stack($tag_stack, array('url', 'img', 'flash')))) {
if ($GLOBALS['XSS_DETECT']) {
ocp_mark_as_escaped($continuation);
}
$tag_output->attach($continuation);
$continuation = '';
if ($comcode[$pos] == '+') {
$p_end = $pos + 5;
while ($p_end < $len) {
$p_portion = substr($comcode, $pos - 1, $p_end - ($pos - 1) + 5);
if (substr_count($p_portion, '{+START') == substr_count($p_portion, '{+END')) {
break;
}
$p_end++;
}
$p_len = 1;
while ($pos + $p_len < $len) {
$p_portion = substr($comcode, $pos - 1, $p_len);
if (substr_count(str_replace('{', ' { ', $p_portion), '{') == substr_count(str_replace('}', ' } ', $p_portion), '}')) {
break;
}
// str_replace is to workaround a Quercus bug #4494
$p_len++;
}
$p_len--;
$p_portion = substr($comcode, $pos + $p_len, $p_end - ($pos + $p_len));
require_code('tempcode_compiler');
$ret = template_to_tempcode(substr($comcode, $pos - 1, $p_len + 1) . '{DIRECTIVE_EMBEDMENT}' . substr($comcode, $p_end, 6));
$attaches_before = count($COMCODE_ATTACHMENTS[$pass_id]);
$ret->singular_bind('DIRECTIVE_EMBEDMENT', comcode_text_to_tempcode($p_portion, $source_member, $as_admin, $wrap_pos, $pass_id, $connection, $semiparse_mode, $preparse_mode, $in_semihtml, $structure_sweep, $check_only, $highlight_bits, $on_behalf_of_member));
for ($attach_inspect = $attaches_before; $attach_inspect < count($COMCODE_ATTACHMENTS[$pass_id]); $attach_inspect++) {
$COMCODE_ATTACHMENTS[$pass_id][$attach_inspect]['marker'] += $pos + $p_len;
}
$pos = $p_end + 6;
} elseif ($comcode[$pos] == '!') {
$p_len = $pos;
$balance = 1;
while ($p_len < $len && $balance != 0) {
if ($comcode[$p_len] == '{') {
$balance++;
} elseif ($comcode[$p_len] == '}') {
$balance--;
}
$p_len++;
}
$ret = new ocp_tempcode();
$less_pos = $pos - 1;
$ret->parse_from($comcode, $less_pos, $p_len);
$pos = $p_len;
if ($ret->parameterless(0) && $pos < $len) {
$matches = array();
if (preg_match('#\\{\\!([\\w\\d\\_\\:]+)(\\}|$)#U', substr($comcode, $less_pos, $p_len - $less_pos), $matches) != 0) {
$temp_lang_string = $matches[1];
$ret = comcode_lang_string($temp_lang_string);
// Recreate as a Comcode lang string
}
}
} else {
$p_len = $pos;
$balance = 1;
while ($p_len < $len && $balance != 0) {
if ($comcode[$p_len] == '{') {
$balance++;
} elseif ($comcode[$p_len] == '}') {
$balance--;
}
$p_len++;
}
$ret = new ocp_tempcode();
$less_pos = $pos - 1;
$ret->parse_from($comcode, $less_pos, $p_len);
$pos = $p_len;
}
$differented = true;
if ($pos <= $len || !$lax) {
$tag_output->attach($ret);
}
}
} else {
if ($comcode[$pos] == '$' && $pos < $len - 2 && $comcode[$pos + 1] == ',' && strpos($comcode, '}', $pos) !== false) {
$pos = strpos($comcode, '}', $pos) + 1;
$differented = true;
}
}
}
// Escaping of comcode tag starts lookahead
if ($next == '\\' && !$in_code_tag) {
if ($pos != $len && ($comcode[$pos] == '"' || substr($comcode, $pos - 1, 6) == '"')) {
if ($semiparse_mode) {
$continuation .= '\\';
}
if ($comcode[$pos] == '"') {
$continuation .= $mindless_mode ? '"' : '"';
++$pos;
} else {
$continuation .= '"';
$pos += 6;
}
$differented = true;
} elseif ($pos != $len && $comcode[$pos] == '[') {
if ($semiparse_mode) {
$continuation .= '\\';
}
$continuation .= '[';
++$pos;
$differented = true;
} elseif ($pos != $len && $comcode[$pos] == '{') {
if ($semiparse_mode) {
$continuation .= '\\';
}
$continuation .= '{';
++$pos;
$differented = true;
} elseif ($pos == $len || $comcode[$pos] == '\\') {
if ($semiparse_mode) {
$continuation .= '\\';
}
$continuation .= '\\';
++$pos;
$differented = true;
}
}
if (!$differented) {
if (($textual_area || $in_semihtml) && trim($next) != '' && !$wml) {
// Emoticon lookahead
foreach ($smilies as $smiley => $imgcode) {
if ($in_semihtml) {
$smiley = ' ' . $smiley . ' ';
}
if ($next == $smiley[0]) {
if (substr($comcode, $pos - 1, strlen($smiley)) == $smiley) {
if ($GLOBALS['XSS_DETECT']) {
ocp_mark_as_escaped($continuation);
}
$tag_output->attach($continuation);
$continuation = '';
$pos += strlen($smiley) - 1;
$differented = true;
$tag_output->attach(do_emoticon($imgcode));
break;
}
}
}
}
}
if (trim($next) != '' && !$in_code_tag && !$differented) {
// CEDI pages
if ($pos < $len && $next == '[' && $pos + 1 < $len && $comcode[$pos] == '[' && !$semiparse_mode && addon_installed('cedi')) {
$matches = array();
if (preg_match('#^\\[([^\\[\\]]*)\\]\\]#', substr($comcode, $pos, 200), $matches) != 0) {
$cedi_page_name = $matches[1];
if ($GLOBALS['XSS_DETECT']) {
ocp_mark_as_escaped($continuation);
}
$tag_output->attach($continuation);
$continuation = '';
$hash_pos = strpos($cedi_page_name, '#');
if ($hash_pos !== false) {
$jump_to = substr($cedi_page_name, $hash_pos + 1);
$cedi_page_name = substr($cedi_page_name, 0, $hash_pos);
} else {
$jump_to = '';
}
$cedi_page_url = build_url(array('page' => 'cedi', 'type' => 'misc', 'find' => $cedi_page_name), get_module_zone('cedi'));
if ($jump_to != '') {
$cedi_page_url->attach('#' . $jump_to);
}
$tag_output->attach(do_template('COMCODE_CEDI_LINK', array('_GUID' => 'ebcd7ba5290c5b2513272a53b4d666e5', 'URL' => $cedi_page_url, 'TEXT' => $cedi_page_name)));
$pos += strlen($matches[1]) + 3;
$differented = true;
}
}
// Usernames
if ($pos < $len && $next == '{' && $pos + 1 < $len && $comcode[$pos] == '{' && !$in_code_tag && !$semiparse_mode) {
$matches = array();
if (preg_match('#^\\{([^"{}&\'\\$<>]+)\\}\\}#', substr($comcode, $pos, 80), $matches) != 0) {
$username = $matches[1];
if ($username[0] == '?') {
$username_info = true;
$username = substr($username, 1);
} else {
$username_info = false;
}
$this_member_id = $GLOBALS['FORUM_DRIVER']->get_member_from_username($username);
if (!is_null($this_member_id) && !is_guest($this_member_id)) {
if ($GLOBALS['XSS_DETECT']) {
ocp_mark_as_escaped($continuation);
}
$tag_output->attach($continuation);
$continuation = '';
$poster_url = $GLOBALS['FORUM_DRIVER']->member_profile_url($this_member_id, false, true);
if (get_forum_type() == 'ocf' && $username_info) {
require_lang('ocf');
require_code('ocf_members2');
$details = ocf_show_member_box($this_member_id);
$tag_output->attach(do_template('HYPERLINK_TOOLTIP', array('_GUID' => 'd8f4f4ac70bd52b3ef9ee74ae9c5e085', 'TOOLTIP' => $details, 'CAPTION' => $username, 'URL' => $poster_url, 'NEW_WINDOW' => false)));
} else {
$tag_output->attach(hyperlink($poster_url, $username));
}
$pos += strlen($matches[1]) + 3;
$differented = true;
}
}
}
}
if ($textual_area && !$in_code_tag && trim($next) != '' && !$differented) {
// Shortcut lookahead
if (!$differented) {
if ($in_semihtml && substr($comcode, $pos - 1, 3) == '-->') {
$continuation .= '-->';
$pos += 2;
break;
}
foreach ($shortcuts as $code => $replacement) {
if ($next == $code[0] && substr($comcode, $pos - 1, strlen($code)) == $code) {
if ($GLOBALS['XSS_DETECT']) {
ocp_mark_as_escaped($continuation);
}
$tag_output->attach($continuation);
$continuation = '';
$pos += strlen($code) - 1;
$differented = true;
if ($GLOBALS['XSS_DETECT']) {
ocp_mark_as_escaped($replacement);
}
$tag_output->attach($replacement);
break;
}
}
}
}
if ($textual_area && !$in_code_tag && trim($next) != '' && !$differented) {
// Table syntax
if (!$differented) {
if ($pos < $len && $comcode[$pos] == '|') {
$end_tbl = strpos($comcode, chr(10) . '|}', $pos);
if ($end_tbl !== false) {
$end_fst_line_pos = strpos($comcode, chr(10), $pos);
$caption = substr($comcode, $pos + 2, max($end_fst_line_pos - $pos - 2, 0));
$pos += strlen($caption) + 1;
$rows = preg_split('#(\\|-|\\|\\})#Um', substr($comcode, $pos, $end_tbl - $pos));
if (preg_match('#(^|\\s)floats($|\\s)#', $caption) != 0) {
$caption = preg_replace('#(^|\\s)floats($|\\s)#', '', $caption);
$ratios = array();
$ratios_matches = array();
if (preg_match('#(^|\\s)([\\d\\.]+%(:[\\d\\.]+%)*)($|\\s)#', $caption, $ratios_matches) != 0) {
$ratios = explode(':', $ratios_matches[2]);
$caption = str_replace($ratios_matches[0], '', $caption);
}
foreach ($rows as $h => $row) {
if ($h != 0) {
$tag_output->attach(do_template('BLOCK_SEPARATOR'));
}
$cells = preg_split('/(\\n\\! | \\!\\! |\\n\\| | \\|\\| )/', $row, -1, PREG_SPLIT_DELIM_CAPTURE);
array_shift($cells);
// First one is non-existant empty
$spec = true;
// Find which to float
$to_float = NULL;
foreach ($cells as $i => $cell) {
if (!$spec) {
if (strpos($cell, '!') !== false || is_null($to_float)) {
$to_float = $i;
}
}
$spec = !$spec;
}
$tag_output->attach(do_template('COMCODE_FAKE_TABLE_WRAP_START'));
// Do floated one
$i_dir_1 = $to_float == 1 ? 'left' : 'right';
$i_dir_2 = $to_float != 1 ? 'left' : 'right';
if (preg_match('#(^|\\s)wide($|\\s)#', $caption) != 0) {
$tag_output->attach(do_template('COMCODE_FAKE_TABLE_WIDE_START', array('_GUID' => 'ced8c3a142f74296a464b085ba6891c9', 'WIDTH' => array_key_exists($to_float == 1 ? 0 : count($cells) - 1, $ratios) ? $ratios[$to_float == 1 ? 0 : count($cells) - 1] : (count($cells) == 2 ? '0' : float_to_raw_string(97.0 / (floatval(count($cells)) / 2.0 - 1.0), 2) . '%'), 'FLOAT' => $i_dir_1, 'PADDING' => $to_float == 1 ? '' : '-left', 'PADDING_AMOUNT' => count($cells) == 2 ? '0' : float_to_raw_string(3.0 / (floatval(count($cells) - 2) / 2.0), 2))));
} else {
$tag_output->attach(do_template('COMCODE_FAKE_TABLE_START', array('_GUID' => '90be72fcbb6b9d8a312da0bee5b86cb3', 'WIDTH' => array_key_exists($to_float, $ratios) ? $ratios[$to_float] : '', 'FLOAT' => $i_dir_1, 'PADDING' => $to_float == 1 ? '' : '-left', 'PADDING_AMOUNT' => count($cells) == 2 ? '0' : float_to_raw_string(3.0 / (floatval(count($cells) - 2.0) / 2.0), 2))));
}
$attaches_before = count($COMCODE_ATTACHMENTS[$pass_id]);
$tag_output->attach(comcode_text_to_tempcode(isset($cells[$to_float]) ? rtrim($cells[$to_float]) : '', $source_member, $as_admin, 60, $pass_id, $connection, $semiparse_mode, $preparse_mode, $in_semihtml, $structure_sweep, $check_only, $highlight_bits, $on_behalf_of_member));
for ($attach_inspect = $attaches_before; $attach_inspect < count($COMCODE_ATTACHMENTS[$pass_id]); $attach_inspect++) {
$COMCODE_ATTACHMENTS[$pass_id][$attach_inspect]['marker'] += strpos($comcode, $cells[$to_float], $pos);
}
$tag_output->attach(do_template('COMCODE_FAKE_TABLE_END'));
// Do non-floated ones
$cell_i = 0;
foreach ($cells as $i => $cell) {
if ($i % 2 == 1) {
if ($i != $to_float) {
if (preg_match('#(^|\\s)wide($|\\s)#', $caption) != 0) {
$tag_output->attach(do_template('COMCODE_FAKE_TABLE_WIDE2_START', array('_GUID' => '9bac42a1b62c5c9a2f758639fcb3bb2f', 'WIDTH' => array_key_exists($cell_i, $ratios) ? $ratios[$cell_i] : float_to_raw_string(97.0 / (floatval(count($cells)) / 2.0), 2) . '%', 'PADDING_AMOUNT' => count($cells) == 2 ? '0' : float_to_raw_string(3.0 / (floatval(count($cells) - 2) / 2.0), 2), 'FLOAT' => $i_dir_1, 'PADDING' => $to_float == 1 || $cell_i != 0 ? '-left' : '')));
} else {
$tag_output->attach(do_template('COMCODE_FAKE_TABLE_2_START', array('_GUID' => '0f15f9d5554635ed7ac154c9dc5c72b8', 'WIDTH' => array_key_exists($cell_i, $ratios) ? $ratios[$cell_i] : '', 'FLOAT' => $i_dir_1, 'PADDING' => $to_float == 1 || $cell_i != 0 ? '-left' : '', 'PADDING_AMOUNT' => count($cells) == 2 ? '0' : float_to_raw_string(3.0 / (floatval(count($cells) - 2) / 2.0), 2))));
}
$attaches_before = count($COMCODE_ATTACHMENTS[$pass_id]);
$tag_output->attach(comcode_text_to_tempcode(rtrim($cell), $source_member, $as_admin, 60, $pass_id, $connection, $semiparse_mode, $preparse_mode, $in_semihtml, $structure_sweep, $check_only, $highlight_bits, $on_behalf_of_member));
for ($attach_inspect = $attaches_before; $attach_inspect < count($COMCODE_ATTACHMENTS[$pass_id]); $attach_inspect++) {
$COMCODE_ATTACHMENTS[$pass_id][$attach_inspect]['marker'] += strpos($comcode, $cell, $pos);
}
$tag_output->attach(do_template('COMCODE_FAKE_TABLE_END'));
}
$cell_i++;
}
}
$tag_output->attach(do_template('COMCODE_FAKE_TABLE_WRAP_END'));
}
} else {
$ratios = array();
$ratios_matches = array();
if (preg_match('#(^|\\s)([\\d\\.]+%(:[\\d\\.]+%)*)($|\\s)#', $caption, $ratios_matches) != 0) {
$ratios = explode(':', $ratios_matches[2]);
$caption = str_replace($ratios_matches[0], '', $caption);
}
if (preg_match('#(^|\\s)wide($|\\s)#', $caption) != 0) {
$tag_output->attach(do_template('COMCODE_REAL_TABLE_START', array('SUMMARY' => preg_replace('#(^|\\s)wide($|\\s)#', '', $caption))));
} else {
$tag_output->attach(do_template('COMCODE_REAL_TABLE_START_SUMMARY', array('_GUID' => '0c5674fba61ba14b4b9fa39ea31ff54f', 'CAPTION' => $caption)));
}
foreach ($rows as $table_row) {
$tag_output->attach(do_template('COMCODE_REAL_TABLE_ROW_START'));
$cells = preg_split('/(\\n\\! | \\!\\! |\\n\\| | \\|\\| )/', $table_row, -1, PREG_SPLIT_DELIM_CAPTURE);
array_shift($cells);
// First one is non-existant empty
$spec = true;
$c_type = '';
$cell_i = 0;
foreach ($cells as $i => $cell) {
if ($spec) {
$c_type = strpos($cell, '!') !== false ? 'th' : 'td';
} else {
$attaches_before = count($COMCODE_ATTACHMENTS[$pass_id]);
$_mid = comcode_text_to_tempcode(rtrim($cell), $source_member, $as_admin, 60, $pass_id, $connection, $semiparse_mode, $preparse_mode, $in_semihtml, $structure_sweep, $check_only, $highlight_bits, $on_behalf_of_member);
for ($attach_inspect = $attaches_before; $attach_inspect < count($COMCODE_ATTACHMENTS[$pass_id]); $attach_inspect++) {
$COMCODE_ATTACHMENTS[$pass_id][$attach_inspect]['marker'] += strpos($comcode, $cell, $pos);
}
$tag_output->attach(do_template('COMCODE_REAL_TABLE_CELL', array('_GUID' => '6640df8b503f65e3d36f595b0acf7600', 'WIDTH' => array_key_exists($cell_i, $ratios) ? $ratios[$cell_i] : '', 'C_TYPE' => $c_type, 'MID' => $_mid, 'PADDING' => $cell_i == 0 ? '' : '-left', 'PADDING_AMOUNT' => count($cells) == 2 ? '0' : float_to_raw_string(5.0 / (floatval(count($cells) - 2) / 2.0), 2))));
$cell_i++;
}
$spec = !$spec;
}
$tag_output->attach(do_template('COMCODE_REAL_TABLE_ROW_END'));
}
$tag_output->attach(do_template('COMCODE_REAL_TABLE_END'));
}
$pos = $end_tbl + 3;
$differented = true;
}
}
}
// Advertising
$b_all = true;
// leave true - for test purposes only
if (!$differented && !$semiparse_mode && !$in_code_tag && addon_installed('banners') && ($b_all || !has_specific_permission($source_member, 'banner_free'))) {
// Pick up correctly, including permission filtering
if (is_null($ADVERTISING_BANNERS)) {
$rows = $GLOBALS['SITE_DB']->query('SELECT * FROM ' . get_table_prefix() . 'banners b LEFT JOIN ' . get_table_prefix() . 'banner_types t ON b.b_type=t.id WHERE t_comcode_inline=1 AND ' . db_string_not_equal_to('b_title_text', ''), NULL, NULL, true);
if (!is_null($rows)) {
// Filter out what we don't have permission for
if (get_option('use_banner_permissions', true) == '1') {
require_code('permissions');
$groups = _get_where_clause_groups($source_member);
if (!is_null($groups)) {
$perhaps = collapse_1d_complexity('category_name', $GLOBALS['SITE_DB']->query('SELECT category_name FROM ' . get_table_prefix() . 'group_category_access WHERE ' . db_string_equal_to('module_the_name', 'banners') . ' AND (' . $groups . ')'));
$new_rows = array();
foreach ($rows as $row) {
if (in_array($row['name'], $perhaps)) {
$new_rows[] = $row;
}
}
$rows = $new_rows;
}
}
$ADVERTISING_BANNERS = array();
foreach ($rows as $row) {
$trigger_text = $row['b_title_text'];
foreach (explode(',', $trigger_text) as $t) {
if (trim($t) != '') {
$ADVERTISING_BANNERS[trim($t)] = $row;
}
}
}
}
}
// Apply
if (!is_null($ADVERTISING_BANNERS)) {
foreach ($ADVERTISING_BANNERS as $ad_trigger => $ad_bits) {
if (strtolower($next) == strtolower($ad_trigger[0])) {
if (strtolower(substr($comcode, $pos - 1, strlen($ad_trigger))) == strtolower($ad_trigger)) {
require_code('banners');
if ($GLOBALS['XSS_DETECT']) {
ocp_mark_as_escaped($continuation);
}
$tag_output->attach($continuation);
$continuation = '';
$differented = true;
$ad_text = show_banner($ad_bits['name'], $ad_bits['b_title_text'], get_translated_tempcode($ad_bits['caption']), $ad_bits['img_url'], '', $ad_bits['site_url'], $ad_bits['b_type']);
$embed_output = _do_tags_comcode('tooltip', array('param' => $ad_text, 'url' => url_is_local($ad_bits['site_url']) && $ad_bits['site_url'] != '' ? get_custom_base_url() . '/' . $ad_bits['site_url'] : $ad_bits['site_url']), substr($comcode, $pos - 1, strlen($ad_trigger)), $comcode_dangerous, $pass_id, $pos, $source_member, $as_admin, $connection, $comcode, $wml, $structure_sweep, $semiparse_mode, $highlight_bits);
$pos += strlen($ad_trigger) - 1;
$tag_output->attach($embed_output);
}
}
}
}
}
// Search highlighting lookahead
if (!$differented && !is_null($highlight_bits)) {
foreach ($highlight_bits as $highlight_bit) {
if (strtolower($next) == strtolower($highlight_bit[0])) {
if (strtolower(substr($comcode, $pos - 1, strlen($highlight_bit))) == strtolower($highlight_bit)) {
if ($GLOBALS['XSS_DETECT']) {
ocp_mark_as_escaped($continuation);
}
$tag_output->attach($continuation);
$continuation = '';
$differented = true;
$embed_output = _do_tags_comcode('highlight', array(), escape_html(substr($comcode, $pos - 1, strlen($highlight_bit))), $comcode_dangerous, $pass_id, $pos, $source_member, $as_admin, $connection, $comcode, $wml, $structure_sweep, $semiparse_mode, $highlight_bits);
$pos += strlen($highlight_bit) - 1;
$tag_output->attach($embed_output);
break;
}
}
}
}
// Link lookahead
if (!$differented && !$in_code_tag) {
if (!$in_semihtml && $next == 'h' && (substr($comcode, $pos - 1, strlen('http://')) == 'http://' || substr($comcode, $pos - 1, strlen('https://')) == 'https://' || substr($comcode, $pos - 1, strlen('ftp://')) == 'ftp://')) {
$link_end_pos = strpos($comcode, ' ', $pos - 1);
$link_end_pos_2 = strpos($comcode, chr(10), $pos - 1);
$link_end_pos_3 = strpos($comcode, '[', $pos - 1);
$link_end_pos_4 = strpos($comcode, ')', $pos - 1);
$link_end_pos_5 = strpos($comcode, '"', $pos - 1);
$link_end_pos_6 = strpos($comcode, '>', $pos - 1);
$link_end_pos_7 = strpos($comcode, '<', $pos - 1);
$link_end_pos_8 = strpos($comcode, '.' . chr(10), $pos - 1);
$link_end_pos_9 = strpos($comcode, ', ', $pos - 1);
$link_end_pos_10 = strpos($comcode, '. ', $pos - 1);
$link_end_pos_11 = strpos($comcode, "'", $pos - 1);
if ($link_end_pos_2 !== false && ($link_end_pos === false || $link_end_pos_2 < $link_end_pos)) {
$link_end_pos = $link_end_pos_2;
}
if ($link_end_pos_3 !== false && ($link_end_pos === false || $link_end_pos_3 < $link_end_pos)) {
$link_end_pos = $link_end_pos_3;
}
if ($link_end_pos_4 !== false && ($link_end_pos === false || $link_end_pos_4 < $link_end_pos)) {
$link_end_pos = $link_end_pos_4;
}
if ($link_end_pos_5 !== false && ($link_end_pos === false || $link_end_pos_5 < $link_end_pos)) {
$link_end_pos = $link_end_pos_5;
}
if ($link_end_pos_6 !== false && ($link_end_pos === false || $link_end_pos_6 < $link_end_pos)) {
$link_end_pos = $link_end_pos_6;
}
if ($link_end_pos_7 !== false && ($link_end_pos === false || $link_end_pos_7 < $link_end_pos)) {
$link_end_pos = $link_end_pos_7;
}
if ($link_end_pos_8 !== false && ($link_end_pos === false || $link_end_pos_8 < $link_end_pos)) {
$link_end_pos = $link_end_pos_8;
}
if ($link_end_pos_9 !== false && ($link_end_pos === false || $link_end_pos_9 < $link_end_pos)) {
$link_end_pos = $link_end_pos_9;
}
if ($link_end_pos_10 !== false && ($link_end_pos === false || $link_end_pos_10 < $link_end_pos)) {
$link_end_pos = $link_end_pos_10;
}
if ($link_end_pos_11 !== false && ($link_end_pos === false || $link_end_pos_11 < $link_end_pos)) {
$link_end_pos = $link_end_pos_11;
}
if ($link_end_pos === false) {
$link_end_pos = strlen($comcode);
}
$auto_link = preg_replace('#(keep|for)_session=[\\d\\w]*#', 'filtered=1', substr($comcode, $pos - 1, $link_end_pos - $pos + 1));
if (substr($auto_link, -3) != '://') {
if (substr($auto_link, -1) == '.') {
$auto_link = substr($auto_link, 0, strlen($auto_link) - 1);
$link_end_pos--;
}
$auto_link_tempcode = new ocp_tempcode();
$auto_link_tempcode->attach($auto_link);
if (!$check_only) {
$link_captions_title = $GLOBALS['SITE_DB']->query_value_null_ok('url_title_cache', 't_title', array('t_url' => $auto_link));
if (is_null($link_captions_title) || substr($link_captions_title, 0, 1) == '!') {
$GLOBALS['COMCODE_PARSE_URLS_CHECKED']++;
if ($GLOBALS['NO_LINK_TITLES'] || $GLOBALS['COMCODE_PARSE_URLS_CHECKED'] >= MAX_URLS_TO_READ) {
$link_captions_title = $auto_link;
} else {
$link_captions_title = '';
$downloaded_at_link = http_download_file($auto_link, 3000, false);
if (is_string($downloaded_at_link) && $GLOBALS['HTTP_DOWNLOAD_MIME_TYPE'] !== NULL && strpos($GLOBALS['HTTP_DOWNLOAD_MIME_TYPE'], 'html') !== false && $GLOBALS['HTTP_MESSAGE'] == '200') {
$matches = array();
if (preg_match('#\\s*<title[^>]*\\s*>\\s*(.*)\\s*\\s*<\\s*/title\\s*>#miU', $downloaded_at_link, $matches) != 0) {
require_code('character_sets');
$link_captions_title = trim(str_replace('–', '-', str_replace('—', '-', @html_entity_decode(convert_to_internal_encoding($matches[1]), ENT_QUOTES, get_charset()))));
if ((strpos(strtolower($link_captions_title), 'login') !== false || strpos(strtolower($link_captions_title), 'log in') !== false) && substr($auto_link, 0, strlen(get_base_url())) == get_base_url()) {
$link_captions_title = '';
}
// don't show login screen titles for our own website. Better to see the link verbatim
}
}
$GLOBALS['SITE_DB']->query_insert('url_title_cache', array('t_url' => substr($auto_link, 0, 255), 't_title' => substr($link_captions_title, 0, 255)), false, true);
// To stop weird race-like conditions
}
}
$embed_output = mixed();
$link_handlers = find_all_hooks('systems', 'comcode_link_handlers');
foreach (array_keys($link_handlers) as $link_handler) {
require_code('hooks/systems/comcode_link_handlers/' . $link_handler);
$link_handler_ob = object_factory('Hook_comcode_link_handler_' . $link_handler, true);
if (is_null($link_handler_ob)) {
continue;
}
$embed_output = $link_handler_ob->bind($auto_link, $link_captions_title, $comcode_dangerous, $pass_id, $pos, $source_member, $as_admin, $connection, $comcode, $wml, $structure_sweep, $semiparse_mode, $highlight_bits);
if (!is_null($embed_output)) {
break;
}
}
if (is_null($embed_output)) {
$page_link = url_to_pagelink($auto_link, true);
if ($link_captions_title == '') {
$link_captions_title = $auto_link;
}
if ($page_link != '') {
$embed_output = _do_tags_comcode('page', array('param' => $page_link), make_string_tempcode(escape_html($link_captions_title)), $comcode_dangerous, $pass_id, $pos, $source_member, $as_admin, $connection, $comcode, $wml, $structure_sweep, $semiparse_mode, $highlight_bits);
} else {
$embed_output = _do_tags_comcode('url', array('param' => $link_captions_title), $auto_link_tempcode, $comcode_dangerous, $pass_id, $pos, $source_member, $as_admin, $connection, $comcode, $wml, $structure_sweep, $semiparse_mode, $highlight_bits);
}
}
} else {
$embed_output = new ocp_tempcode();
}
if ($GLOBALS['XSS_DETECT']) {
ocp_mark_as_escaped($continuation);
}
$tag_output->attach($continuation);
$continuation = '';
$tag_output->attach($embed_output);
$pos += $link_end_pos - $pos;
$differented = true;
}
}
}
}
if (!$differented) {
if ($stupidity_mode != '' && $textual_area) {
if ($stupidity_mode == 'leet' && mt_rand(0, 1) == 1) {
if (array_key_exists(strtoupper($next), $LEET_FILTER)) {
$next = $LEET_FILTER[strtoupper($next)];
}
} elseif ($stupidity_mode == 'bork' && mt_rand(0, 60) == 1) {
$next .= '-bork-bork-bork-';
}
}
if (!$in_separate_parse_section && (!$in_semihtml || !$comcode_dangerous_html && !$is_all_semihtml)) {
if ($next == '&') {
$ahead = substr($comcode, $pos, 20);
$ahead_lower = strtolower($ahead);
$matches = array();
$entity = preg_match('#^(\\#)?([\\w]*);#', $ahead_lower, $matches) != 0;
// If it is a SAFE entity, use it
if ($entity && !$in_code_tag) {
if ($matches[1] == '' && ($in_semihtml || isset($ALLOWED_ENTITIES[$matches[2]]))) {
$pos += strlen($matches[2]) + 1;
$continuation .= '&' . $matches[2] . ';';
} elseif (is_numeric($matches[2]) && $matches[1] == '#') {
$matched_entity = intval(base_convert($matches[2], 16, 10));
if ($matched_entity < 127 && array_key_exists(chr($matched_entity), $POTENTIAL_JS_NAUGHTY_ARRAY)) {
$continuation .= escape_html($next);
} else {
$pos += strlen($matches[2]) + 2;
$continuation .= '&#' . $matches[2] . ';';
}
} else {
$continuation .= '&';
}
} else {
$continuation .= '&';
}
} else {
$continuation .= escape_html($next);
}
} else {
$continuation .= $next;
}
}
}
}
}
break;
case CCP_IN_TAG_NAME:
if ($mindless_mode && $next != '[') {
$tag_raw .= $next;
}
if ($next == '=') {
$status = CCP_IN_TAG_BETWEEN_ATTRIBUTE_NAME_VALUE_RIGHT;
$current_attribute_name = 'param';
} elseif (trim($next) == '') {
$status = CCP_IN_TAG_BETWEEN_ATTRIBUTES;
} elseif ($next == '[') {
if (!$lax) {
return comcode_parse_error($preparse_mode, array('CCP_TAG_OPEN_ANOMALY'), $pos, $comcode, $check_only);
}
$next = ']';
$pos--;
}
if ($next == ']') {
if ($close) {
if ($formatting_allowed) {
list($close_list, $list_indent) = _close_open_lists($list_indent, $list_type);
if ($GLOBALS['XSS_DETECT']) {
ocp_mark_as_escaped($close_list);
}
$tag_output->attach($close_list);
}
if (count($tag_stack) == 0) {
if ($lax) {
$status = CCP_NO_MANS_LAND;
break;
}
return comcode_parse_error($preparse_mode, array('CCP_NO_CLOSE', $current_tag), strrpos(substr($comcode, 0, $pos), '['), $comcode, $check_only);
}
$has_it = false;
foreach (array_reverse($tag_stack) as $t) {
if ($t[0] == $current_tag) {
$has_it = true;
break;
}
if ($in_semihtml && ($current_tag == 'html' || $current_tag == 'semihtml')) {
// Only search one level for this
break;
}
}
if ($has_it) {
$_last = array_pop($tag_stack);
if ($_last[0] != $current_tag) {
if (!$lax) {
return comcode_parse_error($preparse_mode, array('CCP_NO_CLOSE_MATCH', $current_tag, $_last[0]), $pos, $comcode, $check_only);
}
do {
$embed_output = _do_tags_comcode($_last[0], $_last[1], $tag_output, $comcode_dangerous, $pass_id, $pos, $source_member, $as_admin, $connection, $comcode, $wml, $structure_sweep, $semiparse_mode, NULL, NULL, $in_semihtml, $is_all_semihtml);
$in_code_tag = false;
$white_space_area = $_last[3];
$in_separate_parse_section = $_last[4];
$formatting_allowed = $_last[5];
$textual_area = $_last[6];
$tag_output = $_last[2];
$tag_output->attach($embed_output);
$mindless_mode = $_last[7];
$comcode_dangerous = $_last[8];
$comcode_dangerous_html = $_last[9];
if (count($tag_stack) == 0) {
$status = CCP_NO_MANS_LAND;
break 2;
}
$_last = array_pop($tag_stack);
} while ($_last[0] != $current_tag);
}
} else {
$extraneous_semihtml = !$is_all_semihtml && !$in_semihtml || $current_tag != 'html' && $current_tag != 'semihtml';
if (!$lax && $extraneous_semihtml) {
$_last = array_pop($tag_stack);
return comcode_parse_error($preparse_mode, array('CCP_NO_CLOSE_MATCH', $current_tag, $_last[0]), $pos, $comcode, $check_only);
}
$status = CCP_NO_MANS_LAND;
break;
}
// Do the comcode for this tag
if ($in_semihtml) {
foreach ($_last[1] as $index => $conv) {
$_last[1][$index] = @html_entity_decode(str_replace('<br />', chr(10), $conv), ENT_QUOTES, get_charset());
}
}
$mindless_mode = $_last[7];
if ($mindless_mode) {
$embed_output = $tag_output;
} elseif (!$check_only) {
$_structure_sweep = false;
if ($structure_sweep) {
$_structure_sweep = !in_tag_stack($tag_stack, array('title'));
}
$embed_output = _do_tags_comcode($_last[0], $_last[1], $tag_output, $comcode_dangerous, $pass_id, $pos, $source_member, $as_admin, $connection, $comcode, $wml, $_structure_sweep, $semiparse_mode, $highlight_bits, NULL, $in_semihtml, $is_all_semihtml);
} else {
$embed_output = new ocp_tempcode();
}
$in_code_tag = false;
$white_space_area = $_last[3];
$in_separate_parse_section = $_last[4];
$formatting_allowed = $_last[5];
$textual_area = $_last[6];
$tag_output = $_last[2];
$comcode_dangerous = $_last[8];
$comcode_dangerous_html = $_last[9];
if ($print_mode && $_last[0] == 'exp_thumb') {
$queued_tempcode->attach($embed_output);
} else {
$tag_output->attach($embed_output);
}
$just_ended = isset($BLOCK_TAGS[$current_tag]);
if ($current_tag == 'title') {
if (strlen($comcode) > $pos + 1 && $comcode[$pos] == chr(10) && $comcode[$pos + 1] == chr(10)) {
$NUM_LINES += 2;
$pos += 2;
$just_new_line = true;
}
}
if ($current_tag == 'html') {
$in_html = false;
} elseif ($current_tag == 'semihtml') {
$in_semihtml = false;
}
$status = CCP_NO_MANS_LAND;
} else {
if ($current_tag == 'title') {
$just_new_line = false;
list($close_list, $list_indent) = _close_open_lists($list_indent, $list_type);
if ($GLOBALS['XSS_DETECT']) {
ocp_mark_as_escaped($close_list);
}
$tag_output->attach($close_list);
}
array_push($tag_stack, array($current_tag, $attribute_map, $tag_output, $white_space_area, $in_separate_parse_section, $formatting_allowed, $textual_area, $mindless_mode, $comcode_dangerous, $comcode_dangerous_html));
list($tag_output, $comcode_dangerous, $comcode_dangerous_html, $white_space_area, $formatting_allowed, $in_separate_parse_section, $textual_area, $attribute_map, $status, $in_html, $in_semihtml, $pos, $in_code_tag) = _opened_tag($mindless_mode, $as_admin, $source_member, $attribute_map, $current_tag, $pos, $comcode_dangerous, $comcode_dangerous_html, $in_separate_parse_section, $in_html, $in_semihtml, $close, $len, $comcode);
if ($in_code_tag) {
$code_nest_stack = 0;
}
}
$tag_output->attach($tag_raw);
if ($close && $mindless_mode) {
$temp_tpl = '</kbd>​';
if ($GLOBALS['XSS_DETECT']) {
ocp_mark_as_escaped($temp_tpl);
}
$tag_output->attach($temp_tpl);
}
} elseif ($status == CCP_IN_TAG_NAME) {
$current_tag .= strtolower($next);
}
break;
case CCP_STARTING_TAG:
if ($mindless_mode && $next != '[') {
$tag_raw .= $next;
}
if ($next == '[') {
if (!$lax) {
return comcode_parse_error($preparse_mode, array('CCP_TAG_OPEN_ANOMALY'), $pos, $comcode, $check_only);
}
$status = CCP_NO_MANS_LAND;
$pos--;
} elseif ($next == ']') {
if (!$lax) {
return comcode_parse_error($preparse_mode, array('CCP_TAG_CLOSE_ANOMALY'), $pos, $comcode, $check_only);
}
$status = CCP_NO_MANS_LAND;
} elseif ($next == '/') {
$close = true;
} else {
$current_tag .= strtolower($next);
$status = CCP_IN_TAG_NAME;
}
break;
case CCP_IN_TAG_BETWEEN_ATTRIBUTES:
if ($mindless_mode && $next != '[') {
$tag_raw .= $next;
}
if ($next == ']') {
if ($current_tag == 'title') {
$just_new_line = false;
list($close_list, $list_indent) = _close_open_lists($list_indent, $list_type);
if ($GLOBALS['XSS_DETECT']) {
ocp_mark_as_escaped($close_list);
}
$tag_output->attach($close_list);
}
array_push($tag_stack, array($current_tag, $attribute_map, $tag_output, $white_space_area, $in_separate_parse_section, $formatting_allowed, $textual_area, $mindless_mode, $comcode_dangerous, $comcode_dangerous_html));
list($tag_output, $comcode_dangerous, $comcode_dangerous_html, $white_space_area, $formatting_allowed, $in_separate_parse_section, $textual_area, $attribute_map, $status, $in_html, $in_semihtml, $pos, $in_code_tag) = _opened_tag($mindless_mode, $as_admin, $source_member, $attribute_map, $current_tag, $pos, $comcode_dangerous, $comcode_dangerous_html, $in_separate_parse_section, $in_html, $in_semihtml, $close, $len, $comcode);
if ($in_code_tag) {
$code_nest_stack = 0;
}
$tag_output->attach($tag_raw);
} elseif ($next == '[') {
if (!$lax) {
return comcode_parse_error($preparse_mode, array('CCP_TAG_OPEN_ANOMALY'), $pos, $comcode, $check_only);
}
if ($current_tag == 'title') {
$just_new_line = false;
list($close_list, $list_indent) = _close_open_lists($list_indent, $list_type);
if ($GLOBALS['XSS_DETECT']) {
ocp_mark_as_escaped($close_list);
}
$tag_output->attach($close_list);
}
array_push($tag_stack, array($current_tag, $attribute_map, $tag_output, $white_space_area, $in_separate_parse_section, $formatting_allowed, $textual_area, $mindless_mode, $comcode_dangerous, $comcode_dangerous_html));
list($tag_output, $comcode_dangerous, $comcode_dangerous_html, $white_space_area, $formatting_allowed, $in_separate_parse_section, $textual_area, $attribute_map, $status, $in_html, $in_semihtml, $pos, $in_code_tag) = _opened_tag($mindless_mode, $as_admin, $source_member, $attribute_map, $current_tag, $pos, $comcode_dangerous, $comcode_dangerous_html, $in_separate_parse_section, $in_html, $in_semihtml, $close, $len, $comcode);
if ($in_code_tag) {
$code_nest_stack = 0;
}
$tag_output->attach($tag_raw);
$pos--;
} elseif (trim($next) != '') {
$status = CCP_IN_TAG_ATTRIBUTE_NAME;
$current_attribute_name = $next;
}
break;
case CCP_IN_TAG_ATTRIBUTE_NAME:
if ($mindless_mode && $next != '[') {
$tag_raw .= $next;
}
if ($next == '[') {
$status = CCP_NO_MANS_LAND;
$pos--;
if (!$lax) {
return comcode_parse_error($preparse_mode, array('CCP_TAG_OPEN_ANOMALY'), $pos, $comcode, $check_only);
}
if ($current_tag == 'title') {
$just_new_line = false;
list($close_list, $list_indent) = _close_open_lists($list_indent, $list_type);
if ($GLOBALS['XSS_DETECT']) {
ocp_mark_as_escaped($close_list);
}
$tag_output->attach($close_list);
}
array_push($tag_stack, array($current_tag, $attribute_map, $tag_output, $white_space_area, $in_separate_parse_section, $formatting_allowed, $textual_area, $mindless_mode, $comcode_dangerous, $comcode_dangerous_html));
list($tag_output, $comcode_dangerous, $comcode_dangerous_html, $white_space_area, $formatting_allowed, $in_separate_parse_section, $textual_area, $attribute_map, $status, $in_html, $in_semihtml, $pos, $in_code_tag) = _opened_tag($mindless_mode, $as_admin, $source_member, $attribute_map, $current_tag, $pos, $comcode_dangerous, $comcode_dangerous_html, $in_separate_parse_section, $in_html, $in_semihtml, $close, $len, $comcode);
if ($in_code_tag) {
$code_nest_stack = 0;
}
$tag_output->attach($tag_raw);
} elseif ($next == ']') {
if ($attribute_map == array() && !$lax) {
return comcode_parse_error($preparse_mode, array('CCP_TAG_CLOSE_ANOMALY'), $pos, $comcode, $check_only);
}
if ($attribute_map != array()) {
$at_map_keys = array_keys($attribute_map);
$old_attribute_name = $at_map_keys[count($at_map_keys) - 1];
$attribute_map[$old_attribute_name] .= ' ' . $current_attribute_name;
}
array_push($tag_stack, array($current_tag, $attribute_map, $tag_output, $white_space_area, $in_separate_parse_section, $formatting_allowed, $textual_area, $mindless_mode, $comcode_dangerous, $comcode_dangerous_html));
list($tag_output, $comcode_dangerous, $comcode_dangerous_html, $white_space_area, $formatting_allowed, $in_separate_parse_section, $textual_area, $attribute_map, $status, $in_html, $in_semihtml, $pos, $in_code_tag) = _opened_tag($mindless_mode, $as_admin, $source_member, $attribute_map, $current_tag, $pos, $comcode_dangerous, $comcode_dangerous_html, $in_separate_parse_section, $in_html, $in_semihtml, $close, $len, $comcode);
if ($in_code_tag) {
$code_nest_stack = 0;
}
$tag_output->attach($tag_raw);
} elseif ($next == '=') {
$status = CCP_IN_TAG_BETWEEN_ATTRIBUTE_NAME_VALUE_RIGHT;
} elseif ($next != ' ') {
$current_attribute_name .= strtolower($next);
} else {
$status = CCP_IN_TAG_BETWEEN_ATTRIBUTE_NAME_VALUE_LEFT;
}
break;
case CCP_IN_TAG_BETWEEN_ATTRIBUTE_NAME_VALUE_LEFT:
if ($mindless_mode && $next != '[' && $next != ']') {
$tag_raw .= $next;
}
if ($next == '=') {
$status = CCP_IN_TAG_BETWEEN_ATTRIBUTE_NAME_VALUE_RIGHT;
} elseif (trim($next) != '') {
if (!$lax) {
return comcode_parse_error($preparse_mode, array('CCP_ATTRIBUTE_ERROR', $current_attribute_name, $current_tag), $pos, $comcode, $check_only);
}
if ($next == '[') {
$status = CCP_IN_TAG_BETWEEN_ATTRIBUTES;
$pos--;
} elseif ($next == ']') {
$status = CCP_IN_TAG_BETWEEN_ATTRIBUTES;
$pos--;
}
}
break;
case CCP_IN_TAG_BETWEEN_ATTRIBUTE_NAME_VALUE_RIGHT:
if ($mindless_mode && $next != '[' && $next != ']') {
$tag_raw .= $next;
}
if ($next == '[') {
if (!$lax) {
return comcode_parse_error($preparse_mode, array('CCP_TAG_OPEN_ANOMALY'), $pos, $comcode, $check_only);
}
$status = CCP_IN_TAG_BETWEEN_ATTRIBUTES;
$pos--;
} elseif ($next == ']') {
if (!$lax) {
return comcode_parse_error($preparse_mode, array('CCP_TAG_CLOSE_ANOMALY'), $pos, $comcode, $check_only);
}
$status = CCP_IN_TAG_BETWEEN_ATTRIBUTES;
$pos--;
} elseif ($next == '"' || $in_semihtml && substr($comcode, $pos - 1, 6) == '"') {
if ($next != '"') {
$pos += 5;
if ($mindless_mode) {
$tag_raw .= 'quot;';
}
}
$status = CCP_IN_TAG_ATTRIBUTE_VALUE;
$current_attribute_value = '';
} elseif ($next != '') {
$status = CCP_IN_TAG_ATTRIBUTE_VALUE_NO_QUOTE;
$current_attribute_value = $next;
}
break;
case CCP_IN_TAG_ATTRIBUTE_VALUE_NO_QUOTE:
if ($mindless_mode && $next != ']') {
$tag_raw .= $next;
}
if ($next == ' ') {
$status = CCP_IN_TAG_BETWEEN_ATTRIBUTES;
if (isset($attribute_map[$current_attribute_name]) && !$lax) {
return comcode_parse_error($preparse_mode, array('CCP_DUPLICATE_ATTRIBUTES', $current_attribute_name, $current_tag), $pos, $comcode, $check_only);
}
$attribute_map[$current_attribute_name] = $current_attribute_value;
} elseif ($next == ']') {
if (isset($attribute_map[$current_attribute_name]) && !$lax) {
return comcode_parse_error($preparse_mode, array('CCP_DUPLICATE_ATTRIBUTES', $current_attribute_name, $current_tag), $pos, $comcode, $check_only);
}
$status = CCP_IN_TAG_BETWEEN_ATTRIBUTES;
$attribute_map[$current_attribute_name] = $current_attribute_value;
$pos--;
} else {
$current_attribute_value .= $next;
}
break;
case CCP_IN_TAG_ATTRIBUTE_VALUE:
if ($mindless_mode) {
$tag_raw .= $next;
}
if ($next == '"' || $in_semihtml && substr($comcode, $pos - 1, 6) == '"') {
if ($next != '"') {
$pos += 5;
if ($mindless_mode) {
$tag_raw .= 'quot;';
}
}
$status = CCP_IN_TAG_BETWEEN_ATTRIBUTES;
if (isset($attribute_map[$current_attribute_name]) && !$lax) {
return comcode_parse_error($preparse_mode, array('CCP_DUPLICATE_ATTRIBUTES', $current_attribute_name, $current_tag), $pos, $comcode, $check_only);
}
$attribute_map[$current_attribute_name] = $current_attribute_value;
} else {
if ($next == '\\') {
if ($comcode[$pos] == '"') {
if ($mindless_mode) {
$tag_raw .= '"';
}
$current_attribute_value .= '"';
++$pos;
} elseif (substr($comcode, $pos - 1, 6) == '"') {
if ($mindless_mode) {
$tag_raw .= '"';
}
$current_attribute_value .= '"';
$pos += 6;
} elseif ($comcode[$pos] == '\\') {
if ($mindless_mode) {
$tag_raw .= '\\';
}
$current_attribute_value .= '\\';
++$pos;
} else {
$current_attribute_value .= $next;
}
} else {
$current_attribute_value .= $next;
}
}
break;
}
}
if ($GLOBALS['XSS_DETECT']) {
ocp_mark_as_escaped($continuation);
}
$tag_output->attach($continuation);
$continuation = '';
list($close_list, $list_indent) = _close_open_lists($list_indent, $list_type);
if ($GLOBALS['XSS_DETECT']) {
ocp_mark_as_escaped($close_list);
}
$tag_output->attach($close_list);
if ($status != CCP_NO_MANS_LAND || count($tag_stack) != 0) {
if (!$lax) {
$stack_top = array_pop($tag_stack);
return comcode_parse_error($preparse_mode, array('CCP_BROKEN_END', is_null($stack_top) ? $current_tag : $stack_top[0]), $pos, $comcode, $check_only);
} else {
while (count($tag_stack) > 0) {
$_last = array_pop($tag_stack);
/*if ($_last[0]=='title') Not sure about this
{
$_structure_sweep=false;
break;
}*/
$embed_output = _do_tags_comcode($_last[0], $_last[1], $tag_output, $comcode_dangerous, $pass_id, $pos, $source_member, $as_admin, $connection, $comcode, $wml, $structure_sweep, $semiparse_mode, NULL, NULL, $in_semihtml, $is_all_semihtml);
$in_code_tag = false;
$white_space_area = $_last[3];
$in_separate_parse_section = $_last[4];
$formatting_allowed = $_last[5];
$textual_area = $_last[6];
$tag_output = $_last[2];
$tag_output->attach($embed_output);
$mindless_mode = $_last[7];
$comcode_dangerous = $_last[8];
$comcode_dangerous_html = $_last[9];
}
}
}
// $tag_output->left_attach('<div class="xhtml_validator_off">');
// $tag_output->attach('</div>');
return $tag_output;
}
