public function execute_add_comment_event()
{
//Load module lang
$lang = LangLoader::get('common', 'bugtracker');
//Load module configuration
$config = BugtrackerConfig::load();
//Get the content of the comment
$comment = stripslashes(FormatingHelper::strparse(AppContext::get_request()->get_poststring('comments_message', '')));
//Retrieve the id of the bug
$bug_id = $this->comments_topic->get_id_in_module();
$now = new Date();
//New line in the bug history
BugtrackerService::add_history(array('bug_id' => $bug_id, 'updater_id' => AppContext::get_current_user()->get_id(), 'update_date' => $now->get_timestamp(), 'change_comment' => $lang['notice.new_comment']));
//Send a PM to the list of members who updated the bug if the send of PM is enabled
if ($config->are_pm_enabled() && $config->are_pm_comment_enabled()) {
BugtrackerPMService::send_PM_to_updaters('comment', $bug_id, $comment);
}
return true;
}
public function execute(HTTPRequestCustom $request)
{
if ($this->check_authorizations()) {
$pseudo = TextHelper::strprotect(utf8_decode($request->get_string('pseudo', '')));
$contents = TextHelper::htmlentities($request->get_string('contents', ''), ENT_COMPAT, 'UTF-8');
$contents = TextHelper::htmlspecialchars_decode(TextHelper::html_entity_decode($contents, ENT_COMPAT, 'windows-1252'));
if ($pseudo && $contents) {
//Mod anti-flood, autorisé aux membres qui bénificie de l'autorisation de flooder.
$check_time = AppContext::get_current_user()->get_id() !== -1 && ContentManagementConfig::load()->is_anti_flood_enabled() ? PersistenceContext::get_querier()->get_column_value(PREFIX . "shoutbox", 'MAX(timestamp)', 'WHERE user_id = :id', array('id' => AppContext::get_current_user()->get_id())) : '';
if (!empty($check_time) && !AppContext::get_current_user()->check_max_value(AUTH_FLOOD)) {
if ($check_time >= time() - ContentManagementConfig::load()->get_anti_flood_duration()) {
$code = -1;
}
}
//Vérifie que le message ne contient pas du flood de lien.
$config_shoutbox = ShoutboxConfig::load();
$contents = FormatingHelper::strparse($contents, $config_shoutbox->get_forbidden_formatting_tags());
if (!TextHelper::check_nbr_links($contents, $config_shoutbox->get_max_links_number_per_message(), true)) {
//Nombre de liens max dans le message.
$code = -2;
}
$shoutbox_message = new ShoutboxMessage();
$shoutbox_message->init_default_properties();
$shoutbox_message->set_login($pseudo);
$shoutbox_message->set_user_id(AppContext::get_current_user()->get_id());
$shoutbox_message->set_contents($contents);
$shoutbox_message->set_creation_date(new Date());
$code = ShoutboxService::add($shoutbox_message);
} else {
$code = -3;
}
} else {
$code = -4;
}
return new JSONResponse(array('code' => $code));
}
public function parse_contents($contents)
{
return stripslashes(FormatingHelper::strparse($contents));
}
function Update_msg($idtopic, $idmsg, $contents, $user_id_msg, $history = true)
{
$config = ForumConfig::load();
//Marqueur d'édition du message?
$edit_mark = !ForumAuthorizationsService::check_authorizations()->hide_edition_mark() ? ", timestamp_edit = '" . time() . "', user_id_edit = '" . AppContext::get_current_user()->get_id() . "'" : '';
PersistenceContext::get_querier()->inject("UPDATE " . PREFIX . "forum_msg SET contents = '" . FormatingHelper::strparse($contents) . "'" . $edit_mark . " WHERE id = '" . $idmsg . "'");
$nbr_msg_before = PersistenceContext::get_querier()->count(PREFIX . "forum_msg", 'WHERE idtopic = :idtopic AND id < :id', array('idtopic' => $idtopic, 'id' => $idmsg));
//Calcul de la page sur laquelle se situe le message.
$msg_page = ceil(($nbr_msg_before + 1) / $config->get_number_messages_per_page());
$msg_page_rewrite = $msg_page > 1 ? '-' . $msg_page : '';
$msg_page = $msg_page > 1 ? '&pt=' . $msg_page : '';
//Insertion de l'action dans l'historique.
if (AppContext::get_current_user()->get_id() != $user_id_msg && $history) {
forum_history_collector(H_EDIT_MSG, $user_id_msg, 'topic' . url('.php?id=' . $idtopic . $msg_page, '-' . $idtopic . $msg_page_rewrite . '.php', '&') . '#m' . $idmsg);
}
return $nbr_msg_before;
}
// Édition
if ($media['idedit'] && MediaAuthorizationsService::check_authorizations($media['idcat'])->moderation()) {
PersistenceContext::get_querier()->update(PREFIX . "media", array('idcat' => $media['idcat'], 'name' => $media['name'], 'url' => $media['url'], 'contents' => $media['contents'], 'infos' => MediaAuthorizationsService::check_authorizations($media['idcat'])->write() ? MEDIA_STATUS_APROBED : 0, 'width' => $media['width'], 'height' => $media['height']), 'WHERE id = :id', array('id' => $media['idedit']));
if ($media['approved']) {
$corresponding_contributions = ContributionService::find_by_criteria('media', $media['idedit']);
if (count($corresponding_contributions) > 0) {
$media_contribution = $corresponding_contributions[0];
$media_contribution->set_status(Event::EVENT_STATUS_PROCESSED);
ContributionService::save_contribution($media_contribution);
}
}
// Feeds Regeneration
Feed::clear_cache('media');
AppContext::get_response()->redirect('media' . url('.php?id=' . $media['idedit']));
} elseif (!$media['idedit'] && (($auth_write = MediaAuthorizationsService::check_authorizations($media['idcat'])->write()) || MediaAuthorizationsService::check_authorizations($media['idcat'])->contribution())) {
$result = PersistenceContext::get_querier()->insert(PREFIX . "media", array('idcat' => $media['idcat'], 'iduser' => AppContext::get_current_user()->get_id(), 'timestamp' => time(), 'name' => $media['name'], 'contents' => FormatingHelper::strparse($media['contents']), 'url' => $media['url'], 'mime_type' => $media['mime_type'], 'infos' => MediaAuthorizationsService::check_authorizations($media['idcat'])->write() ? MEDIA_STATUS_APROBED : 0, 'width' => $media['width'], 'height' => $media['height']));
$new_id_media = $result->get_last_inserted_id();
// Feeds Regeneration
Feed::clear_cache('media');
if (!$auth_write) {
$media_contribution = new Contribution();
$media_contribution->set_id_in_module($new_id_media);
$media_contribution->set_description(stripslashes($media['counterpart']));
$media_contribution->set_entitled($media['name']);
$media_contribution->set_fixing_url('/media/media_action.php?edit=' . $new_id_media);
$media_contribution->set_poster_id(AppContext::get_current_user()->get_id());
$media_contribution->set_module('media');
$media_contribution->set_auth(Authorizations::capture_and_shift_bit_auth(MediaService::get_categories_manager()->get_heritated_authorizations($media['idcat'], Category::MODERATION_AUTHORIZATIONS, Authorizations::AUTH_CHILD_PRIORITY), Category::MODERATION_AUTHORIZATIONS, Contribution::CONTRIBUTION_AUTH_BIT));
ContributionService::save_contribution($media_contribution);
DispatchManager::redirect(new UserContributionSuccessController());
} else {
$checked_annonce = $type == 2 ? 'checked="ckecked"' : '';
//Liste des choix des sondages => 20 maxi
$nbr_poll_field = 0;
for ($i = 0; $i < 20; $i++) {
$answer = retrieve(POST, 'a' . $i, '', TSTRING_UNCHANGE);
if (!empty($answer)) {
$tpl->assign_block_vars('answers_poll', array('ID' => $i, 'ANSWER' => $answer));
$nbr_poll_field++;
} elseif ($i <= 5) {
$tpl->assign_block_vars('answers_poll', array('ID' => $i, 'ANSWER' => ''));
$nbr_poll_field++;
}
}
//Type de réponses du sondage.
$poll_type = retrieve(POST, 'poll_type', 0);
$vars_tpl = array_merge($vars_tpl, array('TITLE' => $title, 'DESC' => $subtitle, 'CONTENTS' => $contents, 'QUESTION' => $question, 'IDM' => $id_post_msg, 'DATE' => $LANG['on'] . ' ' . Date::to_format(Date::DATE_NOW, Date::FORMAT_DAY_MONTH_YEAR_HOUR_MINUTE), 'CONTENTS_PREVIEW' => FormatingHelper::second_parse(stripslashes(FormatingHelper::strparse($contents))), 'CHECKED_NORMAL' => $checked_normal, 'CHECKED_POSTIT' => $checked_postit, 'CHECKED_ANNONCE' => $checked_annonce, 'SELECTED_SIMPLE' => $poll_type == 0 ? 'checked="ckecked"' : '', 'SELECTED_MULTIPLE' => $poll_type == 1 ? 'checked="ckecked"' : '', 'NO_DISPLAY_POLL' => !empty($question) ? 'false' : 'true', 'NBR_POLL_FIELD' => $nbr_poll_field, 'C_FORUM_PREVIEW_MSG' => true, 'C_ADD_POLL_FIELD' => $nbr_poll_field <= 18 ? true : false, 'C_FORUM_POST_TYPE' => true, 'L_PREVIEW' => $LANG['preview'], 'L_TYPE' => '* ' . $LANG['type'], 'L_DEFAULT' => $LANG['default'], 'L_POST_IT' => $LANG['forum_postit'], 'L_ANOUNCE' => $LANG['forum_announce']));
}
//Listes les utilisateurs en lignes.
list($users_list, $total_admin, $total_modo, $total_member, $total_visit, $total_online) = forum_list_user_online("AND s.location_script LIKE '" . "/forum/%'");
$vars_tpl = array_merge($vars_tpl, array('C_USER_CONNECTED' => AppContext::get_current_user()->check_level(User::MEMBER_LEVEL), 'TOTAL_ONLINE' => $total_online, 'USERS_ONLINE' => $total_online - $total_visit == 0 ? '<em>' . $LANG['no_member_online'] . '</em>' : $users_list, 'ADMIN' => $total_admin, 'MODO' => $total_modo, 'MEMBER' => $total_member, 'GUEST' => $total_visit, 'L_USER' => $total_online > 1 ? $LANG['user_s'] : $LANG['user'], 'L_ADMIN' => $total_admin > 1 ? $LANG['admin_s'] : $LANG['admin'], 'L_MODO' => $total_modo > 1 ? $LANG['modo_s'] : $LANG['modo'], 'L_MEMBER' => $total_member > 1 ? $LANG['member_s'] : $LANG['member'], 'L_GUEST' => $total_visit > 1 ? $LANG['guest_s'] : $LANG['guest'], 'L_AND' => $LANG['and'], 'L_ONLINE' => strtolower($LANG['online'])));
$tpl->put_all($vars_tpl);
$tpl_top->put_all($vars_tpl);
$tpl_bottom->put_all($vars_tpl);
$tpl->put('forum_top', $tpl_top);
$tpl->put('forum_bottom', $tpl_bottom);
$tpl->display();
} elseif (!empty($id_post_msg) && !empty($post_topic)) {
try {
$msg = PersistenceContext::get_querier()->select_single_row(PREFIX . 'forum_msg', array('idtopic', 'user_id', 'timestamp', 'contents'), 'WHERE id=:id', array('id' => $id_post_msg));
} catch (RowNotFoundException $e) {
$error_controller = PHPBoostErrors::unexisting_element();
/**
* @deprecated
* @desc Retrieves an input variable. You can retrieve any parameter of the HTTP request which launched the execution of this page.
* @param int $var_type The origin of the variable: GET if it's a parameter in the request URL, POST if the variable was in a formulary,
* COOKIE if the variables come from a cookie and FILES if it's a file.
* @param string $var_name Name of a HTTP variable you want to retrieve.
* @param mixed $default_value The value you want the variable you retrieve has if the HTTP parameter doesn't exist.
* @param string $force_type Type of the variable you want to retrieve. If you don't use this parameter, the returned variable will have the same type as the default value you imposed.
* When you force the variable type, a cast operation will be made from string (it's a string in the HTTP request) to the type you choosed.
* The types you can use are numerous:
* <ul>
* <li>TINTEGER to retrieve an integer value.</li>
* <li>TSTRING to retrieve a string. The HTML code in this string is protected (XSS protection) and the dangerous MySQL characters are escaped. You can use this variable directly in a MySQL query.
* It you want to use it now without inserting it in a data base, use the stripslashes PHP function.</li>
* <li>TSTRING_UNCHANGE if you want to retrieve the value of a string without any processing (no quotes escaping and no HTML protection).</li>
* <li>TSTRING_PARSE if you want to parse the value you retrieved. The HTML code is protected, it parses with the user parser and the quotes are escaped. Ready to be inserted in a MySQL query !</li>
* <li>TBOOL to retrieve a boolean value.</li>
* <li>TUNSIGNED_INT if you expect an unsigned integer.</li>
* <li>TUNSIGNED_DOUBLE to retrieve an unsigned double value.</li>
* <li>TSTRING_HTML if you don't want to protect the HTML code of the content but you want to escape the quotes.</li>
* <li>TSTRING_AS_RECEIVED if you want to retrieve the string variable as it was in the HTTP request. </li>
* <li>TARRAY to retrieve an array. The values it contains aren't processed.</li>
* <li>TDOUBLE to retrieve a double value</li>
* <li>TNONE if you want to get the input variable as it has been recieved (the return value will be a string because HTTP parameters are all strings).</li>
* </ul>
* @param int $flags You can change the behaviour of this method: USE_DEFAULT_IF_EMPTY will allow you to retrieve the default value even if the parameter exists but its value is empty (to know if the var is empty, we use the empty() PHP function).
* @return mixed The value of the variable you wanted to retrieve. Its type is either the same as the default value or the type you forced.
*/
function retrieve($var_type, $var_name, $default_value, $force_type = NULL, $flags = 0)
{
$var = null;
$request = AppContext::get_request();
switch ($var_type) {
case GET:
if ($request->has_getparameter($var_name)) {
$var = $request->get_getvalue($var_name);
}
break;
case POST:
if ($request->has_postparameter($var_name)) {
$var = $request->get_postvalue($var_name);
}
break;
case REQUEST:
if ($request->has_parameter($var_name)) {
$var = $request->get_value($var_name);
}
break;
case COOKIE:
if ($request->has_cookieparameter($var_name)) {
$var = $request->get_cookie($var_name);
}
break;
case FILES:
if (isset($_FILES[$var_name])) {
$var = $_FILES[$var_name];
}
break;
default:
break;
}
//If $var is not set or an empty value is retrieved with the USE_DEFAULT_IF_EMPTY flag, we return the default value
if ($var === null || $flags & USE_DEFAULT_IF_EMPTY != 0 && empty($var)) {
return $default_value;
}
$force_type = !isset($force_type) ? gettype($default_value) : $force_type;
switch ($force_type) {
case TINTEGER:
return (int) $var;
case TSTRING:
return TextHelper::strprotect($var);
//Chaine protégée.
//Chaine protégée.
case TSTRING_UNCHANGE:
return trim((string) $var);
//Chaine non protégée.
//Chaine non protégée.
case TSTRING_PARSE:
return FormatingHelper::strparse($var);
//Chaine parsée.
//Chaine parsée.
case TBOOL:
return (bool) $var;
case TUNSIGNED_INT:
$var = (int) $var;
return $var > 0 ? $var : max(0, $default_value);
case TUNSIGNED_DOUBLE:
$var = (double) $var;
return $var > 0.0 ? $var : max(0.0, $default_value);
case TSTRING_HTML:
return TextHelper::strprotect($var, TextHelper::HTML_NO_PROTECT);
//Chaine non protégée pour l'html.
//Chaine non protégée pour l'html.
case TSTRING_AS_RECEIVED:
return (string) $var;
case TARRAY:
return (array) $var;
case TDOUBLE:
return (double) $var;
case TNONE:
return $var;
default:
return $default_value;
}
}
DispatchManager::redirect($error_controller);
}
} else {
$controller = new UserErrorController(LangLoader::get_message('error', 'status-messages-common'), $LANG['e_incomplete']);
DispatchManager::redirect($controller);
}
//Succès redirection vers la conversation.
AppContext::get_response()->redirect('/user/pm' . url('.php?id=' . $pm['idconvers'], '-0-' . $pm['idconvers'] . '.php', '&') . '#m' . $pm_edit);
} else {
$tpl = new FileTemplate('user/pm.tpl');
$tpl->put_all(array('KERNEL_EDITOR' => $editor->display(), 'L_REQUIRE_MESSAGE' => $LANG['require_text'], 'L_REQUIRE' => LangLoader::get_message('form.explain_required_fields', 'status-messages-common'), 'L_EDIT' => LangLoader::get_message('edit', 'common'), 'L_PRIVATE_MESSAGE' => $LANG['private_message'], 'L_MESSAGE' => $LANG['message'], 'L_SUBMIT' => $LANG['update'], 'L_PREVIEW' => $LANG['preview'], 'L_RESET' => $LANG['reset']));
$contents = retrieve(POST, 'contents', '', TSTRING_UNCHANGE);
$title = retrieve(POST, 'title', '', TSTRING_UNCHANGE);
$tpl->assign_block_vars('edit_pm', array('CONTENTS' => ($prw_convers xor $prw) ? $contents : FormatingHelper::unparse($pm['contents']), 'U_ACTION_EDIT' => url('.php?edit=' . $pm_edit . '&token=' . AppContext::get_session()->get_token()), 'U_PM_BOX' => '<a href="pm.php' . '">' . $LANG['pm_box'] . '</a>'));
if ($prw_convers xor $prw) {
$tpl->assign_block_vars('edit_pm.show_pm', array('DATE' => Date::to_format(Date::DATE_NOW, Date::FORMAT_DAY_MONTH_YEAR_HOUR_MINUTE), 'CONTENTS' => FormatingHelper::second_parse(stripslashes(FormatingHelper::strparse($contents)))));
}
if ($id_first == $pm_edit) {
$tpl->put_all(array('SUBMIT_NAME' => 'convers', 'L_TITLE' => $LANG['title']));
$tpl->assign_block_vars('edit_pm.title', array('TITLE' => ($prw_convers xor $prw) ? $title : $convers['title']));
} else {
$tpl->put_all(array('SUBMIT_NAME' => 'edit_pm'));
}
$tpl->display();
}
} else {
$controller = new UserErrorController(LangLoader::get_message('error', 'status-messages-common'), $LANG['e_pm_noedit']);
DispatchManager::redirect($controller);
}
} else {
$error_controller = PHPBoostErrors::unexisting_page();
function pages_parse($contents)
{
$contents = FormatingHelper::strparse(stripslashes($contents));
$contents = preg_replace('`\\[link=([a-z0-9+#-]+)\\](.+)\\[/link\\]`isU', '<a href="/pages/$1">$2</a>', $contents);
return (string) $contents;
}
/**
* @param string $content the content to set
*/
public function set_content($content)
{
$this->content = FormatingHelper::strparse($content, array(), false);
}
