public function process()
{
vB::$vbulletin->input->clean_array_gpc('p', array('userid' => TYPE_UINT, 'tab' => TYPE_NOHTML, 'mindateline' => TYPE_UNIXTIME, 'maxdateline' => TYPE_UNIXTIME, 'minscore' => TYPE_NUM, 'minid' => TYPE_STR, 'maxid' => TYPE_STR, 'pagenumber' => TYPE_UINT, 'perpage' => TYPE_UINT));
vB::$vbulletin->GPC['ajax'] = 1;
vB_dB_Assertor::init(vB::$vbulletin->db, vB::$vbulletin->userinfo);
vB_ProfileCustomize::getUserTheme(vB::$vbulletin->GPC['userid']);
$userhastheme = vB_ProfileCustomize::getUserThemeType(vB::$vbulletin->GPC['userid']) == 1 ? 1 : 0;
$showusercss = vB::$vbulletin->userinfo['options'] & vB::$vbulletin->bf_misc_useroptions['showusercss'] ? 1 : 0;
if ($userhastheme and $showusercss) {
define('AS_PROFILE', true);
}
$userinfo = verify_id('user', vB::$vbulletin->GPC['userid'], 1, 1);
$this->fetchMemberStreamSql(vB::$vbulletin->GPC['tab'], $userinfo['userid']);
$this->processExclusions();
$this->setPage(1, vB::$vbulletin->GPC['perpage']);
$result = $this->fetchStream();
$this->processAjax($result);
}
public static function getBGValue($image_url)
{
//sometimes we have the word 'none'
if (strtolower($image_url) == 'none') {
return 'none';
}
//it might be a color;
$result = self::getValidColor($colorval);
if ($result) {
return $result;
}
//Let's see if it's an image. First clean it.
$image_url = self::cleanImageLoc($image_url);
if (!$image_url) {
return false;
}
//if it's in the form url(<something) then we just return.
if (strtolower(substr($image_url, 0, 4)) == 'url(') {
return $image_url;
}
//If it's attachment.php..., we return that.
if (strtolower(substr($image_url, 0, 10)) == 'attachment') {
return 'url(' . $image_url . ')';
}
//If it starts with ./ or http:, we wrap that in url(.
if (strtolower(substr($image_url, 0, 1)) == './' or strtolower(substr($image_url, 0, 7)) == 'http://') {
return 'url(' . $image_url . ')';
}
// If we have in the form integer, integer we turn that into an URL
// that's a v386 setting meaning albumid, pictureid
$result = preg_match("/^([0-9]+),([0-9]+)\$/", $image_url, $picture);
if ($result) {
if (!self::$session_url and class_exists('vB', false)) {
self::$session_url = vB::getCurrentSession()->get('sessionurl');
}
return "url(picture.php?albumid={$picture['1']}&pictureid={$picture['2']})";
}
return 'none';
}
$navbar = render_navbar_template($navbits);
$templatename = 'MEMBERINFO';
$show['pmlink'] =& $show['pm'];
// VBIV-12742 Lets be consistant with the name.
($hook = vBulletinHook::fetch_hook('member_complete')) ? eval($hook) : false;
//Now we need to get the css theme information if applicable
if ($show_customize_profile) {
$themes = vB_ProfileCustomize::getThemes();
if (empty($themes)) {
$canusetheme = false;
if (!$cancustomize) {
$show_customize_profile = false;
}
}
}
$themes[-1] = vB_ProfileCustomize::getDefaultTheme();
$themes[-1]['title'] = $vbphrase['site_default_theme'];
$themes[-1]['thumbnail'] = 'default_theme.png';
//We need to get the themes in rows of 4, and we also need to generate the
//json version of the theme array we'll use for setting the events;
$i = 0;
$themelist = '';
$themeblock = array();
if ($show_customize_profile) {
$themerow = array();
foreach ($themes as $themeid => $theme) {
$theme['themeid'] = $themeid;
$themerow[] = $theme;
$i++;
$themeblock[] = "\"{$themeid}\":\"profiletheme_{$themeid}\"";
if ($i > 3) {
}
// #############################################################################
// get the confirm close dialog box
//
if ($_REQUEST['do'] == 'getconfirmclosebox') {
if (intval($vbulletin->userinfo['userid'])) {
echo vB_ProfileCustomize::getConfirmCloseBox();
}
}
// #############################################################################
// get the confirm close dialog box
//
if ($_REQUEST['do'] == 'getprofiledialog') {
$vbulletin->input->clean_array_gpc('r', array('phrase' => TYPE_STR));
if ($vbulletin->GPC_exists['phrase']) {
echo vB_ProfileCustomize::getProfileDialog($vbulletin->GPC['phrase']);
}
}
// #############################################################################
// Autosave editor content
if ($_POST['do'] == 'autosave') {
$vbulletin->input->clean_array_gpc('p', array('contenttypeid' => TYPE_NOHTML, 'contentid' => TYPE_UINT, 'parentcontentid' => TYPE_UINT, 'pagetext' => TYPE_STR, 'title' => TYPE_NOHTML, 'posthash' => TYPE_NOHTML, 'poststarttime' => TYPE_UINT, 'wysiwyg' => TYPE_BOOL, 'parsetype' => TYPE_STR));
if (!$vbulletin->userinfo['userid']) {
echo 'NO USERID';
exit;
}
if (!vB_Types::instance()->getContentTypeID($vbulletin->GPC['contenttypeid'])) {
echo 'INVALID CONTENTTYPEID';
exit;
}
if (!$vbulletin->GPC['pagetext']) {
require_once './vb/profilecustomize.php';
/*
cssuid = 0 if calling user has view others customisation enabled (so will see all customised profiles)
cssuid > 0 if calling user has view others customisation disabled (so will only see their own customised profile as cssuid = calling userid)
cssuid = -1 means if the calling user has view others customisation disabled, they will always see the style default, not any admin set default.
The -1 option is mainly for testing. Its not a value current passed by default vbulletin, but plugins could make use of it if they wanted.
*/
if ($vbulletin->options['socnet'] & $vbulletin->bf_misc_socnet['enable_profile_styling'] and ($vbulletin->GPC['cssuid'] == 0 or $vbulletin->GPC['cssuid'] == $vbulletin->GPC['userid'])) {
vB_ProfileCustomize::setPermissions($permissions['usercsspermissions']);
vB_ProfileCustomize::setStylevars($vbulletin->stylevars);
$theme = vB_ProfileCustomize::getUserTheme($vbulletin->GPC['userid']);
} else {
if ($vbulletin->GPC['cssuid'] != -1) {
$theme = vB_ProfileCustomize::getSiteDefaultTheme();
} else {
$theme = vB_ProfileCustomize::getSiteDefaultTheme(false);
}
}
foreach ($theme as $varname => $setting) {
if ($varname == 'font_family' and $setting == 'default') {
$templater->register($varname, vB::$vbulletin->stylevars['font']['family']);
} else {
if (preg_match('#<\\s*script.*>#i', $value) > 0) {
continue;
} else {
if (preg_match("#_(color|border)\$#", $varname)) {
//color values are validated heavily on input and tend to
//get destroyed by when escaped.
} else {
//IE6 will accept "javascript:" and "vbscript:" urls. Unfortunately it will do so even if the
//url strings are encoded. We remove whitespace from the string to avoid attempts
