/** * Select library * * @return object */ public static function &fetch_library(&$registry, $contenttypeid, $categoryid = 0, $values = array()) { if (self::$instance) { return self::$instance; } $types = vB_Types::instance(); if (!($contenttypeid = $types->getContentTypeID($contenttypeid))) { return false; } $package = $types->getContentTypePackage($contenttypeid); $class = $types->getContentTypeClass($contenttypeid); $selectclass = "vB_Attachment_Store_{$package}_{$class}"; $path = DIR . '/packages/' . strtolower($package) . '/attach/' . strtolower($class) . '.php'; if (file_exists($path)) { include_once $path; if (class_exists($selectclass)) { self::$instance = new $selectclass($registry, $contenttypeid, $categoryid, $values); return self::$instance; } } return false; }
$vbulletin->input->clean_array_gpc('r', array('poststarttime' => TYPE_UINT)); $attachmentid = 0; $contenttypeid = 1; if (!$vbulletin->userinfo['userid'] or empty($vbulletin->GPC['poststarttime'])) { json_error(ERR_NO_PERMISSION); } $vbulletin->GPC['posthash'] = md5($vbulletin->GPC['poststarttime'] . $vbulletin->userinfo['userid'] . $vbulletin->userinfo['salt']); if ($vbulletin->GPC_exists['forumid']) { $values[f] = $vbulletin->GPC['forumid']; } if ($vbulletin->GPC_exists['threadid']) { $values[t] = $vbulletin->GPC['threadid']; } $values[poststarttime] = $vbulletin->GPC['poststarttime']; $values[posthash] = $vbulletin->GPC['posthash']; if (!($attachlib =& vB_Attachment_Store_Library::fetch_library($vbulletin, $contenttypeid, $vbulletin->GPC['categoryid'], $values))) { json_error("eek"); } if (!$attachlib->verify_permissions()) { json_error(ERR_NO_PERMISSION); } function do_upload_attachment() { global $vbulletin, $db, $foruminfo, $attachlib; $vbulletin->input->clean_gpc('f', 'attachment', TYPE_FILE); // format vbulletin expects: $files[name][x]... we only have one per post $vbulletin->GPC['attachment'] = array('name' => array($vbulletin->GPC['attachment']['name']), 'tmp_name' => array($vbulletin->GPC['attachment']['tmp_name']), 'error' => array($vbulletin->GPC['attachment']['error']), 'size' => array($vbulletin->GPC['attachment']['size'])); if ($vbulletin->GPC['flash'] and is_array($vbulletin->GPC['attachment'])) { $vbulletin->GPC['attachment']['utf8_names'] = true; } $uploadids = $attachlib->upload($vbulletin->GPC['attachment'], array(), $vbulletin->GPC['filedata']);
$contenttypeid = $vbulletin->input->clean_gpc('r', 'contenttypeid', TYPE_NOHTML); $insertinline = $vbulletin->input->clean_gpc('r', 'insertinline', TYPE_UINT); if (!$vbulletin->userinfo['userid'] or empty($vbulletin->userinfo['attachmentextensions']) or $vbulletin->GPC['posthash'] != md5($vbulletin->GPC['poststarttime'] . $vbulletin->userinfo['userid'] . $vbulletin->userinfo['salt'])) { if (!$vbulletin->userinfo['userid'] and $vbulletin->GPC['userid']) { $userinfo = fetch_userinfo($vbulletin->GPC['userid']); if ($vbulletin->GPC['posthash'] == md5($vbulletin->GPC['poststarttime'] . $userinfo['userid'] . $userinfo['salt'])) { $vbulletin->userinfo = $userinfo; cache_permissions($vbulletin->userinfo, true); } else { print_no_permission(); } } else { print_no_permission(); } } if (!($attachlib =& vB_Attachment_Store_Library::fetch_library($vbulletin, $contenttypeid, $vbulletin->GPC['categoryid'], $vbulletin->GPC['values'])) or !$attachlib->verify_permissions()) { print_no_permission(); } $new_attachlist_js = ''; ($hook = vBulletinHook::fetch_hook('newattachment_start')) ? eval($hook) : false; $show['errors'] = false; if (!$attachlib->fetch_attachcount()) { print_no_permission(); } $show['ajaxform'] = $_REQUEST['do'] == 'assetmanager'; $show['ajaxupload'] = ($_POST['ajax'] and $_POST['do'] == 'manageattach'); $currentattachment = array('attachmentid' => 0, 'hasthumbnail' => false); // ##################### Add Attachment to Content #################### if ($_POST['do'] == 'manageattach') { $vbulletin->input->clean_array_gpc('p', array('upload' => TYPE_STR, 'delete' => TYPE_ARRAY_STR, 'filedata' => TYPE_ARRAY_UINT, 'flash' => TYPE_UINT, 'imageonly' => TYPE_BOOL)); $uploads = array();
function do_upload_photo() { global $vbulletin, $db, $show, $vbphrase, $foruminfo, $userinfo, $albuminfo, $session, $contenttypeid; $vbulletin->input->clean_array_gpc('p', array('caption' => TYPE_STR)); if (empty($albuminfo)) { standard_error(fetch_error('invalidid', $vbphrase['album'], $vbulletin->options['contactuslink'])); } // adding new, can only add in your own if ($userinfo['userid'] != $vbulletin->userinfo['userid']) { print_no_permission(); } $vbulletin->input->clean_gpc('f', 'photo', TYPE_FILE); // format vbulletin expects: $files[name][x]... we only have one per post $vbulletin->GPC['attachment'] = array('name' => array($vbulletin->GPC['photo']['name']), 'tmp_name' => array($vbulletin->GPC['photo']['tmp_name']), 'error' => array($vbulletin->GPC['photo']['error']), 'size' => array($vbulletin->GPC['photo']['size'])); $values['albumid'] = $vbulletin->GPC['albumid']; if (!($attachlib =& vB_Attachment_Store_Library::fetch_library($vbulletin, $contenttypeid, 0, $values))) { json_error("could not create attachment store"); } if (!$attachlib->verify_permissions()) { json_error(ERR_NO_PERMISSION); } $uploadids = $attachlib->upload($vbulletin->GPC['attachment'], array(), $vbulletin->GPC['filedata']); $uploads = explode(',', $uploadids); if (!empty($attachlib->errors)) { $errorlist = ''; foreach ($attachlib->errors as $error) { $filename = htmlspecialchars_uni($error['filename']); $errormessage = $error['error'] ? $error['error'] : $vbphrase["{$error['errorphrase']}"]; json_error($errormessage, RV_UPLOAD_ERROR); } } // Fetch possible destination albums $destination_result = $db->query_read("\n SELECT\n albumid, userid, title, coverattachmentid, state\n FROM " . TABLE_PREFIX . "album\n WHERE\n userid = {$userinfo['userid']}\n "); $destinations = array(); if ($db->num_rows($destination_result)) { while ($album = $db->fetch_array($destination_result)) { $destinations[$album['albumid']] = $album; } } $db->free_result($destination_result); $picture_sql = $db->query_read("\n SELECT\n a.contentid, a.userid, a.caption, a.state, a.dateline, a.attachmentid, a.contenttypeid,\n filedata.extension, filedata.filesize, filedata.thumbnail_filesize, filedata.filedataid\n FROM " . TABLE_PREFIX . "attachment AS a\n INNER JOIN " . TABLE_PREFIX . "filedata AS filedata ON (a.filedataid = filedata.filedataid)\n WHERE\n a.contentid = 0\n AND\n a.attachmentid IN (" . implode(',', $uploads) . ")\n "); while ($picture = $db->fetch_array($picture_sql)) { $attachdata =& datamanager_init('Attachment', $vbulletin, ERRTYPE_ARRAY, 'attachment'); $attachdata->set_existing($picture); $attachdata->set_info('albuminfo', $albuminfo); $attachdata->set_info('destination', $destinations[$albuminfo['albumid']]); $attachdata->set('contentid', $albuminfo['albumid']); $attachdata->set('posthash', ''); $attachdata->set('caption', $vbulletin->GPC['caption']); $attachdata->save(); } // update all albums that pictures were moved to foreach ($destinations as $albumid => $album) { if (sizeof($album['moved_pictures'])) { $albumdata =& datamanager_init('Album', $vbulletin, ERRTYPE_SILENT); $albumdata->set_existing($album); if (!$album['coverattachmentid']) { $albumdata->set('coverattachmentid', array_shift($album['moved_pictures'])); } $albumdata->rebuild_counts(); $albumdata->save(); unset($albumdata); } } $albumdata =& datamanager_init('Album', $vbulletin, ERRTYPE_SILENT); $albumdata->set_existing($albuminfo); $albumdata->rebuild_counts(); if ($new_coverid or $updatecounter) { if ($new_coverid or $cover_moved) { $albumdata->set('coverattachmentid', $new_coverid); } } $albumdata->save(); unset($albumdata); // add to updated list if (can_moderate(0, 'canmoderatepictures') or !$vbulletin->options['albums_pictures_moderation'] and $vbulletin->userinfo['permissions']['albumpermissions'] & $vbulletin->bf_ugp_albumpermissions['picturefollowforummoderation']) { exec_album_updated($vbulletin->userinfo, $albuminfo); } return array('success' => true); }
$vbulletin->input->clean_array_gpc('p', array('alignment' => TYPE_NOHTML, 'size' => TYPE_NOHTML, 'title' => TYPE_NOHTML, 'caption' => TYPE_NOHTML, 'link' => TYPE_UINT, 'linkurl' => TYPE_NOHTML, 'linktarget' => TYPE_BOOL, 'styles' => TYPE_NOHTML, 'description' => TYPE_NOHTML, 'attachmentid' => TYPE_UINT, 'posthash' => TYPE_NOHTML, 'poststarttime' => TYPE_UINT, 'contentid' => TYPE_UINT)); if ($vbulletin->GPC['posthash'] != md5($vbulletin->GPC['poststarttime'] . $vbulletin->userinfo['userid'] . $vbulletin->userinfo['salt'])) { exit; } $vbulletin->GPC['title'] = convert_urlencoded_unicode($vbulletin->GPC['title']); $vbulletin->GPC['caption'] = convert_urlencoded_unicode($vbulletin->GPC['caption']); $vbulletin->GPC['description'] = convert_urlencoded_unicode($vbulletin->GPC['description']); $settings = array('alignment' => $vbulletin->GPC['alignment'], 'size' => $vbulletin->GPC['size'], 'caption' => $vbulletin->GPC['caption'], 'link' => $vbulletin->GPC['link'], 'linkurl' => $vbulletin->GPC['linkurl'], 'linktarget' => $vbulletin->GPC['linktarget'], 'styles' => $vbulletin->userinfo['permissions']['forumpermissions'] & $vbulletin->bf_ugp_forumpermissions['canattachmentcss'] ? $vbulletin->GPC['styles'] : '', 'description' => $vbulletin->GPC['description'], 'title' => $vbulletin->GPC['title']); $attachment = $db->query_first("\n\t\tSELECT attachmentid, settings, posthash, contenttypeid, contentid\n\t\tFROM " . TABLE_PREFIX . "attachment\n\t\tWHERE attachmentid = " . $vbulletin->GPC['attachmentid'] . "\n\t"); if (!$attachment or $attachment['posthash'] and $attachment['posthash'] != $vbulletin->GPC['posthash']) { exit; } if (!$attachment['posthash']) { require_once DIR . '/packages/vbattach/attach.php'; // Verify that the user can modify this EXISTING attachment.. if ($vbulletin->GPC['contentid'] != $attachment['contentid'] or !($attachlib =& vB_Attachment_Store_Library::fetch_library($vbulletin, $attachment['contenttypeid'])) or !$attachlib->verify_permissions_attachmentid($attachment['attachmentid'])) { exit; } } $db->query_write("\n\t\tINSERT INTO " . TABLE_PREFIX . "attachment\n\t\t\t(attachmentid, settings)\n\t\tVALUES (" . $vbulletin->GPC['attachmentid'] . ", '" . $db->escape_string(serialize($settings)) . "')\n\t\tON DUPLICATE KEY UPDATE settings = '" . $db->escape_string(serialize($settings)) . "'\n\n\t"); $xml = new vB_AJAX_XML_Builder($vbulletin, 'text/xml'); $xml->add_tag('ok', 1); $xml->print_xml(); } if ($_REQUEST['do'] == 'rss') { //we just replace "ajax.php" with "external.php" $redirect_url = 'external.php?' . $_SERVER['QUERY_STRING']; exec_header_redirect($redirect_url, 301); } if ($_REQUEST['do'] == 'get_comment_reply') { $vbulletin->input->clean_array_gpc('r', array('postid' => TYPE_UINT));
/** * Select library * * @return object */ public static function &fetch_library(&$registry, $contenttypeid, $categoryid, $values) { if (self::$instance) { return self::$instance; } require_once(DIR . '/includes/class_bootstrap_framework.php'); require_once(DIR . '/vb/types.php'); vB_Bootstrap_Framework::init(); $types = vB_Types::instance(); if (!($contenttypeid = $types->getContentTypeID($contenttypeid))) { return false; } $package = $types->getContentTypePackage($contenttypeid); $class = $types->getContentTypeClass($contenttypeid); $selectclass = "vB_Attachment_Store_{$package}_{$class}"; include_once(DIR . '/packages/' . strtolower($package) . '/attach/' . strtolower($class) . '.php'); if (class_exists($selectclass)) { self::$instance = new $selectclass($registry, $contenttypeid, $categoryid, $values); } else { exit; return false; } return self::$instance; }