Esempio n. 1
0
 /**
  * Renders the output after preperation.
  * @see vB5_Template::render()
  *
  * @param boolean	Whether to suppress the HTML comment surrounding option (for JS, etc)
  * @param boolean	true if we are rendering for a call to /ajax/render/ and we want CSS <link>s separate
  *
  * @return string
  */
 public function render($isParentTemplate = true, $isAjaxTemplateRender = false)
 {
     static $user = false;
     if (!$user) {
         $user = vB5_User::instance();
     }
     $config = vB5_Config::instance();
     $this->register('user', $user, true);
     extract(self::$globalRegistered, EXTR_SKIP | EXTR_REFS);
     extract($this->registered, EXTR_OVERWRITE | EXTR_REFS);
     $baseurl = vB5_Template_Options::instance()->get('options.frontendurl');
     $baseurl_core = vB5_Template_Options::instance()->get('options.bburl');
     $baseurl_login = vB5_Template_Options::instance()->get('options.frontendurl_login');
     $baseurl_data = vB5_String::parseUrl($baseurl);
     if (isset($baseurl_data['path'])) {
         $baseurl_path = $baseurl_data['path'];
     }
     $baseurl_path = isset($baseurl_path) ? $baseurl_path . (substr($baseurl_path, -1) != '/' ? '/' : '') : '/';
     //same as cookie path
     $cookie_prefix = $config->cookie_prefix;
     $vboptions = vB5_Template_Options::instance()->getOptions();
     $vboptions = $vboptions['options'];
     //this assumes that core is in the core directory which is not something we've generally assumed
     //however as noncollapsed mode look unlikely to be as useful as we thought, we'll start making that
     //assumption.  However setting a seperate variable means we don't spread that assumption all through
     //the template code.
     $baseurl_cdn = $vboptions['cdnurl'];
     if ($baseurl_cdn) {
         $baseurl_corecdn = $baseurl_cdn . '/core';
     } else {
         //if we haven't set a cdn url, then let's default to the actual site urls.
         $baseurl_cdn = $baseurl;
         $baseurl_corecdn = $baseurl_core;
     }
     $vbproducts = vB::getDatastore()->getValue('products');
     $preferred_styleid = vB5_Template_Stylevar::instance()->getPreferredStyleId() > 0 ? vB5_Template_Stylevar::instance()->getPreferredStyleId() : $vboptions['styleid'];
     $preferred_languageid = vB5_User::getLanguageId() > 0 ? vB5_User::getLanguageId() : $vboptions['languageid'];
     $timenow = time();
     self::$renderedTemplateNames[] = $this->template;
     // debug info for the templates that have been used
     if ($config->debug) {
         self::$renderedTemplates[] = array('templateName' => $this->template, 'isParentTemplate' => (bool) $isParentTemplate, 'indent' => str_repeat('|----', count(self::$renderedTemplatesStack)));
         self::$renderedTemplatesStack[] = $this->template;
     }
     // todo: remove this once we can remove notices from template code
     // allow developers to turn notices off for templates -- to avoid having them turn off notices entirely
     if ($config->no_template_notices) {
         $oldReporting = error_reporting(E_ALL & ~E_NOTICE);
     }
     if ($config->render_debug) {
         set_exception_handler(null);
         set_error_handler('vberror');
         // Show which template is being rendered.
         echo 'Template: ' . $this->template . '<br />';
     }
     $templateCache = vB5_Template_Cache::instance();
     $templateCode = $templateCache->getTemplate($this->template);
     if (is_array($templateCode) and !empty($templateCode['textonly'])) {
         $final_rendered = $templateCode['placeholder'];
     } else {
         if ($templateCache->isTemplateText()) {
             @eval($templateCode);
         } else {
             if ($templateCode !== false) {
                 @(include $templateCode);
             }
         }
     }
     if ($config->render_debug) {
         restore_error_handler();
         restore_exception_handler();
     }
     if ($config->no_template_notices) {
         error_reporting($oldReporting);
     }
     // always replace placeholder for templates, as they are process by levels
     $templateCache->replacePlaceholders($final_rendered);
     if ($isParentTemplate) {
         // we only replace phrases/urls/nodetext, insert javascript and stylesheets at the parent template
         $this->renderDelayed($final_rendered, $isAjaxTemplateRender);
         //Store the configuration information in the session
         if (!empty(vB5_Config::instance()->php_sessions)) {
             if (session_status() == PHP_SESSION_NONE) {
                 $expires = vB5_Config::instance()->session_expires;
                 if (!empty($expires) and intval($expires)) {
                     session_cache_expire(intval($expires));
                 }
                 session_start();
                 $_SESSION['languageid'] = $preferred_languageid;
                 $_SESSION['userid'] = vB5_User::get('userid');
             }
         }
     }
     // debug info for the templates that have been used
     if ($config->debug) {
         array_pop(self::$renderedTemplatesStack);
     }
     // add template name to HTML source for debugging
     if (!empty($vboptions['addtemplatename']) and $vboptions['addtemplatename']) {
         $final_rendered = "<!-- BEGIN: {$this->template} -->{$final_rendered}<!-- END: {$this->template} -->";
     }
     return $final_rendered;
 }
Esempio n. 2
0
 /**
  * Handles a [url] tag. Creates a link to another web page.
  *
  * @param	string	If tag has option, the displayable name. Else, the URL.
  * @param	string	If tag has option, the URL.
  * @param	bool	If this is for an image, just return the link
  *
  * @return	string	HTML representation of the tag.
  */
 function handle_bbcode_url($text, $link, $image = false)
 {
     $rightlink = trim($link);
     if (empty($rightlink)) {
         // no option -- use param
         $rightlink = trim($text);
     }
     $rightlink = str_replace(array('`', '"', "'", '['), array('&#96;', '&quot;', '&#39;', '&#91;'), $this->stripSmilies($rightlink));
     // remove double spaces -- fixes issues with wordwrap
     $rightlink = str_replace('  ', '', $rightlink);
     if (!preg_match('#^[a-z0-9]+(?<!about|javascript|vbscript|data):#si', $rightlink)) {
         $rightlink = "http://{$rightlink}";
     }
     if (!trim($link) or str_replace('  ', '', $text) == $rightlink) {
         $tmp = vB5_String::unHtmlSpecialChars($rightlink);
         if (vB_String::vbStrlen($tmp) > 55 and $this->isWysiwyg() == false) {
             $text = vB5_String::htmlSpecialCharsUni(vB5_String::vbChop($tmp, 36) . '...' . substr($tmp, -14));
         } else {
             // under the 55 chars length, don't wordwrap this
             $text = str_replace('  ', '', $text);
         }
     }
     static $current_url, $current_host, $allowed, $friendlyurls = array();
     if (!isset($current_url)) {
         $current_url = @vB5_String::parseUrl(self::$bbUrl);
     }
     $is_external = self::$urlNoFollow;
     if (self::$urlNoFollow) {
         if (!isset($current_host)) {
             $current_host = preg_replace('#:(\\d)+$#', '', self::$vBHttpHost);
             $allowed = preg_split('#\\s+#', self::$urlNoFollowWhiteList, -1, PREG_SPLIT_NO_EMPTY);
             $allowed[] = preg_replace('#^www\\.#i', '', $current_host);
             $allowed[] = preg_replace('#^www\\.#i', '', $current_url['host']);
         }
         $target_url = preg_replace('#^([a-z0-9]+:(//)?)#', '', $rightlink);
         foreach ($allowed as $host) {
             if (vB5_String::stripos($target_url, $host) !== false) {
                 $is_external = false;
             }
         }
     }
     if ($image) {
         return array('link' => $rightlink, 'nofollow' => $is_external);
     }
     // standard URL hyperlink
     return "<a href=\"{$rightlink}\" target=\"_blank\"" . ($is_external ? ' rel="nofollow"' : '') . ">{$text}</a>";
 }
Esempio n. 3
0
 /**
  * Determines if we are allowed to redirect to this URL, based
  * on Admin CP whitelist settings
  *
  * @param	string	The URL
  *
  * @return	bool	True if redirecting to this URL is allowed, false otherwise
  */
 public static function allowRedirectToUrl($url)
 {
     if (empty($url)) {
         return false;
     }
     $options = vB5_Template_Options::instance();
     if ($options->get('options.redirect_whitelist_disable')) {
         return true;
     }
     $foundurl = false;
     if ($urlinfo = @vB5_String::parseUrl($url)) {
         if (!$urlinfo['scheme']) {
             $foundurl = true;
             // Relative redirect.
         } else {
             $whitelist = array();
             if ($options->get('options.redirect_whitelist')) {
                 $whitelist = explode("\n", trim($options->get('options.redirect_whitelist')));
             }
             // Add the base and core urls to the whitelist
             $baseinfo = @vB5_String::parseUrl(vB5_Template_Options::instance()->get('options.frontendurl'));
             $coreinfo = @vB5_String::parseUrl(vB5_Template_Options::instance()->get('options.bburl'));
             $baseurl = "{$baseinfo['scheme']}://{$baseinfo['host']}";
             $coreurl = "{$coreinfo['scheme']}://{$coreinfo['host']}";
             array_unshift($whitelist, strtolower($baseurl));
             array_unshift($whitelist, strtolower($coreurl));
             $vburl = strtolower($url);
             foreach ($whitelist as $urlx) {
                 $urlx = trim($urlx);
                 if ($vburl == strtolower($urlx) or strpos($vburl, strtolower($urlx) . '/', 0) === 0) {
                     $foundurl = true;
                     break;
                 }
             }
         }
     }
     return $foundurl;
 }