/**
* Receives either a template name or an array of template names to be fetched from the API
* @param mixed $templateName
*/
protected function fetchTemplate($templateName)
{
if (!is_array($templateName)) {
$templateName = array($templateName);
}
$response = Api_InterfaceAbstract::instance()->callApi('template', 'getTemplateIds', array('template_names' => $templateName));
$template_path = vB5_Template_Options::instance()->get('options.template_cache_path');
if (isset($response['ids'])) {
foreach ($response['ids'] as $name => $templateid) {
$file_name = "template{$templateid}.php";
//this matches the filename logic from template library saveTemplateToFileSystem and needs to
//so that we come up with the same file in both cases.
$real_path = realpath($template_path);
if ($real_path === false) {
$real_path = realpath(vB5_Config::instance()->core_path . '/' . $template_path);
}
if ($real_path === false) {
$file = false;
} else {
$file = $real_path . "/{$file_name}";
}
if ($templateid and $file and array_key_exists($templateid, $this->textOnlyTemplates)) {
$placeholder = $this->getPlaceholder($templateid, '_to');
$this->textOnlyReplace[$placeholder] = file_get_contents($file);
$this->cache[$name] = array('textonly' => 1, 'placeholder' => $placeholder);
} else {
$this->cache[$name] = $file;
}
}
}
}
public static function instance()
{
if (!isset(self::$instance)) {
$c = __CLASS__;
self::$instance = new $c();
}
return self::$instance;
}
public function __construct()
{
// in collapsed form, we want to be able to load API classes
$core_path = vB5_Config::instance()->core_path;
vB5_Autoloader::register($core_path);
vB::init();
$request = new vB_Request_Test(array('userid' => 1, 'ipAddress' => '127.0.0.1', 'altIp' => '127.0.0.1', 'userAgent' => 'CLI'));
vB::setRequest($request);
$request->createSession();
}
public function callApi($controller, $method, array $arguments = array(), $useNamedParams = false)
{
$config = vB5_Config::instance();
// FETCHING INFO FROM API
$api = new VB_API_CALLS($config->api_host . '/api.php', $config->api_client, $config->api_client_version, $config->api_platform, $config->api_platform_version, $config->api_key);
$response = $api->call($controller . '_' . $method, array(), $arguments);
$api_info = $this->obj2array(json_decode($response));
//the api call sets error/exception handlers appropriate to core. We need to reset.
set_exception_handler(array('vB5_ApplicationAbstract', 'handleException'));
set_error_handler(array('vB5_ApplicationAbstract', 'handleError'), E_WARNING);
return $api_info;
}
protected function processQueryString()
{
if (!isset($_SERVER['QUERY_STRING'])) {
$_SERVER['QUERY_STRING'] = '';
}
parse_str($_SERVER['QUERY_STRING'], $params);
if (isset($params['styleid'])) {
$styleid = intval($params['styleid']);
$styleid = $styleid > 0 ? $styleid : 1;
vB5_Cookie::set('userstyleid', $styleid, 0, false);
$prefix = vB5_Config::instance()->cookie_prefix;
$_COOKIE[$prefix . 'userstyleid'] = $styleid;
// set it for the rest of this request as well
}
}
/**
* This enables a light session. The main issue is that we skip testing control panel, last activity, and shutdown queries.
*/
public function init()
{
if ($this->initialized) {
return true;
}
//initialize core
$core_path = vB5_Config::instance()->core_path;
require_once $core_path . '/vb/vb.php';
vB::init();
$request = new vB_Request_WebApi();
vB::setRequest($request);
$config = vB5_Config::instance();
$cookiePrefix = $config->cookie_prefix;
$checkTimeout = false;
if (empty($_COOKIE[$cookiePrefix . 'sessionhash'])) {
$sessionhash = false;
if (!empty($_REQUEST['s'])) {
$sessionhash = (string) $_REQUEST['s'];
$checkTimeout = true;
}
} else {
$sessionhash = $_COOKIE[$cookiePrefix . 'sessionhash'];
}
if (empty($_COOKIE[$cookiePrefix . 'cpsession'])) {
$cphash = false;
} else {
$cphash = $_COOKIE[$cookiePrefix . 'cpsession'];
}
if (empty($_COOKIE[$cookiePrefix . 'languageid'])) {
$languageid = 0;
} else {
$languageid = $_COOKIE[$cookiePrefix . 'languageid'];
}
vB_Api_Session::startSessionLight($sessionhash, $cphash, $languageid, $checkTimeout);
$this->initialized = true;
}
public static function instance($type = NULL)
{
if (self::$test) {
$type = self::API_TEST;
} else {
if (self::$light) {
$type = self::API_LIGHT;
} else {
if ($type === NULL) {
$type = vB5_Config::instance()->collapsed ? self::API_COLLAPSED : self::API_NONCOLLAPSED;
}
}
}
if (!isset(self::$instance[$type])) {
$c = 'Api_Interface_' . ucfirst($type);
if (class_exists($c)) {
self::$instance[$type] = new $c();
self::$instance[$type]->init();
} else {
throw new Exception("Couldn't find {$type} interface");
}
}
return self::$instance[$type];
}
/** gets a gallery and returns in json format for slideshow presentation.
*
***/
public function actionGallery()
{
//We need a nodeid
if (!empty($_REQUEST['nodeid'])) {
$nodeid = $_REQUEST['nodeid'];
} else {
if (!empty($_REQUEST['id'])) {
$nodeid = $_REQUEST['id'];
} else {
return '';
}
}
//get the raw data.
$api = Api_InterfaceAbstract::instance();
$config = vB5_Config::instance();
$phraseApi = vB5_Template_Phrase::instance();
$gallery = array('photos' => array());
switch (intval($nodeid)) {
case 0:
case -1:
//All Videos
throw new vB_Exception_Api('invalid_request');
case -2:
//All non-Album photos and attachments
if ((empty($_REQUEST['userid']) or !intval($_REQUEST['userid'])) and (empty($_REQUEST['channelid']) or !intval($_REQUEST['channelid']))) {
throw new vB_Exception_Api('invalid_request');
}
$galleryData = $api->callApi('profile', 'getSlideshow', array(array('userid' => isset($_REQUEST['userid']) ? intval($_REQUEST['userid']) : 0, 'channelid' => isset($_REQUEST['channelid']) ? intval($_REQUEST['channelid']) : 0, 'dateFilter' => isset($_REQUEST['dateFilter']) ? $_REQUEST['dateFilter'] : '', 'searchlimit' => isset($_REQUEST['perpage']) ? $_REQUEST['perpage'] : '', 'startIndex' => isset($_REQUEST['startIndex']) ? $_REQUEST['startIndex'] : '')));
if (empty($galleryData)) {
return array();
}
foreach ($galleryData as $photo) {
$titleVm = !empty($photo['parenttitle']) ? $photo['parenttitle'] : $photo['startertitle'];
$route = $photo['routeid'];
if ($photo['parenttitle'] == 'No Title' and $photo['parentsetfor'] > 0) {
$titleVm = $phraseApi->getPhrase('visitor_message_from_x', array($photo['authorname']));
$route = 'visitormessage';
}
$userLink = vB5_Template_Options::instance()->get('options.frontendurl') . $api->callApi('route', 'getUrl', array('route' => 'profile', 'data' => array('userid' => $photo['userid'], 'username' => $photo['authorname']), 'extra' => array()));
$topicLink = vB5_Template_Options::instance()->get('options.frontendurl') . '/' . $api->callApi('route', 'getUrl', array('route' => $route, 'data' => array('title' => $titleVm, 'nodeid' => $photo['parentnode']), 'extra' => array()));
$title = $photo['title'] != null ? $photo['title'] : '';
$htmltitle = $photo['htmltitle'] != null ? $photo['htmltitle'] : '';
$photoTypeid = vB_Types::instance()->getContentTypeID('vBForum_Photo');
$attachTypeid = vB_Types::instance()->getContentTypeID('vBForum_Attach');
if ($photo['contenttypeid'] === $photoTypeid) {
$queryVar = 'photoid';
} else {
if ($photo['contenttypeid'] === $attachTypeid) {
$queryVar = 'id';
}
}
$gallery['photos'][] = array('title' => $title, 'htmltitle' => $htmltitle, 'url' => vB5_Template_Options::instance()->get('options.frontendurl') . '/filedata/fetch?' . $queryVar . '=' . intval($photo['nodeid']), 'thumb' => vB5_Template_Options::instance()->get('options.frontendurl') . '/filedata/fetch?' . $queryVar . '=' . intval($photo['nodeid']) . "&thumb=1", 'links' => $phraseApi->getPhrase('photos_by_x_in_y_linked', array($userLink, $photo['authorname'], $topicLink, htmlspecialchars($titleVm))) . "<br />\n");
}
$this->sendAsJson($gallery);
return;
default:
$galleryData = $api->callApi('content_gallery', 'getContent', array('nodeid' => $nodeid));
if (!empty($galleryData) and !empty($galleryData[$nodeid]['photo'])) {
foreach ($galleryData[$nodeid]['photo'] as $photo) {
$userLink = vB5_Template_Options::instance()->get('options.frontendurl') . $api->callApi('route', 'getUrl', array('route' => 'profile', 'data' => array('userid' => $photo['userid'], 'username' => $photo['authorname']), 'extra' => array()));
$gallery['photos'][] = array('title' => $photo['title'], 'htmltitle' => $photo['htmltitle'], 'url' => vB5_Template_Options::instance()->get('options.frontendurl') . '/filedata/fetch?photoid=' . intval($photo['nodeid']), 'thumb' => vB5_Template_Options::instance()->get('options.frontendurl') . '/filedata/fetch?photoid=' . intval($photo['nodeid']) . "&thumb=1", 'links' => $phraseApi->getPhrase('photos_by_x_in_y_linked', array($userLink, $photo['authorname'], 'javascript:$(\'#slideshow-dialog\').dialog(\'close\');void(0);', htmlspecialchars($photo['startertitle']))) . "<br />\n");
}
$this->sendAsJson($gallery);
}
return;
}
}
public function actionLoadPreview()
{
$input = array('parentid' => isset($_POST['parentid']) ? intval($_POST['parentid']) : 0, 'channelid' => isset($_POST['channelid']) ? intval($_POST['channelid']) : 0, 'pagedata' => isset($_POST['pagedata']) ? (array) $_POST['pagedata'] : array(), 'conversationtype' => isset($_POST['conversationtype']) ? trim(strval($_POST['conversationtype'])) : '', 'posttags' => isset($_POST['posttags']) ? trim(strval($_POST['posttags'])) : '', 'rawtext' => isset($_POST['rawtext']) ? trim(strval($_POST['rawtext'])) : '', 'filedataid' => isset($_POST['filedataid']) ? (array) $_POST['filedataid'] : array(), 'link' => isset($_POST['link']) ? (array) $_POST['link'] : array(), 'poll' => isset($_POST['poll']) ? (array) $_POST['poll'] : array(), 'video' => isset($_POST['video']) ? (array) $_POST['video'] : array(), 'htmlstate' => isset($_POST['htmlstate']) ? trim(strval($_POST['htmlstate'])) : '', 'disable_bbcode' => isset($_POST['disable_bbcode']) ? intval($_POST['disable_bbcode']) : 0);
$results = array();
if ($input['parentid'] < 1) {
$results['error'] = 'invalid_parentid';
$this->sendAsJson($results);
return;
}
if (!in_array($input['htmlstate'], array('off', 'on_nl2br', 'on'), true)) {
$input['htmlstate'] = 'off';
}
// when creating a new content item, channelid == parentid
$input['channelid'] = $input['channelid'] == 0 ? $input['parentid'] : $input['channelid'];
$templateName = 'display_contenttype_conversationreply_';
$templateName .= ucfirst($input['conversationtype']);
$api = Api_InterfaceAbstract::instance();
$channelBbcodes = $api->callApi('content_channel', 'getBbcodeOptions', array($input['channelid']));
// The $node['starter'] and $node['nodeid'] values are just there to differentiate starters and replies
$node = array('rawtext' => '', 'userid' => vB5_User::get('userid'), 'authorname' => vB5_User::get('username'), 'tags' => $input['posttags'], 'taglist' => $input['posttags'], 'approved' => true, 'created' => time(), 'avatar' => $api->callApi('user', 'fetchAvatar', array('userid' => vB5_User::get('userid'))), 'parentid' => $input['parentid'], 'starter' => $input['channelid'] == $input['parentid'] ? 0 : $input['parentid'], 'nodeid' => $input['channelid'] == $input['parentid'] ? 0 : 1);
if ($input['conversationtype'] == 'gallery') {
$node['photopreview'] = array();
foreach ($input['filedataid'] as $filedataid) {
$node['photopreview'][] = array('nodeid' => $filedataid, 'htmltitle' => isset($_POST['title_' . $filedataid]) ? vB_String::htmlSpecialCharsUni($_POST['title_' . $filedataid]) : '');
//photo preview is up to 3 photos only
if (count($node['photopreview']) == 3) {
break;
}
}
$node['photocount'] = count($input['filedataid']);
}
if ($input['conversationtype'] == 'link') {
$node['url_title'] = !empty($input['link']['title']) ? $input['link']['title'] : '';
$node['url'] = !empty($input['link']['url']) ? $input['link']['url'] : '';
$node['meta'] = !empty($input['link']['meta']) ? $input['link']['meta'] : '';
$node['previewImage'] = !empty($input['link']['url_image']) ? $input['link']['url_image'] : '';
}
if ($input['conversationtype'] == 'poll') {
$node['multiple'] = !empty($input['poll']['mutliple']);
$node['options'] = array();
if (!empty($input['poll']['options']) and is_array($input['poll']['options'])) {
$optionIndex = 1;
foreach ($input['poll']['options'] as $option) {
$node['options'][] = array('polloptionid' => $optionIndex, 'title' => $option);
$optionIndex++;
}
}
$node['permissions']['canviewthreads'] = 1;
//TODO: Fix this!!
}
if ($input['conversationtype'] == 'video') {
$node['url_title'] = !empty($input['video']['title']) ? $input['video']['title'] : '';
$node['url'] = !empty($input['video']['url']) ? $input['video']['url'] : '';
$node['meta'] = !empty($input['video']['meta']) ? $input['video']['meta'] : '';
$node['items'] = !empty($input['video']['items']) ? $input['video']['items'] : '';
}
try {
$results = vB5_Template::staticRenderAjax($templateName, array('nodeid' => $node['nodeid'], 'conversation' => $node, 'currentConversation' => $node, 'bbcodeOptions' => $channelBbcodes, 'pagingInfo' => array(), 'postIndex' => 0, 'reportActivity' => false, 'showChannelInfo' => false, 'showInlineMod' => false, 'commentsPerPage' => 1, 'view' => 'stream', 'previewMode' => true));
} catch (Exception $e) {
if (vB5_Config::instance()->debug) {
$results['error'] = 'error_rendering_preview_template ' . (string) $e;
} else {
$results['error'] = 'error_rendering_preview_template';
}
$this->sendAsJson($results);
return;
}
$bbcodeoptions = array('allowhtml' => in_array($input['htmlstate'], array('on', 'on_nl2br'), true), 'allowbbcode' => !$input['disable_bbcode'], 'htmlstate' => $input['htmlstate']);
$results = array_merge($results, $this->parseBbCodeForPreview(fetch_censored_text($input['rawtext']), $bbcodeoptions));
$this->sendAsJson($results);
}
/**
* Replaces all template placeholders in $content with the rendered templates
* @param string $content
*/
public function replacePlaceholders(&$content)
{
// This function procceses subtemplates by level
$missing = array_diff(array_keys($this->pending), array_keys($this->cache));
if (!empty($missing)) {
$this->fetchTemplate($missing);
}
// move pending templates to a new variable, so they are not re-processed by subtemplates
$levelPending =& $this->pending;
unset($this->pending);
$this->pending = array();
// This line is important. In BBCode parser, the templates of inner BBCode are registered firstly
// So they should be replaced later than the outer BBCode templates. See VBV-4834.
if ($this->renderTemplatesInReverseOrder) {
$levelPending = array_reverse($levelPending);
}
foreach ($levelPending as $templateName => $templates) {
foreach ($templates as $placeholder => $templateArgs) {
$templater = new vB5_Template($templateName);
$this->registerTemplateVariables($templater, $templateArgs);
try {
$replace = $templater->render(false);
} catch (vB5_Exception_Api $e) {
$e->prependTemplate($templateName);
if (isset($templateArgs['isWidget']) and $templateArgs['isWidget']) {
$errorTemplate = new vB5_Template(vB5_Template::WIDGET_ERROR_TEMPLATE);
// we want to make the registered variables available to error template
$this->registerTemplateVariables($errorTemplate, $templateArgs);
if (vB5_Config::instance()->debug) {
$errorTemplate->register('template', $e->getTemplate());
$errorTemplate->register('controller', $e->getController());
$errorTemplate->register('method', $e->getMethod());
$errorTemplate->register('arguments', print_r($e->getArguments(), true));
$errorTemplate->register('errors', print_r($e->getErrors(), true));
}
$err = $e->getErrors();
$isPermissionError = (isset($err[0]) and isset($err[0][0]) and $err[0][0] == 'no_permission');
$errorTemplate->register('isPermissionError', $isPermissionError);
$replace = $errorTemplate->render(false);
} else {
throw $e;
}
}
$content = str_replace($placeholder, $replace, $content);
unset($templater);
}
}
}
public static function handleException($exception, $simple = false)
{
$config = vB5_Config::instance();
if ($config->debug) {
echo "Exception " . $exception->getMessage() . ' in file ' . $exception->getFile() . ", line " . $exception->getLine() . "<br />\n" . $exception->getTrace();
}
if (!headers_sent()) {
// Set HTTP Headers
if ($exception instanceof vB5_Exception_404) {
header("HTTP/1.0 404 Not Found");
header("Status: 404 Not Found");
} else {
header('HTTP/1.1 500 Internal Server Error');
header("Status: 500 Internal Server Error");
}
}
die;
}
}
require_once 'includes/vb5/autoloader.php';
vB5_Autoloader::register(dirname(__FILE__));
//For a few set routes we can run a streamlined function.
if (vB5_Frontend_ApplicationLight::isQuickRoute()) {
$app = vB5_Frontend_ApplicationLight::init('config.php');
if ($app->execute()) {
exit;
}
}
$app = vB5_Frontend_Application::init('config.php');
//todo, move this back so we can catch notices in the startup code. For now, we can set the value in the php.ini
//file to catch these situations.
// We report all errors here because we have to make Application Notice free
error_reporting(E_ALL | E_STRICT);
$config = vB5_Config::instance();
if (!$config->report_all_php_errors) {
// Note that E_STRICT became part of E_ALL in PHP 5.4
error_reporting(E_ALL & ~(E_NOTICE | E_STRICT));
}
$routing = $app->getRouter();
$controller = $routing->getController();
$method = $routing->getAction();
$template = $routing->getTemplate();
$class = 'vB5_Frontend_Controller_' . ucfirst($controller);
if (!class_exists($class)) {
// @todo - this needs a proper error message
die("Couldn't find controller file for {$class}");
}
vB5_Frontend_ExplainQueries::initialize();
$c = new $class($template);
/**
* Builds the Javascript links needed to include the passed JS files in the markup.
*
* @param array Array of Javascript files
*
* @return string The complete Javascript links to insert into the markup.
*/
public function insertJsInclude($scripts)
{
$this->previouslyIncluded = array_unique(array_merge($this->previouslyIncluded, $scripts));
$config = vB5_Config::instance();
$vboptions = vB5_Template_Options::instance()->getOptions();
$vboptions = $vboptions['options'];
if (!isset($this->jsbundles)) {
$this->loadJsBundles();
}
if ($config->no_js_bundles) {
foreach ($scripts as $bundle) {
$removed = false;
if (strpos($bundle, 'js/') === 0) {
$removed = true;
$bundle = substr($bundle, 3);
}
if (isset($this->jsbundles[$bundle])) {
foreach ($this->jsbundles[$bundle] as $jsfile) {
$expanded[] = $jsfile;
}
} else {
if ($removed) {
$expanded[] = 'js/' . $bundle;
} else {
$expanded[] = $bundle;
}
}
}
if (!empty($expanded)) {
$scripts = $expanded;
}
}
$baseurl_cdn = $vboptions['cdnurl'];
if (empty($baseurl_cdn)) {
$baseurl_cdn = $vboptions['frontendurl'];
}
// Ensure that the scheme (http or https) matches the current page request we're on.
// If the login URL uses https, then the resources on that page, in this case the
// Javascript, need to use it as well. VBV-12286
$baseurl_cdn = preg_replace('#^https?://#i', '', $baseurl_cdn);
$baseurl_cdn = vB::getRequest()->getVbUrlScheme() . '://' . $baseurl_cdn;
$simpleversion = $vboptions['simpleversion'];
$prescripts = $scripts;
$scripts = array();
foreach ($prescripts as $js) {
$rollupname = substr($js, 3);
if (isset($this->jsbundles[$rollupname])) {
$scripts[] = preg_replace("#/([^\\.]+).js#", "/\$1-{$simpleversion}.js", $js);
} else {
$joinChar = strpos($js, '?') === false ? '?' : '&';
$scripts[] = $js . $joinChar . 'v=' . $simpleversion;
}
}
$replace = '';
$loaded = array();
foreach ($scripts as $js) {
if (!in_array($js, $loaded)) {
$replace .= '<script type="text/javascript" src="' . $baseurl_cdn . "/{$js}\"></script>\n";
$loaded[] = $js;
}
}
return $replace;
}
protected function parseBbCodeForPreview($rawText, $options = array())
{
$results = array();
if (empty($rawText)) {
$results['parsedText'] = $rawText;
return $results;
}
// parse bbcode in text
try {
$results['parsedText'] = vB5_Frontend_Controller_Bbcode::parseWysiwygForPreview($rawText, $options);
} catch (Exception $e) {
$results['error'] = 'error_parsing_bbcode_for_preview';
if (vB5_Config::instance()->debug) {
$results['error_trace'] = (string) $e;
}
}
return $results;
}
public static function finish()
{
if (vB5_Config::instance()->debug && isset($_GET['explain']) && $_GET['explain'] == 1) {
// @todo not implemented for in MySQLi
$data = vB::getDbAssertor()->getDBConnection()->getExplain();
if (!$data) {
// debug is on in presentation, but not in core
// display site like normal
echo ob_get_clean();
return;
} else {
ob_end_clean();
}
header('Content-Type: text/html');
echo '
<html>
<head>
<title>vBulletin - Explain SQL Queries (' . count($data['explain']) . ')</title>
<style type="text/css">
body { background: #EEE; }
body, p, td, th, h1, h4 { font-family: verdana, sans-serif; font-size: 10pt; text-align: left; }
.query { background: #FFF; border: 1px solid red; margin: 0 0 10px 0; padding: 10px; }
.query h4 { margin: 0 0 10px 0; }
.query pre {display:block;overflow:auto;border:1px solid black;margin:0 0 10px 0;padding:10px;background:#F6F6F6;}
.query pre.trace {height: 30px; cursor: pointer; margin: 10px 0 0 0; background: #FCFCFC;}
.query ul {padding:0;margin:0;list-style:none;}
.query table {margin:0 0 10px 0;background:#000;}
.query table th {background:#F6F6F6;text-align:left;}
.query table td {background:#FFF;}
</style>
</head>
<body>
<h1>vBulletin - Explain SQL Queries (' . count($data['explain']) . ')</h1>
';
if (!empty($data['describe'])) {
echo '<div class="query">';
echo '<h4>Describe Queries: (Included in the full listing of queries below)</h4><ul>';
foreach ($data['describe'] as $describe) {
echo '<li>' . htmlspecialchars($describe) . '</li>';
}
echo '</ul>';
echo '</div>';
}
if (!empty($data['duplicates'])) {
echo '<div class="query">';
echo '<h4>Duplicate Queries: (Exact textual duplicates, also included in the full listing of queries below)</h4><ul>';
foreach ($data['duplicates'] as $duplicate) {
echo '<li>Times run: ' . $duplicate['count'] . '<pre>' . htmlspecialchars($duplicate['query']) . '</pre></li>';
}
echo '</ul>';
echo '</div>';
}
foreach ($data['explain'] as $i => $query) {
echo '
<div class="query">
<h4>SQL Query #' . ($i + 1) . '</h4>
<pre>' . htmlspecialchars($query['query']) . '</pre>
' . $query['explain'] . '
<ul>
<li>Time Before: ' . $query['timeStart'] . '</li>
<li>Time After: ' . $query['timeStop'] . '</li>
<li>Time Taken: ' . $query['timeTaken'] . '</li>
<li>Memory Before: ' . $query['memoryStart'] . '</li>
<li>Memory After: ' . $query['memoryStop'] . '</li>
<li>Memory Used: ' . $query['memoryUsed'] . '</li>
</ul>
<pre class="trace" onclick="this.style.height=\'auto\';this.style.cursor=\'auto\';this.onclick=null;">' . self::formatTrace($query['trace']) . '</pre>
</div>
';
}
$overall = $data['sqltime'] + $data['phptime'];
echo '<h1>' . count($data['explain']) . ' Queries Run : Total SQL time was ' . number_format($data['sqltime'], 6) . ' seconds , Total PHP time was ' . number_format($data['phptime'], 6) . ' seconds , Overall time was ' . number_format($overall, 6) . ' seconds.</h1><br />';
echo '</body></html>';
}
}
public function index($pageid)
{
//the api init can redirect. We need to make sure that happens before we echo anything
$api = Api_InterfaceAbstract::instance();
$top = '';
// We should not cache register page for guest. See VBV-7695.
if (vB5_Request::get('cachePageForGuestTime') > 0 and !vB5_User::get('userid') and (empty($_REQUEST['routestring']) or $_REQUEST['routestring'] != 'register' and $_REQUEST['routestring'] != 'lostpw')) {
// languageid should be in the pagekey to fix VBV-8095
$fullPageKey = 'vBPage_' . md5(serialize($_REQUEST)) . '_' . vB::getCurrentSession()->get('languageid');
$styleid = vB5_Cookie::get('userstyleid', vB5_Cookie::TYPE_UINT);
if (!empty($styleid)) {
$fullPageKey .= '_' . $styleid;
}
$fullPage = vB_Cache::instance(vB_Cache::CACHE_LARGE)->read($fullPageKey);
if (!empty($fullPage)) {
echo $fullPage;
exit;
}
}
$preheader = vB5_ApplicationAbstract::getPreheader();
$top .= $preheader;
if (vB5_Request::get('useEarlyFlush')) {
echo $preheader;
flush();
}
$router = vB5_ApplicationAbstract::instance()->getRouter();
$arguments = $router->getArguments();
$userAction = $router->getUserAction();
$pageKey = $router->getPageKey();
$api->callApi('page', 'preload', array($pageKey));
if (!empty($userAction)) {
$api->callApi('wol', 'register', array($userAction['action'], $userAction['params'], $pageKey, vB::getRequest()->getScriptPath(), !empty($arguments['nodeid']) ? $arguments['nodeid'] : 0));
}
if (isset($arguments['pagenum'])) {
$arguments['pagenum'] = intval($arguments['pagenum']) > 0 ? intval($arguments['pagenum']) : 1;
}
$pageid = (int) (isset($arguments['pageid']) ? $arguments['pageid'] : (isset($arguments['contentid']) ? $arguments['contentid'] : 0));
if ($pageid < 1) {
// @todo This needs to output a user-friendly "page not found" page
throw new Exception('Could not find page.');
}
$page = $api->callApi('page', 'fetchPageById', array($pageid, $arguments));
if (!$page) {
// @todo This needs to output a user-friendly "page not found" page
throw new Exception('Could not find page.');
}
// Go to the first new / unread post for this user in this topic
if (!empty($_REQUEST['goto']) and $_REQUEST['goto'] == 'newpost' and !empty($arguments['nodeid']) and !empty($arguments['channelid'])) {
if ($this->vboptions['threadmarking'] and vB5_User::get('userid')) {
// Database read marking
$channelRead = $api->callApi('node', 'getNodeReadTime', array($arguments['channelid']));
$topicRead = $api->callApi('node', 'getNodeReadTime', array($arguments['nodeid']));
$topicView = max($topicRead, $channelRead, time() - $this->vboptions['markinglimit'] * 86400);
} else {
// Cookie read marking
$topicView = intval(vB5_Cookie::fetchBbarrayCookie('discussion_view', $arguments['nodeid']));
if (!$topicView) {
$topicView = vB5_User::get('lastvisit');
}
}
$topicView = intval($topicView);
// Get the first unread reply
$goToNodeId = $api->callApi('node', 'getFirstChildAfterTime', array($arguments['nodeid'], $topicView));
if (empty($goToNodeId)) {
$thread = $api->callApi('node', 'getNodes', array(array($arguments['nodeid'])));
if (!empty($thread) and isset($thread[$arguments['nodeid']])) {
$goToNodeId = $thread[$arguments['nodeid']]['lastcontentid'];
}
}
if ($goToNodeId) {
// Redirect to the new post
$urlCache = vB5_Template_Url::instance();
$urlKey = $urlCache->register($router->getRouteId(), array('nodeid' => $arguments['nodeid']), array('p' => $goToNodeId));
$replacements = $urlCache->finalBuildUrls(array($urlKey));
$url = $replacements[$urlKey];
if ($url) {
$url .= '#post' . $goToNodeId;
if (headers_sent()) {
echo '<script type="text/javascript">window.location = "' . $url . '";</script>';
} else {
header('Location: ' . $url);
}
exit;
}
}
}
$page['routeInfo'] = array('routeId' => $router->getRouteId(), 'arguments' => $arguments, 'queryParameters' => $router->getQueryParameters());
$page['crumbs'] = $router->getBreadcrumbs();
$page['headlinks'] = $router->getHeadLinks();
$page['pageKey'] = $pageKey;
// default value for pageSchema
$page['pageSchema'] = 'http://schema.org/WebPage';
$queryParameters = $router->getQueryParameters();
/*
* VBV-12506
* this is where we would add other things to clean up dangerous query params.
* For VBV-12486, I'll just unset anything here that can't use vb:var in the templates,
* but really we should just make a whitelist of expected page object parameters that
* come from the query string and unset EVERYTHING else. For the expected ones, we
* should also force the value into the expected (and hopefully safer) range
*/
/*
* VBV-12506
* $doNotReplaceWithQueryParams is a list of parameters that the page object usually
* gets naturally/internally, and we NEVER want to replace with a user provided query
* parameter. (In fact, *when* exactly DO we want to do this???)
* If we don't do this, it's a potential XSS vulnerability for the items that we
* cannot send through vb:var for whatever reason (title for ex)
* and even if they *are* sent through vb:var, the replacements can sometimes just
* break the page even when it's sent through vb:var (for example, ?pagetemplateid=%0D,
* the new line this inserts in var pageData = {...} in the header template tends to
* break things (tested on Chrome).
* Furthermore, any script that uses the pageData var would get the user injected data
* that might cause more problems down the line.
* Parameter Notes:
* 'titleprefix'
* As these two should already be html escaped, we don't want to double escape
* them. So we can't us vb:var in the templates. As such, we must prevent a
* malicious querystring from being injected into the page object here.
* 'title'
* Similar to above, but channels are allowed to have HTML in the title, so
* they are intentinoally not escaped in the DB, and the templates can't use
* vb:var.
* 'pageid', 'channelid', 'nodeid'
* These are usually set in the arguments, so the array_merge below usually
* takes care of not passing a pageid query string through to the page object,
* but I'm leaving them in just in case.
*/
$doNotReplaceWithQueryParams = array('titleprefix', 'title', 'pageid', 'channelid', 'nodeid', 'pagetemplateid', 'url', 'pagenum', 'tagCloudTitle');
foreach ($doNotReplaceWithQueryParams as $key) {
unset($queryParameters[$key]);
}
$arguments = array_merge($queryParameters, $arguments);
foreach ($arguments as $key => $value) {
$page[$key] = $value;
}
$options = vB5_Template_Options::instance();
$page['phrasedate'] = $options->get('miscoptions.phrasedate');
$page['optionsdate'] = $options->get('miscoptions.optionsdate');
// if no meta description, use node data or global one instead, prefer node data
if (empty($page['metadescription']) and !empty($page['nodedescription'])) {
$page['metadescription'] = $page['nodedescription'];
}
if (empty($page['metadescription'])) {
$page['metadescription'] = $options->get('options.description');
}
$config = vB5_Config::instance();
// Non-persistent notices @todo - change this to use vB_Cookie
$page['ignore_np_notices'] = vB5_ApplicationAbstract::getIgnoreNPNotices();
$templateCache = vB5_Template_Cache::instance();
$templater = new vB5_Template($page['screenlayouttemplate']);
//IMPORTANT: If you add any variable to the page object here,
// please make sure you add them to other controllers which create page objects.
// That includes at a minimum the search controller (in two places currently)
// and vB5_ApplicationAbstract::showErrorPage
$templater->registerGlobal('page', $page);
$page = $this->outputPage($templater->render(), false);
$fullPage = $top . $page;
if (!empty($fullPageKey) and is_string($fullPageKey)) {
vB_Cache::instance(vB_Cache::CACHE_LARGE)->write($fullPageKey, $fullPage, vB5_Request::get('cachePageForGuestTime'), 'vbCachedFullPage');
}
// these are the templates rendered for this page
$loadedTemplates = vB5_Template::getRenderedTemplates();
$api->callApi('page', 'savePreCacheInfo', array($pageKey));
if (!vB5_Request::get('useEarlyFlush')) {
echo $fullPage;
} else {
echo $page;
}
}
protected static function loadConfig()
{
if (self::$cookiePrefix !== null) {
return;
}
$config = vB5_Config::instance();
// these could potentially all be config options
self::$enabled = $config->cookie_enabled !== false;
self::$cookiePrefix = $config->cookie_prefix;
$options = vB5_Template_Options::instance();
self::$path = $options->get('options.cookiepath');
self::$domain = $options->get('options.cookiedomain');
self::$secure = ((isset($_SERVER['SERVER_PORT']) and 443 === intval($_SERVER['SERVER_PORT']) or isset($_SERVER['HTTPS']) and $_SERVER['HTTPS'] and $_SERVER['HTTPS'] != 'off') and (isset($url['scheme']) and $url['scheme'] == 'https'));
}
/**
* Returns a string containing the rendered template
* @see vB5_Frontend_Controller_Ajax::actionRender
* @see vB5_Frontend_Controller_Page::renderTemplate
* @param string $templateName
* @param array $data
* @param bool $isParentTemplate
* @param bool $isAjaxTemplateRender - true if we are rendering for a call to /ajax/render/ and we want CSS <link>s separate
* @return string
*/
public static function staticRender($templateName, $data = array(), $isParentTemplate = true, $isAjaxTemplateRender = false)
{
if (empty($templateName)) {
return null;
}
$templater = new vB5_Template($templateName);
foreach ($data as $varname => $value) {
$templater->register($varname, $value);
}
$core_path = vB5_Config::instance()->core_path;
vB5_Autoloader::register($core_path);
$result = $templater->render($isParentTemplate, $isAjaxTemplateRender);
return $result;
}
public function relay($file)
{
$filePath = vB5_Config::instance()->core_path . '/' . $file;
if ($file and file_exists($filePath)) {
require_once $filePath;
} else {
// todo: redirect to 404 page instead
throw new vB5_Exception_404("invalid_page_url");
}
}
public static function buildUrlAdmincpTemp($route, array $parameters = array())
{
$config = vB5_Config::instance();
static $baseurl = null;
if ($baseurl === null) {
$baseurl = vB5_Template_Options::instance()->get('options.frontendurl');
}
// @todo: this might need to be a setting
$admincp_directory = 'admincp';
// @todo: This would be either index.php or empty, depending on use of mod_rewrite
$index_file = 'index.php';
$url = "{$baseurl}/{$admincp_directory}/{$index_file}";
if (!empty($route)) {
$url .= '/' . htmlspecialchars($route);
}
if (!empty($parameters)) {
$url .= '?' . http_build_query($parameters, '', '&');
}
return $url;
}
public static function getIgnoreNPNotices()
{
$cookiekey = vB5_Config::instance()->cookie_prefix . 'np_notices_displayed';
if (isset($_COOKIE[$cookiekey])) {
return explode(',', $_COOKIE[$cookiekey]);
} else {
return array();
}
}
/**
* Constructor. Sets up the tag list.
*
* @param bool Whether to append customer user tags to the tag list
*/
public function __construct($appendCustomTags = true)
{
if (!self::$initialized) {
self::$config = vB5_Config::instance();
$response = Api_InterfaceAbstract::instance()->callApi('bbcode', 'initInfo');
self::$defaultTags = $response['defaultTags'];
self::$customTags = $response['customTags'];
self::$defaultOptions = $response['defaultOptions'];
self::$smilies = $response['smilies'];
self::$censorship = $response['censorship'];
self::$sessionUrl = $response['sessionUrl'];
self::$blankAsciiStrip = $response['blankAsciiStrip'];
self::$wordWrap = $response['wordWrap'];
self::$bbUrl = $response['bbUrl'];
self::$viewAttachedImages = $response['viewAttachedImages'];
self::$urlNoFollow = $response['urlNoFollow'];
self::$urlNoFollowWhiteList = $response['urlNoFollowWhiteList'];
self::$vBHttpHost = $response['vBHttpHost'];
self::$useFileAvatar = $response['useFileAvatar'];
self::$sigpicUrl = $response['sigpicUrl'];
self::$initialized = true;
}
$this->tag_list = self::$defaultTags;
if ($appendCustomTags) {
$this->tag_list = vB5_Array::arrayReplaceRecursive($this->tag_list, self::$customTags);
}
// Legacy Hook 'bbcode_create' Removed //
}
public function actionGetUploader()
{
$config = vB5_Config::instance();
$templater = new vB5_Template('attach_uploader');
$this->outputPage($templater->render());
}
