/** * Returns permission values of a group of nodes for current user. * @param string $group * @param string $permission * @param array $nodeIds * @return mixed - Boolean or integer * @see vB_Api_User::hasPermissions */ public function havePermissions($group, $permission, $nodeIds = array()) { if (empty($nodeIds)) { return array(); } $cleaner = vB::get_cleaner(); $nodeIds = $cleaner->clean($nodeIds, vB_Cleaner::TYPE_ARRAY_INT); $result = array(); foreach ($nodeIds as $nodeId) { $result[$nodeId] = $this->hasPermissions($group, $permission, $nodeId); } return $result; }
/** * Verifies that the supplied data is one of the fields used by this object * * Also ensures that the data is of the correct type, * and attempts to correct errors in the supplied data. * * @param string The name of the field to which the supplied data should be applied * @param mixed The data itself * @param boolean Whether to verify the data with the appropriate function. Data is still cleaned though. * * @return boolean Returns true if the data is one of the fields used by this object, and is the correct type (or has been successfully corrected to be so) */ function verify($fieldname, &$value, $doverify = true) { if (isset($this->validfields["{$fieldname}"])) { $field =& $this->validfields["{$fieldname}"]; // clean the value according to its type $value = vB::get_cleaner()->clean($value, $field[vB_DataManager_Constants::VF_TYPE]); if ($doverify and isset($field[vB_DataManager_Constants::VF_CODE])) { if ($field[vB_DataManager_Constants::VF_CODE] === vB_DataManager_Constants::VF_METHOD) { if (isset($field[vB_DataManager_Constants::VF_METHODNAME])) { return $this->{$field[vB_DataManager_Constants::VF_METHODNAME]}($value); } else { return $this->{'verify_' . $fieldname}($value); } } else { $lamdafunction = create_function('&$data, &$dm', $field[vB_DataManager_Constants::VF_CODE]); return $lamdafunction($value, $this); } } else { return true; } } else { trigger_error("Field <em>{$fieldname}</em> is not defined in <em>\$validfields</em> in class <strong>" . get_class($this) . "</strong>", E_USER_ERROR); return false; } }
/** * Verifies that the provided birthday is valid * * @param mixed Birthday - can be yyyy-mm-dd, mm-dd-yyyy or an array containing day/month/year and converts it into a valid yyyy-mm-dd * * @return boolean */ function verify_birthday(&$birthday) { if (!$this->adminoverride and $this->options['reqbirthday']) { // required birthday. If current birthday is acceptable, don't go any further (bypass form manipulation) $bday = explode('-', $this->existing['birthday']); if ($bday[2] > 1901 and $bday[2] <= date('Y') and @checkdate($bday[0], $bday[1], $bday[2])) { $this->set('birthday_search', $bday[2] . '-' . $bday[0] . '-' . $bday[1]); $birthday = "{$bday['0']}-{$bday['1']}-{$bday['2']}"; return true; } } if (!is_array($birthday)) { // check for yyyy-mm-dd string if (preg_match('#^(\\d{4})-(\\d{1,2})-(\\d{1,2})$#', $birthday, $match)) { $birthday = array('day' => $match[3], 'month' => $match[2], 'year' => $match[1]); } else { if (preg_match('#^(\\d{1,2})-(\\d{1,2})-(\\d{4})$#', $birthday, $match)) { $birthday = array('day' => $match[2], 'month' => $match[1], 'year' => $match[3]); } } } // check that all neccessary array keys are set if (!is_array($birthday) or !isset($birthday['day']) or !isset($birthday['month']) or !isset($birthday['year'])) { $this->error('birthdayfield'); return false; } // force all array keys to integer $birthday = vB::get_cleaner()->cleanArray($birthday, array('day' => vB_Cleaner::TYPE_INT, 'month' => vB_Cleaner::TYPE_INT, 'year' => vB_Cleaner::TYPE_INT)); if ($birthday['day'] <= 0 and $birthday['month'] > 0 or $birthday['day'] > 0 and $birthday['month'] <= 0 or !$this->adminoverride and $this->options['reqbirthday'] and ($birthday['day'] <= 0 or $birthday['month'] <= 0 or $birthday['year'] <= 0)) { $this->error('birthdayfield'); return false; } if ($birthday['day'] <= 0 and $birthday['month'] <= 0) { $this->set('birthday_search', ''); $birthday = ''; return true; } else { if (($birthday['year'] <= 0 or $birthday['year'] > 1901 and $birthday['year'] <= date('Y')) and checkdate($birthday['month'], $birthday['day'], $birthday['year'] == 0 ? 1996 : $birthday['year'])) { $birthday['day'] = str_pad($birthday['day'], 2, '0', STR_PAD_LEFT); $birthday['month'] = str_pad($birthday['month'], 2, '0', STR_PAD_LEFT); $birthday['year'] = str_pad($birthday['year'], 4, '0', STR_PAD_LEFT); $this->set('birthday_search', $birthday['year'] . '-' . $birthday['month'] . '-' . $birthday['day']); $birthday = "{$birthday['month']}-{$birthday['day']}-{$birthday['year']}"; return true; } else { $this->error('birthdayfield'); return false; } } }
/** * Fetches and parses to html signatures * * @param array $userIds * @param array $rawSignatures (Optional) Raw signatures to avoid fetching them again * * @return array the parsed (html) signatures keyed by the userid. */ public function parseSignatures($userIds, $rawSignatures = array()) { $cleaner = vB::get_cleaner(); $userIds = $cleaner->clean($userIds, vB_Cleaner::TYPE_ARRAY_INT); $rawSignatures = $cleaner->clean($rawSignatures, vB_Cleaner::TYPE_ARRAY_STR); if (empty($userIds)) { return array(); } $result = array(); // if we know the signature is empty, we don't even need to query cache if (!empty($rawSignatures)) { foreach ($rawSignatures as $userId => $rawSignature) { if (empty($rawSignature)) { $result[$userId] = ''; } } } $remainingUserIds = array_diff($userIds, array_keys($result)); if (empty($remainingUserIds)) { return $result; } // now query cache $cacheKeys = array(); foreach ($remainingUserIds as $userId) { $cacheKeys["vbSig_{$userId}"] = $userId; } $cache = vB_Cache::instance(vB_Cache::CACHE_STD); $cachedSignatures = $cache->read(array_keys($cacheKeys)); if ($cachedSignatures) { foreach ($cachedSignatures as $cacheKey => $cache) { if ($cache !== false) { //note that the cache value is the sig string and not the siginfo array. $result[$cacheKeys[$cacheKey]] = $cache; } } } $remainingUserIds = array_diff($remainingUserIds, array_keys($result)); if (empty($remainingUserIds)) { return $result; } // if we still need signatures do the parsing foreach ($remainingUserIds as $userId) { if (isset($rawSignatures[$userId])) { $sigInfo = $this->doParseSignature($userId, $rawSignatures[$userId]); } else { $sigInfo = $this->doParseSignature($userId); } $result[$userId] = $sigInfo['signature']; } return $result; }
/** * This checks whether a user needs COPPA approval based on birthdate. Responds to Ajax call * * @param mixed $dateInfo array of month/day/year. * @return int 0 - no COPPA needed, 1- Approve but require adult validation, 2- Deny */ public function needsCoppa($dateInfo) { $options = vB::getDatastore()->get_value('options'); $cleaner = vB::get_cleaner(); if ((bool) $options['usecoppa']) { // date can come as a unix timestamp, or an array, or 'YYYY-MM-DD' if (is_array($dateInfo)) { $dateInfo = $cleaner->cleanArray($dateInfo, array('day' => vB_Cleaner::TYPE_UINT, 'month' => vB_Cleaner::TYPE_UINT, 'year' => vB_Cleaner::TYPE_UINT)); $birthdate = mktime(0, 0, 0, $dateInfo['month'], $dateInfo['day'], $dateInfo['year']); } else { if (strlen($dateInfo) == 10) { $birthdate = strtotime($dateInfo); } else { if (intval($dateInfo)) { $birthdate = intval($dateInfo); } else { return true; } } } if (empty($dateInfo)) { return $options['usecoppa']; } $request = vB::getRequest(); if (empty($request)) { // mainly happens in test- should never happen in production. $cutoff = strtotime(date("Y-m-d", time()) . '- 13 years'); } else { $cutoff = strtotime(date("Y-m-d", vB::getRequest()->getTimeNow()) . '- 13 years'); } if ($birthdate > $cutoff) { return $options['usecoppa']; } } return 0; }
/** * This creates a new message folder. It returns false if the record already exists and the id if it is able to create the folder * @return int */ public function createMessageFolder($folderName, $userid) { $cleaner = vB::get_cleaner(); $foldername = $cleaner->clean($folderName, $vartype = vB_Cleaner::TYPE_NOHTML); $this->checkFolders($userid); if (!in_array($foldername, $this->folders[$userid]['folders'])) { $data = array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_INSERT, 'userid' => $userid, 'title' => $foldername); //We need for the new folder to be sorted correctly. Easiest to unset, and if needed the folders will be rebuilt. unset($this->folders[$userid]); return $this->assertor->assertQuery('vBForum:messagefolder', $data); } }
protected function resolveRequestUrl() { // Ports which will not be appended to the URL $ignore_ports = array(80, 443); $config = vB::getConfig(); $backend_ports = @$config['Misc']['backendports']; if (!empty($backend_ports)) { $ignore_ports = array_merge($ignore_ports, $backend_ports); } // Numerical port this request came from, may be a backend port $rawport = 80; // Will contain the port portion of the built URL, default empty $port = ''; if (!empty($_SERVER['SERVER_PORT'])) { $rawport = intval($_SERVER['SERVER_PORT']); $port = in_array($rawport, $ignore_ports) ? '' : ':' . $rawport; } // resolve the request scheme $scheme = ($rawport == 443 or !empty($_SERVER['HTTPS']) and $_SERVER['HTTPS'] !== 'off') ? 'https://' : 'http://'; $host = $this->fetchServerValue('HTTP_HOST'); $name = $this->fetchServerValue('SERVER_NAME'); // If host exists use it, otherwise fallback to servername. $host = !empty($host) ? $host : $name; // resolve the query $query = ($query = $this->fetchServerValue('QUERY_STRING')) ? '?' . $query : ''; // resolve the path and query if (!($scriptpath = $this->fetchServerValue('REQUEST_URI'))) { if (!($scriptpath = $this->fetchServerValue('UNENCODED_URL'))) { $scriptpath = $this->fetchServerValue('HTTP_X_REWRITE_URL'); } } if ($scriptpath) { // already have the query if ($scriptpath) { $query = ''; } } else { // server hasn't provided a URI, try to resolve one if (!($scriptpath = $this->fetchServerValue('PATH_INFO'))) { if (!($scriptpath = $this->fetchServerValue('REDIRECT_URL'))) { if (!($scriptpath = $this->fetchServerValue('URL'))) { if (!($scriptpath = $this->fetchServerValue('PHP_SELF'))) { $scriptpath = $this->fetchServerValue('SCRIPT_NAME'); } } } } } // build the URL $url = $scheme . $host . '/' . ltrim($scriptpath, '/\\') . $query; // store a literal version $vbUrl = $url; if (!defined('VB_URL')) { define('VB_URL', $vbUrl); } $vbUrlRelativePath = ''; // Set URL info $url_info = @vB_String::parseUrl($vbUrl); $url_info['path'] = '/' . ltrim($url_info['path'], '/\\'); $url_info['query_raw'] = isset($url_info['query']) ? $url_info['query'] : ''; $url_info['query'] = self::stripSessionhash($url_info['query_raw']); $url_info['query'] = trim($url_info['query'], '?&') ? $url_info['query'] : ''; $url_info['scheme'] = substr($scheme, 0, strlen($scheme) - 3); /* values seen in the wild: CGI+suexec: SCRIPT_NAME: /vb4/admincp/index.php ORIG_SCRIPT_NAME: /cgi-sys/php53-fcgi-starter.fcgi CGI #1: SCRIPT_NAME: /index.php ORIG_SCRIPT_NAME: /search/foo CGI #2: SCRIPT_NAME: /index.php/search/foo ORIG_SCRIPT_NAME: /index.php */ if (substr(PHP_SAPI, -3) == 'cgi' and (isset($_SERVER['ORIG_SCRIPT_NAME']) and !empty($_SERVER['ORIG_SCRIPT_NAME']))) { if (substr($_SERVER['SCRIPT_NAME'], 0, strlen($_SERVER['ORIG_SCRIPT_NAME'])) == $_SERVER['ORIG_SCRIPT_NAME']) { // cgi #2 above $url_info['script'] = $_SERVER['ORIG_SCRIPT_NAME']; } else { // cgi #1 and CGI+suexec above $url_info['script'] = $_SERVER['SCRIPT_NAME']; } } else { $url_info['script'] = (isset($_SERVER['ORIG_SCRIPT_NAME']) and !empty($_SERVER['ORIG_SCRIPT_NAME'])) ? $_SERVER['ORIG_SCRIPT_NAME'] : $_SERVER['SCRIPT_NAME']; } $url_info['script'] = '/' . ltrim($url_info['script'], '/\\'); // define constants $this->vBUrlScheme = $url_info['scheme']; $vBUrlScriptPath = rtrim(dirname($url_info['script']), '/\\') . '/'; $this->vBUrlPath = urldecode($url_info['path']); if (!defined('VB_URL_PATH')) { define('VB_URL_PATH', $this->vBUrlPath); } $this->vBUrlQuery = $url_info['query'] ? $url_info['query'] : ''; if (!defined('VB_URL_QUERY')) { define('VB_URL_QUERY', $this->vBUrlQuery); } $this->vBUrlQueryRaw = $url_info['query_raw']; if (!defined('VB_URL_QUERY_RAW')) { define('VB_URL_QUERY_RAW', $this->vBUrlQueryRaw); } $cleaner = vB::get_cleaner(); $this->vBUrlClean = $cleaner->xssClean(self::stripSessionhash($vbUrl)); if (!defined('VB_URL_CLEAN')) { define('VB_URL_CLEAN', $this->vBUrlClean); } $this->vBUrlWebroot = $cleaner->xssClean($this->vBUrlScheme . '://' . $url_info['host'] . $port); $this->vBUrlBasePath = $cleaner->xssClean($this->vBUrlScheme . '://' . $url_info['host'] . $port . $vBUrlScriptPath . $vbUrlRelativePath); if (!defined('VB_URL_BASE_PATH')) { define('VB_URL_BASE_PATH', $this->vBUrlBasePath); } $this->scriptPath = $cleaner->xssClean($this->addQuery($this->vBUrlPath)); // legacy constants if (!defined('SCRIPT')) { define('SCRIPT', $_SERVER['SCRIPT_NAME']); } if (!defined('SCRIPTPATH')) { define('SCRIPTPATH', $this->scriptPath); } if (!empty($url_info) and !empty($url_info['host'])) { $this->vBHttpHost = $url_info['host']; if (!defined('VB_HTTP_HOST')) { define('VB_HTTP_HOST', $this->vBHttpHost); } } }
/** * Updates the title * * @param string The folder name * @param int The folder ID * * @return array The array of folder information for this folder. */ public function updateFolderTitle($folderName, $folderid) { if (!$this->canUsePmSystem()) { throw new vB_Exception_Api('not_logged_no_permission'); } $userid = vB::getCurrentSession()->get('userid'); $this->library->checkFolders($userid); if (empty($folderid) or empty($folderName)) { throw new vB_Exception_Api('invalid_data'); } $cleaner = vB::get_cleaner(); $foldername = $cleaner->clean($folderName, $vartype = vB_Cleaner::TYPE_NOHTML); $folderid = intval($folderid); $folders = $this->library->fetchFolders($userid); if (!array_key_exists($folderid, $folders['folders']) or in_array($folderid, $folders['systemfolders'])) { throw new vB_Exception_Api('invalid_data'); } if (empty($foldername) or strlen($foldername) > 512) { throw new vB_Exception_Api('invalid_msgfolder_name'); } //If we got here we have valid data. return $this->assertor->assertQuery('vBForum:messagefolder', array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_UPDATE, vB_dB_Query::CONDITIONS_KEY => array('folderid' => $folderid), 'title' => $foldername)); }
/** * Get the return url for the tag UI * * This is where we go when we finish saving tag changes. * */ public function fetchReturnUrl() { $cleaner = vB::get_cleaner(); $cleaned = $cleaner->clean('returnurl', vB_Cleaner::TYPE_STR); if ($cleaned['returnurl']) { return $cleaned['returnurl']; } else { return ""; } }