/**
* Parses the post for BB code.
*/
function parse_bbcode()
{
if ($this->post['announcementoptions'] & $this->registry->bf_misc_announcementoptions['allowbbcode'] and $this->post['announcementoptions'] & $this->registry->bf_misc_announcementoptions['parseurl']) {
require_once DIR . '/includes/functions_newpost.php';
$this->post['pagetext'] = convert_url_to_bbcode($this->post['pagetext']);
}
$this->post['message'] = $this->bbcode_parser->parse($this->post['pagetext'], 'announcement', $this->post['announcementoptions'] & $this->registry->bf_misc_announcementoptions['allowsmilies']);
}
// process the remaining list of items to be inserted
foreach ($items as $uniquehash => $item) {
$feed =& $feeds["{$item['rssfeedid']}"];
$feed['rssoptions'] = intval($feed['rssoptions']);
if ($feed['rssoptions'] & $vbulletin->bf_misc_feedoptions['html2bbcode']) {
$body_template = nl2br($feed['bodytemplate']);
} else {
$body_template = $feed['bodytemplate'];
}
$pagetext = $feed['xml']->parse_template($body_template, $item);
if ($feed['rssoptions'] & $vbulletin->bf_misc_feedoptions['html2bbcode']) {
$pagetext = $html_parser->parse_wysiwyg_html_to_bbcode($pagetext, false, true);
// disable for announcements
$feed['rssoptions'] = $feed['rssoptions'] & ~$vbulletin->bf_misc_feedoptions['allowhtml'];
}
$pagetext = convert_url_to_bbcode($pagetext);
// insert the forumid of this item into an array for the update_forum_counters() function later
$update_forumids["{$feed['forumid']}"] = true;
switch ($feed['itemtype']) {
// insert item as announcement
case 'announcement':
// init announcement datamanager
$itemdata =& datamanager_init('Announcement', $vbulletin, $error_type);
$itemdata->set_info('forum', fetch_foruminfo($feed['forumid']));
$itemdata->set_info('user', $feed);
$itemdata->set('userid', $feed['userid']);
$itemdata->set('forumid', $feed['forumid']);
$itemdata->set('title', strip_bbcode($html_parser->parse_wysiwyg_html_to_bbcode($feed['xml']->parse_template($feed['titletemplate'], $item))));
$itemdata->set('pagetext', $pagetext);
$itemdata->set('startdate', TIMENOW);
$itemdata->set('enddate', TIMENOW + 86400 * ($feed['endannouncement'] > 0 ? $feed['endannouncement'] : 7) - 1);
}
if (!can_moderate($threadinfo['forumid'], 'caneditpoll') and $vbulletin->options['addpolltimeout'] and TIMENOW - $vbulletin->options['addpolltimeout'] * 60 > $threadinfo['dateline']) {
eval(standard_error(fetch_error('polltimeout', $vbulletin->options['addpolltimeout'])));
}
if (!$threadinfo['open']) {
eval(standard_error(fetch_error('threadclosed')));
}
if ($vbulletin->options['maxpolloptions'] > 0 and $polloptions > $vbulletin->options['maxpolloptions']) {
$polloptions = $vbulletin->options['maxpolloptions'];
}
if ($vbulletin->GPC['parseurl'] and $foruminfo['allowbbcode']) {
require_once DIR . '/includes/functions_newpost.php';
$counter = 0;
while ($counter++ < $polloptions) {
// 0..Pollnum-1 we want, as arrays start with 0
$vbulletin->GPC['options']["{$counter}"] = convert_url_to_bbcode($vbulletin->GPC['options']["{$counter}"]);
}
}
// check question and if 2 options or more were given
$counter = 0;
$optioncount = 0;
$badoption = '';
while ($counter++ < $polloptions) {
// 0..Pollnum-1 we want, as arrays start with 0
if ($vbulletin->options['maxpolllength'] and vbstrlen($vbulletin->GPC['options']["{$counter}"]) > $vbulletin->options['maxpolllength']) {
$badoption .= iif($badoption, ', ') . $counter;
}
if (!empty($vbulletin->GPC['options']["{$counter}"])) {
$optioncount++;
}
}
/**
* Verifies and saves a signature for current logged in user. Returns the signature.
* @param string $signature
* @param array $filedataids
* @return string
*/
public function saveSignature($signature, $filedataids = array())
{
// This code is based on profile.php
$options = vB::getDatastore()->getValue('options');
// *********************** CHECKS **********************
// *****************************************************
$userid = vB::getCurrentSession()->get('userid');
$userid = intval($userid);
if ($userid <= 0) {
throw new vB_Exception_Api('no_permission_logged_out');
}
$userContext = vB::getUserContext($userid);
if (!$userContext->hasPermission('genericpermissions', 'canusesignature') or !$userContext->hasPermission('genericpermissions', 'canmodifyprofile')) {
throw new vB_Exception_Api('no_permission_signatures');
}
if (!empty($filedataids)) {
if (!$userContext->hasPermission('signaturepermissions', 'cansigpic')) {
throw new vB_Exception_Api('no_permission_images');
}
// Max number of images in the sig if imgs are allowed.
if ($maxImages = $userContext->getLimit('sigmaximages')) {
if (count($filedataids) > $maxImages) {
throw new vB_Exception_Api('max_attachments_reached');
}
}
}
// Count the raw characters in the signature
if ($maxRawChars = $userContext->getLimit('sigmaxrawchars') and vB_String::vbStrlen($signature) > $maxRawChars) {
throw new vB_Exception_Api('sigtoolong_includingbbcode', array($maxRawChars));
}
// *****************************************************
//Convert signature to BBcode
$bbcodeAPI = vB_Api::instanceInternal('bbcode');
$signature = $bbcodeAPI->parseWysiwygHtmlToBbcode($signature);
//removing consecutive spaces
$signature = preg_replace('# +#', ' ', $signature);
$hasBbcode = $bbcodeAPI->hasBbcode($signature);
if ($hasBbcode and !$userContext->hasPermission('signaturepermissions', 'canbbcode')) {
throw new vB_Exception_Api('bbcode_not_allowed');
}
// add # to color tags using hex if it's not there
$signature = preg_replace('#\\[color=("|"|\'|)([a-f0-9]{6})\\1]#i', '[color=\\1#\\2\\1]', $signature);
// Turn the text into bb code.
if ($userContext->hasPermission('signaturepermissions', 'canbbcodelink')) {
// Get the files we need
require_once DIR . '/includes/functions_newpost.php';
$signature = convert_url_to_bbcode($signature);
}
// Create the parser with the users sig permissions
require_once DIR . '/includes/class_sigparser.php';
$sig_parser = new vB_SignatureParser(vB::get_registry(), $bbcodeAPI->fetchTagList(), $userid);
// Parse the signature
$paresed = $sig_parser->parse($signature);
if ($error_num = count($sig_parser->errors)) {
$e = new vB_Exception_Api();
foreach ($sig_parser->errors as $tag => $error_phrase) {
if (is_array($error_phrase)) {
$phrase_name = key($error_phrase);
$params = $error_phrase[$phrase_name];
$e->add_error($phrase_name, $params);
} else {
$e->add_error($error_phrase, array($tag));
}
}
throw $e;
}
unset($sig_parser);
// Count the characters after stripping in the signature
if ($maxChars = $userContext->getLimit('sigmaxchars') and vB_String::vbStrlen(vB_String::stripBbcode($signature, false, false, false)) > $maxChars) {
throw new vB_Exception_Api('sigtoolong_excludingbbcode', array($maxChars));
}
if (($maxLines = $userContext->getLimit('sigmaxlines')) > 0) {
require_once DIR . '/includes/class_sigparser_char.php';
$char_counter = new vB_SignatureParser_CharCount(vB::get_registry(), $bbcodeAPI->fetchTagList(), $userid);
$line_count_text = $char_counter->parse(trim($signature));
if ($options['softlinebreakchars'] > 0) {
// implicitly wrap after X characters without a break
//trim it to get rid of the trailing whitechars that are inserted by the replace
$line_count_text = trim(preg_replace('#([^\\r\\n]{' . $options['softlinebreakchars'] . '})#', "\\1\n", $line_count_text));
}
// + 1, since 0 linebreaks still means 1 line
$line_count = substr_count($line_count_text, "\n") + 1;
if ($line_count > $maxLines) {
throw new vB_Exception_Api('sigtoomanylines', array($maxLines));
}
}
// *****************************************************
// Censored Words
$signature = vB_String::fetchCensoredText($signature);
// init user data manager
$userinfo = vB_User::fetchUserInfo($userid);
$userdata = new vB_Datamanager_User(vB_DataManager_Constants::ERRTYPE_STANDARD);
$userdata->set_existing($userinfo);
$userdata->set('signature', $signature);
// Legacy Hook 'profile_updatesignature_complete' Removed //
// Decresing the refcount for the images that were previously used in the signature
if (!empty($userinfo['signature'])) {
preg_match_all('#\\[ATTACH\\=CONFIG\\]n(\\d+)\\[/ATTACH\\]#si', $userinfo['signature'], $matches);
if (!empty($matches[1])) {
$attachmentids = implode(", ", $matches[1]);
vB::getDbAssertor()->assertQuery('decrementFiledataRefcount', array('filedataid' => $attachmentids));
vB::getDbAssertor()->assertQuery('filedata', array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_UPDATE, vB_dB_Query::CONDITIONS_KEY => array(array('field' => 'filedataid', 'value' => $attachmentids, 'operator' => vB_dB_Query::OPERATOR_EQ), array('field' => 'refcount', 'value' => 0, 'operator' => vB_dB_Query::OPERATOR_EQ)), 'publicview' => 0));
}
}
$userdata->save();
// I did not put this in the userdm as it only applies to saveSiganture
// Clear autosave table of this items entry
vB::getDbAssertor()->delete('vBForum:autosavetext', array('userid' => $userid, 'nodeid' => 0, 'parentid' => 0));
// update userinfo
$this->library->clearUserInfo(array($userid));
return $bbcodeAPI->parseSignature($userid, $signature, true);
}
public function fetch_shouts($limit = 20, $userid = 0)
{
if ($userid < 1) {
$query = $this->vbulletin->db->query("\n SELECT * FROM " . TABLE_PREFIX . "jb_firebolt_shout\n WHERE pmto = '0' OR pmto = '" . intval($this->vbulletin->userinfo['userid']) . "' OR userid = '" . $this->vbulletin->userinfo['userid'] . "'\n ORDER BY id DESC LIMIT 0," . intval($limit));
} else {
$query = $this->vbulletin->db->query("\n SELECT * FROM " . TABLE_PREFIX . "jb_firebolt_shout\n WHERE\n ( userid = '" . intval($userid) . "' && pmto = '" . intval($this->vbulletin->userinfo['userid']) . "' )\n OR\n ( userid = '" . intval($this->vbulletin->userinfo['userid']) . "' && pmto = '" . intval($userid) . "' )\n ORDER BY id DESC LIMIT 0," . intval($limit));
}
$output = '';
if ($this->usersettings['banned']) {
$notice = 'You are currently banned from the shoutbox.';
} else {
$notice = $this->vbulletin->options['jb_firebolt_notice'];
}
if (trim($notice) != null) {
$bbcode_parser = new vB_BbCodeParser($this->vbulletin, fetch_tag_list());
if (!function_exists('convert_url_to_bbcode')) {
require_once DIR . '/includes/functions_newpost.php';
}
$notice = convert_url_to_bbcode($notice);
$notice = $bbcode_parser->parse_bbcode($notice, true, false, false);
$output .= "<b>Notice:</b> " . $notice . "<br />";
}
if (!$this->usersettings['banned']) {
while ($shout = $this->vbulletin->db->fetch_array($query)) {
$bbcode_parser = new vB_BbCodeParser($this->vbulletin, fetch_tag_list());
if (!function_exists('convert_url_to_bbcode')) {
require_once DIR . '/includes/functions_newpost.php';
}
$sdate = vbdate($this->vbulletin->options['dateformat'], $shout['shouttime']);
$stime = vbdate($this->vbulletin->options['timeformat'], $shout['shouttime']);
$message = $shout['shout'];
$message = convert_url_to_bbcode($message);
$message = $bbcode_parser->parse_bbcode($message, true, false, false);
if (trim($message) == null) {
$this->vbulletin->db->query("\n DELETE FROM " . TABLE_PREFIX . "jb_firebolt_shout\n WHERE id = '" . intval($shout['id']) . "'\n ");
continue;
}
$user = fetch_userinfo($shout['userid']);
if (!$this->vbulletin->options['jb_firebolt_new_shout_layout']) {
$message = $this->stylize($message, $user['userid']);
}
if ($this->vbulletin->options['jb_firebolt_new_shout_layout']) {
$username = $user['username'];
$templater = vB_Template::create('jb_firebolt_shout_modern');
$templater->register('user', $user);
} else {
$username = fetch_musername($user);
$templater = vB_Template::create('jb_firebolt_shout');
}
$templater->register('sdate', $sdate);
$templater->register('stime', $stime);
$templater->register('username', $username);
$templater->register('message', $message);
$output .= $templater->render();
}
}
return $output;
}
}
}
}
if ($upload == true) {
if (!strstr("|" . str_replace(" ", "|", $dl->ext) . "|", $ext)) {
$errors['message'] .= '<center>' . $vbphrase['ecdownloads_invalid_extension'] . ': ' . $dl->ext . '</center><br />';
}
}
if (!isset($errors)) {
$_POST['desc'] = $_POST['message'];
if ($_POST['wysiwyg'] == 1) {
$_POST['desc'] = convert_wysiwyg_html_to_bbcode($_POST['message'], 0);
} else {
$_POST['desc'] =& $_POST['message'];
}
$_POST['desc'] = convert_url_to_bbcode($_POST['desc']);
if ($upload) {
$newfilename = TIMENOW % 100000 . '-' . $_FILES['upload']['name'];
if (move_uploaded_file($_FILES['upload']['tmp_name'], $dl->url . $newfilename)) {
chmod($dl->url . $newfilename, 0666);
$size = @filesize($dl->url . $newfilename);
} else {
$errors['message'] .= '<center><span style="color: red;">The upload failed! Upload error.</span></center><br />';
}
} else {
if ($link) {
$newfilename = $_POST['link'];
if ($_POST['size'] == '') {
$size = @filesize($newfilename);
} else {
if (is_numeric($_POST['size'])) {
if ($vbulletin->options['maxpolllength'] and vbstrlen($vbulletin->GPC['options']["{$counter}"]) > $vbulletin->options['maxpolllength']) {
$badoption .= $badoption ? $vbphrase['comma_space'] . $counter : $counter;
}
if ($vbulletin->options['maximages'] or $vbulletin->options['maxvideos']) {
$maximgtest .= $vbulletin->GPC['options']["{$counter}"];
}
}
if ($badoption) {
eval(standard_error(fetch_error('polloptionlength', $vbulletin->options['maxpolllength'], $badoption)));
}
$optioncount = 0;
require_once DIR . '/includes/functions_newpost.php';
foreach ($vbulletin->GPC['options'] as $counter => $optionvalue) {
if ($optionvalue != '') {
if ($vbulletin->GPC['parseurl'] and $foruminfo['allowbbcode']) {
$optionvalue = convert_url_to_bbcode($optionvalue);
}
$poll->set_option($optionvalue, $counter - 1, intval($vbulletin->GPC['pollvotes']["{$counter}"]));
$optioncount++;
} else {
$poll->set_option('', $counter - 1);
}
}
if ($vbulletin->GPC['pollquestion'] == '' or $optioncount < 2) {
eval(standard_error(fetch_error('noquestionoption')));
}
if (TIMENOW + $vbulletin->GPC['timeout'] * 86400 >= 2147483647) {
// maximuim size of a 32 bit integer
eval(standard_error(fetch_error('maxpolltimeout')));
}
// check max images|videos
/**
* Basic options to perform on all pagetext type fields
*
* @param string Page text
*
* @param bool Whether the text is valid
* @param bool Whether to run the case stripper
*/
function verify_pagetext(&$pagetext, $noshouting = true)
{
require_once DIR . '/includes/functions_newpost.php';
$pagetext = preg_replace('/&#(0*32|x0*20);/', ' ', $pagetext);
$pagetext = trim($pagetext);
// remove empty bbcodes
//$pagetext = $this->strip_empty_bbcode($pagetext);
// add # to color tags using hex if it's not there
$pagetext = preg_replace('#\\[color=("|"|\'|)([a-f0-9]{6})\\1]#i', '[color=\\1#\\2\\1]', $pagetext);
// strip alignment codes that are closed and then immediately reopened
$pagetext = preg_replace('#\\[/(left|center|right)\\]([\\r\\n]*)\\[\\1\\]#i', '\\2', $pagetext);
// remove [/list=x remnants
if (stristr($pagetext, '[/list=') != false) {
$pagetext = preg_replace('#\\[/list=[a-z0-9]+\\]#siU', '[/list]', $pagetext);
}
// remove extra whitespace between [list] and first element
// -- unnecessary now, bbcode parser handles leading spaces after a list tag
//$pagetext = preg_replace('#(\[list(=("|"|\'|)([^\]]*)\\3)?\])\s+#i', "\\1\n", $pagetext);
// censor main message text
$pagetext = fetch_censored_text($pagetext);
// parse URLs in message text
if ($this->info['parseurl']) {
$pagetext = convert_url_to_bbcode($pagetext);
}
// remove sessionhash from urls:
require_once DIR . '/includes/functions_login.php';
$pagetext = fetch_removed_sessionhash($pagetext);
if ($noshouting) {
$pagetext = fetch_no_shouting_text($pagetext);
}
require_once DIR . '/includes/functions_video.php';
$pagetext = parse_video_bbcode($pagetext);
return true;
}
public function get_custom_fields()
{
require_once DIR . '/includes/functions_newpost.php';
$fielddefs = self::get_calendar_custom_fields($this->get_field("calendarid"));
$customfields = unserialize($this->get_field('customfields'));
$field_data = array();
foreach ($fielddefs as $fielddef) {
$fielddef['options'] = unserialize($fielddef['options']);
$optionval = $customfields["{$fielddef['calendarcustomfieldid']}"];
// Skip this value if a user entered entry exists but no longer allowed
if (!$fielddef['allowentry']) {
if (!(is_array($fielddef['options']) and in_array($optionval, $fielddef['options']))) {
continue;
}
}
$customoption = parse_calendar_bbcode(convert_url_to_bbcode(unhtmlspecialchars($optionval)));
$field_data[] = array('title' => $fielddef['title'], 'value' => $customoption);
}
return $field_data;
}
<?php
require '../../model/MensagemChat.php';
$curdir = getcwd();
chdir('/home/ccvteam/public_html/forum');
require_once '/home/ccvteam/public_html/forum/global.php';
require_once '/home/ccvteam/public_html/forum/includes/class_bbcode.php';
require_once '/home/ccvteam/public_html/forum/includes/functions_newpost.php';
chdir($curdir);
$userid = $vbulletin->userinfo['userid'];
if ($userid != '0') {
$shouter = utf8_encode($vbulletin->userinfo['musername']);
// clean input
$vbulletin->input->clean_array_gpc('p', array('message' => TYPE_STR));
$shout = $vbulletin->GPC['message'];
// trata aspas
$shout = addslashes($shout);
// trata ajax urlencoded
$shout = convert_urlencoded_unicode($shout);
// convert links
$shout = convert_url_to_bbcode($shout);
// parseador de bbCode
$parser =& new vB_BbCodeParser($vbulletin, fetch_tag_list());
// do_parse($text, $do_html = false, $do_smilies = true, $do_bbcode = true , $do_imgcode = true, $do_nl2br = true, $cachable = false)
$shout = $parser->do_parse($shout, false, true, true, false, false, false);
$timestamp = date("Y-m-d H:i:s");
$msg = new MensagemChat($shout, $shouter, $timestamp, $userid);
$msg->Save();
}
/**
* Fetches announcements by channel ID
*
* @param int $channelid (optional) Channel ID
* @param int $announcementid (optional) Announcement ID
*
* @throws vB_Exception_Api no_permission if the user doesn't have permission to view the announcements
*
* @return array Announcements, each element is an array containing all the fields
* in the announcement table and username, avatarurl, and the individual
* options from the announcementoptions bitfield-- dohtml, donl2br,
* dobbcode, dobbimagecode, dosmilies.
*/
public function fetch($channelid = 0, $announcementid = 0)
{
$usercontext = vB::getUserContext();
$userapi = vB_Api::instanceInternal('user');
$channelapi = vB_Api::instanceInternal('content_channel');
$parentids = array();
// Check channel permission
if ($channelid) {
// This is to verify $channelid
$channelapi->fetchChannelById($channelid);
if (!$usercontext->getChannelPermission('forumpermissions', 'canview', $channelid)) {
throw new vB_Exception_Api('no_permission');
}
$parents = vB_Library::instance('node')->getParents($channelid);
foreach ($parents as $parent) {
if ($parent['nodeid'] != 1) {
$parentids[] = $parent['nodeid'];
}
}
}
$data = array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_SELECT, vB_dB_Query::CONDITIONS_KEY => array(array('field' => 'startdate', 'value' => vB::getRequest()->getTimeNow(), 'operator' => vB_dB_Query::OPERATOR_LTE), array('field' => 'enddate', 'value' => vB::getRequest()->getTimeNow(), 'operator' => vB_dB_Query::OPERATOR_GTE)));
if ($parentids) {
$parentids[] = -1;
// We should always include -1 for global announcements
$data[vB_dB_Query::CONDITIONS_KEY][] = array('field' => 'nodeid', 'value' => $parentids);
} elseif ($channelid) {
$channelid = array($channelid, -1);
// We should always include -1 for global announcements
$data[vB_dB_Query::CONDITIONS_KEY][] = array('field' => 'nodeid', 'value' => $channelid);
} else {
$data[vB_dB_Query::CONDITIONS_KEY][] = array('field' => 'nodeid', 'value' => '-1');
}
$announcements = $this->assertor->getRows('vBForum:announcement', $data, array('field' => array('startdate', 'announcementid'), 'direction' => array(vB_dB_Query::SORT_DESC, vB_dB_Query::SORT_DESC)));
if (!$announcements) {
return array();
} else {
$results = array();
$bf_misc_announcementoptions = vB::getDatastore()->getValue('bf_misc_announcementoptions');
foreach ($announcements as $k => $post) {
$userinfo = $userapi->fetchUserinfo($post['userid'], array(vB_Api_User::USERINFO_AVATAR, vB_Api_User::USERINFO_SIGNPIC));
$announcements[$k]['username'] = $userinfo['username'];
$announcements[$k]['avatarurl'] = $userapi->fetchAvatar($post['userid']);
$announcements[$k]['dohtml'] = $post['announcementoptions'] & $bf_misc_announcementoptions['allowhtml'];
if ($announcements[$k]['dohtml']) {
$announcements[$k]['donl2br'] = false;
} else {
$announcements[$k]['donl2br'] = true;
}
$announcements[$k]['dobbcode'] = $post['announcementoptions'] & $bf_misc_announcementoptions['allowbbcode'];
$announcements[$k]['dobbimagecode'] = $post['announcementoptions'] & $bf_misc_announcementoptions['allowbbcode'];
$announcements[$k]['dosmilies'] = $post['announcementoptions'] & $bf_misc_announcementoptions['allowsmilies'];
if ($announcements[$k]['dobbcode'] and $post['announcementoptions'] & $bf_misc_announcementoptions['parseurl']) {
require_once DIR . '/includes/functions_newpost.php';
$announcements[$k]['pagetext'] = convert_url_to_bbcode($post['pagetext']);
}
}
return $announcements;
}
}
function do_send_pm()
{
global $vbulletin, $db, $permissions;
if (!$vbulletin->userinfo['userid']) {
json_error(ERR_INVALID_LOGGEDIN, RV_NOT_LOGGED_IN);
}
$vbulletin->input->clean_array_gpc('r', array('wysiwyg' => TYPE_BOOL, 'title' => TYPE_NOHTML, 'message' => TYPE_STR, 'parseurl' => TYPE_BOOL, 'savecopy' => TYPE_BOOL, 'signature' => TYPE_BOOL, 'disablesmilies' => TYPE_BOOL, 'receipt' => TYPE_BOOL, 'preview' => TYPE_STR, 'recipients' => TYPE_STR, 'bccrecipients' => TYPE_STR, 'iconid' => TYPE_UINT, 'forward' => TYPE_BOOL, 'folderid' => TYPE_INT, 'sendanyway' => TYPE_BOOL));
if ($vbulletin->GPC['message']) {
$vbulletin->GPC['message'] = prepare_remote_utf8_string($vbulletin->GPC['message']);
}
if ($vbulletin->GPC['title']) {
$vbulletin->GPC['title'] = prepare_remote_utf8_string($vbulletin->GPC['title']);
}
if ($vbulletin->GPC['recipients']) {
$vbulletin->GPC['recipients'] = prepare_remote_utf8_string($vbulletin->GPC['recipients']);
}
$vbulletin->GPC['savecopy'] = true;
if ($permissions['pmquota'] < 1) {
json_error(ERR_NO_PERMISSION);
} else {
if (!$vbulletin->userinfo['receivepm']) {
json_error(strip_tags(fetch_error('pm_turnedoff')), RV_POST_ERROR);
}
}
if (fetch_privatemessage_throttle_reached($vbulletin->userinfo['userid'])) {
json_error(strip_tags(fetch_error('pm_throttle_reached', $vbulletin->userinfo['permissions']['pmthrottlequantity'], $vbulletin->options['pmthrottleperiod'])), RV_POST_ERROR);
}
// include useful functions
require_once DIR . '/includes/functions_newpost.php';
// parse URLs in message text
if ($vbulletin->options['privallowbbcode'] and $vbulletin->GPC['parseurl']) {
$vbulletin->GPC['message'] = convert_url_to_bbcode($vbulletin->GPC['message']);
}
$pm['message'] =& $vbulletin->GPC['message'];
$pm['title'] =& $vbulletin->GPC['title'];
$pm['parseurl'] =& $vbulletin->GPC['parseurl'];
$pm['savecopy'] =& $vbulletin->GPC['savecopy'];
$pm['signature'] =& $vbulletin->GPC['signature'];
$pm['disablesmilies'] =& $vbulletin->GPC['disablesmilies'];
$pm['sendanyway'] =& $vbulletin->GPC['sendanyway'];
$pm['receipt'] =& $vbulletin->GPC['receipt'];
$pm['recipients'] =& $vbulletin->GPC['recipients'];
$pm['bccrecipients'] =& $vbulletin->GPC['bccrecipients'];
$pm['pmid'] =& $vbulletin->GPC['pmid'];
$pm['iconid'] =& $vbulletin->GPC['iconid'];
$pm['forward'] =& $vbulletin->GPC['forward'];
$pm['folderid'] =& $vbulletin->GPC['folderid'];
// *************************************************************
// PROCESS THE MESSAGE AND INSERT IT INTO THE DATABASE
$errors = array();
// catches errors
if ($vbulletin->userinfo['pmtotal'] > $permissions['pmquota'] or $vbulletin->userinfo['pmtotal'] == $permissions['pmquota'] and $pm['savecopy']) {
json_error(strip_tags(fetch_error('yourpmquotaexceeded')), RV_POST_ERROR);
}
// create the DM to do error checking and insert the new PM
$pmdm =& datamanager_init('PM', $vbulletin, ERRTYPE_ARRAY);
$pmdm->set_info('savecopy', $pm['savecopy']);
$pmdm->set_info('receipt', $pm['receipt']);
$pmdm->set_info('cantrackpm', $cantrackpm);
$pmdm->set_info('forward', $pm['forward']);
$pmdm->set_info('bccrecipients', $pm['bccrecipients']);
if ($vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel']) {
$pmdm->overridequota = true;
}
$pmdm->set('fromuserid', $vbulletin->userinfo['userid']);
$pmdm->set('fromusername', $vbulletin->userinfo['username']);
$pmdm->setr('title', $pm['title']);
$pmdm->set_recipients($pm['recipients'], $permissions, 'cc');
$pmdm->set_recipients($pm['bccrecipients'], $permissions, 'bcc');
$pmdm->setr('message', $pm['message']);
$pmdm->setr('iconid', $pm['iconid']);
$pmdm->set('dateline', TIMENOW);
$pmdm->setr('showsignature', $pm['signature']);
$pmdm->set('allowsmilie', $pm['disablesmilies'] ? 0 : 1);
if (!$pm['forward']) {
$pmdm->set_info('parentpmid', $pm['pmid']);
}
$pmdm->set_info('replypmid', $pm['pmid']);
($hook = vBulletinHook::fetch_hook('private_insertpm_process')) ? eval($hook) : false;
$pmdm->pre_save();
// deal with user using receivepmbuddies sending to non-buddies
if ($vbulletin->userinfo['receivepmbuddies'] and is_array($pmdm->info['recipients'])) {
$users_not_on_list = array();
// get a list of super mod groups
$smod_groups = array();
foreach ($vbulletin->usergroupcache as $ugid => $groupinfo) {
if ($groupinfo['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['ismoderator']) {
// super mod group
$smod_groups[] = $ugid;
}
}
// now filter out all moderators (and super mods) from the list of recipients
// to check against the buddy list
$check_recipients = $pmdm->info['recipients'];
$mods = $db->query_read_slave("\n\t\t\tSELECT user.userid\n\t\t\tFROM " . TABLE_PREFIX . "user AS user\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "moderator AS moderator ON (moderator.userid = user.userid)\n\t\t\tWHERE user.userid IN (" . implode(',', array_keys($check_recipients)) . ")\n\t\t\t\tAND ((moderator.userid IS NOT NULL AND moderator.forumid <> -1)\n\t\t\t\t" . (!empty($smod_groups) ? "OR user.usergroupid IN (" . implode(',', $smod_groups) . ")" : '') . "\n\t\t\t\t)\n\t\t");
while ($mod = $db->fetch_array($mods)) {
unset($check_recipients["{$mod['userid']}"]);
}
if (!empty($check_recipients)) {
// filter those on our buddy list out
$users = $db->query_read_slave("\n\t\t\t\tSELECT userlist.relationid\n\t\t\t\tFROM " . TABLE_PREFIX . "userlist AS userlist\n\t\t\t\tWHERE userid = " . $vbulletin->userinfo['userid'] . "\n\t\t\t\t\tAND userlist.relationid IN(" . implode(array_keys($check_recipients), ',') . ")\n\t\t\t\t\tAND type = 'buddy'\n\t\t\t");
while ($user = $db->fetch_array($users)) {
unset($check_recipients["{$user['relationid']}"]);
}
}
// what's left must be those who are neither mods or on our buddy list
foreach ($check_recipients as $userid => $user) {
$users_not_on_list["{$userid}"] = $user['username'];
}
if (!empty($users_not_on_list) and (!$vbulletin->GPC['sendanyway'] or !empty($errors))) {
$users = '';
foreach ($users_not_on_list as $userid => $username) {
$users .= "<li><a href=\"member.php?" . $vbulletin->session->vars['sessionurl'] . "u={$userid}\" target=\"profile\">{$username}</a></li>";
}
$pmdm->error('pm_non_contacts_cant_reply', $users);
}
}
// check for message flooding
if ($vbulletin->options['pmfloodtime'] > 0 and !$vbulletin->GPC['preview']) {
if (!($permissions['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel']) and !can_moderate()) {
$floodcheck = $db->query_first("\n\t\t\t\tSELECT pmtextid, title, dateline\n\t\t\t\tFROM " . TABLE_PREFIX . "pmtext AS pmtext\n\t\t\t\tWHERE fromuserid = " . $vbulletin->userinfo['userid'] . "\n\t\t\t\tORDER BY dateline DESC\n\t\t\t");
if (($timepassed = TIMENOW - $floodcheck['dateline']) < $vbulletin->options['pmfloodtime']) {
json_error(strip_tags(fetch_error('pmfloodcheck', $vbulletin->options['pmfloodtime'], $vbulletin->options['pmfloodtime'] - $timepassed)), RV_POST_ERROR);
}
}
}
// process errors if there are any
$errors = array_merge($errors, $pmdm->errors);
if (!empty($errors)) {
json_error(strip_tags($errors[0]), RV_POST_ERROR);
} else {
if ($vbulletin->GPC['preview'] != '') {
define('PMPREVIEW', 1);
$foruminfo = array('forumid' => 'privatemessage', 'allowicons' => $vbulletin->options['privallowicons']);
$preview = process_post_preview($pm);
$_REQUEST['do'] = 'newpm';
} else {
// everything's good!
$pmdm->save();
// force pm counters to be rebuilt
$vbulletin->userinfo['pmunread'] = -1;
build_pm_counters();
}
}
return array('success' => 1);
}
function photoplog_process_text($text, $catid, $is_title = false, $add_dots = false)
{
global $vbulletin, $vbphrase, $photoplog_categoryoptions, $photoplog_ds_catopts;
static $photoplog_parser = false;
$do_html = false;
$do_smilies = false;
$do_bbcode = false;
$do_imgcode = false;
$do_parseurl = false;
$catid = intval($catid);
if (!is_array($photoplog_ds_catopts)) {
$photoplog_ds_catopts = array();
}
if (in_array($catid, array_keys($photoplog_ds_catopts))) {
$photoplog_categorybit = $photoplog_ds_catopts[$catid]['options'];
$photoplog_catoptions = convert_bits_to_array($photoplog_categorybit, $photoplog_categoryoptions);
$do_html = $photoplog_catoptions['allowhtml'] ? true : false;
$do_smilies = $photoplog_catoptions['allowsmilies'] ? true : false;
$do_bbcode = $photoplog_catoptions['allowbbcode'] ? true : false;
$do_imgcode = $photoplog_catoptions['allowimgcode'] ? true : false;
$do_parseurl = $photoplog_catoptions['allowparseurl'] ? true : false;
}
$text = fetch_censored_text($text);
$text = fetch_word_wrapped_string($text);
require_once DIR . '/includes/functions_newpost.php';
if ($is_title) {
$text = fetch_no_shouting_text($text);
$max_len = 255;
if (vbstrlen($text) > $max_len) {
$text = fetch_trimmed_title($text, $max_len);
$text = photoplog_regexp_text($text);
}
if (empty($text)) {
$text = $vbphrase['photoplog_untitled'];
}
$text = htmlspecialchars_uni($text);
return $text;
}
if ($add_dots) {
$max_len = 100;
if ($vbulletin->options['lastthreadchars'] != 0) {
$max_len = $vbulletin->options['lastthreadchars'] * 2;
}
} else {
$max_len = min(vbstrlen($text), 15360000);
if ($vbulletin->options['postmaxchars'] != 0) {
$max_len = $vbulletin->options['postmaxchars'];
}
}
if (vbstrlen($text) > $max_len) {
$text = fetch_trimmed_title($text, $max_len);
$text = photoplog_regexp_text($text);
}
if ($do_parseurl) {
$text = convert_url_to_bbcode($text);
}
if (empty($text)) {
$text = $vbphrase['photoplog_not_available'];
}
$text = fetch_no_shouting_text($text);
if (!$photoplog_parser) {
require_once DIR . '/includes/class_bbcode.php';
$photoplog_parser = new vB_BbCodeParser($vbulletin, fetch_tag_list());
}
$text = $photoplog_parser->do_parse($text, $do_html, $do_smilies, $do_bbcode, $do_imgcode, true, false);
return $text;
}
$customoption = '';
$customtitle = $value['title'];
if (is_array($value['options'])) {
foreach ($value['options'] as $key => $val) {
if ($val == $eventfields["{$value['calendarcustomfieldid']}"]) {
$customoption = $val;
break;
}
}
}
// Skip this value if a user entered entry exists but no longer allowed
if (!$value['allowentry'] and $customoption == '') {
continue;
}
require_once DIR . '/includes/functions_newpost.php';
$customoption = parse_calendar_bbcode(convert_url_to_bbcode(unhtmlspecialchars($eventfields["{$value['calendarcustomfieldid']}"])));
$show['customoption'] = $customoption == '' ? false : true;
if ($show['customoption']) {
$show['customfields'] = true;
}
$templater = vB_Template::create('calendar_showeventsbit_customfield');
$templater->register('customoption', $customoption);
$templater->register('customtitle', $customtitle);
$customfields .= $templater->render();
}
$show['holiday'] = false;
// check for calendar moderator here.
$show['caneditevent'] = true;
if (!can_moderate_calendar($calendarinfo['calendarid'], 'caneditevents')) {
if ($eventinfo['userid'] != $vbulletin->userinfo['userid']) {
$show['caneditevent'] = false;
public function add($data, array $options = array(), $convertWysiwygTextToBbcode = true)
{
//Store this so we know whether we should call afterAdd()
$skipTransaction = !empty($options['skipTransaction']);
$this->checkPollOptions($data);
// Add the poll options (answers) to the standard content add method $options array
$options = array_merge($data['options'], $options);
// Keep an array of *only* the poll options, without the other options in the standard array
$pollOptions = $data['options'];
if (isset($data['parseurl'])) {
$parseurl = $data['parseurl'];
if ($parseurl) {
require_once DIR . '/includes/functions_newpost.php';
}
}
unset($data['options'], $data['parseurl']);
// skip the index in the parent and do it here so it can include the options
$data['noIndex'] = true;
try {
if (!$skipTransaction) {
$this->assertor->beginTransaction();
}
$options['skipTransaction'] = true;
$result = parent::add($data, $options, $convertWysiwygTextToBbcode);
// Save poll options
foreach ($pollOptions as $option) {
if (isset($parseurl) and $parseurl) {
$option['title'] = convert_url_to_bbcode($option['title']);
}
// Insert new option
$this->assertor->assertQuery('vBForum:polloption', array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_INSERT, 'nodeid' => $result['nodeid'], 'title' => $option['title']));
}
if (!$skipTransaction) {
$this->assertor->commitTransaction();
}
} catch (exception $e) {
if (!$skipTransaction) {
$this->assertor->rollbackTransaction();
}
throw $e;
}
if (!$skipTransaction) {
//The child classes that have their own transactions all set this to true so afterAdd is always called just once.
$this->afterAdd($result['nodeid'], $data, $options, $result['cacheEvents'], $result['nodeVals']);
}
$this->updatePollCache($result['nodeid']);
// do the indexing after the options are added
$this->nodeApi->clearCacheEvents(array($result['nodeid'], $data['parentid']));
vB_Api::instance('Search')->index($result['nodeid']);
return $result;
}
));
($hook = vBulletinHook::fetch_hook('visitor_message_post_start')) ? eval($hook) : false;
// unwysiwygify the incoming data
if ($vbulletin->GPC['wysiwyg'])
{
require_once(DIR . '/includes/functions_wysiwyg.php');
$vbulletin->GPC['message'] = convert_wysiwyg_html_to_bbcode($vbulletin->GPC['message'], $vbulletin->options['allowhtml']);
}
// parse URLs in message text
if ($vbulletin->options['allowbbcode'] AND $vbulletin->GPC['parseurl'])
{
require_once(DIR . '/includes/functions_newpost.php');
$vbulletin->GPC['message'] = convert_url_to_bbcode($vbulletin->GPC['message']);
}
$message = array(
'message' =>& $vbulletin->GPC['message'],
'userid' =>& $userinfo['userid'],
'postuserid' =>& $vbulletin->userinfo['userid'],
'disablesmilies' =>& $vbulletin->GPC['disablesmilies'],
'parseurl' =>& $vbulletin->GPC['parseurl'],
);
if ($vbulletin->GPC['ajax'])
{
$message['message'] = convert_urlencoded_unicode($message['message']);
}
} else {
$authors = explode(";", $_POST['author'][$file]);
foreach ($authors as $key => $value) {
$author = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "user WHERE `username`=" . $db->sql_prepare(trim($value)));
if ($author['userid'] > 0) {
$authors[$key] = '<a href="member.php?u=' . $author['userid'] . '">' . trim($value) . '</a>';
} else {
$authors[$key] = trim($value);
}
$_POST['_author'][$file] = implode(", ", $authors);
}
}
if ($_POST['desc'][$file] == '') {
$_POST['desc'][$file] = $_POST['desc'][0];
} else {
$_POST['desc'][$file] = convert_url_to_bbcode($_POST['desc'][$file]);
}
if ($_POST['pinned'][$file] == -1) {
if ($_POST['pinned'][0] != -1) {
$_POST['pinned'][$file] = $_POST['pinned'][0];
}
}
$_POST['size'][$file] = filesize($_POST['dir'] . stripslashes($_file));
$_POST['newfilename'][$file] = TIMENOW % 100000 . '-' . stripslashes($_file);
if (is_readable($_POST['dir'] . stripslashes($_file))) {
@copy($_POST['dir'] . stripslashes($_file), $dl->url . $_POST['newfilename'][$file]);
if (file_exists($dl->url . $_POST['newfilename'][$file])) {
$db->query_write("\r\n\t\t\t\t\tINSERT INTO " . TABLE_PREFIX . "dl2_files\r\n\t\t\t\t\t\t(`title`, `description`, `author`, `_author`, `uploader`, `uploaderid`, `url`, `dateadded`, `category`, `size`, `pin`)\r\n\t\t\t\t\tVALUES\r\n\t\t\t\t\t\t(" . $db->sql_prepare($_POST['dname'][$file]) . ", " . $db->sql_prepare($_POST['desc'][$file]) . ", " . $db->sql_prepare($_POST['author'][$file]) . ", " . $db->sql_prepare($_POST['_author'][$file]) . ", " . $db->sql_prepare($vbulletin->userinfo['username']) . ", " . $db->sql_prepare($vbulletin->userinfo['userid']) . ", " . $db->sql_prepare($_POST['newfilename'][$file]) . ", " . TIMENOW . ", " . $db->sql_prepare($_POST['category'][$file]) . ", " . $db->sql_prepare($_POST['size'][$file]) . ", " . $db->sql_prepare($_POST['pinned'][$file]) . ")\r\n\t\t\t\t");
array_push($success, '<a href="../downloads.php?do=file&id=' . $db->insert_id() . '">' . stripslashes($file) . '</a>');
} else {
array_push($file_errors, $file);
$line_count_text = preg_replace('#([^\\r\\n]{' . $vbulletin->options['softlinebreakchars'] . '})#', "\\1\n", $line_count_text);
}
// + 1, since 0 linebreaks still means 1 line
$line_count = substr_count($line_count_text, "\n") + 1;
if ($line_count > $vbulletin->userinfo['permissions']['sigmaxlines']) {
$vbulletin->GPC['preview'] = true;
$errors[] = fetch_error('sigtoomanylines', $vbulletin->userinfo['permissions']['sigmaxlines']);
}
}
if ($vbulletin->userinfo['permissions']['signaturepermissions'] & $vbulletin->bf_ugp_signaturepermissions['canbbcode']) {
// Get the files we need
require_once DIR . '/includes/functions_newpost.php';
// add # to color tags using hex if it's not there
$signature = preg_replace('#\\[color=("|"|\'|)([a-f0-9]{6})\\1]#i', '[color=\\1#\\2\\1]', $signature);
// Turn the text into bb code.
$signature = convert_url_to_bbcode($signature);
// Create the parser with the users sig permissions
$sig_parser =& new vB_SignatureParser($vbulletin, fetch_tag_list(), $vbulletin->userinfo['permissions'], $vbulletin->userinfo['userid']);
// Parse the signature
$previewmessage = $sig_parser->parse($signature);
if ($error_num = count($sig_parser->errors)) {
foreach ($sig_parser->errors as $tag => $error_phrase) {
$errors[] = fetch_error($error_phrase, $tag);
}
}
unset($sig_parser, $tag_list, $sig_tag_token_array, $results);
}
// If they are previewing the signature or there were usergroup rules broken and there are $errors[]
if (!empty($errors) or $vbulletin->GPC['preview'] != '') {
if (!empty($errors)) {
$errorlist = '';
}
else
{
$blog['parseurl'] = ($vbulletin->userinfo['permissions']['vbblog_comment_permissions'] & $vbulletin->bf_ugp_vbblog_comment_permissions['blog_allowbbcode'] AND $vbulletin->GPC['parseurl']);
}
$blog['disablesmilies'] = $vbulletin->GPC['disablesmilies'];
}
$blog['blogid'] = $vbulletin->GPC['blogid'];
$blog['username'] = $vbulletin->GPC['username'];
// parse URLs in message text
if ($blog['parseurl'])
{
require_once(DIR . '/includes/functions_newpost.php');
$blog['message'] = convert_url_to_bbcode($blog['message']);
}
$blogman =& datamanager_init('BlogText', $vbulletin, ERRTYPE_ARRAY, 'blog');
if ($blogtextid)
{
$show['edit'] = true;
$blogman->set_existing($blogtextinfo);
}
else
{
// if the blog owner is forcing a comment OR board has comment enforcement on and we are following that policy
if (($bloginfo['moderatecomments'] OR $vbulletin->options['blog_commentmoderation'] OR !($vbulletin->userinfo['permissions']['vbblog_comment_permissions'] & $vbulletin->bf_ugp_vbblog_comment_permissions['blog_followcommentmoderation'])) AND !can_moderate_blog('canmoderatecomments') AND $bloginfo['userid'] != $vbulletin->userinfo['userid'])
{
