/** * Receives either a template name or an array of template names to be fetched from the API * @param mixed $templateName */ protected function fetchTemplate($templateName) { if (!is_array($templateName)) { $templateName = array($templateName); } $response = Api_InterfaceAbstract::instance()->callApi('template', 'getTemplateIds', array('template_names' => $templateName)); $template_path = vB5_Template_Options::instance()->get('options.template_cache_path'); if (isset($response['ids'])) { foreach ($response['ids'] as $name => $templateid) { $file_name = "template{$templateid}.php"; //this matches the filename logic from template library saveTemplateToFileSystem and needs to //so that we come up with the same file in both cases. $real_path = realpath($template_path); if ($real_path === false) { $real_path = realpath(vB5_Config::instance()->core_path . '/' . $template_path); } if ($real_path === false) { $file = false; } else { $file = $real_path . "/{$file_name}"; } if ($templateid and $file and array_key_exists($templateid, $this->textOnlyTemplates)) { $placeholder = $this->getPlaceholder($templateid, '_to'); $this->textOnlyReplace[$placeholder] = file_get_contents($file); $this->cache[$name] = array('textonly' => 1, 'placeholder' => $placeholder); } else { $this->cache[$name] = $file; } } } }
public static function instance() { if (!isset(self::$instance)) { $c = __CLASS__; self::$instance = new $c(); } return self::$instance; }
public function __construct() { // in collapsed form, we want to be able to load API classes $core_path = vB5_Config::instance()->core_path; vB5_Autoloader::register($core_path); vB::init(); $request = new vB_Request_Test(array('userid' => 1, 'ipAddress' => '127.0.0.1', 'altIp' => '127.0.0.1', 'userAgent' => 'CLI')); vB::setRequest($request); $request->createSession(); }
public function callApi($controller, $method, array $arguments = array(), $useNamedParams = false) { $config = vB5_Config::instance(); // FETCHING INFO FROM API $api = new VB_API_CALLS($config->api_host . '/api.php', $config->api_client, $config->api_client_version, $config->api_platform, $config->api_platform_version, $config->api_key); $response = $api->call($controller . '_' . $method, array(), $arguments); $api_info = $this->obj2array(json_decode($response)); //the api call sets error/exception handlers appropriate to core. We need to reset. set_exception_handler(array('vB5_ApplicationAbstract', 'handleException')); set_error_handler(array('vB5_ApplicationAbstract', 'handleError'), E_WARNING); return $api_info; }
protected function processQueryString() { if (!isset($_SERVER['QUERY_STRING'])) { $_SERVER['QUERY_STRING'] = ''; } parse_str($_SERVER['QUERY_STRING'], $params); if (isset($params['styleid'])) { $styleid = intval($params['styleid']); $styleid = $styleid > 0 ? $styleid : 1; vB5_Cookie::set('userstyleid', $styleid, 0, false); $prefix = vB5_Config::instance()->cookie_prefix; $_COOKIE[$prefix . 'userstyleid'] = $styleid; // set it for the rest of this request as well } }
/** * This enables a light session. The main issue is that we skip testing control panel, last activity, and shutdown queries. */ public function init() { if ($this->initialized) { return true; } //initialize core $core_path = vB5_Config::instance()->core_path; require_once $core_path . '/vb/vb.php'; vB::init(); $request = new vB_Request_WebApi(); vB::setRequest($request); $config = vB5_Config::instance(); $cookiePrefix = $config->cookie_prefix; $checkTimeout = false; if (empty($_COOKIE[$cookiePrefix . 'sessionhash'])) { $sessionhash = false; if (!empty($_REQUEST['s'])) { $sessionhash = (string) $_REQUEST['s']; $checkTimeout = true; } } else { $sessionhash = $_COOKIE[$cookiePrefix . 'sessionhash']; } if (empty($_COOKIE[$cookiePrefix . 'cpsession'])) { $cphash = false; } else { $cphash = $_COOKIE[$cookiePrefix . 'cpsession']; } if (empty($_COOKIE[$cookiePrefix . 'languageid'])) { $languageid = 0; } else { $languageid = $_COOKIE[$cookiePrefix . 'languageid']; } vB_Api_Session::startSessionLight($sessionhash, $cphash, $languageid, $checkTimeout); $this->initialized = true; }
public static function instance($type = NULL) { if (self::$test) { $type = self::API_TEST; } else { if (self::$light) { $type = self::API_LIGHT; } else { if ($type === NULL) { $type = vB5_Config::instance()->collapsed ? self::API_COLLAPSED : self::API_NONCOLLAPSED; } } } if (!isset(self::$instance[$type])) { $c = 'Api_Interface_' . ucfirst($type); if (class_exists($c)) { self::$instance[$type] = new $c(); self::$instance[$type]->init(); } else { throw new Exception("Couldn't find {$type} interface"); } } return self::$instance[$type]; }
/** gets a gallery and returns in json format for slideshow presentation. * ***/ public function actionGallery() { //We need a nodeid if (!empty($_REQUEST['nodeid'])) { $nodeid = $_REQUEST['nodeid']; } else { if (!empty($_REQUEST['id'])) { $nodeid = $_REQUEST['id']; } else { return ''; } } //get the raw data. $api = Api_InterfaceAbstract::instance(); $config = vB5_Config::instance(); $phraseApi = vB5_Template_Phrase::instance(); $gallery = array('photos' => array()); switch (intval($nodeid)) { case 0: case -1: //All Videos throw new vB_Exception_Api('invalid_request'); case -2: //All non-Album photos and attachments if ((empty($_REQUEST['userid']) or !intval($_REQUEST['userid'])) and (empty($_REQUEST['channelid']) or !intval($_REQUEST['channelid']))) { throw new vB_Exception_Api('invalid_request'); } $galleryData = $api->callApi('profile', 'getSlideshow', array(array('userid' => isset($_REQUEST['userid']) ? intval($_REQUEST['userid']) : 0, 'channelid' => isset($_REQUEST['channelid']) ? intval($_REQUEST['channelid']) : 0, 'dateFilter' => isset($_REQUEST['dateFilter']) ? $_REQUEST['dateFilter'] : '', 'searchlimit' => isset($_REQUEST['perpage']) ? $_REQUEST['perpage'] : '', 'startIndex' => isset($_REQUEST['startIndex']) ? $_REQUEST['startIndex'] : ''))); if (empty($galleryData)) { return array(); } foreach ($galleryData as $photo) { $titleVm = !empty($photo['parenttitle']) ? $photo['parenttitle'] : $photo['startertitle']; $route = $photo['routeid']; if ($photo['parenttitle'] == 'No Title' and $photo['parentsetfor'] > 0) { $titleVm = $phraseApi->getPhrase('visitor_message_from_x', array($photo['authorname'])); $route = 'visitormessage'; } $userLink = vB5_Template_Options::instance()->get('options.frontendurl') . $api->callApi('route', 'getUrl', array('route' => 'profile', 'data' => array('userid' => $photo['userid'], 'username' => $photo['authorname']), 'extra' => array())); $topicLink = vB5_Template_Options::instance()->get('options.frontendurl') . '/' . $api->callApi('route', 'getUrl', array('route' => $route, 'data' => array('title' => $titleVm, 'nodeid' => $photo['parentnode']), 'extra' => array())); $title = $photo['title'] != null ? $photo['title'] : ''; $htmltitle = $photo['htmltitle'] != null ? $photo['htmltitle'] : ''; $photoTypeid = vB_Types::instance()->getContentTypeID('vBForum_Photo'); $attachTypeid = vB_Types::instance()->getContentTypeID('vBForum_Attach'); if ($photo['contenttypeid'] === $photoTypeid) { $queryVar = 'photoid'; } else { if ($photo['contenttypeid'] === $attachTypeid) { $queryVar = 'id'; } } $gallery['photos'][] = array('title' => $title, 'htmltitle' => $htmltitle, 'url' => vB5_Template_Options::instance()->get('options.frontendurl') . '/filedata/fetch?' . $queryVar . '=' . intval($photo['nodeid']), 'thumb' => vB5_Template_Options::instance()->get('options.frontendurl') . '/filedata/fetch?' . $queryVar . '=' . intval($photo['nodeid']) . "&thumb=1", 'links' => $phraseApi->getPhrase('photos_by_x_in_y_linked', array($userLink, $photo['authorname'], $topicLink, htmlspecialchars($titleVm))) . "<br />\n"); } $this->sendAsJson($gallery); return; default: $galleryData = $api->callApi('content_gallery', 'getContent', array('nodeid' => $nodeid)); if (!empty($galleryData) and !empty($galleryData[$nodeid]['photo'])) { foreach ($galleryData[$nodeid]['photo'] as $photo) { $userLink = vB5_Template_Options::instance()->get('options.frontendurl') . $api->callApi('route', 'getUrl', array('route' => 'profile', 'data' => array('userid' => $photo['userid'], 'username' => $photo['authorname']), 'extra' => array())); $gallery['photos'][] = array('title' => $photo['title'], 'htmltitle' => $photo['htmltitle'], 'url' => vB5_Template_Options::instance()->get('options.frontendurl') . '/filedata/fetch?photoid=' . intval($photo['nodeid']), 'thumb' => vB5_Template_Options::instance()->get('options.frontendurl') . '/filedata/fetch?photoid=' . intval($photo['nodeid']) . "&thumb=1", 'links' => $phraseApi->getPhrase('photos_by_x_in_y_linked', array($userLink, $photo['authorname'], 'javascript:$(\'#slideshow-dialog\').dialog(\'close\');void(0);', htmlspecialchars($photo['startertitle']))) . "<br />\n"); } $this->sendAsJson($gallery); } return; } }
public function actionLoadPreview() { $input = array('parentid' => isset($_POST['parentid']) ? intval($_POST['parentid']) : 0, 'channelid' => isset($_POST['channelid']) ? intval($_POST['channelid']) : 0, 'pagedata' => isset($_POST['pagedata']) ? (array) $_POST['pagedata'] : array(), 'conversationtype' => isset($_POST['conversationtype']) ? trim(strval($_POST['conversationtype'])) : '', 'posttags' => isset($_POST['posttags']) ? trim(strval($_POST['posttags'])) : '', 'rawtext' => isset($_POST['rawtext']) ? trim(strval($_POST['rawtext'])) : '', 'filedataid' => isset($_POST['filedataid']) ? (array) $_POST['filedataid'] : array(), 'link' => isset($_POST['link']) ? (array) $_POST['link'] : array(), 'poll' => isset($_POST['poll']) ? (array) $_POST['poll'] : array(), 'video' => isset($_POST['video']) ? (array) $_POST['video'] : array(), 'htmlstate' => isset($_POST['htmlstate']) ? trim(strval($_POST['htmlstate'])) : '', 'disable_bbcode' => isset($_POST['disable_bbcode']) ? intval($_POST['disable_bbcode']) : 0); $results = array(); if ($input['parentid'] < 1) { $results['error'] = 'invalid_parentid'; $this->sendAsJson($results); return; } if (!in_array($input['htmlstate'], array('off', 'on_nl2br', 'on'), true)) { $input['htmlstate'] = 'off'; } // when creating a new content item, channelid == parentid $input['channelid'] = $input['channelid'] == 0 ? $input['parentid'] : $input['channelid']; $templateName = 'display_contenttype_conversationreply_'; $templateName .= ucfirst($input['conversationtype']); $api = Api_InterfaceAbstract::instance(); $channelBbcodes = $api->callApi('content_channel', 'getBbcodeOptions', array($input['channelid'])); // The $node['starter'] and $node['nodeid'] values are just there to differentiate starters and replies $node = array('rawtext' => '', 'userid' => vB5_User::get('userid'), 'authorname' => vB5_User::get('username'), 'tags' => $input['posttags'], 'taglist' => $input['posttags'], 'approved' => true, 'created' => time(), 'avatar' => $api->callApi('user', 'fetchAvatar', array('userid' => vB5_User::get('userid'))), 'parentid' => $input['parentid'], 'starter' => $input['channelid'] == $input['parentid'] ? 0 : $input['parentid'], 'nodeid' => $input['channelid'] == $input['parentid'] ? 0 : 1); if ($input['conversationtype'] == 'gallery') { $node['photopreview'] = array(); foreach ($input['filedataid'] as $filedataid) { $node['photopreview'][] = array('nodeid' => $filedataid, 'htmltitle' => isset($_POST['title_' . $filedataid]) ? vB_String::htmlSpecialCharsUni($_POST['title_' . $filedataid]) : ''); //photo preview is up to 3 photos only if (count($node['photopreview']) == 3) { break; } } $node['photocount'] = count($input['filedataid']); } if ($input['conversationtype'] == 'link') { $node['url_title'] = !empty($input['link']['title']) ? $input['link']['title'] : ''; $node['url'] = !empty($input['link']['url']) ? $input['link']['url'] : ''; $node['meta'] = !empty($input['link']['meta']) ? $input['link']['meta'] : ''; $node['previewImage'] = !empty($input['link']['url_image']) ? $input['link']['url_image'] : ''; } if ($input['conversationtype'] == 'poll') { $node['multiple'] = !empty($input['poll']['mutliple']); $node['options'] = array(); if (!empty($input['poll']['options']) and is_array($input['poll']['options'])) { $optionIndex = 1; foreach ($input['poll']['options'] as $option) { $node['options'][] = array('polloptionid' => $optionIndex, 'title' => $option); $optionIndex++; } } $node['permissions']['canviewthreads'] = 1; //TODO: Fix this!! } if ($input['conversationtype'] == 'video') { $node['url_title'] = !empty($input['video']['title']) ? $input['video']['title'] : ''; $node['url'] = !empty($input['video']['url']) ? $input['video']['url'] : ''; $node['meta'] = !empty($input['video']['meta']) ? $input['video']['meta'] : ''; $node['items'] = !empty($input['video']['items']) ? $input['video']['items'] : ''; } try { $results = vB5_Template::staticRenderAjax($templateName, array('nodeid' => $node['nodeid'], 'conversation' => $node, 'currentConversation' => $node, 'bbcodeOptions' => $channelBbcodes, 'pagingInfo' => array(), 'postIndex' => 0, 'reportActivity' => false, 'showChannelInfo' => false, 'showInlineMod' => false, 'commentsPerPage' => 1, 'view' => 'stream', 'previewMode' => true)); } catch (Exception $e) { if (vB5_Config::instance()->debug) { $results['error'] = 'error_rendering_preview_template ' . (string) $e; } else { $results['error'] = 'error_rendering_preview_template'; } $this->sendAsJson($results); return; } $bbcodeoptions = array('allowhtml' => in_array($input['htmlstate'], array('on', 'on_nl2br'), true), 'allowbbcode' => !$input['disable_bbcode'], 'htmlstate' => $input['htmlstate']); $results = array_merge($results, $this->parseBbCodeForPreview(fetch_censored_text($input['rawtext']), $bbcodeoptions)); $this->sendAsJson($results); }
/** * Replaces all template placeholders in $content with the rendered templates * @param string $content */ public function replacePlaceholders(&$content) { // This function procceses subtemplates by level $missing = array_diff(array_keys($this->pending), array_keys($this->cache)); if (!empty($missing)) { $this->fetchTemplate($missing); } // move pending templates to a new variable, so they are not re-processed by subtemplates $levelPending =& $this->pending; unset($this->pending); $this->pending = array(); // This line is important. In BBCode parser, the templates of inner BBCode are registered firstly // So they should be replaced later than the outer BBCode templates. See VBV-4834. if ($this->renderTemplatesInReverseOrder) { $levelPending = array_reverse($levelPending); } foreach ($levelPending as $templateName => $templates) { foreach ($templates as $placeholder => $templateArgs) { $templater = new vB5_Template($templateName); $this->registerTemplateVariables($templater, $templateArgs); try { $replace = $templater->render(false); } catch (vB5_Exception_Api $e) { $e->prependTemplate($templateName); if (isset($templateArgs['isWidget']) and $templateArgs['isWidget']) { $errorTemplate = new vB5_Template(vB5_Template::WIDGET_ERROR_TEMPLATE); // we want to make the registered variables available to error template $this->registerTemplateVariables($errorTemplate, $templateArgs); if (vB5_Config::instance()->debug) { $errorTemplate->register('template', $e->getTemplate()); $errorTemplate->register('controller', $e->getController()); $errorTemplate->register('method', $e->getMethod()); $errorTemplate->register('arguments', print_r($e->getArguments(), true)); $errorTemplate->register('errors', print_r($e->getErrors(), true)); } $err = $e->getErrors(); $isPermissionError = (isset($err[0]) and isset($err[0][0]) and $err[0][0] == 'no_permission'); $errorTemplate->register('isPermissionError', $isPermissionError); $replace = $errorTemplate->render(false); } else { throw $e; } } $content = str_replace($placeholder, $replace, $content); unset($templater); } } }
public static function handleException($exception, $simple = false) { $config = vB5_Config::instance(); if ($config->debug) { echo "Exception " . $exception->getMessage() . ' in file ' . $exception->getFile() . ", line " . $exception->getLine() . "<br />\n" . $exception->getTrace(); } if (!headers_sent()) { // Set HTTP Headers if ($exception instanceof vB5_Exception_404) { header("HTTP/1.0 404 Not Found"); header("Status: 404 Not Found"); } else { header('HTTP/1.1 500 Internal Server Error'); header("Status: 500 Internal Server Error"); } } die; }
} require_once 'includes/vb5/autoloader.php'; vB5_Autoloader::register(dirname(__FILE__)); //For a few set routes we can run a streamlined function. if (vB5_Frontend_ApplicationLight::isQuickRoute()) { $app = vB5_Frontend_ApplicationLight::init('config.php'); if ($app->execute()) { exit; } } $app = vB5_Frontend_Application::init('config.php'); //todo, move this back so we can catch notices in the startup code. For now, we can set the value in the php.ini //file to catch these situations. // We report all errors here because we have to make Application Notice free error_reporting(E_ALL | E_STRICT); $config = vB5_Config::instance(); if (!$config->report_all_php_errors) { // Note that E_STRICT became part of E_ALL in PHP 5.4 error_reporting(E_ALL & ~(E_NOTICE | E_STRICT)); } $routing = $app->getRouter(); $controller = $routing->getController(); $method = $routing->getAction(); $template = $routing->getTemplate(); $class = 'vB5_Frontend_Controller_' . ucfirst($controller); if (!class_exists($class)) { // @todo - this needs a proper error message die("Couldn't find controller file for {$class}"); } vB5_Frontend_ExplainQueries::initialize(); $c = new $class($template);
/** * Builds the Javascript links needed to include the passed JS files in the markup. * * @param array Array of Javascript files * * @return string The complete Javascript links to insert into the markup. */ public function insertJsInclude($scripts) { $this->previouslyIncluded = array_unique(array_merge($this->previouslyIncluded, $scripts)); $config = vB5_Config::instance(); $vboptions = vB5_Template_Options::instance()->getOptions(); $vboptions = $vboptions['options']; if (!isset($this->jsbundles)) { $this->loadJsBundles(); } if ($config->no_js_bundles) { foreach ($scripts as $bundle) { $removed = false; if (strpos($bundle, 'js/') === 0) { $removed = true; $bundle = substr($bundle, 3); } if (isset($this->jsbundles[$bundle])) { foreach ($this->jsbundles[$bundle] as $jsfile) { $expanded[] = $jsfile; } } else { if ($removed) { $expanded[] = 'js/' . $bundle; } else { $expanded[] = $bundle; } } } if (!empty($expanded)) { $scripts = $expanded; } } $baseurl_cdn = $vboptions['cdnurl']; if (empty($baseurl_cdn)) { $baseurl_cdn = $vboptions['frontendurl']; } // Ensure that the scheme (http or https) matches the current page request we're on. // If the login URL uses https, then the resources on that page, in this case the // Javascript, need to use it as well. VBV-12286 $baseurl_cdn = preg_replace('#^https?://#i', '', $baseurl_cdn); $baseurl_cdn = vB::getRequest()->getVbUrlScheme() . '://' . $baseurl_cdn; $simpleversion = $vboptions['simpleversion']; $prescripts = $scripts; $scripts = array(); foreach ($prescripts as $js) { $rollupname = substr($js, 3); if (isset($this->jsbundles[$rollupname])) { $scripts[] = preg_replace("#/([^\\.]+).js#", "/\$1-{$simpleversion}.js", $js); } else { $joinChar = strpos($js, '?') === false ? '?' : '&'; $scripts[] = $js . $joinChar . 'v=' . $simpleversion; } } $replace = ''; $loaded = array(); foreach ($scripts as $js) { if (!in_array($js, $loaded)) { $replace .= '<script type="text/javascript" src="' . $baseurl_cdn . "/{$js}\"></script>\n"; $loaded[] = $js; } } return $replace; }
protected function parseBbCodeForPreview($rawText, $options = array()) { $results = array(); if (empty($rawText)) { $results['parsedText'] = $rawText; return $results; } // parse bbcode in text try { $results['parsedText'] = vB5_Frontend_Controller_Bbcode::parseWysiwygForPreview($rawText, $options); } catch (Exception $e) { $results['error'] = 'error_parsing_bbcode_for_preview'; if (vB5_Config::instance()->debug) { $results['error_trace'] = (string) $e; } } return $results; }
public static function finish() { if (vB5_Config::instance()->debug && isset($_GET['explain']) && $_GET['explain'] == 1) { // @todo not implemented for in MySQLi $data = vB::getDbAssertor()->getDBConnection()->getExplain(); if (!$data) { // debug is on in presentation, but not in core // display site like normal echo ob_get_clean(); return; } else { ob_end_clean(); } header('Content-Type: text/html'); echo ' <html> <head> <title>vBulletin - Explain SQL Queries (' . count($data['explain']) . ')</title> <style type="text/css"> body { background: #EEE; } body, p, td, th, h1, h4 { font-family: verdana, sans-serif; font-size: 10pt; text-align: left; } .query { background: #FFF; border: 1px solid red; margin: 0 0 10px 0; padding: 10px; } .query h4 { margin: 0 0 10px 0; } .query pre {display:block;overflow:auto;border:1px solid black;margin:0 0 10px 0;padding:10px;background:#F6F6F6;} .query pre.trace {height: 30px; cursor: pointer; margin: 10px 0 0 0; background: #FCFCFC;} .query ul {padding:0;margin:0;list-style:none;} .query table {margin:0 0 10px 0;background:#000;} .query table th {background:#F6F6F6;text-align:left;} .query table td {background:#FFF;} </style> </head> <body> <h1>vBulletin - Explain SQL Queries (' . count($data['explain']) . ')</h1> '; if (!empty($data['describe'])) { echo '<div class="query">'; echo '<h4>Describe Queries: (Included in the full listing of queries below)</h4><ul>'; foreach ($data['describe'] as $describe) { echo '<li>' . htmlspecialchars($describe) . '</li>'; } echo '</ul>'; echo '</div>'; } if (!empty($data['duplicates'])) { echo '<div class="query">'; echo '<h4>Duplicate Queries: (Exact textual duplicates, also included in the full listing of queries below)</h4><ul>'; foreach ($data['duplicates'] as $duplicate) { echo '<li>Times run: ' . $duplicate['count'] . '<pre>' . htmlspecialchars($duplicate['query']) . '</pre></li>'; } echo '</ul>'; echo '</div>'; } foreach ($data['explain'] as $i => $query) { echo ' <div class="query"> <h4>SQL Query #' . ($i + 1) . '</h4> <pre>' . htmlspecialchars($query['query']) . '</pre> ' . $query['explain'] . ' <ul> <li>Time Before: ' . $query['timeStart'] . '</li> <li>Time After: ' . $query['timeStop'] . '</li> <li>Time Taken: ' . $query['timeTaken'] . '</li> <li>Memory Before: ' . $query['memoryStart'] . '</li> <li>Memory After: ' . $query['memoryStop'] . '</li> <li>Memory Used: ' . $query['memoryUsed'] . '</li> </ul> <pre class="trace" onclick="this.style.height=\'auto\';this.style.cursor=\'auto\';this.onclick=null;">' . self::formatTrace($query['trace']) . '</pre> </div> '; } $overall = $data['sqltime'] + $data['phptime']; echo '<h1>' . count($data['explain']) . ' Queries Run : Total SQL time was ' . number_format($data['sqltime'], 6) . ' seconds , Total PHP time was ' . number_format($data['phptime'], 6) . ' seconds , Overall time was ' . number_format($overall, 6) . ' seconds.</h1><br />'; echo '</body></html>'; } }
public function index($pageid) { //the api init can redirect. We need to make sure that happens before we echo anything $api = Api_InterfaceAbstract::instance(); $top = ''; // We should not cache register page for guest. See VBV-7695. if (vB5_Request::get('cachePageForGuestTime') > 0 and !vB5_User::get('userid') and (empty($_REQUEST['routestring']) or $_REQUEST['routestring'] != 'register' and $_REQUEST['routestring'] != 'lostpw')) { // languageid should be in the pagekey to fix VBV-8095 $fullPageKey = 'vBPage_' . md5(serialize($_REQUEST)) . '_' . vB::getCurrentSession()->get('languageid'); $styleid = vB5_Cookie::get('userstyleid', vB5_Cookie::TYPE_UINT); if (!empty($styleid)) { $fullPageKey .= '_' . $styleid; } $fullPage = vB_Cache::instance(vB_Cache::CACHE_LARGE)->read($fullPageKey); if (!empty($fullPage)) { echo $fullPage; exit; } } $preheader = vB5_ApplicationAbstract::getPreheader(); $top .= $preheader; if (vB5_Request::get('useEarlyFlush')) { echo $preheader; flush(); } $router = vB5_ApplicationAbstract::instance()->getRouter(); $arguments = $router->getArguments(); $userAction = $router->getUserAction(); $pageKey = $router->getPageKey(); $api->callApi('page', 'preload', array($pageKey)); if (!empty($userAction)) { $api->callApi('wol', 'register', array($userAction['action'], $userAction['params'], $pageKey, vB::getRequest()->getScriptPath(), !empty($arguments['nodeid']) ? $arguments['nodeid'] : 0)); } if (isset($arguments['pagenum'])) { $arguments['pagenum'] = intval($arguments['pagenum']) > 0 ? intval($arguments['pagenum']) : 1; } $pageid = (int) (isset($arguments['pageid']) ? $arguments['pageid'] : (isset($arguments['contentid']) ? $arguments['contentid'] : 0)); if ($pageid < 1) { // @todo This needs to output a user-friendly "page not found" page throw new Exception('Could not find page.'); } $page = $api->callApi('page', 'fetchPageById', array($pageid, $arguments)); if (!$page) { // @todo This needs to output a user-friendly "page not found" page throw new Exception('Could not find page.'); } // Go to the first new / unread post for this user in this topic if (!empty($_REQUEST['goto']) and $_REQUEST['goto'] == 'newpost' and !empty($arguments['nodeid']) and !empty($arguments['channelid'])) { if ($this->vboptions['threadmarking'] and vB5_User::get('userid')) { // Database read marking $channelRead = $api->callApi('node', 'getNodeReadTime', array($arguments['channelid'])); $topicRead = $api->callApi('node', 'getNodeReadTime', array($arguments['nodeid'])); $topicView = max($topicRead, $channelRead, time() - $this->vboptions['markinglimit'] * 86400); } else { // Cookie read marking $topicView = intval(vB5_Cookie::fetchBbarrayCookie('discussion_view', $arguments['nodeid'])); if (!$topicView) { $topicView = vB5_User::get('lastvisit'); } } $topicView = intval($topicView); // Get the first unread reply $goToNodeId = $api->callApi('node', 'getFirstChildAfterTime', array($arguments['nodeid'], $topicView)); if (empty($goToNodeId)) { $thread = $api->callApi('node', 'getNodes', array(array($arguments['nodeid']))); if (!empty($thread) and isset($thread[$arguments['nodeid']])) { $goToNodeId = $thread[$arguments['nodeid']]['lastcontentid']; } } if ($goToNodeId) { // Redirect to the new post $urlCache = vB5_Template_Url::instance(); $urlKey = $urlCache->register($router->getRouteId(), array('nodeid' => $arguments['nodeid']), array('p' => $goToNodeId)); $replacements = $urlCache->finalBuildUrls(array($urlKey)); $url = $replacements[$urlKey]; if ($url) { $url .= '#post' . $goToNodeId; if (headers_sent()) { echo '<script type="text/javascript">window.location = "' . $url . '";</script>'; } else { header('Location: ' . $url); } exit; } } } $page['routeInfo'] = array('routeId' => $router->getRouteId(), 'arguments' => $arguments, 'queryParameters' => $router->getQueryParameters()); $page['crumbs'] = $router->getBreadcrumbs(); $page['headlinks'] = $router->getHeadLinks(); $page['pageKey'] = $pageKey; // default value for pageSchema $page['pageSchema'] = 'http://schema.org/WebPage'; $queryParameters = $router->getQueryParameters(); /* * VBV-12506 * this is where we would add other things to clean up dangerous query params. * For VBV-12486, I'll just unset anything here that can't use vb:var in the templates, * but really we should just make a whitelist of expected page object parameters that * come from the query string and unset EVERYTHING else. For the expected ones, we * should also force the value into the expected (and hopefully safer) range */ /* * VBV-12506 * $doNotReplaceWithQueryParams is a list of parameters that the page object usually * gets naturally/internally, and we NEVER want to replace with a user provided query * parameter. (In fact, *when* exactly DO we want to do this???) * If we don't do this, it's a potential XSS vulnerability for the items that we * cannot send through vb:var for whatever reason (title for ex) * and even if they *are* sent through vb:var, the replacements can sometimes just * break the page even when it's sent through vb:var (for example, ?pagetemplateid=%0D, * the new line this inserts in var pageData = {...} in the header template tends to * break things (tested on Chrome). * Furthermore, any script that uses the pageData var would get the user injected data * that might cause more problems down the line. * Parameter Notes: * 'titleprefix' * As these two should already be html escaped, we don't want to double escape * them. So we can't us vb:var in the templates. As such, we must prevent a * malicious querystring from being injected into the page object here. * 'title' * Similar to above, but channels are allowed to have HTML in the title, so * they are intentinoally not escaped in the DB, and the templates can't use * vb:var. * 'pageid', 'channelid', 'nodeid' * These are usually set in the arguments, so the array_merge below usually * takes care of not passing a pageid query string through to the page object, * but I'm leaving them in just in case. */ $doNotReplaceWithQueryParams = array('titleprefix', 'title', 'pageid', 'channelid', 'nodeid', 'pagetemplateid', 'url', 'pagenum', 'tagCloudTitle'); foreach ($doNotReplaceWithQueryParams as $key) { unset($queryParameters[$key]); } $arguments = array_merge($queryParameters, $arguments); foreach ($arguments as $key => $value) { $page[$key] = $value; } $options = vB5_Template_Options::instance(); $page['phrasedate'] = $options->get('miscoptions.phrasedate'); $page['optionsdate'] = $options->get('miscoptions.optionsdate'); // if no meta description, use node data or global one instead, prefer node data if (empty($page['metadescription']) and !empty($page['nodedescription'])) { $page['metadescription'] = $page['nodedescription']; } if (empty($page['metadescription'])) { $page['metadescription'] = $options->get('options.description'); } $config = vB5_Config::instance(); // Non-persistent notices @todo - change this to use vB_Cookie $page['ignore_np_notices'] = vB5_ApplicationAbstract::getIgnoreNPNotices(); $templateCache = vB5_Template_Cache::instance(); $templater = new vB5_Template($page['screenlayouttemplate']); //IMPORTANT: If you add any variable to the page object here, // please make sure you add them to other controllers which create page objects. // That includes at a minimum the search controller (in two places currently) // and vB5_ApplicationAbstract::showErrorPage $templater->registerGlobal('page', $page); $page = $this->outputPage($templater->render(), false); $fullPage = $top . $page; if (!empty($fullPageKey) and is_string($fullPageKey)) { vB_Cache::instance(vB_Cache::CACHE_LARGE)->write($fullPageKey, $fullPage, vB5_Request::get('cachePageForGuestTime'), 'vbCachedFullPage'); } // these are the templates rendered for this page $loadedTemplates = vB5_Template::getRenderedTemplates(); $api->callApi('page', 'savePreCacheInfo', array($pageKey)); if (!vB5_Request::get('useEarlyFlush')) { echo $fullPage; } else { echo $page; } }
protected static function loadConfig() { if (self::$cookiePrefix !== null) { return; } $config = vB5_Config::instance(); // these could potentially all be config options self::$enabled = $config->cookie_enabled !== false; self::$cookiePrefix = $config->cookie_prefix; $options = vB5_Template_Options::instance(); self::$path = $options->get('options.cookiepath'); self::$domain = $options->get('options.cookiedomain'); self::$secure = ((isset($_SERVER['SERVER_PORT']) and 443 === intval($_SERVER['SERVER_PORT']) or isset($_SERVER['HTTPS']) and $_SERVER['HTTPS'] and $_SERVER['HTTPS'] != 'off') and (isset($url['scheme']) and $url['scheme'] == 'https')); }
/** * Returns a string containing the rendered template * @see vB5_Frontend_Controller_Ajax::actionRender * @see vB5_Frontend_Controller_Page::renderTemplate * @param string $templateName * @param array $data * @param bool $isParentTemplate * @param bool $isAjaxTemplateRender - true if we are rendering for a call to /ajax/render/ and we want CSS <link>s separate * @return string */ public static function staticRender($templateName, $data = array(), $isParentTemplate = true, $isAjaxTemplateRender = false) { if (empty($templateName)) { return null; } $templater = new vB5_Template($templateName); foreach ($data as $varname => $value) { $templater->register($varname, $value); } $core_path = vB5_Config::instance()->core_path; vB5_Autoloader::register($core_path); $result = $templater->render($isParentTemplate, $isAjaxTemplateRender); return $result; }
public function relay($file) { $filePath = vB5_Config::instance()->core_path . '/' . $file; if ($file and file_exists($filePath)) { require_once $filePath; } else { // todo: redirect to 404 page instead throw new vB5_Exception_404("invalid_page_url"); } }
public static function buildUrlAdmincpTemp($route, array $parameters = array()) { $config = vB5_Config::instance(); static $baseurl = null; if ($baseurl === null) { $baseurl = vB5_Template_Options::instance()->get('options.frontendurl'); } // @todo: this might need to be a setting $admincp_directory = 'admincp'; // @todo: This would be either index.php or empty, depending on use of mod_rewrite $index_file = 'index.php'; $url = "{$baseurl}/{$admincp_directory}/{$index_file}"; if (!empty($route)) { $url .= '/' . htmlspecialchars($route); } if (!empty($parameters)) { $url .= '?' . http_build_query($parameters, '', '&'); } return $url; }
public static function getIgnoreNPNotices() { $cookiekey = vB5_Config::instance()->cookie_prefix . 'np_notices_displayed'; if (isset($_COOKIE[$cookiekey])) { return explode(',', $_COOKIE[$cookiekey]); } else { return array(); } }
/** * Constructor. Sets up the tag list. * * @param bool Whether to append customer user tags to the tag list */ public function __construct($appendCustomTags = true) { if (!self::$initialized) { self::$config = vB5_Config::instance(); $response = Api_InterfaceAbstract::instance()->callApi('bbcode', 'initInfo'); self::$defaultTags = $response['defaultTags']; self::$customTags = $response['customTags']; self::$defaultOptions = $response['defaultOptions']; self::$smilies = $response['smilies']; self::$censorship = $response['censorship']; self::$sessionUrl = $response['sessionUrl']; self::$blankAsciiStrip = $response['blankAsciiStrip']; self::$wordWrap = $response['wordWrap']; self::$bbUrl = $response['bbUrl']; self::$viewAttachedImages = $response['viewAttachedImages']; self::$urlNoFollow = $response['urlNoFollow']; self::$urlNoFollowWhiteList = $response['urlNoFollowWhiteList']; self::$vBHttpHost = $response['vBHttpHost']; self::$useFileAvatar = $response['useFileAvatar']; self::$sigpicUrl = $response['sigpicUrl']; self::$initialized = true; } $this->tag_list = self::$defaultTags; if ($appendCustomTags) { $this->tag_list = vB5_Array::arrayReplaceRecursive($this->tag_list, self::$customTags); } // Legacy Hook 'bbcode_create' Removed // }
public function actionGetUploader() { $config = vB5_Config::instance(); $templater = new vB5_Template('attach_uploader'); $this->outputPage($templater->render()); }