function parse_wysiwyg_html($html, $ishtml = 0, $forumid = 0, $allowsmilie = 1) { global $vbulletin; if ($ishtml) { // parse HTML into vbcode // I DON'T THINK THIS IS EVER USED NOW - KIER $html = convert_wysiwyg_html_to_bbcode($html); } else { $html = unhtmlspecialchars($html, 0); } // parse the message back into WYSIWYG-friendly HTML require_once DIR . '/includes/class_bbcode_alt.php'; $wysiwyg_parser =& new vB_BbCodeParser_Wysiwyg($vbulletin, fetch_tag_list()); $wysiwyg_parser->set_parse_userinfo($vbulletin->userinfo); return $wysiwyg_parser->parse($html, $forumid, $allowsmilie); }
default: if (intval($vbulletin->GPC['parsetype'])) { $parsetype = intval($vbulletin->GPC['parsetype']); $foruminfo = fetch_foruminfo($parsetype); $dohtml = $foruminfo['allowhtml']; break; } else { $dohtml = false; } ($hook = vBulletinHook::fetch_hook('editor_switch_wysiwyg_to_standard')) ? eval($hook) : false; } $xml->add_tag('message', process_replacement_vars(convert_wysiwyg_html_to_bbcode($vbulletin->GPC['message'], $dohtml))); } $xml->print_xml(); } // ############################################################################# // mark forums read if ($_POST['do'] == 'markread') { $vbulletin->input->clean_gpc('p', 'forumid', TYPE_UINT); require_once(DIR . '/includes/functions_misc.php'); $mark_read_result = mark_forums_read($foruminfo['forumid']);
foreach ($xml->fetch_items() as $item) { if ($vbulletin->GPC['maxresults'] and $count++ >= $vbulletin->GPC['maxresults']) { break; } if (!empty($item['content:encoded'])) { $content_encoded = true; } $title = $bbcode_parser->parse(strip_bbcode(convert_wysiwyg_html_to_bbcode($xml->parse_template($vbulletin->GPC['titletemplate'], $item))), 0, false); if ($vbulletin->GPC['options']['html2bbcode']) { $body_template = nl2br($vbulletin->GPC['bodytemplate']); } else { $body_template = $vbulletin->GPC['bodytemplate']; } $body = $xml->parse_template($body_template, $item); if ($vbulletin->GPC['options']['html2bbcode']) { $body = convert_wysiwyg_html_to_bbcode($body, false, true); } $body = $bbcode_parser->parse($body, 0, false); $output .= '<div class="alt2" style="border:inset 1px; padding:5px; width:400px; height: 175px; margin:10px; overflow: auto;"><h3><em>' . $title . '</em></h3>' . $body . '</div>'; } $feed = array(); foreach ($input_vars as $varname => $foo) { $feed["{$varname}"] = $vbulletin->GPC["{$varname}"]; } define('FEED_SAVE_ERROR', true); $_REQUEST['do'] = 'edit'; print_form_header('', ''); print_table_header($vbphrase['preview_feed']); if ($content_encoded) { print_description_row($vbphrase['feed_supports_content_encoded']); }
// insert item as thread // insert item as thread case 'thread': default: // init thread/firstpost datamanager $itemdata =& datamanager_init('Thread_FirstPost', $vbulletin, $error_type, 'threadpost'); $itemdata->set_info('forum', fetch_foruminfo($feed['forumid'])); $itemdata->set_info('user', $feed); $itemdata->set_info('is_automated', 'rss'); $itemdata->set_info('chop_title', true); $itemdata->set('iconid', $feed['iconid']); $itemdata->set('sticky', $feed['rssoptions'] & $vbulletin->bf_misc_feedoptions['stickthread'] ? 1 : 0); $itemdata->set('forumid', $feed['forumid']); $itemdata->set('prefixid', $feed['prefixid']); $itemdata->set('userid', $feed['userid']); $itemdata->set('title', strip_bbcode(convert_wysiwyg_html_to_bbcode($feed['xml']->parse_template($feed['titletemplate'], $item)))); $itemdata->set('pagetext', $pagetext); $itemdata->set('visible', $feed['rssoptions'] & $vbulletin->bf_misc_feedoptions['moderatethread'] ? 0 : 1); $itemdata->set('allowsmilie', $feed['rssoptions'] & $vbulletin->bf_misc_feedoptions['allowsmilies'] ? 1 : 0); $itemdata->set('showsignature', $feed['rssoptions'] & $vbulletin->bf_misc_feedoptions['showsignature'] ? 1 : 0); $itemdata->set('ipaddress', ''); $threadactiontime = $feed['threadactiondelay'] > 0 ? TIMENOW + $feed['threadactiondelay'] * 3600 : 0; if ($itemid = $itemdata->save()) { $itemtype = 'thread'; $itemtitle = $itemdata->fetch_field('title'); $itemlink = "../showthread.php?t={$itemid}"; if (defined('IN_CONTROL_PANEL')) { echo "<li><a href=\"{$itemlink}\" target=\"feed\">{$itemtitle}</a></li>"; } $rsslog_insert_sql[] = "({$item['rssfeedid']}, {$itemid}, '{$itemtype}', '" . $vbulletin->db->escape_string($uniquehash) . "', '" . $vbulletin->db->escape_string($item['contenthash']) . "', " . TIMENOW . ", {$threadactiontime})"; $cronlog_items["{$item['rssfeedid']}"][] = "\t<li>{$vbphrase[$itemtype]} <a href=\"{$itemlink}\" target=\"logview\"><em>{$itemtitle}</em></a></li>";
/** * Prepares the templates for a message editor * * @param string The text to be initially loaded into the editor * @param boolean Is the initial text HTML (rather than plain text or bbcode)? * @param mixed Forum ID of the forum into which we are posting. Special rules apply for values of 'privatemessage', 'usernote', 'calendar', 'announcement' and 'nonforum'. Can be an object of vB_Editor_Override as well. * @param boolean Allow smilies? * @param boolean Parse smilies in the text of the message? * @param boolean Allow attachments? * @param string Editor type - either 'fe' for full editor or 'qr' for quick reply * @param string Force the editor to use the specified value as its editorid, rather than making one up * @param array Information for the image popup * @param array Content type handled by this editor, used to set specific CSS * * @return string Editor ID */ function construct_edit_toolbar($text = '', $ishtml = false, $forumid = 0, $allowsmilie = true, $parsesmilie = true, $can_attach = false, $editor_type = 'fe', $force_editorid = '', $attachinfo = array(), $content = 'content') { // standard stuff global $vbulletin, $vbphrase, $show; // templates generated by this function global $messagearea, $smiliebox, $disablesmiliesoption, $checked, $vBeditTemplate; // misc stuff built by this function global $istyles; // counter for editorid static $editorcount = 0; if (is_object($forumid) and $forumid instanceof vB_Editor_Override) { $editor_override = $forumid; } else { $editor_override = null; } // determine what we can use // this was moved up here as I need the switch to determine if bbcode is enabled // to determine if a toolbar is usable if ($forumid == 'signature') { $sig_perms =& $vbulletin->userinfo['permissions']['signaturepermissions']; $sig_perms_bits =& $vbulletin->bf_ugp_signaturepermissions; $can_toolbar = $sig_perms & $sig_perms_bits['canbbcode'] ? true : false; $show['img_bbcode'] = $sig_perms & $sig_perms_bits['allowimg'] ? true : false; $show['font_bbcode'] = ($sig_perms & $sig_perms_bits['canbbcodefont'] and $vbulletin->options['allowedbbcodes'] & ALLOW_BBCODE_FONT) ? true : false; $show['size_bbcode'] = ($sig_perms & $sig_perms_bits['canbbcodesize'] and $vbulletin->options['allowedbbcodes'] & ALLOW_BBCODE_SIZE) ? true : false; $show['color_bbcode'] = ($sig_perms & $sig_perms_bits['canbbcodecolor'] and $vbulletin->options['allowedbbcodes'] & ALLOW_BBCODE_COLOR) ? true : false; $show['basic_bbcode'] = ($sig_perms & $sig_perms_bits['canbbcodebasic'] and $vbulletin->options['allowedbbcodes'] & ALLOW_BBCODE_BASIC) ? true : false; $show['align_bbcode'] = ($sig_perms & $sig_perms_bits['canbbcodealign'] and $vbulletin->options['allowedbbcodes'] & ALLOW_BBCODE_ALIGN) ? true : false; $show['list_bbcode'] = ($sig_perms & $sig_perms_bits['canbbcodelist'] and $vbulletin->options['allowedbbcodes'] & ALLOW_BBCODE_LIST) ? true : false; $show['code_bbcode'] = ($sig_perms & $sig_perms_bits['canbbcodecode'] and $vbulletin->options['allowedbbcodes'] & ALLOW_BBCODE_CODE) ? true : false; $show['html_bbcode'] = ($sig_perms & $sig_perms_bits['canbbcodehtml'] and $vbulletin->options['allowedbbcodes'] & ALLOW_BBCODE_HTML) ? true : false; $show['php_bbcode'] = ($sig_perms & $sig_perms_bits['canbbcodephp'] and $vbulletin->options['allowedbbcodes'] & ALLOW_BBCODE_PHP) ? true : false; $show['url_bbcode'] = ($sig_perms & $sig_perms_bits['canbbcodelink'] and $vbulletin->options['allowedbbcodes'] & ALLOW_BBCODE_URL) ? true : false; $show['quote_bbcode'] = $sig_perms & $sig_perms_bits['canbbcodequote'] ? true : false; } else { require_once DIR . '/includes/class_bbcode.php'; $show['font_bbcode'] = $vbulletin->options['allowedbbcodes'] & ALLOW_BBCODE_FONT ? true : false; $show['size_bbcode'] = $vbulletin->options['allowedbbcodes'] & ALLOW_BBCODE_SIZE ? true : false; $show['color_bbcode'] = $vbulletin->options['allowedbbcodes'] & ALLOW_BBCODE_COLOR ? true : false; $show['basic_bbcode'] = $vbulletin->options['allowedbbcodes'] & ALLOW_BBCODE_BASIC ? true : false; $show['align_bbcode'] = $vbulletin->options['allowedbbcodes'] & ALLOW_BBCODE_ALIGN ? true : false; $show['list_bbcode'] = $vbulletin->options['allowedbbcodes'] & ALLOW_BBCODE_LIST ? true : false; $show['code_bbcode'] = $vbulletin->options['allowedbbcodes'] & ALLOW_BBCODE_CODE ? true : false; $show['html_bbcode'] = $vbulletin->options['allowedbbcodes'] & ALLOW_BBCODE_HTML ? true : false; $show['php_bbcode'] = $vbulletin->options['allowedbbcodes'] & ALLOW_BBCODE_PHP ? true : false; $show['url_bbcode'] = $vbulletin->options['allowedbbcodes'] & ALLOW_BBCODE_URL ? true : false; $show['quote_bbcode'] = true; // can't disable this anywhere but in sigs } $ajax_extra = ''; $allow_custom_bbcode = true; if (empty($forumid)) { $forumid = 'nonforum'; } switch ($forumid) { case 'privatemessage': $can_toolbar = $vbulletin->options['privallowbbcode']; $show['img_bbcode'] = $vbulletin->options['privallowbbimagecode']; break; case 'calendar': global $calendarinfo; $can_toolbar = $calendarinfo['allowbbcode']; $show['img_bbcode'] = $calendarinfo['allowimgcode']; $ajax_extra = "calendarid={$calendarinfo['calendarid']}"; break; case 'announcement': $can_toolbar = true; $show['img_bbcode'] = true; break; case 'signature': // see above -- these are handled earlier break; case 'visitormessage': case 'groupmessage': case 'picturecomment': switch ($forumid) { case 'groupmessage': $allowedoption = $vbulletin->options['sg_allowed_bbcode']; break; case 'picturecomment': $allowedoption = $vbulletin->options['pc_allowed_bbcode']; break; default: $allowedoption = $vbulletin->options['vm_allowed_bbcode']; break; } $show['font_bbcode'] = ($show['font_bbcode'] and $allowedoption & ALLOW_BBCODE_FONT) ? true : false; $show['size_bbcode'] = ($show['size_bbcode'] and $allowedoption & ALLOW_BBCODE_SIZE) ? true : false; $show['color_bbcode'] = ($show['color_bbcode'] and $allowedoption & ALLOW_BBCODE_COLOR) ? true : false; $show['basic_bbcode'] = ($show['basic_bbcode'] and $allowedoption & ALLOW_BBCODE_BASIC) ? true : false; $show['align_bbcode'] = ($show['align_bbcode'] and $allowedoption & ALLOW_BBCODE_ALIGN) ? true : false; $show['list_bbcode'] = ($show['list_bbcode'] and $allowedoption & ALLOW_BBCODE_LIST) ? true : false; $show['code_bbcode'] = ($show['code_bbcode'] and $allowedoption & ALLOW_BBCODE_CODE) ? true : false; $show['html_bbcode'] = ($show['html_bbcode'] and $allowedoption & ALLOW_BBCODE_HTML) ? true : false; $show['php_bbcode'] = ($show['php_bbcode'] and $allowedoption & ALLOW_BBCODE_PHP) ? true : false; $show['url_bbcode'] = ($show['url_bbcode'] and $allowedoption & ALLOW_BBCODE_URL) ? true : false; $show['quote_bbcode'] = ($show['quote_bbcode'] and $allowedoption & ALLOW_BBCODE_QUOTE) ? true : false; $show['img_bbcode'] = $allowedoption & ALLOW_BBCODE_IMG ? true : false; $can_toolbar = ($show['font_bbcode'] or $show['size_bbcode'] or $show['color_bbcode'] or $show['basic_bbcode'] or $show['align_bbcode'] or $show['list_bbcode'] or $show['code_bbcode'] or $show['html_bbcode'] or $show['php_bbcode'] or $show['url_bbcode'] or $show['quote_bbcode'] or $show['img_bbcode']); $allow_custom_bbcode = $allowedoption & ALLOW_BBCODE_CUSTOM ? true : false; break; case 'nonforum': $can_toolbar = $vbulletin->options['allowbbcode']; $show['img_bbcode'] = $vbulletin->options['allowbbimagecode']; break; default: if ($editor_override) { $editor_settings = $editor_override->get_editor_settings(); $can_toolbar = $editor_settings['can_toolbar']; $allow_custom_bbcode = $editor_settings['allow_custom_bbcode']; // note: set $show variables directly as necessary in your get_editor_settings function } else { if (intval($forumid)) { $forum = fetch_foruminfo($forumid); $can_toolbar = $forum['allowbbcode']; $show['img_bbcode'] = $forum['allowimages']; } else { $can_toolbar = false; $show['img_bbcode'] = false; } } // Legacy Hook 'editor_toolbar_switch' Removed // break; } // set the editor mode if (isset($_REQUEST['wysiwyg'])) { // 2 = wysiwyg; 1 = standard if ($_REQUEST['wysiwyg']) { $vbulletin->userinfo['showvbcode'] = 2; } else { if ($vbulletin->userinfo['showvbcode'] == 0) { $vbulletin->userinfo['showvbcode'] = 0; } else { $vbulletin->userinfo['showvbcode'] = 1; } } } $toolbartype = $can_toolbar ? is_wysiwyg_compatible(-1, $editor_type) : 0; $show['wysiwyg_compatible'] = is_wysiwyg_compatible(2, $editor_type) == 2; $show['editor_toolbar'] = $toolbartype > 0; $templater = vB_Template::create('editor_toolbar_colors'); $colors = $templater->render(); switch ($editor_type) { case 'qr': if ($force_editorid == '') { $editorid = 'vB_Editor_QR'; } else { $editorid = $force_editorid; } $editor_height = 100; $editor_template_name = 'showthread_quickreply'; break; case 'qr_small': if ($force_editorid == '') { $editorid = 'vB_Editor_QR'; } else { $editorid = $force_editorid; } $editor_height = 60; $editor_template_name = 'showthread_quickreply'; break; case 'qr_pm': if ($force_editorid == '') { $editorid = 'vB_Editor_QR'; } else { $editorid = $force_editorid; } $editor_height = 120; $editor_template_name = 'pm_quickreply'; break; case 'qe': case 'qenr': if ($force_editorid == '') { $editorid = 'vB_Editor_QE'; } else { $editorid = $force_editorid; } $editor_height = 200; $editor_template_name = 'postbit_quickedit'; break; /* case 'qenr': if ($force_editorid == '') { $editorid = 'vB_Editor_QE'; } else { $editorid = $force_editorid; } $editor_height = 200; $editor_template_name = 'memberinfo_quickedit'; break; */ /* case 'qenr': if ($force_editorid == '') { $editorid = 'vB_Editor_QE'; } else { $editorid = $force_editorid; } $editor_height = 200; $editor_template_name = 'memberinfo_quickedit'; break; */ default: if ($editor_override) { $editorcount++; $editor_info = $editor_override->get_editor_type(array('force_editorid' => $force_editorid, 'editor_count' => $editorcount, 'editor_type' => $editor_type, 'toolbar_type' => $toolbartype)); $editorid = $editor_info['editor_id']; $editor_height = $editor_info['editor_height']; $editor_template_name = $editor_info['editor_template_name']; } else { if ($force_editorid == '') { $editorid = 'vB_Editor_' . str_pad(++$editorcount, 3, 0, STR_PAD_LEFT); } else { $editorid = $force_editorid; } // set the height of the editor based on the editor_height cookie if it exists $editor_height = $vbulletin->input->clean_gpc('c', 'editor_height', vB_Cleaner::TYPE_UINT); $editor_height = $editor_height > 100 ? $editor_height : 250; $editor_template_name = $toolbartype ? 'editor_toolbar_on' : 'editor_toolbar_off'; } break; } // init the variables used by the templates built by this function $vBeditJs = array('normalmode' => 'false'); $vBeditTemplate = array('clientscript' => '', 'fontfeedback' => '', 'sizefeedback' => '', 'smiliepopup' => ''); $extrabuttons = ''; // Legacy Hook 'editor_toolbar_start' Removed // // show a post editing toolbar of some sort if ($show['editor_toolbar']) { if ($can_attach) { $show['attach'] = true; } // get extra buttons... experimental at the moment $extrabuttons = construct_editor_extra_buttons($editorid, $allow_custom_bbcode); if ($toolbartype == 2 or defined('VB_API') and VB_API === true) { // got to parse the message to be displayed from bbcode into HTML if ($text !== '') { if ($editor_override) { $newpost['message'] = $editor_override->parse_for_wysiwyg($text, array('allowsmilies' => $allowsmilie and $parsesmilie, 'ishtml' => $ishtml)); } else { require_once DIR . '/includes/functions_wysiwyg.php'; $newpost['message'] = parse_wysiwyg_html($text, $ishtml, $forumid, iif($allowsmilie and $parsesmilie, 1, 0)); } } else { $newpost['message'] = ''; } $newpost['message'] = htmlspecialchars($newpost['message']); if (defined('VB_API') and VB_API === true) { if ($ishtml) { $newpost['message_bbcode'] = convert_wysiwyg_html_to_bbcode($text); } else { $newpost['message_bbcode'] = $text; } } } else { $newpost['message'] = $text; // set mode based on cookie set by javascript /*$vbulletin->input->clean_gpc('c', COOKIE_PREFIX . 'vbcodemode', vB_Cleaner::TYPE_INT); $modechecked[$vbulletin->GPC[COOKIE_PREFIX . 'vbcodemode']] = 'checked="checked"';*/ } } else { // do not show a post editing toolbar $newpost['message'] = $text; } // disable smilies option and clickable smilie $show['smiliebox'] = false; $smiliebox = ''; $smiliepopup = ''; $disablesmiliesoption = ''; if ($editor_type == 'qr' or $editor_type == 'qr_small') { // no smilies } else { if ($allowsmilie and $show['editor_toolbar']) { // deal with disable smilies option if (!isset($checked['disablesmilies'])) { $vbulletin->input->clean_gpc('r', 'disablesmilies', vB_Cleaner::TYPE_BOOL); $checked['disablesmilies'] = iif($vbulletin->GPC['disablesmilies'], 'checked="checked"'); } $templater = vB_Template::create('newpost_disablesmiliesoption'); $templater->register('checked', $checked); $disablesmiliesoption = $templater->render(); if ($toolbartype and $vbulletin->options['wysiwyg_smtotal'] > 0) { // query smilies $smilies = $vbulletin->db->query_read_slave("\n\t\t\t\tSELECT smilieid, smilietext, smiliepath, smilie.title,\n\t\t\t\t\timagecategory.title AS category\n\t\t\t\tFROM " . TABLE_PREFIX . "smilie AS smilie\n\t\t\t\tLEFT JOIN " . TABLE_PREFIX . "imagecategory AS imagecategory USING(imagecategoryid)\n\t\t\t\tORDER BY imagecategory.displayorder, imagecategory.title, smilie.displayorder\n\t\t\t"); // get total number of smilies $totalsmilies = $vbulletin->db->num_rows($smilies); if ($totalsmilies > 0) { if ($vbulletin->options['wysiwyg_smtotal'] > 0) { $show['wysiwygsmilies'] = true; // smilie dropdown menu $i = 0; while ($smilie = $vbulletin->db->fetch_array($smilies)) { if ($prevcategory != $smilie['category']) { $prevcategory = $smilie['category']; $templater = vB_Template::create('editor_smilie_category'); $templater->register('smilie', $smilie); $smiliepopup .= $templater->render(); } if ($i++ < $vbulletin->options['wysiwyg_smtotal']) { $templater = vB_Template::create('editor_smilie_row'); $templater->register('smilie', $smilie); $smiliepopup .= $templater->render(); } else { $show['moresmilies'] = true; break; } } } else { $show['wysiwygsmilies'] = false; } $vbulletin->db->free_result($smilies); } } } } // Legacy Hook 'editor_toolbar_end' Removed // $templater = vB_Template::create('editor_clientscript'); $templater->register('vBeditJs', $vBeditJs); $templater->register('attachinfo', $attachinfo); $values = ''; if (!empty($attachinfo['values'])) { foreach ($attachinfo['values'] as $key => $value) { $values .= "\n\t\t\t\t\t{$key}: '" . addslashes_js($value) . "',\n\t\t\t\t"; } } $templater->register('values', $values); $vBeditTemplate['clientscript'] = $templater->render(); $ajax_extra = addslashes_js($ajax_extra); $editortype = $toolbartype == 2 ? 1 : 0; $show['is_wysiwyg_editor'] = intval($editortype); $templater = vB_Template::create($editor_template_name); $templater->register('extrabuttons', $extrabuttons); $templater->register('ajax_extra', $ajax_extra); $templater->register('editorid', $editorid); $templater->register('editortype', $editortype); $templater->register('editor_height', $editor_height); $templater->register('forumid', $editor_override ? $editor_override->get_parse_type() : $forumid); $templater->register('istyles', $istyles); $templater->register('newpost', $newpost); $templater->register('parsesmilie', $parsesmilie); $templater->register('smiliebox', $smiliebox); $templater->register('vBeditTemplate', $vBeditTemplate); $templater->register('fontnames', $fontnames); $templater->register('fontsizes', $fontsizes); $templater->register('colors', $colors); $templater->register('smiliepopup', $smiliepopup); $templater->register('attachinfo', $attachinfo); $templater->register('content', $content); $messagearea = $templater->render(); return $editorid; }
// ############################### start update post ############################### if ($_POST['do'] == 'updatepost') { // Variables reused in templates $posthash = $vbulletin->input->clean_gpc('p', 'posthash', TYPE_NOHTML); $poststarttime = $vbulletin->input->clean_gpc('p', 'poststarttime', TYPE_UINT); $vbulletin->input->clean_array_gpc('p', array('stickunstick' => TYPE_BOOL, 'openclose' => TYPE_BOOL, 'wysiwyg' => TYPE_BOOL, 'message' => TYPE_STR, 'title' => TYPE_STR, 'prefixid' => TYPE_NOHTML, 'iconid' => TYPE_UINT, 'parseurl' => TYPE_BOOL, 'signature' => TYPE_BOOL, 'disablesmilies' => TYPE_BOOL, 'reason' => TYPE_NOHTML, 'preview' => TYPE_STR, 'folderid' => TYPE_UINT, 'emailupdate' => TYPE_UINT, 'ajax' => TYPE_BOOL, 'advanced' => TYPE_BOOL, 'postcount' => TYPE_UINT, 'podcasturl' => TYPE_STR, 'podcastsize' => TYPE_UINT, 'podcastexplicit' => TYPE_BOOL, 'podcastkeywords' => TYPE_STR, 'podcastsubtitle' => TYPE_STR, 'podcastauthor' => TYPE_STR, 'quickeditnoajax' => TYPE_BOOL)); // Make sure the posthash is valid ($hook = vBulletinHook::fetch_hook('editpost_update_start')) ? eval($hook) : false; if (md5($poststarttime . $vbulletin->userinfo['userid'] . $vbulletin->userinfo['salt']) != $posthash) { $posthash = 'invalid posthash'; // don't phrase me } // ### PREP INPUT ### if ($vbulletin->GPC['wysiwyg']) { require_once DIR . '/includes/functions_wysiwyg.php'; $edit['message'] = convert_wysiwyg_html_to_bbcode($vbulletin->GPC['message'], $foruminfo['allowhtml']); } else { $edit['message'] =& $vbulletin->GPC['message']; } $cansubscribe = true; // Are we editing someone else's post? If so load that users subscription info for this thread. if ($vbulletin->userinfo['userid'] != $postinfo['userid']) { if ($postinfo['userid']) { $userinfo = fetch_userinfo($postinfo['userid']); cache_permissions($userinfo); } $cansubscribe = ($userinfo['forumpermissions']["{$foruminfo['forumid']}"] & $vbulletin->bf_ugp_forumpermissions['canview'] and $userinfo['forumpermissions']["{$foruminfo['forumid']}"] & $vbulletin->bf_ugp_forumpermissions['canviewthreads'] and ($threadinfo['postuserid'] == $userinfo['userid'] or $userinfo['forumpermissions']["{$foruminfo['forumid']}"] & $vbulletin->bf_ugp_forumpermissions['canviewothers'])); if ($cansubscribe and $otherthreadinfo = $db->query_first_slave("\n\t\t\tSELECT emailupdate, folderid\n\t\t\tFROM " . TABLE_PREFIX . "subscribethread\n\t\t\tWHERE threadid = {$threadinfo['threadid']} AND\n\t\t\t\tuserid = {$postinfo['userid']} AND\n\t\t\t\tcanview = 1")) { $threadinfo['issubscribed'] = true; $threadinfo['emailupdate'] = $otherthreadinfo['emailupdate']; $threadinfo['folderid'] = $otherthreadinfo['folderid'];
break; case 'signature': $dohtml = $vbulletin->userinfo['permissions']['signaturepermissions'] & $vbulletin->bf_ugp_signaturepermissions['allowhtml']; break; default: if (intval($vbulletin->GPC['parsetype'])) { $parsetype = intval($vbulletin->GPC['parsetype']); $foruminfo = fetch_foruminfo($parsetype); $dohtml = $foruminfo['allowhtml']; break; } else { $dohtml = false; } ($hook = vBulletinHook::fetch_hook('editor_switch_wysiwyg_to_standard')) ? eval($hook) : false; } $xml->add_tag('message', convert_wysiwyg_html_to_bbcode($vbulletin->GPC['message'], $dohtml)); } $xml->print_xml(); } // ############################################################################# // mark forums read if ($_POST['do'] == 'markread') { $vbulletin->input->clean_gpc('p', 'forumid', TYPE_UINT); require_once DIR . '/includes/functions_misc.php'; $mark_read_result = mark_forums_read($foruminfo['forumid']); $xml = new vB_AJAX_XML_Builder($vbulletin, 'text/xml'); $xml->add_group('readmarker'); $xml->add_tag('phrase', $mark_read_result['phrase']); $xml->add_tag('url', $mark_read_result['url']); $xml->add_group('forums'); if (is_array($mark_read_result['forumids'])) {
'humanverify' => TYPE_ARRAY, 'loggedinuser' => TYPE_UINT, 'fromquickcomment' => TYPE_BOOL, 'preview' => TYPE_STR, 'advanced' => TYPE_BOOL, 'fromconverse' => TYPE_BOOL, 'u2' => TYPE_UINT, )); ($hook = vBulletinHook::fetch_hook('visitor_message_post_start')) ? eval($hook) : false; // unwysiwygify the incoming data if ($vbulletin->GPC['wysiwyg']) { require_once(DIR . '/includes/functions_wysiwyg.php'); $vbulletin->GPC['message'] = convert_wysiwyg_html_to_bbcode($vbulletin->GPC['message'], $vbulletin->options['allowhtml']); } // parse URLs in message text if ($vbulletin->options['allowbbcode'] AND $vbulletin->GPC['parseurl']) { require_once(DIR . '/includes/functions_newpost.php'); $vbulletin->GPC['message'] = convert_url_to_bbcode($vbulletin->GPC['message']); } $message = array( 'message' =>& $vbulletin->GPC['message'], 'userid' =>& $userinfo['userid'], 'postuserid' =>& $vbulletin->userinfo['userid'], 'disablesmilies' =>& $vbulletin->GPC['disablesmilies'], 'parseurl' =>& $vbulletin->GPC['parseurl'],
$itemtype = 'announcement'; $threadactiontime = 0; if (defined('IN_CONTROL_PANEL')) { echo "<li><a href=\"{$itemlink}\" target=\"feed\">{$itemtitle}</a></li>"; } $rsslog_insert_sql[] = array('rssfeedid' => $item['rssfeedid'], 'itemid' => $itemid, 'itemtype' => $itemtype, 'uniquehash' => vB::getDbAssertor()->escape_string($uniquehash), 'contenthash' => vB::getDbAssertor()->escape_string($item['contenthash']), 'dateline' => vB::getRequest()->getTimeNow(), 'topicactiontime' => $threadactiontime); $cronlog_items["{$item['rssfeedid']}"][] = "\t<li>{$vbphrase[$itemtype]} <a href=\"{$itemlink}\" target=\"logview\"><em>{$itemtitle}</em></a></li>"; $announcementCache[$feed['nodeid']] = 'vB_Announcements_' . $feed['nodeid']; } break; // insert item as thread // insert item as thread case 'thread': default: $pagetext = $feed['xml']->parse_template($feed['bodytemplate'], $item); $itemtitle = strip_bbcode(convert_wysiwyg_html_to_bbcode($feed['xml']->parse_template($feed['titletemplate'], $item))); if (empty($itemtitle)) { $itemtitle = vB_Phrase::fetchSinglePhrase('rssposter_post_from_x', array($feed['title'])); } $itemAddResult = vB_Library::instance('content_text')->add(array('userid' => $feed['userid'], 'sticky' => $feed['rssoptions'] & $bf_misc_feedoptions['stickthread'] ? 1 : 0, 'parentid' => $feed['nodeid'], 'title' => $itemtitle, 'rawtext' => $pagetext, 'approved' => $feed['rssoptions'] & $bf_misc_feedoptions['moderatethread'] ? 0 : 1, 'showapproved' => $feed['rssoptions'] & $bf_misc_feedoptions['moderatethread'] ? 0 : 1, 'iconid' => !empty($feed['iconid']) ? $feed['iconid'] : 0), array('autoparselinks' => 1, 'nl2br' => $nl2br, 'skipDupCheck' => 1), $convertHtmlToBbcode); $itemid = !empty($itemAddResult['nodeid']) ? $itemAddResult['nodeid'] : false; $threadactiontime = $feed['topicactiondelay'] > 0 ? vB::getRequest()->getTimeNow() + $feed['topicactiondelay'] * 3600 : 0; if ($itemid) { $itemtype = 'topic'; $itemlink = vB_Api::instanceInternal('route')->getAbsoluteNodeUrl($itemid); if (defined('IN_CONTROL_PANEL')) { echo "<li><a href=\"{$itemlink}\" target=\"feed\">{$itemtitle}</a></li>"; } $rsslog_insert_sql[] = array('rssfeedid' => $item['rssfeedid'], 'itemid' => $itemid, 'itemtype' => $itemtype, 'uniquehash' => vB::getDbAssertor()->escape_string($uniquehash), 'contenthash' => vB::getDbAssertor()->escape_string($item['contenthash']), 'dateline' => vB::getRequest()->getTimeNow(), 'topicactiontime' => $threadactiontime); $cronlog_items["{$item['rssfeedid']}"][] = "\t<li>{$vbphrase[$itemtype]} <a href=\"{$itemlink}\" target=\"logview\"><em>{$itemtitle}</em></a></li>"; }
if ($_GET['do'] != 'edit') { $errors['upload'] = 'color=#FF0000"'; //$errors['link'] = 'color=#FF0000"'; $errors['message'] .= '<center>' . $vbphrase['ecdownloads_must_submit_file'] . '</center><br />'; } } } if ($upload == true) { if (!strstr("|" . str_replace(" ", "|", $dl->ext) . "|", $ext)) { $errors['message'] .= '<center>' . $vbphrase['ecdownloads_invalid_extension'] . ': ' . $dl->ext . '</center><br />'; } } if (!isset($errors)) { $_POST['desc'] = $_POST['message']; if ($_POST['wysiwyg'] == 1) { $_POST['desc'] = convert_wysiwyg_html_to_bbcode($_POST['message'], 0); } else { $_POST['desc'] =& $_POST['message']; } $_POST['desc'] = convert_url_to_bbcode($_POST['desc']); if ($upload) { $newfilename = TIMENOW % 100000 . '-' . $_FILES['upload']['name']; if (move_uploaded_file($_FILES['upload']['tmp_name'], $dl->url . $newfilename)) { chmod($dl->url . $newfilename, 0666); $size = @filesize($dl->url . $newfilename); } else { $errors['message'] .= '<center><span style="color: red;">The upload failed! Upload error.</span></center><br />'; } } else { if ($link) { $newfilename = $_POST['link'];
eval(print_standard_redirect('')); } $title = $vbulletin->input->clean_gpc('p', 'title', TYPE_STR); $title = addslashes($title); if (!$title) { $vbulletin->url = "cannedreplies.php?do=edit&id=" . $id; eval(print_standard_redirect('')); } $vbulletin->input->clean_array_gpc('p', array('message' => TYPE_STR, 'wysiwyg' => TYPE_BOOL)); if ($vbulletin->GPC['wysiwyg']) { $reply = convert_wysiwyg_html_to_bbcode($vbulletin->GPC['message'], 1); } else { $reply = $vbulletin->GPC['message']; } if ($vbulletin->GPC['wysiwyg']) { $reply = convert_wysiwyg_html_to_bbcode($vbulletin->GPC['message'], 1); } else { $reply = $vbulletin->GPC['message']; } $db->query_write("UPDATE " . TABLE_PREFIX . "cannedreplies SET title = '" . $title . "', reply = '" . addslashes($reply) . "' WHERE id='" . $id . "' AND userid='" . $userid . "' "); $vbulletin->url = "cannedreplies.php"; eval(print_standard_redirect('')); } // ############################################################################# if ($_REQUEST['do'] == 'edit') { $id = $vbulletin->input->clean_gpc('g', 'id', TYPE_UINT); if (!$id) { $vbulletin->url = "cannedreplies.php"; eval(print_standard_redirect('')); } $userid = $vbulletin->userinfo['userid'];
} } require_once DIR . '/includes/class_bbcode.php'; $bbcode_parser = new vB_BbCodeParser($vbulletin, fetch_tag_list()); $output = ''; $count = 0; $bbcodeApi = vB_Api::instanceInternal('bbcode'); $bbcodeLibrary = vB_Library::instance('bbcode'); foreach ($xml->fetch_items() as $item) { if ($vbulletin->GPC['maxresults'] and $count++ >= $vbulletin->GPC['maxresults']) { break; } if (!empty($item['content:encoded'])) { $content_encoded = true; } $title = $bbcode_parser->parse(strip_bbcode(convert_wysiwyg_html_to_bbcode($xml->parse_template($vbulletin->GPC['titletemplate'], $item))), 0, false); $body = $xml->parse_template($vbulletin->GPC['bodytemplate'], $item); $dobbcode = false; if ($vbulletin->GPC['options']['html2bbcode']) { $dobbcode = true; $body = nl2br($body); $body = $bbcodeApi->convertWysiwygTextToBbcode($body, array('autoparselinks' => 1)); } $body = $bbcodeLibrary->doParse($body, true, false, $dobbcode); $output .= '<div class="alt2" style="border:inset 1px; padding:5px; width:400px; height: 175px; margin:10px; overflow: auto;"><h3><em>' . $title . '</em></h3>' . $body . '</div>'; } $feed = array(); foreach ($input_vars as $varname => $foo) { $feed["{$varname}"] = $vbulletin->GPC["{$varname}"]; } define('FEED_SAVE_ERROR', true);
$photoplog_html_output = str_replace("src=\"images/smilies/", "src=\"" . $vbulletin->options['bburl'] . "/images/smilies/", $photoplog_html_output); if ($photoplog_fileversion == 6) { $xml->add_tag('message', $photoplog_html_output); } else { echo $photoplog_html_output; } } else { switch ($vbulletin->GPC['parsetype']) { case 'nonforum': $dohtml = $do_html; break; default: $dohtml = 0; } $vbulletin->GPC['message'] = str_replace("src=\"" . $vbulletin->options['bburl'] . "/images/smilies/", "src=\"images/smilies/", $vbulletin->GPC['message']); if ($photoplog_fileversion == 6) { $xml->add_tag('message', convert_wysiwyg_html_to_bbcode($vbulletin->GPC['message'], $dohtml)); } else { echo convert_wysiwyg_html_to_bbcode($vbulletin->GPC['message'], $dohtml); } } if ($photoplog_fileversion == 6) { $xml->print_xml(); } } // ##################### REQUIRE VB AJAX IF NEEDED ######################## if (!$photoplog_ajax_flag && 1 == 2) { chdir(PHOTOPLOG_FWD); require_once DIR . '/ajax.php'; chdir(PHOTOPLOG_BWD); }
} else { if (!($vbulletin->userinfo['calendarpermissions']["{$calendarinfo['calendarid']}"] & $vbulletin->bf_ugp_calendarpermissions['caneditevent'])) { print_no_permission(); } } } } } else { if (!($vbulletin->userinfo['calendarpermissions']["{$calendarinfo['calendarid']}"] & $vbulletin->bf_ugp_calendarpermissions['canpostevent'])) { print_no_permission(); } } // unwysiwygify the incoming data if ($vbulletin->GPC['wysiwyg']) { require_once DIR . '/includes/functions_wysiwyg.php'; $message = convert_wysiwyg_html_to_bbcode($vbulletin->GPC['message'], $calendarinfo['allowhtml']); } else { $message = $vbulletin->GPC['message']; } // init event datamanager class $eventdata =& datamanager_init('Event', $vbulletin, ERRTYPE_STANDARD); ($hook = vBulletinHook::fetch_hook('calendar_update_process')) ? eval($hook) : false; $eventdata->set_info('parseurl', $vbulletin->GPC['parseurl'] and $calendarinfo['allowbbcode']); $eventdata->setr_info('fromtime', $vbulletin->GPC['fromtime']); $eventdata->setr_info('totime', $vbulletin->GPC['totime']); $eventdata->setr_info('fromdate', $vbulletin->GPC['fromdate']); $eventdata->setr_info('todate', $vbulletin->GPC['todate']); $eventdata->setr_info('type', $vbulletin->GPC['type']); $eventdata->setr_info('recur', $vbulletin->GPC['recur']); $eventdata->set('title', $vbulletin->GPC['title']); $eventdata->set('event', $message);
"); if ($blocks['count'] >= $userinfo['permissions']['vbblog_custompages']) { print_no_permission(); } } } // Sidebar $sidebar =& build_user_sidebar($userinfo, 0, 0, $rules); // unwysiwygify the incoming data if ($vbulletin->GPC['wysiwyg']) { require_once(DIR . '/includes/functions_wysiwyg.php'); $vbulletin->GPC['message'] = convert_wysiwyg_html_to_bbcode($vbulletin->GPC['message'], $userinfo['permissions']['vbblog_entry_permissions'] & $vbulletin->bf_ugp_vbblog_entry_permissions['blog_allowhtml']); } // parse URLs in message text if ($userinfo['permissions']['vbblog_entry_permissions'] & $vbulletin->bf_ugp_vbblog_entry_permissions['blog_allowbbcode'] AND $vbulletin->GPC['parseurl']) { require_once(DIR . '/includes/functions_newpost.php'); $vbulletin->GPC['message'] = convert_url_to_bbcode($vbulletin->GPC['message']); } $customblock = $sidebarinfo; $customblock['title'] = $vbulletin->GPC['title']; $customblock['disablesmilies'] = $vbulletin->GPC['disablesmilies']; $customblock['parseurl'] = ($userinfo['permissions']['vbblog_entry_permissions'] & $vbulletin->bf_ugp_vbblog_entry_permissions['blog_allowbbcode'] AND $vbulletin->GPC['parseurl']); $customblock['message'] = $vbulletin->GPC['message']; $customblock['type'] = $vbulletin->GPC['type'];
$photoplog_categorybit = $photoplog_ds_catopts[$photoplog_file_catid]['options']; $photoplog_catoptions = convert_bits_to_array($photoplog_categorybit, $photoplog_categoryoptions); $do_html = $photoplog_catoptions['allowhtml'] ? true : false; } else { photoplog_output_page('photoplog_error_page', $vbphrase['photoplog_error'], $vbphrase['photoplog_no'] . ' ' . $vbphrase['photoplog_category']); } if ($photoplog_catoptions['actasdivider']) { $photoplog_file_catid = -999; } if ($photoplog_file_catid < 0) { photoplog_output_page('photoplog_error_page', $vbphrase['photoplog_error'], $vbphrase['photoplog_no'] . ' ' . $vbphrase['photoplog_category']); } if ($photoplog_wysiwyg) { require_once DIR . '/includes/functions_wysiwyg.php'; $photoplog_file_description = str_replace($vbulletin->options['bburl'] . "/images/smilies/", "images/smilies/", $photoplog_file_description); $photoplog_file_description = convert_wysiwyg_html_to_bbcode($photoplog_file_description, $do_html); } if (is_array($photoplog_userfile['name'])) { $photoplog_userfile['name'] = $photoplog_userfile['name'][0]; $photoplog_userfile['type'] = $photoplog_userfile['type'][0]; $photoplog_userfile['tmp_name'] = $photoplog_userfile['tmp_name'][0]; $photoplog_userfile['error'] = $photoplog_userfile['error'][0]; $photoplog_userfile['size'] = $photoplog_userfile['size'][0]; } $photoplog_urlflag = 0; $photoplog_file_error = 1; if (vbstrlen($photoplog_userlink) > 0) { @ini_set('user_agent', 'PHP'); $photoplog_urlflag = 0; $photoplog_file_error = 1; $photoplog_urllink = str_replace(array(' ', '..'), array('+', ''), $photoplog_userlink);
$do_comments = $photoplog_catoptions['allowcomments'] ? true : false; } if (!$do_comments) { photoplog_index_bounce(); } /* if ($photoplog['comment'] == '' || vbstrlen($photoplog['comment']) < intval($vbulletin->options['postminchars'])) { $photoplog_msg_too_short = construct_phrase($vbphrase['message_too_short'],$vbulletin->options['postminchars']); photoplog_output_page('photoplog_error_page',$vbphrase['photoplog_error'],$photoplog_msg_too_short); } */ if ($photoplog_wysiwyg) { require_once DIR . '/includes/functions_wysiwyg.php'; $photoplog['comment'] = str_replace($vbulletin->options['bburl'] . "/images/smilies/", "images/smilies/", $photoplog['comment']); $photoplog['comment'] = convert_wysiwyg_html_to_bbcode($photoplog['comment'], $do_html); } if (!$photoplog['commentid']) { if (defined('PHOTOPLOG_USER8')) { ($hook = vBulletinHook::fetch_hook('photoplog_comment_docomment_add')) ? eval($hook) : false; $photoplog_have_comment = $photoplog['comment'] != '' ? 1 : 0; $photoplog_sql = 1; if (!$photoplog_have_comment || $permissions['photoplogpermissions'] & $vbulletin->bf_ugp_photoplogpermissions['photoplogcanpostunmoderatedcomments']) { $photoplog_sql = 0; } $photoplog_current_last_comment_id0 = intval($photoplog_file_info['last_comment_id0']); $photoplog_current_last_comment_dateline0 = intval($photoplog_file_info['last_comment_dateline0']); $photoplog_current_last_comment_id1 = intval($photoplog_file_info['last_comment_id1']); $photoplog_current_last_comment_dateline1 = intval($photoplog_file_info['last_comment_dateline1']); $db->query_write("INSERT INTO " . PHOTOPLOG_PREFIX . "photoplog_ratecomment\r\n\t\t\t\t\t(fileid, catid, userid, username, rating, title, comment, dateline, moderate, lastedit)\r\n\t\t\t\t\tVALUES (\r\n\t\t\t\t\t\t" . intval($photoplog['fileid']) . ",\r\n\t\t\t\t\t\t" . intval($photoplog['catid']) . ",\r\n\t\t\t\t\t\t" . intval($vbulletin->userinfo['userid']) . ",\r\n\t\t\t\t\t\t'" . $db->escape_string($vbulletin->userinfo['username']) . "',\r\n\t\t\t\t\t\t" . intval($photoplog['rating']) . ",\r\n\t\t\t\t\t\t'" . $db->escape_string($photoplog['title']) . "',\r\n\t\t\t\t\t\t'" . $db->escape_string($photoplog['comment']) . "',\r\n\t\t\t\t\t\t" . intval(TIMENOW) . ",\r\n\t\t\t\t\t\t" . intval($photoplog_sql) . ",\r\n\t\t\t\t\t\t''\r\n\t\t\t\t\t)\r\n\t\t\t\t"); $photoplog_pound_place = $db->insert_id();
if ($_POST['do'] == 'updatesignature') { $vbulletin->input->clean_array_gpc('p', array('wysiwyg' => TYPE_BOOL, 'message' => TYPE_STR, 'preview' => TYPE_STR, 'deletesigpic' => TYPE_BOOL, 'sigpicurl' => TYPE_STR)); if (!($permissions['genericpermissions'] & $vbulletin->bf_ugp_genericpermissions['canusesignature'])) { eval(standard_error(fetch_error('nosignaturepermission'))); } if ($permissions['signaturepermissions'] & $vbulletin->bf_ugp_signaturepermissions['cansigpic']) { $vbulletin->input->clean_gpc('f', 'upload', TYPE_FILE); } require_once DIR . '/includes/class_bbcode.php'; require_once DIR . '/includes/class_sigparser.php'; require_once DIR . '/includes/functions_misc.php'; $errors = array(); // DO WYSIWYG processing to get to BB code. if ($vbulletin->GPC['wysiwyg']) { require_once DIR . '/includes/functions_wysiwyg.php'; $signature = convert_wysiwyg_html_to_bbcode($vbulletin->GPC['message'], $permissions['signaturepermissions'] & $vbulletin->bf_ugp_signaturepermissions['allowhtml']); } else { $signature = $vbulletin->GPC['message']; } ($hook = vBulletinHook::fetch_hook('profile_updatesignature_start')) ? eval($hook) : false; // handle image uploads if ($vbulletin->GPC['deletesigpic']) { if (preg_match('#\\[sigpic\\](.*)\\[/sigpic\\]#siU', $signature)) { $errors[] = fetch_error('sigpic_in_use'); } else { $userpic =& datamanager_init('Userpic_Sigpic', $vbulletin, ERRTYPE_STANDARD, 'userpic'); $userpic->condition = "userid = " . $vbulletin->userinfo['userid']; $userpic->delete(); } $redirectsig = true; } else {
function do_post_edit() { global $vbulletin, $db, $foruminfo, $forumperms, $threadinfo; global $postinfo, $vbphrase, $stylevar, $permissions; $checked = array(); $edit = array(); $postattach = array(); $contenttype = 'vBForum_Post'; if (!$postinfo['postid'] or $postinfo['isdeleted'] or !$postinfo['visible'] and !can_moderate($threadinfo['forumid'], 'canmoderateposts')) { json_error(ERR_INVALID_TOP, RV_POST_ERROR); } if (!$threadinfo['threadid'] or $threadinfo['isdeleted'] or !$threadinfo['visible'] and !can_moderate($threadinfo['forumid'], 'canmoderateposts')) { json_error(ERR_INVALID_TOP, RV_POST_ERROR); } if ($vbulletin->options['wordwrap']) { $threadinfo['title'] = fetch_word_wrapped_string($threadinfo['title']); } // get permissions info $_permsgetter_ = 'edit post'; $forumperms = fetch_permissions($threadinfo['forumid']); if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canview']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewthreads']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewothers']) and ($threadinfo['postuserid'] != $vbulletin->userinfo['userid'] or $vbulletin->userinfo['userid'] == 0)) { json_error(ERR_NO_PERMISSION, RV_POST_ERROR); } $foruminfo = fetch_foruminfo($threadinfo['forumid'], false); // check if there is a forum password and if so, ensure the user has it set verify_forum_password($foruminfo['forumid'], $foruminfo['password']); // need to get last post-type information cache_ordered_forums(1); // determine if we are allowed to be updating the thread's info $can_update_thread = ($threadinfo['firstpostid'] == $postinfo['postid'] and (can_moderate($threadinfo['forumid'], 'caneditthreads') or $postinfo['dateline'] + $vbulletin->options['editthreadtitlelimit'] * 60 > TIMENOW)); // otherwise, post is being edited if (!can_moderate($threadinfo['forumid'], 'caneditposts')) { // check for moderator if (!$threadinfo['open']) { $vbulletin->url = 'showthread.php?' . $vbulletin->session->vars['sessionurl'] . "t={$threadinfo['threadid']}"; json_error(fetch_error('threadclosed'), RV_POST_ERROR); } if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['caneditpost'])) { json_error(ERR_NO_PERMISSION, RV_POST_ERROR); } else { if ($vbulletin->userinfo['userid'] != $postinfo['userid']) { // check user owns this post json_error(ERR_NO_PERMISSION, RV_POST_ERROR); } else { // check for time limits if ($postinfo['dateline'] < TIMENOW - $vbulletin->options['edittimelimit'] * 60 and $vbulletin->options['edittimelimit'] != 0) { json_error(fetch_error('edittimelimit', $vbulletin->options['edittimelimit'], $vbulletin->options['contactuslink']), RV_POST_ERROR); } } } } // Variables reused in templates $poststarttime =& $vbulletin->input->clean_gpc('r', poststarttime, TYPE_UINT); $posthash = md5($vbulletin->GPC['poststarttime'] . $vbulletin->userinfo['userid'] . $vbulletin->userinfo['salt']); $vbulletin->input->clean_array_gpc('p', array('stickunstick' => TYPE_BOOL, 'openclose' => TYPE_BOOL, 'wysiwyg' => TYPE_BOOL, 'message' => TYPE_STR, 'title' => TYPE_STR, 'prefixid' => TYPE_NOHTML, 'iconid' => TYPE_UINT, 'parseurl' => TYPE_BOOL, 'signature' => TYPE_BOOL, 'disablesmilies' => TYPE_BOOL, 'reason' => TYPE_NOHTML, 'preview' => TYPE_STR, 'folderid' => TYPE_UINT, 'emailupdate' => TYPE_UINT, 'ajax' => TYPE_BOOL, 'advanced' => TYPE_BOOL, 'postcount' => TYPE_UINT, 'podcasturl' => TYPE_STR, 'podcastsize' => TYPE_UINT, 'podcastexplicit' => TYPE_BOOL, 'podcastkeywords' => TYPE_STR, 'podcastsubtitle' => TYPE_STR, 'podcastauthor' => TYPE_STR, 'quickeditnoajax' => TYPE_BOOL)); if ($vbulletin->GPC['message']) { $vbulletin->GPC['message'] = prepare_remote_utf8_string($vbulletin->GPC['message']); } $vbulletin->GPC['signature'] = $vbulletin->GPC_exists['signature'] = true; // Make sure the posthash is valid ($hook = vBulletinHook::fetch_hook('editpost_update_start')) ? eval($hook) : false; if (md5($poststarttime . $vbulletin->userinfo['userid'] . $vbulletin->userinfo['salt']) != $posthash) { $posthash = 'invalid posthash'; // don't phrase me } // ### PREP INPUT ### if ($vbulletin->GPC['wysiwyg']) { require_once DIR . '/includes/functions_wysiwyg.php'; $edit['message'] = convert_wysiwyg_html_to_bbcode($vbulletin->GPC['message'], $foruminfo['allowhtml']); } else { $edit['message'] =& $vbulletin->GPC['message']; } $cansubscribe = true; // Are we editing someone else's post? If so load that users subscription info for this thread. if ($vbulletin->userinfo['userid'] != $postinfo['userid']) { if ($postinfo['userid']) { $userinfo = fetch_userinfo($postinfo['userid']); cache_permissions($userinfo); } $cansubscribe = ($userinfo['forumpermissions']["{$foruminfo['forumid']}"] & $vbulletin->bf_ugp_forumpermissions['canview'] and $userinfo['forumpermissions']["{$foruminfo['forumid']}"] & $vbulletin->bf_ugp_forumpermissions['canviewthreads'] and ($threadinfo['postuserid'] == $userinfo['userid'] or $userinfo['forumpermissions']["{$foruminfo['forumid']}"] & $vbulletin->bf_ugp_forumpermissions['canviewothers'])); if ($cansubscribe and $otherthreadinfo = $db->query_first_slave("\n\t\t\tSELECT emailupdate, folderid\n\t\t\tFROM " . TABLE_PREFIX . "subscribethread\n\t\t\tWHERE threadid = {$threadinfo['threadid']} AND\n\t\t\t\tuserid = {$postinfo['userid']} AND\n\t\t\t\tcanview = 1")) { $threadinfo['issubscribed'] = true; $threadinfo['emailupdate'] = $otherthreadinfo['emailupdate']; $threadinfo['folderid'] = $otherthreadinfo['folderid']; } else { $threadinfo['issubscribed'] = false; // use whatever emailupdate setting came through } } if ($vbulletin->GPC['ajax'] or $vbulletin->GPC['quickeditnoajax']) { // quick edit $tmpmessage = $vbulletin->GPC['ajax'] ? convert_urlencoded_unicode($edit['message']) : $edit['message']; $edit = $postinfo; $edit['message'] =& $tmpmessage; $edit['title'] = unhtmlspecialchars($edit['title']); $edit['signature'] =& $edit['showsignature']; $edit['enablesmilies'] =& $edit['allowsmilie']; $edit['disablesmilies'] = $edit['enablesmilies'] ? 0 : 1; $edit['parseurl'] = true; $edit['prefixid'] = $threadinfo['prefixid']; $edit['reason'] = fetch_censored_text($vbulletin->GPC['ajax'] ? convert_urlencoded_unicode($vbulletin->GPC['reason']) : $vbulletin->GPC['reason']); } else { $edit['iconid'] =& $vbulletin->GPC['iconid']; $edit['title'] =& $vbulletin->GPC['title']; $edit['prefixid'] = ($vbulletin->GPC_exists['prefixid'] and can_use_prefix($vbulletin->GPC['prefixid'])) ? $vbulletin->GPC['prefixid'] : $threadinfo['prefixid']; $edit['podcasturl'] =& $vbulletin->GPC['podcasturl']; $edit['podcastsize'] =& $vbulletin->GPC['podcastsize']; $edit['podcastexplicit'] =& $vbulletin->GPC['podcastexplicit']; $edit['podcastkeywords'] =& $vbulletin->GPC['podcastkeywords']; $edit['podcastsubtitle'] =& $vbulletin->GPC['podcastsubtitle']; $edit['podcastauthor'] =& $vbulletin->GPC['podcastauthor']; // Leave this off for quickedit->advanced so that a post with unparsed links doesn't get parsed just by going to Advanced Edit $edit['parseurl'] = true; $edit['signature'] =& $vbulletin->GPC['signature']; $edit['disablesmilies'] =& $vbulletin->GPC['disablesmilies']; $edit['enablesmilies'] = $edit['allowsmilie'] = $edit['disablesmilies'] ? 0 : 1; $edit['stickunstick'] =& $vbulletin->GPC['stickunstick']; $edit['openclose'] =& $vbulletin->GPC['openclose']; $edit['reason'] = fetch_censored_text($vbulletin->GPC['reason']); $edit['preview'] =& $vbulletin->GPC['preview']; $edit['folderid'] =& $vbulletin->GPC['folderid']; if (!$vbulletin->GPC['advanced']) { if ($vbulletin->GPC_exists['emailupdate']) { $edit['emailupdate'] =& $vbulletin->GPC['emailupdate']; } else { $edit['emailupdate'] = array_pop($array = array_keys(fetch_emailchecked($threadinfo))); } } } $dataman =& datamanager_init('Post', $vbulletin, ERRTYPE_ARRAY, 'threadpost'); $dataman->set_existing($postinfo); ($hook = vBulletinHook::fetch_hook('editpost_update_process')) ? eval($hook) : false; // set info $dataman->set_info('parseurl', $vbulletin->options['allowedbbcodes'] & ALLOW_BBCODE_URL and $foruminfo['allowbbcode'] and $edit['parseurl']); $dataman->set_info('posthash', $posthash); $dataman->set_info('forum', $foruminfo); $dataman->set_info('thread', $threadinfo); $dataman->set_info('show_title_error', true); $dataman->set_info('podcasturl', $edit['podcasturl']); $dataman->set_info('podcastsize', $edit['podcastsize']); $dataman->set_info('podcastexplicit', $edit['podcastexplicit']); $dataman->set_info('podcastkeywords', $edit['podcastkeywords']); $dataman->set_info('podcastsubtitle', $edit['podcastsubtitle']); $dataman->set_info('podcastauthor', $edit['podcastauthor']); if ($postinfo['userid'] == $vbulletin->userinfo['userid']) { $dataman->set_info('user', $vbulletin->userinfo); } // set options $dataman->setr('showsignature', $edit['signature']); $dataman->setr('allowsmilie', $edit['enablesmilies']); // set data /*$dataman->setr('userid', $vbulletin->userinfo['userid']); if ($vbulletin->userinfo['userid'] == 0) { $dataman->setr('username', $post['username']); }*/ $dataman->setr('title', $edit['title']); $dataman->setr('pagetext', $edit['message']); if ($postinfo['userid'] != $vbulletin->userinfo['userid']) { $dataman->setr('iconid', $edit['iconid'], true, false); } else { $dataman->setr('iconid', $edit['iconid']); } $postusername = $vbulletin->userinfo['username']; $dataman->pre_save(); if ($dataman->errors) { $errors = $dataman->errors; } if ($dataman->info['podcastsize']) { $edit['podcastsize'] = $dataman->info['podcastsize']; } if (sizeof($errors) > 0) { fr_standard_error($errors[0]); } else { if ($edit['preview']) { require_once DIR . '/packages/vbattach/attach.php'; $attach = new vB_Attach_Display_Content($vbulletin, 'vBForum_Post'); $postattach = $attach->fetch_postattach($posthash, $postinfo['postid']); // ### PREVIEW POST ### $postpreview = process_post_preview($edit, $postinfo['userid'], $postattach); $previewpost = true; $_REQUEST['do'] = 'editpost'; } else { if ($vbulletin->GPC['advanced']) { // Don't display preview on QuickEdit->Advanced as parseurl is turned off and so the preview won't be correct unless the post originally had checked to not parse links // If you turn on parseurl then the opposite happens and you have to go unparse your links if that is what you want. Compromise $_REQUEST['do'] = 'editpost'; } else { // ### POST HAS NO ERRORS ### $dataman->save(); $update_edit_log = true; // don't show edited by AND reason unchanged - don't update edit log if (!($permissions['genericoptions'] & $vbulletin->bf_ugp_genericoptions['showeditedby']) and $edit['reason'] == $postinfo['edit_reason']) { $update_edit_log = false; } if ($update_edit_log) { // ug perm: show edited by if ($postinfo['dateline'] < TIMENOW - $vbulletin->options['noeditedbytime'] * 60 or !empty($edit['reason'])) { // save the postedithistory if ($vbulletin->options['postedithistory']) { // insert original post on first edit if (!$db->query_first("SELECT postedithistoryid FROM " . TABLE_PREFIX . "postedithistory WHERE original = 1 AND postid = " . $postinfo['postid'])) { $db->query_write("\n\t\t\t\t\t\t\tINSERT INTO " . TABLE_PREFIX . "postedithistory\n\t\t\t\t\t\t\t\t(postid, userid, username, title, iconid, dateline, reason, original, pagetext)\n\t\t\t\t\t\t\tVALUES\n\t\t\t\t\t\t\t\t({$postinfo['postid']},\n\t\t\t\t\t\t\t\t" . $postinfo['userid'] . ",\n\t\t\t\t\t\t\t\t'" . $db->escape_string($postinfo['username']) . "',\n\t\t\t\t\t\t\t\t'" . $db->escape_string($postinfo['title']) . "',\n\t\t\t\t\t\t\t\t{$postinfo['iconid']},\n\t\t\t\t\t\t\t\t" . $postinfo['dateline'] . ",\n\t\t\t\t\t\t\t\t'',\n\t\t\t\t\t\t\t\t1,\n\t\t\t\t\t\t\t\t'" . $db->escape_string($postinfo['pagetext']) . "')\n\t\t\t\t\t\t"); } // insert the new version $db->query_write("\n\t\t\t\t\t\tINSERT INTO " . TABLE_PREFIX . "postedithistory\n\t\t\t\t\t\t\t(postid, userid, username, title, iconid, dateline, reason, pagetext)\n\t\t\t\t\t\tVALUES\n\t\t\t\t\t\t\t({$postinfo['postid']},\n\t\t\t\t\t\t\t" . $vbulletin->userinfo['userid'] . ",\n\t\t\t\t\t\t\t'" . $db->escape_string($vbulletin->userinfo['username']) . "',\n\t\t\t\t\t\t\t'" . $db->escape_string($edit['title']) . "',\n\t\t\t\t\t\t\t{$edit['iconid']},\n\t\t\t\t\t\t\t" . TIMENOW . ",\n\t\t\t\t\t\t\t'" . $db->escape_string($edit['reason']) . "',\n\t\t\t\t\t\t\t'" . $db->escape_string($edit['message']) . "')\n\t\t\t\t\t"); } /*insert query*/ $db->query_write("\n\t\t\t\t\tREPLACE INTO " . TABLE_PREFIX . "editlog\n\t\t\t\t\t\t(postid, userid, username, dateline, reason, hashistory)\n\t\t\t\t\tVALUES\n\t\t\t\t\t\t({$postinfo['postid']},\n\t\t\t\t\t\t" . $vbulletin->userinfo['userid'] . ",\n\t\t\t\t\t\t'" . $db->escape_string($vbulletin->userinfo['username']) . "',\n\t\t\t\t\t\t" . TIMENOW . ",\n\t\t\t\t\t\t'" . $db->escape_string($edit['reason']) . "',\n\t\t\t\t\t\t" . ($vbulletin->options['postedithistory'] ? 1 : 0) . ")\n\t\t\t\t"); } } $date = vbdate($vbulletin->options['dateformat'], TIMENOW); $time = vbdate($vbulletin->options['timeformat'], TIMENOW); // initialize thread / forum update clauses $forumupdate = false; $threadman =& datamanager_init('Thread', $vbulletin, ERRTYPE_SILENT, 'threadpost'); $threadman->set_existing($threadinfo); $threadman->set_info('pagetext', $edit['message']); if ($can_update_thread and $edit['title'] != '') { // need to update thread title and iconid if (!can_moderate($threadinfo['forumid'])) { $threadman->set_info('skip_moderator_log', true); } $threadman->set_info('skip_first_post_update', true); if ($edit['title'] != $postinfo['title']) { $threadman->set('title', unhtmlspecialchars($edit['title'])); } if ($edit['iconid'] != $postinfo['iconid']) { $threadman->set('iconid', $edit['iconid']); } if ($vbulletin->GPC_exists['prefixid'] and can_use_prefix($vbulletin->GPC['prefixid'])) { $threadman->set('prefixid', $vbulletin->GPC['prefixid']); if ($threadman->thread['prefixid'] === '' and $foruminfo['options'] & $vbulletin->bf_misc_forumoptions['prefixrequired']) { // the prefix wasn't valid or was set to an empty one, but that's not allowed $threadman->do_unset('prefixid'); } } // do we need to update the forum counters? $forumupdate = $foruminfo['lastthreadid'] == $threadinfo['threadid'] ? true : false; } // can this user open/close this thread if they want to? if ($vbulletin->GPC['openclose'] and ($threadinfo['postuserid'] != 0 and $threadinfo['postuserid'] == $vbulletin->userinfo['userid'] and $forumperms & $vbulletin->bf_ugp_forumpermissions['canopenclose'] or can_moderate($threadinfo['forumid'], 'canopenclose'))) { $threadman->set('open', $threadman->fetch_field('open') == 1 ? 0 : 1); } if ($vbulletin->GPC['stickunstick'] and can_moderate($threadinfo['forumid'], 'canmanagethreads')) { $threadman->set('sticky', $threadman->fetch_field('sticky') == 1 ? 0 : 1); } ($hook = vBulletinHook::fetch_hook('editpost_update_thread')) ? eval($hook) : false; $threadman->save(); // if this is a mod edit, then log it if ($vbulletin->userinfo['userid'] != $postinfo['userid'] and can_moderate($threadinfo['forumid'], 'caneditposts')) { $modlog = array('threadid' => $threadinfo['threadid'], 'forumid' => $threadinfo['forumid'], 'postid' => $postinfo['postid']); log_moderator_action($modlog, 'post_x_edited', $postinfo['title']); } require_once DIR . '/includes/functions_databuild.php'; // do forum update if necessary if ($forumupdate) { build_forum_counters($threadinfo['forumid']); } // don't do thread subscriptions if we are doing quick edit if (!$vbulletin->GPC['ajax'] and !$vbulletin->GPC['quickeditnoajax']) { // ### DO THREAD SUBSCRIPTION ### // We use $postinfo[userid] so that we update the user who posted this, not the user who is editing this if (!$threadinfo['issubscribed'] and $edit['emailupdate'] != 9999) { // user is not subscribed to this thread so insert it /*insert query*/ $db->query_write("\n\t\t\t\t\tREPLACE INTO " . TABLE_PREFIX . "subscribethread (userid, threadid, emailupdate, folderid, canview)\n\t\t\t\t\tVALUES ({$postinfo['userid']}, {$threadinfo['threadid']}, {$edit['emailupdate']}, {$edit['folderid']}, 1)\n\t\t\t\t"); } else { // User is subscribed, see if they changed the settings for this thread if ($edit['emailupdate'] == 9999) { // Remove this subscription, user chose 'No Subscription' /*insert query*/ $db->query_write("\n\t\t\t\t\t\tDELETE FROM " . TABLE_PREFIX . "subscribethread\n\t\t\t\t\t\tWHERE threadid = {$threadinfo['threadid']}\n\t\t\t\t\t\t\tAND userid = {$postinfo['userid']}\n\t\t\t\t\t"); } else { if ($threadinfo['emailupdate'] != $edit['emailupdate'] or $threadinfo['folderid'] != $edit['folderid']) { // User changed the settings so update the current record /*insert query*/ $db->query_write("\n\t\t\t\t\t\tREPLACE INTO " . TABLE_PREFIX . "subscribethread (userid, threadid, emailupdate, folderid, canview)\n\t\t\t\t\t\tVALUES ({$postinfo['userid']}, {$threadinfo['threadid']}, {$edit['emailupdate']}, {$edit['folderid']}, 1)\n\t\t\t\t\t"); } } } } ($hook = vBulletinHook::fetch_hook('editpost_update_complete')) ? eval($hook) : false; } } } return array('success' => true); }