public static function filterXmlInput(array $filters, $xmlrpc_params)
{
global $db, $mybb;
require_once MYBB_ROOT . $mybb->settings['tapatalk_directory'] . '/emoji/emoji.class.php';
$params = php_xmlrpc_decode($xmlrpc_params);
// handle upload requests etc.
if (empty($params) && !empty($_POST['method_name'])) {
$params = array();
foreach ($filters as $name => $type) {
if (isset($_POST[$name])) {
$params[] = $_POST[$name];
}
}
}
$data = array();
$i = 0;
foreach ($filters as $name => $type) {
switch ($type) {
case self::INT:
if (isset($params[$i])) {
$data[$name] = intval($params[$i]);
} else {
$data[$name] = 0;
}
break;
case self::ALPHASTRING:
if (isset($params[$i])) {
$data[$name] = preg_replace("#[^a-z\\.\\-_]#i", "", $params[$i]);
} else {
$data[$name] = '';
}
$data[$name . '_esc'] = $db->escape_string($data[$name]);
break;
case self::STRING:
if (isset($params[$i])) {
if ($name == 'subject' || $name == 'post_title' || $name == 'title') {
$data[$name] = tapatalkEmoji::covertUnifiedToEmpty($params[$i]);
} else {
$data[$name] = tapatalkEmoji::covertEmojiToName($params[$i]);
}
} else {
$data[$name] = '';
}
$data[$name . '_esc'] = $db->escape_string($data[$name]);
break;
case self::RAW:
$data[$name] = $params[$i];
break;
}
$i++;
}
return $data;
}
function get_quote_pm_func($xmlrpc_params)
{
global $db, $lang, $theme, $plugins, $mybb, $session, $settings, $cache, $time, $mybbgroups;
require_once MYBB_ROOT . $mybb->settings['tapatalk_directory'] . '/emoji/emoji.class.php';
$input = Tapatalk_Input::filterXmlInput(array('message_id' => Tapatalk_Input::INT), $xmlrpc_params);
$lang->load("private");
$parser = new postParser();
if ($mybb->settings['enablepms'] == 0) {
return xmlrespfalse($lang->pms_disabled);
}
if ($mybb->user['uid'] == '/' || $mybb->user['uid'] == 0 || $mybb->usergroup['canusepms'] == 0) {
return tt_no_permission();
}
if (!$mybb->user['pmfolders']) {
$mybb->user['pmfolders'] = "1**\$%%\$2**\$%%\$3**\$%%\$4**";
$sql_array = array("pmfolders" => $mybb->user['pmfolders']);
$db->update_query("users", $sql_array, "uid = " . $mybb->user['uid']);
}
$rand = my_rand(0, 9);
if ($rand == 5) {
update_pm_count();
}
$foldernames = array();
$foldersexploded = explode("\$%%\$", $mybb->user['pmfolders']);
foreach ($foldersexploded as $key => $folders) {
$folderinfo = explode("**", $folders, 2);
$folderinfo[1] = get_pm_folder_name($folderinfo[0], $folderinfo[1]);
$foldernames[$folderinfo[0]] = $folderinfo[1];
}
if ($mybb->usergroup['cansendpms'] == 0) {
return tt_no_permission();
}
$query = $db->query("\n\t\tSELECT pm.*, u.username AS quotename\n\t\tFROM " . TABLE_PREFIX . "privatemessages pm\n\t\tLEFT JOIN " . TABLE_PREFIX . "users u ON (u.uid=pm.fromid)\n\t\tWHERE pm.pmid='{$input['message_id']}' AND pm.uid='" . $mybb->user['uid'] . "'\n\t");
$pm = $db->fetch_array($query);
$message = $pm['message'];
$subject = $pm['subject'];
$subject = preg_replace("#(FW|RE):( *)#is", '', $subject);
$message = "[quote={$pm['quotename']}]\n{$message}\n[/quote]";
$message = preg_replace('#^/me (.*)$#im', "* " . $pm['quotename'] . " \\1", $message);
$subject = "Re: {$subject}";
$result = new xmlrpcval(array('result' => new xmlrpcval(true, 'boolean'), 'result_text' => new xmlrpcval('', 'base64'), 'msg_id' => new xmlrpcval($pm['pmid'], 'string'), 'msg_subject' => new xmlrpcval($subject, 'base64'), 'text_body' => new xmlrpcval(tapatalkEmoji::covertNameToEmoji($message), 'base64')), 'struct');
return new xmlrpcresp($result);
}
function process_post($post, $returnHtml = false)
{
global $mybb;
require_once MYBB_ROOT . $mybb->settings['tapatalk_directory'] . '/emoji/emoji.class.php';
$post = tapatalkEmoji::covertHtmlToEmoji($post);
if ($returnHtml) {
//$post = str_replace("&", '&', $post);
//$post = str_replace("<", '<', $post);
//$post = str_replace(">", '>', $post);
// handled by post parser nl2br option
//$post = str_replace("\r", '', $post);
//$post = str_replace("\n", '<br />', $post);
$post = str_replace('[hr]', '<br />____________________________________<br />', $post);
} else {
$post = strip_tags($post);
$post = html_entity_decode($post, ENT_QUOTES, 'UTF-8');
$post = str_replace('[hr]', "\n____________________________________\n", $post);
}
//mybb 1.8
$array_reg = array(array('reg' => '/\\[img(.*?)\\](.*?)\\[\\/img\\]/si', 'replace' => "[img]\$2[/img]"), array('reg' => '/\\[video=(.*?)\\](.*?)\\[\\/video\\]/si', 'replace' => '[url=$2]$1[/url]'), array('reg' => '/\\[s\\](.*?)\\[\\/s\\]/si', 'replace' => '$1'));
foreach ($array_reg as $arr) {
$post = preg_replace($arr['reg'], $arr['replace'], $post);
}
$post = str_replace("$", '$', $post);
$post = trim($post);
// remove link on img
//$post = preg_replace('/\[url=[^\]]*?\]\s*(\[img\].*?\[\/img\])\s*\[\/url\]/si', '$1', $post);
if ($returnHtml) {
$post = preg_replace('/\\[ttcode\\](.*?)\\[\\/ttcode\\]/sei', "'[code]'.base64_decode(html_entity_decode('\$1', ENT_QUOTES, 'UTF-8')).'[/code]'", $post);
} else {
$post = preg_replace('/\\[ttcode\\](.*?)\\[\\/ttcode\\]/sei', "'[code]'.base64_decode('\$1').'[/code]'", $post);
}
return $post;
}
function get_raw_post_func($xmlrpc_params)
{
global $db, $lang, $theme, $plugins, $mybb, $session, $settings, $cache, $time, $mybbgroups;
require_once MYBB_ROOT . $mybb->settings['tapatalk_directory'] . '/emoji/emoji.class.php';
$lang->load("editpost");
$input = Tapatalk_Input::filterXmlInput(array('post_id' => Tapatalk_Input::INT), $xmlrpc_params);
// No permission for guests
if (!$mybb->user['uid']) {
return tt_no_permission();
}
// Get post info
$pid = $input['post_id'];
$query = $db->simple_select("posts", "*", "pid='{$pid}'");
$post = $db->fetch_array($query);
if (!$post['pid']) {
return xmlrespfalse($lang->error_invalidpost);
}
// Get thread info
$tid = $post['tid'];
$thread = get_thread($tid);
if (!$thread['tid']) {
return xmlrespfalse($lang->error_invalidthread);
}
$thread['subject'] = htmlspecialchars_uni($thread['subject']);
// Get forum info
$fid = $post['fid'];
$forum = get_forum($fid);
if (!$forum || $forum['type'] != "f") {
return xmlrespfalse($lang->error_closedinvalidforum);
}
if ($forum['open'] == 0 || $mybb->user['suspendposting'] == 1) {
return tt_no_permission();
}
$forumpermissions = forum_permissions($fid);
if (!is_moderator($fid, "caneditposts")) {
if ($thread['closed'] == 1) {
return xmlrespfalse($lang->redirect_threadclosed);
}
if ($forumpermissions['caneditposts'] == 0) {
return tt_no_permission();
}
if ($mybb->user['uid'] != $post['uid']) {
return tt_no_permission();
}
// Edit time limit
$time = TIME_NOW;
if ($mybb->settings['edittimelimit'] != 0 && $post['dateline'] < $time - $mybb->settings['edittimelimit'] * 60) {
$lang->edit_time_limit = $lang->sprintf($lang->edit_time_limit, $mybb->settings['edittimelimit']);
return xmlrespfalse($lang->edit_time_limit);
}
}
// Check if this forum is password protected and we have a valid password
tt_check_forum_password($forum['fid']);
if ($forumpermissions['canpostattachments'] != 0) {
// Get a listing of the current attachments, if there are any
$attachcount = 0;
global $attachcache;
$query = $db->simple_select("attachments", "*", "pid='{$pid}'");
$attachments = '';
while ($attachment = $db->fetch_array($query)) {
$attachcache[$attachment['pid']][$attachment['aid']] = $attachment;
$attachcount++;
}
}
$attachment_list = array();
if ($attachcount) {
$attachment_list = process_post_attachments($post['pid'], $post, true);
}
$result = new xmlrpcval(array('post_id' => new xmlrpcval($post['pid'], 'string'), 'post_title' => new xmlrpcval($post['subject'], 'base64'), 'post_content' => new xmlrpcval(tapatalkEmoji::covertNameToEmoji($post['message']), 'base64'), 'attachments' => new xmlrpcval($attachment_list, 'array'), 'group_id' => new xmlrpcval($post['posthash']), 'show_reason' => new xmlrpcval($mybb->settings['alloweditreason'] && version_compare($mybb->version, '1.8.0', '>='), 'boolean'), 'edit_reason' => new xmlrpcval($post['editreason'], 'base64')), 'struct');
return new xmlrpcresp($result);
}
function get_quote_post_func($xmlrpc_params)
{
global $db, $lang, $theme, $plugins, $mybb, $session, $settings, $cache, $time, $mybbgroups;
require_once MYBB_ROOT . $mybb->settings['tapatalk_directory'] . '/emoji/emoji.class.php';
$input = Tapatalk_Input::filterXmlInput(array('post_id' => Tapatalk_Input::STRING), $xmlrpc_params);
$lang->load("newreply");
$parser = new postParser();
$pids = explode('-', $input['post_id']);
$message = '';
foreach ($pids as $pid) {
$query = $db->simple_select("posts", "tid", "pid = '{$pid}'");
if ($db->num_rows($query) == 0) {
return xmlrespfalse("Invalid post");
}
$post = $db->fetch_array($query);
$tid = $post['tid'];
$options = array("limit" => 1);
$query = $db->simple_select("threads", "*", "tid='" . $tid . "'");
if ($db->num_rows($query) == 0) {
return xmlrespfalse($lang->error_invalidthread);
}
$thread = $db->fetch_array($query);
$fid = $thread['fid'];
// Get forum info
$forum = get_forum($fid);
if (!$forum) {
return xmlrespfalse($lang->error_invalidforum);
}
$forumpermissions = forum_permissions($fid);
if ($thread['visible'] == 0 && !is_moderator($fid) || $thread['visible'] < 0) {
return xmlrespfalse($lang->error_invalidthread);
}
if ($forum['open'] == 0 || $forum['type'] != "f") {
return xmlrespfalse($lang->error_closedinvalidforum);
}
if ($mybb->user['uid'] < 1 || $forumpermissions['canview'] == 0 || $forumpermissions['canpostreplys'] == 0 || $mybb->user['suspendposting'] == 1) {
return tt_no_permission();
}
if ($forumpermissions['canonlyviewthreads'] == 1 && $thread['uid'] != $mybb->user['uid']) {
return tt_no_permission();
}
tt_check_forum_password($forum['fid']);
// Check to see if the thread is closed, and if the user is a mod.
if (!is_moderator($fid, "caneditposts")) {
if ($thread['closed'] == 1) {
return xmlrespfalse($lang->redirect_threadclosed);
}
}
// Is the currently logged in user a moderator of this forum?
if (is_moderator($fid)) {
$ismod = true;
} else {
$ismod = false;
}
$unviewable_forums = get_unviewable_forums();
if ($unviewable_forums) {
$unviewable_forums = "AND t.fid NOT IN ({$unviewable_forums})";
}
if (is_moderator($fid)) {
$visible_where = "AND p.visible != 2";
} else {
$visible_where = "AND p.visible > 0";
}
require_once MYBB_ROOT . "inc/functions_posting.php";
$query = $db->query("\n\t\t\tSELECT p.subject, p.message, p.pid, p.tid, p.username, p.dateline, u.username AS userusername\n\t\t\tFROM " . TABLE_PREFIX . "posts p\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "threads t ON (t.tid=p.tid)\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "users u ON (u.uid=p.uid)\n\t\t\tWHERE p.pid = {$pid} {$unviewable_forums} {$visible_where}\n\t\t");
$load_all = intval($mybb->input['load_all_quotes']);
if ($db->num_rows($query) == 0) {
return xmlrespfalse("Invalid post");
}
$quoted_post = $db->fetch_array($query);
// Only show messages for the current thread
if ($quoted_post['tid'] == $tid || $load_all == 1) {
// If this post was the post for which a quote button was clicked, set the subject
if ($pid == $quoted_post['pid']) {
$subject = preg_replace('#RE:\\s?#i', '', $quoted_post['subject']);
$subject = "RE: " . $subject;
}
$message .= parse_quoted_message($quoted_post);
$quoted_ids[] = $quoted_post['pid'];
} else {
++$external_quotes;
}
if ($mybb->settings['maxquotedepth'] != '0') {
$message = remove_message_quotes($message);
}
}
$result = new xmlrpcval(array('post_id' => new xmlrpcval($pid), 'post_title' => new xmlrpcval($subject, 'base64'), 'post_content' => new xmlrpcval(tapatalkEmoji::covertNameToEmoji($message), 'base64')), 'struct');
return new xmlrpcresp($result);
}
