/** * Get tagdata for callback above class (EE2.x) * * @since 1.1.0 * @return array */ function ee_two_tagdata() { $this->EE =& get_instance(); // Directly load the typography helper from CI require BASEPATH . 'helpers/typography_helper' . EXT; $tagdata = $this->EE->TMPL->tagdata !== '' ? entity_decode($this->EE->TMPL->tagdata) : FALSE; return $tagdata; }
public function testEntityDecode() { $this->assertEquals('A test', entity_decode('A test')); $this->assertEquals('hello ? bar', entity_decode('hello  ? bar')); $this->assertEquals('hello ? bar', entity_decode('hello  ? bar')); $this->assertEquals('hello ? bar', entity_decode('hello  ? bar')); $this->assertEquals('hello A& bar', entity_decode('hello A& bar')); $this->assertEquals('hello A/ & bar', entity_decode('hello A/ & bar')); }
function home() { global $user; $sql = 'SELECT * FROM _email WHERE email_active = ?? LIMIT ??'; if (!($email = _fieldrow(sql_filter($sql, 1, 1)))) { $this->e('No queue emails.'); } set_time_limit(0); if (!$email['email_start']) { $sql = 'UPDATE _email SET email_start = ? WHERE email_id = ?'; _sql(sql_filter($sql, time(), $email['email_id'])); } $sql = 'SELECT user_id, user_username, user_email FROM _members WHERE user_type = ? AND user_id <> ? ORDER BY user_username LIMIT ??, ??'; $members = _rowset(sql_filter($sql, 1, 1, $email['email_last'], 100)); $i = 0; foreach ($members as $row) { if (!preg_match('/^[a-z0-9\\.\\-_\\+]+@[a-z0-9\\-_]+\\.([a-z0-9\\-_]+\\.)*?[a-z]+$/is', $row['user_email'])) { continue; } if (!$i) { include XFS . 'core/emailer.php'; $emailer = new emailer(); } $emailer->use_template('mass'); $emailer->format('plain'); $emailer->from('TWC Kaulitz <*****@*****.**>'); $emailer->set_subject(entity_decode($email['email_subject'])); $emailer->email_address($row['user_email']); $emailer->assign_vars(array('USERNAME' => $row['user_username'], 'MESSAGE' => entity_decode($email['email_message']))); $emailer->send(); $emailer->reset(); sleep(2); $i++; } if ($i) { $email['email_last'] += $i; $sql = 'UPDATE _email SET email_last = ? WHERE email_id = ?'; _sql(sql_filter($sql, $email['email_last'], $email['email_id'])); } else { $sql = 'UPDATE _email SET email_active = ?, email_end = ? WHERE email_id = ?'; _sql(sql_filter($sql, 0, time(), $email['email_id'])); $this->e('Finished processing [' . $email['email_id'] . '] emails.'); } $this->e('Processed ' . $i . ' emails.'); return; }
/** * Log Referrer data * * @access public * @return bool */ function log_referrer() { // Is the nation of the user banend? if (ee()->config->item('ip2nation') == 'y' && ee()->session->nation_ban_check(FALSE) === FALSE) { return; } if (ee()->config->item('log_referrers') == 'n' or !isset($_SERVER['HTTP_REFERER'])) { return; } // Load the typography helper so we can do entity_decode() ee()->load->helper('typography'); $site_url = ee()->config->item('site_url'); $ref = !isset($_SERVER['HTTP_REFERER']) ? '' : ee()->security->xss_clean(entity_decode($_SERVER['HTTP_REFERER'])); $test_ref = strtolower($ref); // Yes, a copy, not a reference $domain = !ee()->config->item('cookie_domain') ? '' : ee()->config->item('cookie_domain'); // Throttling - Ten hits a minute is the limit $query = ee()->db->query("SELECT COUNT(*) AS count\n\t\t\t\t\t\t\t FROM exp_referrers\n\t\t\t\t\t\t\t WHERE site_id = '" . ee()->db->escape_str(ee()->config->item('site_id')) . "'\n\t\t\t\t\t\t\t AND (ref_from = '" . ee()->db->escape_str($ref) . "' OR ref_ip = '" . ee()->input->ip_address() . "')\n\t\t\t\t\t\t\t AND ref_date > '" . (ee()->localize->now - 60) . "'"); if ($query->row('count') > 10) { return FALSE; } if (stristr($ref, '{') !== FALSE or stristr($ref, '}') !== FALSE) { return FALSE; } if (!preg_match("#^http://\\w+\\.\\w+\\.\\w*#", $ref)) { if (substr($test_ref, 0, 7) == 'http://' and substr($test_ref, 0, 11) != 'http://www.') { $test_ref = preg_replace("#^http://(.+?)#", "http://www.\\1", $test_ref); } } if (!preg_match("#^http://\\w+\\.\\w+\\.\\w*#", $site_url)) { if (substr($site_url, 0, 7) == 'http://' and substr($site_url, 0, 11) != 'http://www.') { $site_url = preg_replace("#^http://(.+?)#", "http://www.\\1", $site_url); } } if ($test_ref != '' && strncasecmp($test_ref, $site_url, strlen($site_url)) != 0 && ($domain == '' or stristr($test_ref, $domain) === FALSE) && (ee()->blacklist->whitelisted == 'y' or ee()->blacklist->blacklisted == 'n')) { // INSERT into database $ref_to = ee()->security->xss_clean(ee()->functions->fetch_current_uri()); if (stristr($ref_to, '{') !== FALSE or stristr($ref_to, '}') !== FALSE) { return FALSE; } $insert_data = array('ref_from' => $ref, 'ref_to' => $ref_to, 'ref_ip' => ee()->input->ip_address(), 'ref_date' => ee()->localize->now, 'ref_agent' => substr(ee()->input->user_agent(), 0, 100), 'site_id' => ee()->config->item('site_id')); ee()->db->query(ee()->db->insert_string('exp_referrers', $insert_data)); // Prune Database srand(time()); if (rand() % 100 < 5) { $max = !is_numeric(ee()->config->item('max_referrers')) ? 500 : ee()->config->item('max_referrers'); $query = ee()->db->query("SELECT MAX(ref_id) as ref_id FROM exp_referrers WHERE site_id = '" . ee()->db->escape_str(ee()->config->item('site_id')) . "'"); $row = $query->row_array(); if (isset($row['ref_id']) && $row['ref_id'] > $max) { ee()->db->query("DELETE FROM exp_referrers WHERE site_id = '" . ee()->db->escape_str(ee()->config->item('site_id')) . "' AND ref_id < " . ($row['ref_id'] - $max) . ""); } } } }
/** * EE 2.x version execution * * @return string */ function tweet_me_two() { $this->EE =& get_instance(); // Directly load the typography helper from CI require BASEPATH . 'helpers/typography_helper' . EXT; // I'm going to add a space to the front of the 'data' parameter so I don't have // to write a crazy regular expression to get the job done. This is just to single // out the strings that are twitter-related and not email addresses or div id links // we don't want to process things like erik@erikreagan.com or <a href="#comments"> $tag_data = $this->EE->TMPL->fetch_param('data') != '' ? ' ' . entity_decode($this->EE->TMPL->fetch_param('data')) : entity_decode($this->EE->TMPL->tagdata); $base_at_url = $this->EE->TMPL->fetch_param('base_at_url') != '' ? $this->EE->TMPL->fetch_param('base_at_url') : 'http://twitter.com/'; $base_hash_url = $this->EE->TMPL->fetch_param('base_hash_url') != '' ? $this->EE->TMPL->fetch_param('base_hash_url') : 'http://twitter.com/search?q=%23'; return array('tag_data' => $tag_data, 'base_at_url' => $base_at_url, 'base_hash_url' => $base_hash_url); }
function geraXmlRSS($locaplic, $sql, $descricao, $output = "xml") { global $esquemaadmin; if (empty($output)) { $output = "xml"; } //var_dump($_SERVER);exit; $dbh = ""; include $locaplic . "/admin/php/conexao.php"; if ($convUTF) { $xml = "<" . "?" . "xml version='1.0' encoding='UTF-8' " . "?" . ">"; } else { $xml = "<" . "?" . "xml version='1.0' encoding='ISO-8859-1' " . "?" . ">"; } $xml .= "<rss version='2.0'>"; $xml .= "<channel>\n"; $xml .= "<title>RSS</title>\n"; $xml .= "<description>" . str_replace("&", "&", $descricao) . "</description>\n"; $xml .= "<link></link>\n"; $xml .= "<docs></docs>\n"; $xml .= "<copyright>Gerado pelo i3Geo</copyright>\n"; $xml .= "<language>pt-br</language>\n"; $xml .= "<webmaster></webmaster>\n"; $json = array("description" => $descricao, "copyright" => "Gerado pelo i3Geo", "language" => "pt-br"); $jsonItems = array(); $qatlas = $dbh->query($sql); foreach ($qatlas as $row) { $xml .= "<item>\n"; $xml .= "<category/>\n"; $xml .= "<title>" . entity_decode($row["nome_ws"]) . "</title>\n"; $xml .= "<description>" . xmlTexto_prepara(entity_decode($row["desc_ws"])) . "</description>\n"; $link = xmlTexto_prepara($row["link_ws"]); if (stristr($link, 'http') === FALSE) { $link = "http://" . $_SERVER["HTTP_HOST"] . dirname($_SERVER["REQUEST_URI"]) . "/" . $link; } $xml .= "<link><![CDATA[" . $link . "]]></link>\n"; $xml .= "<pubDate/>\n"; $xml .= "<author>" . xmlTexto_prepara($row["autor_ws"]) . "</author>\n"; $xml .= "<nacessos></nacessos>\n"; $xml .= "<nacessosok></nacessosok>\n"; $xml .= "<id>" . xmlTexto_prepara($row["id_ws"]) . "</id>\n"; $xml .= "<tipo>" . $row["tipo_ws"] . "</tipo>\n"; $xml .= "</item>\n"; $jsonItems[] = array("title" => $row["nome_ws"], "description" => $row["desc_ws"], "link" => $link . "&output=json", "author" => $row["autor_ws"], "id" => $row["id_ws"], "tipo" => $row["tipo_ws"]); } $json["items"] = $jsonItems; $xml .= "</channel></rss>\n"; $dbh = null; $dbhw = null; if ($output == "xml") { return $xml; } else { return json_encode($json); } }
/** * Evaluates the message and returns modifications for inline images and backgrounds * @access public * @return $message */ public function MsgHTML($message, $basedir = '') { preg_match_all("/(src|background)=\"(.*)\"/Ui", $message, $images); if (isset($images[2])) { foreach ($images[2] as $i => $url) { // do not change urls for absolute images (thanks to corvuscorax) if (!preg_match('#^[A-z]+://#', $url)) { $filename = basename($url); $directory = dirname($url); $directory == '.' ? $directory = '' : ''; $cid = 'cid:' . md5($filename); $ext = pathinfo($filename, PATHINFO_EXTENSION); $mimeType = self::_mime_types($ext); if (strlen($basedir) > 1 && substr($basedir, -1) != '/') { $basedir .= '/'; } if (strlen($directory) > 1 && substr($directory, -1) != '/') { $directory .= '/'; } if ($this->AddEmbeddedImage($basedir . $directory . $filename, md5($filename), $filename, 'base64', $mimeType)) { $message = preg_replace("/" . $images[1][$i] . "=\"" . preg_quote($url, '/') . "\"/Ui", $images[1][$i] . "=\"" . $cid . "\"", $message); } } } } $this->IsHTML(true); $this->Body = $message; $textMsg = trim(strip_tags(preg_replace('/<(head|title|style|script)[^>]*>.*?<\\/\\1>/s', '', $message))); if (!empty($textMsg) && empty($this->AltBody)) { //$this->AltBody = html_entity_decode($textMsg); $this->AltBody = entity_decode($textMsg); } if (empty($this->AltBody)) { $this->AltBody = 'To view this email message, open it in a program that understands HTML!' . "\n\n"; } }
function home() { global $core, $user, $style; $sql = 'SELECT * FROM _email WHERE email_active = 1 AND (email_schedule > ?? OR email_schedule = 0) ORDER BY email_priority, email_id LIMIT 1'; if (!$email = sql_fieldrow(sql_filter($sql, time()))) { $this->e('No queue.'); } set_time_limit(0); $sql = 'SELECT * FROM ?? WHERE address_sent = 0 ORDER BY address_id LIMIT ??'; if ($members = sql_rowset(sql_filter($sql, $email['email_data'], $email['email_batch']))) { if (!$email['email_start']) { $sql = 'UPDATE _email SET email_start = ? WHERE email_id = ?'; sql_query(sql_filter($sql, time(), $email['email_id'])); } } $i = 0; $sent_to = array(); foreach ($members as $row) { $address_account = trim($row['address_account']); if (!preg_match('/^[a-z0-9\.\-_\+]+@[a-z0-9\-_]+\.([a-z0-9\-_]+\.)*?[a-z]+$/is', $address_account)) { $sql = 'UPDATE ?? SET address_sent = ? WHERE address_id = ?'; sql_query(sql_filter($sql, $email['email_data'], 1, $row['address_id'])); continue; } if (!$i) { include(XFS . 'core/emailer.php'); $emailer = new emailer(); } $emailer->use_template('mass'); $emailer->format('html'); $emailer->from($email['email_from'] . ' <' . $email['email_from_address'] . '>'); $emailer->set_subject(entity_decode($email['email_subject'])); $emailer->email_address($address_account); $name_compose = ''; if (isset($row['address_name']) && !empty($row['address_name'])) { $row['address_name'] = preg_replace('/\s\s+/', ' ', $row['address_name']); $name_compose = ucwords(strtolower(trim($row['address_name']))); if (isset($row['address_last']) && !empty($row['address_last'])) { $row['address_last'] = preg_replace('/\s\s+/', ' ', $row['address_last']); $name_compose .= ' ' . ucwords(strtolower(trim($row['address_last']))); } if (!empty($name_compose)) { $name_gretting = ''; if (isset($row['address_gender']) && !empty($row['address_gender'])) { switch ($row['address_gender']) { case 'Femenino': $name_by = 'a'; break; case 'Masculino': $name_by = 'o'; break; default: $name_gretting = $core->config['email_gretting']; break; } } else { if (strpos($name_compose, 'Sra.') !== false || strpos($name_compose, 'Srta.') !== false) { $name_by = 'a'; } else if (strpos($name_compose, 'Sr.') !== false) { $name_by = 'o'; } else { $name_gretting = $core->config['email_gretting']; } } if (empty($email['email_gretting'])) { $name_gretting = $core->config['email_gretting']; } if (!empty($name_gretting)) { $name_compose = $name_gretting . ' ' . $name_compose; } elseif (!empty($name_by)) { if (strpos($email['email_gretting'], '*') !== false) { $name_compose = str_replace('*', $name_by, $email['email_gretting']) . ' ' . $name_compose; } } if (!empty($name_compose)) { $name_compose .= ', '; } } } $email_message = entity_decode($email['email_message']); if (strpos($email_message, '<system_image>') !== false) { $enc_email_id = encode($email['email_id']); $enc_address_id = encode($row['address_id']); $system_image_link = _link('i' . $enc_email_id . '-' . $enc_address_id . '.jpg', false, false); $email_message = str_replace('<system_image>', $system_image_link, $email_message); } $emailer->assign_vars(array( 'USERNAME' => $name_compose, 'MESSAGE' => $email_message) ); $emailer->send(); $emailer->reset(); $sql = 'UPDATE ?? SET address_sent = ? WHERE address_id = ?'; sql_query(sql_filter($sql, $email['email_data'], time(), $row['address_id'])); $i++; $sql = 'UPDATE _email SET email_last = email_last + 1 WHERE email_id = ?'; sql_query(sql_filter($sql, $email['email_id'])); $sent_to[] = $row['address_account']; sleep(1); } $sql = 'SELECT COUNT(address_id) AS total FROM ?? WHERE address_sent = 0 ORDER BY address_id'; if (!sql_field(sql_filter($sql, $email['email_data']), 'total', 0)) { $sql = 'UPDATE _email SET email_active = 0, email_end = ? WHERE email_id = ?'; sql_query(sql_filter($sql, time(), $email['email_id'])); return $this->e('Finished sending ' . $i . ' emails.'); } return $this->e('Processed ' . $i . ' emails.'); }
/** * Blacklist Checker * * This function checks all of the available blacklists, such as urls, * IP addresses, and user agents. URLs are checked as both referrers and * in all $_POST'ed contents (such as comments). * * @access private * @return bool */ function _check_blacklist() { // Check the referrer // Since we already need to check all post values for illegal urls // below, we'll temporarily write our referrer to $_POST. if (isset($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER'] != '') { $test_ref = ee()->security->xss_clean($_SERVER['HTTP_REFERER']); if (!preg_match("#^http://\\w+\\.\\w+\\.\\w*#", $test_ref)) { if (substr($test_ref, 0, 7) == 'http://' and substr($test_ref, 0, 11) != 'http://www.') { $test_ref = preg_replace("#^http://(.+?)#", "http://www.\\1", $test_ref); } } $_POST['HTTP_REFERER'] = $test_ref; } // No referrer, and no posted data - no need to blacklist. // In other words, if your ip is blacklisted you can still see the // site, but you can not contribute content. if (count($_POST) == 0) { return TRUE; } ee()->load->model('addons_model'); $installed = ee()->addons_model->module_installed('blacklist'); if (!$installed) { unset($_POST['HTTP_REFERER']); return TRUE; } // Whitelisted Items $whitelisted_ip = array(); $whitelisted_url = array(); $whitelisted_agent = array(); $results = ee()->db->query("SELECT whitelisted_type, whitelisted_value FROM exp_whitelisted\n\t\t\t\t\t\t\t\t\t\t WHERE whitelisted_value != ''"); if ($results->num_rows() > 0) { foreach ($results->result_array() as $row) { if ($row['whitelisted_type'] == 'url') { $whitelisted_url = explode('|', $row['whitelisted_value']); } elseif ($row['whitelisted_type'] == 'ip') { $whitelisted_ip = explode('|', $row['whitelisted_value']); } elseif ($row['whitelisted_type'] == 'agent') { $whitelisted_agent = explode('|', $row['whitelisted_value']); } } } if (ee()->config->item('cookie_domain') !== FALSE && ee()->config->item('cookie_domain') != '') { $whitelisted_url[] = ee()->config->item('cookie_domain'); } $site_url = ee()->config->item('site_url'); $whitelisted_url[] = $site_url; if (!preg_match("#^http://\\w+\\.\\w+\\.\\w*#", $site_url)) { if (substr($site_url, 0, 7) == 'http://' and substr($site_url, 0, 11) != 'http://www.') { $whitelisted_url[] = preg_replace("#^http://(.+?)#", "http://www.\\1", $site_url); } } // Domain Names Array $domains = array('net', 'com', 'org', 'info', 'name', 'biz', 'us', 'de', 'uk'); // Blacklisted Checking $query = ee()->db->query("SELECT blacklisted_type, blacklisted_value FROM exp_blacklisted"); if ($query->num_rows() == 0) { unset($_POST['HTTP_REFERER']); return TRUE; } // Load the typography helper so we can do entity_decode() ee()->load->helper('typography'); foreach ($query->result_array() as $row) { if ($row['blacklisted_type'] == 'url' && $row['blacklisted_value'] != '' && $this->whitelisted != 'y') { $blacklist_values = explode('|', $row['blacklisted_value']); if (!is_array($blacklist_values) or count($blacklist_values) == 0) { continue; } foreach ($_POST as $key => $value) { // Smallest URL Possible // Or no external links if (is_array($value) or strlen($value) < 8) { continue; } // Convert Entities Before Testing $value = entity_decode($value); $value .= ' '; // Clear period from the end of URLs $value = preg_replace("#(^|\\s|\\()((http://|http(s?)://|www\\.)\\w+[^\\s\\)]+)\\.([\\s\\)])#i", "\\1\\2{{PERIOD}}\\4", $value); // Sometimes user content such as comments contain multiple // urls, so we need to check them individually. if (preg_match_all("/([f|ht]+tp(s?):\\/\\/[a-z0-9@%_.~#\\/\\-\\?&=]+.)" . "|(www.[a-z0-9@%_.~#\\-\\?&]+.)" . "|([a-z0-9@%_~#\\-\\?&]*\\.(" . implode('|', $domains) . "))/si", $value, $matches)) { for ($i = 0; $i < count($matches['0']); $i++) { // If this is a referrer or the comment module's // url field we know that it's just a single match. if ($key == 'HTTP_REFERER' or $key == 'url') { $matches['0'][$i] = $value; } foreach ($blacklist_values as $bad_url) { if ($bad_url != '' && stristr($matches['0'][$i], $bad_url) !== FALSE) { $bad = 'y'; // Check Bad Against Whitelist - URLs if (is_array($whitelisted_url) && count($whitelisted_url) > 0) { $parts = explode('?', $matches['0'][$i]); foreach ($whitelisted_url as $pure) { if ($pure != '' && stristr($parts['0'], $pure) !== FALSE) { $bad = 'n'; $this->whitelisted = 'y'; break; } } } // Check Bad Against Whitelist - IPs if (is_array($whitelisted_ip) && count($whitelisted_ip) > 0) { foreach ($whitelisted_ip as $pure) { if ($pure != '' && strpos(ee()->input->ip_address(), $pure) !== FALSE) { $bad = 'n'; $this->whitelisted = 'y'; break; } } } if ($bad == 'y') { // Referer mismatches get a access denied error // since the url error doesn't make sense for a // user who didn't take any actions. if ($key == 'HTTP_REFERER') { $this->blacklisted = 'y'; } else { exit('Action Denied: Blacklisted Item Found' . "\n<br/>" . $matches['0'][$i]); } } else { break; // Free to move on } } } } } } } elseif ($row['blacklisted_type'] == 'ip' && $row['blacklisted_value'] != '' && $this->whitelisted != 'y') { $blacklist_values = explode('|', $row['blacklisted_value']); if (!is_array($blacklist_values) or count($blacklist_values) == 0) { continue; } foreach ($blacklist_values as $bad_ip) { if ($bad_ip != '' && strpos(ee()->input->ip_address(), $bad_ip) === 0) { $bad = 'y'; if (is_array($whitelisted_ip) && count($whitelisted_ip) > 0) { foreach ($whitelisted_ip as $pure) { if ($pure != '' && strpos(ee()->input->ip_address(), $pure) !== FALSE) { $bad = 'n'; $this->whitelisted = 'y'; break; } } } if ($bad == 'y') { $this->blacklisted = 'y'; break; } else { unset($_POST['HTTP_REFERER']); return TRUE; // whitelisted, so end } } } } elseif ($row['blacklisted_type'] == 'agent' && $row['blacklisted_value'] != '' && ee()->input->user_agent() != '' && $this->whitelisted != 'y') { $blacklist_values = explode('|', $row['blacklisted_value']); if (!is_array($blacklist_values) or count($blacklist_values) == 0) { continue; } foreach ($blacklist_values as $bad_agent) { if ($bad_agent != '' && stristr(ee()->input->user_agent(), $bad_agent) !== FALSE) { $bad = 'y'; if (is_array($whitelisted_ip) && count($whitelisted_ip) > 0) { foreach ($whitelisted_ip as $pure) { if ($pure != '' && strpos(ee()->input->user_agent(), $pure) !== FALSE) { $bad = 'n'; $this->whitelisted = 'y'; break; } } } if (is_array($whitelisted_agent) && count($whitelisted_agent) > 0) { foreach ($whitelisted_agent as $pure) { if ($pure != '' && strpos(ee()->input->agent, $pure) !== FALSE) { $bad = 'n'; $this->whitelisted = 'y'; break; } } } if ($bad == 'y') { $this->blacklisted = 'y'; } else { unset($_POST['HTTP_REFERER']); return TRUE; // whitelisted, so end } } } } } unset($_POST['HTTP_REFERER']); return TRUE; }
/** * Blacklist Checker * * @access private * @return bool */ function _check_blacklist() { // Check the Referrer Too if (isset($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER'] != '') { $test_ref = $this->EE->security->xss_clean($_SERVER['HTTP_REFERER']); if (!preg_match("#^http://\\w+\\.\\w+\\.\\w*#", $test_ref)) { if (substr($test_ref, 0, 7) == 'http://' and substr($test_ref, 0, 11) != 'http://www.') { $test_ref = preg_replace("#^http://(.+?)#", "http://www.\\1", $test_ref); } } $_POST['HTTP_REFERER'] = $test_ref; } if (count($_POST) == 0 or !$this->EE->db->table_exists('exp_blacklisted')) { unset($_POST['HTTP_REFERER']); return TRUE; } // Whitelisted Items $whitelisted_ip = array(); $whitelisted_url = array(); $whitelisted_agent = array(); if ($this->EE->db->table_exists('exp_whitelisted')) { $results = $this->EE->db->query("SELECT whitelisted_type, whitelisted_value FROM exp_whitelisted \n\t\t\t\t\t\t\t\t\t\t\t WHERE whitelisted_value != ''"); if ($results->num_rows() > 0) { foreach ($results->result_array() as $row) { if ($row['whitelisted_type'] == 'url') { $whitelisted_url = explode('|', $row['whitelisted_value']); } elseif ($row['whitelisted_type'] == 'ip') { $whitelisted_ip = explode('|', $row['whitelisted_value']); } elseif ($row['whitelisted_type'] == 'agent') { $whitelisted_agent = explode('|', $row['whitelisted_value']); } } } } if ($this->EE->config->item('cookie_domain') !== FALSE && $this->EE->config->item('cookie_domain') != '') { $whitelisted_url[] = $this->EE->config->item('cookie_domain'); } $site_url = $this->EE->config->item('site_url'); $whitelisted_url[] = $site_url; if (!preg_match("#^http://\\w+\\.\\w+\\.\\w*#", $site_url)) { if (substr($site_url, 0, 7) == 'http://' and substr($site_url, 0, 11) != 'http://www.') { $whitelisted_url[] = preg_replace("#^http://(.+?)#", "http://www.\\1", $site_url); } } // Domain Names Array $domains = array('net', 'com', 'org', 'info', 'name', 'biz', 'us', 'de', 'uk'); // Blacklisted Checking $query = $this->EE->db->query("SELECT blacklisted_type, blacklisted_value FROM exp_blacklisted"); if ($query->num_rows() == 0) { unset($_POST['HTTP_REFERER']); return TRUE; } // Load the typography helper so we can do entity_decode() $this->EE->load->helper('typography'); foreach ($query->result_array() as $row) { if ($row['blacklisted_type'] == 'url' && $row['blacklisted_value'] != '' && $this->whitelisted != 'y') { $blacklist_values = explode('|', $row['blacklisted_value']); if (!is_array($blacklist_values) or count($blacklist_values) == 0) { continue; } foreach ($_POST as $key => $value) { // Smallest URL Possible // Or no external links if (is_array($value) or strlen($value) < 8) { continue; } // Convert Entities Before Testing $value = entity_decode($value); $value .= ' '; // Clear period from the end of URLs $value = preg_replace("#(^|\\s|\\()((http://|http(s?)://|www\\.)\\w+[^\\s\\)]+)\\.([\\s\\)])#i", "\\1\\2{{PERIOD}}\\4", $value); if (preg_match_all("/([f|ht]+tp(s?):\\/\\/[a-z0-9@%_.~#\\/\\-\\?&=]+.)" . "|(www.[a-z0-9@%_.~#\\-\\?&]+.)" . "|([a-z0-9@%_~#\\-\\?&]*\\.(" . implode('|', $domains) . "))/si", $value, $matches)) { for ($i = 0; $i < count($matches['0']); $i++) { if ($key == 'HTTP_REFERER' or $key == 'url') { $matches['0'][$i] = $value; } foreach ($blacklist_values as $bad_url) { if ($bad_url != '' && stristr($matches['0'][$i], $bad_url) !== FALSE) { $bad = 'y'; // Check Bad Against Whitelist - URLs if (is_array($whitelisted_url) && count($whitelisted_url) > 0) { $parts = explode('?', $matches['0'][$i]); foreach ($whitelisted_url as $pure) { if ($pure != '' && stristr($parts['0'], $pure) !== FALSE) { $bad = 'n'; $this->whitelisted = 'y'; break; } } } // Check Bad Against Whitelist - IPs if (is_array($whitelisted_ip) && count($whitelisted_ip) > 0) { foreach ($whitelisted_ip as $pure) { if ($pure != '' && strpos($this->EE->input->ip_address(), $pure) !== FALSE) { $bad = 'n'; $this->whitelisted = 'y'; break; } } } if ($bad == 'y') { if ($key == 'HTTP_REFERER') { $this->blacklisted = 'y'; } else { exit('Action Denied: Blacklisted Item Found' . "\n<br/>" . $matches['0'][$i]); } } else { break; // Free to move on } } } } } } } elseif ($row['blacklisted_type'] == 'ip' && $row['blacklisted_value'] != '' && $this->whitelisted != 'y') { $blacklist_values = explode('|', $row['blacklisted_value']); if (!is_array($blacklist_values) or count($blacklist_values) == 0) { continue; } foreach ($blacklist_values as $bad_ip) { if ($bad_ip != '' && strpos($this->EE->input->ip_address(), $bad_ip) === 0) { $bad = 'y'; if (is_array($whitelisted_ip) && count($whitelisted_ip) > 0) { foreach ($whitelisted_ip as $pure) { if ($pure != '' && strpos($this->EE->input->ip_address(), $pure) !== FALSE) { $bad = 'n'; $this->whitelisted = 'y'; break; } } } if ($bad == 'y') { $this->blacklisted = 'y'; break; } else { unset($_POST['HTTP_REFERER']); return TRUE; // whitelisted, so end } } } } elseif ($row['blacklisted_type'] == 'agent' && $row['blacklisted_value'] != '' && $this->EE->input->user_agent() != '' && $this->whitelisted != 'y') { $blacklist_values = explode('|', $row['blacklisted_value']); if (!is_array($blacklist_values) or count($blacklist_values) == 0) { continue; } foreach ($blacklist_values as $bad_agent) { if ($bad_agent != '' && stristr($this->EE->input->user_agent(), $bad_agent) !== FALSE) { $bad = 'y'; if (is_array($whitelisted_ip) && count($whitelisted_ip) > 0) { foreach ($whitelisted_ip as $pure) { if ($pure != '' && strpos($this->EE->input->user_agent(), $pure) !== FALSE) { $bad = 'n'; $this->whitelisted = 'y'; break; } } } if (is_array($whitelisted_agent) && count($whitelisted_agent) > 0) { foreach ($whitelisted_agent as $pure) { if ($pure != '' && strpos($this->EE->input->agent, $pure) !== FALSE) { $bad = 'n'; $this->whitelisted = 'y'; break; } } } if ($bad == 'y') { $this->blacklisted = 'y'; } else { unset($_POST['HTTP_REFERER']); return TRUE; // whitelisted, so end } } } } } unset($_POST['HTTP_REFERER']); return TRUE; }
public function store() { global $user, $config; $this->param = explode('/', array_key(explode('//', $this->ref), 1)); $this->param = array_splice($this->param, 1, -1); $sql = ''; $id = (isset($this->param[3])) ? (int) $this->param[3] : 0; switch ($this->param[0]) { case 'a': if ($this->param[2] == 9) { $sql = 'SELECT * FROM _dl d, _artists a WHERE d.id = ? AND a.subdomain = ? AND d.ub = a.ub'; $sql = sql_filter($sql, $id, $this->param[1]); $this->data = array( 'DATA_TABLE' => '_dl', 'POST_TABLE' => 'dl_posts', 'HISTORY' => UH_M ); } else { $sql = 'SELECT * FROM _artists WHERE subdomain = ?'; $sql = sql_filter($sql, $this->param[1]); $this->data = array( 'DATA_TABLE' => '_artists', 'POST_TABLE' => 'artists_posts', 'HISTORY' => UH_C ); } break; case 'events': $event_field = (is_numb($this->param[1])) ? 'id' : 'event_alias'; $sql = 'SELECT * FROM _events WHERE ?? = ?'; $sql = sql_filter($sql, $event_field, $this->param[1]); $this->data = array( 'DATA_TABLE' => '_events', 'POST_TABLE' => 'events_posts', 'HISTORY' => UH_EP ); break; case 'news': $sql = 'SELECT * FROM _news WHERE news_id = ?'; $sql = sql_filter($sql, $this->param[1]); $this->data = array( 'DATA_TABLE' => '_news', 'POST_TABLE' => 'news_posts', 'HISTORY' => UH_NP ); break; case 'art': $sql = 'SELECT * FROM _art WHERE art_id = ?'; $sql = sql_filter($sql, $this->param[1]); $this->data = array( 'DATA_TABLE' => '_art', 'POST_TABLE' => 'art_posts', 'HISTORY' => UH_W ); break; case 'm': $sql = 'SELECT * FROM _members WHERE username_base = ?'; $sql = sql_filter($sql, $this->param[1]); $this->data = array( 'DATA_TABLE' => '_members', 'POST_TABLE' => 'members_posts', 'HISTORY' => UH_UPM ); break; default: fatal_error(); break; } if (empty($sql)) { fatal_error(); } if (!$post_data = sql_fieldrow($sql)) { fatal_error(); } $post_reply = 0; $error = w(); $update_sql = ''; $current_time = time(); $this->auth['user'] = $user->is('member'); $this->auth['adm'] = $user->is('founder'); /* // // Flood control // if (!$this->auth['adm'] && !$this->auth['mod']) { $where_sql = (!$this->auth['user']) ? "post_ip = '$user_ip'" : "poster_id = " . $userdata['user_id']; $sql = "SELECT MAX(post_time) AS last_datetime FROM " . $this->data['POST_TABLE'] . " WHERE $where_sql"; if ($row = sql_fieldrow($sql)) { if ((intval($row['last_datetime']) > 0) && ($current_time - intval($row['last_datetime'])) < 10) { $error[] = 'CHAT_FLOOD_CONTROL'; } } } */ // // Check if message is empty // if (!sizeof($error)) { $message = request_var('message', '', true); // Check message if (empty($message)) { $error[] = 'EMPTY_MESSAGE'; } } // // Insert processed data // if (!sizeof($error)) { $update_sql = ''; $post_reply = (isset($this->param[4]) && $this->param[4] == 'reply') ? $id : 0; $message = $this->prepare($message); $insert_data = array( 'post_reply' => (int) $post_reply, 'post_active' => 1, 'poster_id' => (int) $user->d('user_id'), 'post_ip' => (string) $user->ip, 'post_time' => (int) $current_time, 'post_text' => (string) $message ); switch ($this->param[0]) { case 'a': switch ($this->param[2]) { case 9: $insert_data['download_id'] = (int) $post_data['id']; $update_sql = sql_filter('posts = posts + 1 WHERE id = ?', $post_data['id']); $this->data['HISTORY_EXTRA'] = $post_data['ub']; break; case 12: default: $insert_data['post_ub'] = (int) $post_data['ub']; $update_sql = sql_filter('posts = posts + 1 WHERE ub = ?', $post_data['ub']); $this->data['HISTORY_EXTRA'] = $post_data['ub']; $this->data['REPLY_TO_SQL'] = sql_filter('SELECT p.poster_id, m.user_id FROM _artists_posts p, _members m WHERE p.post_id = ? AND p.poster_id = m.user_id AND m.user_type NOT IN (??)', $post_reply, USER_INACTIVE); break; } break; case 'events': $insert_data['event_id'] = (int) $post_data['id']; $update_sql = sql_filter('posts = posts + 1 WHERE id = ?', $post_data['id']); break; case 'news': $insert_data['news_id'] = (int) $post_data['news_id']; $update_sql = sql_filter('post_replies = post_replies + 1 WHERE news_id = ?', $post_data['news_id']); break; case 'art': $insert_data['art_id'] = (int) $post_data['art_id']; $update_sql = sql_filter('posts = posts + 1 WHERE art_id = ?', $post_data['art_id']); break; case 'm': $insert_data['userpage_id'] = (int) $post_data['user_id']; $update_sql = sql_filter('userpage_posts = userpage_posts + 1 WHERE user_id = ?', $post_data['user_id']); $this->data['HISTORY_EXTRA'] = $post_data['user_id']; break; } $post_id = sql_insert($this->data['POST_TABLE'], $insert_data); if ($update_sql != '') { $sql = 'UPDATE ' . $this->data['DATA_TABLE'] . ' SET ' . $update_sql; sql_query($sql); } $reply_to = 0; $history_extra = isset($this->data['HISTORY_EXTRA']) ? $this->data['HISTORY_EXTRA'] : 0; if ($post_reply && isset($this->data['REPLY_TO_SQL'])) { if ($reply_row = sql_fieldrow($this->data['REPLY_TO_SQL'])) { $reply_to = ($reply_row['user_id'] != GUEST) ? $reply_row['user_id'] : 0; } $user->delete_unread($this->data['HISTORY'], $post_reply); } $notify = true; if ($this->param[0] == 'm' && $user->d('user_id') == $post_data['user_id']) { $notify = false; } if ($notify) { if ($this->param[0] == 'm') { $emailer = new emailer(); $emailer->from('info'); $emailer->use_template('user_message'); $emailer->email_address($post_data['user_email']); $emailer->set_subject($user->d('username') . ' te envio un mensaje en Rock Republik'); $emailer->assign_vars(array( 'USERNAME_TO' => $post_data['username'], 'USERNAME_FROM' => $user->d('username'), 'USER_MESSAGE' => entity_decode($message), 'U_PROFILE' => s_link('m', $user->d('username_base'))) ); $emailer->send(); $emailer->reset(); $user->save_unread($this->data['HISTORY'], $post_id, $history_extra, $post_data['user_id']); } else { $user->save_unread($this->data['HISTORY'], $post_id, $history_extra, $reply_to, false); // Points //$user->points_add(1); } } // Userpage messages if ($this->param[0] == 'm') { $sql = 'SELECT post_id FROM _members_posts p, _members_unread u WHERE u.item = p.post_id AND p.userpage_id = ? AND p.poster_id = ?'; if ($rows = sql_rowset(sql_filter($sql, $user->d('user_id'), $post_data['user_id']), false, 'post_id')) { $sql = 'DELETE FROM _members_unread WHERE user_id = ? AND element = ? AND item IN (??)'; sql_query(sql_filter($sql, $user->d('user_id'), UH_UPM, implode(',', $rows))); } } } else { $user->setup(); $return_message = parse_error($error) . '<br /><br /><br /><a href="' . $ref . '">' . lang('click_return_lastpage') . '</a>'; trigger_error($return_message); } return; }
function _ad_acute($a) { foreach (w('a e i o u A E I O U') as $row) { $row = '&' . $row . 'acute;'; $a = str_replace(entity_decode($row), $row, $a); } return $a; }
function send() { global $core, $user; // Escape all quotes, else the eval will fail. $this->msg = str_replace("'", "\\'", $this->msg); $this->msg = preg_replace('#\\{([a-z0-9\\-_]*?)\\}#is', "' . \$\\1 . '", $this->msg); // Set vars reset($this->vars); while (list($key, $val) = each($this->vars)) { ${$key} = $val; } eval("\$this->msg = '{$this->msg}';"); // Clear vars foreach ($this->vars as $key => $val) { unset(${$key}); } // We now try and pull a subject from the email body ... if it exists, // do this here because the subject may contain a variable $drop_header = ''; $match = array(); if (preg_match('#^(Subject:(.*?))$#m', $this->msg, $match)) { $this->subject = trim($match[2]) != '' ? trim($match[2]) : ($this->subject != '' ? $this->subject : 'No Subject'); $drop_header .= '[\\r\\n]*?' . preg_quote($match[1], '#'); } else { $this->subject = $this->subject != '' ? $this->subject : 'No Subject'; } if (preg_match('#^(Charset:(.*?))$#m', $this->msg, $match)) { $this->encoding = trim($match[2]) != '' ? trim($match[2]) : _lang('ENCODING'); $drop_header .= '[\\r\\n]*?' . preg_quote($match[1], '#'); } else { $this->encoding = _lang('ENCODING'); } if ($drop_header != '') { $this->msg = trim(preg_replace('#' . $drop_header . '#s', '', $this->msg)); } $to = $this->addresses['to']; $cc = isset($this->addresses['cc']) && count($this->addresses['cc']) ? implode(', ', $this->addresses['cc']) : ''; $bcc = isset($this->addresses['bcc']) && count($this->addresses['bcc']) ? implode(', ', $this->addresses['bcc']) : ''; // Build header $this->extra_headers = ($this->reply_to != '' ? "Reply-to: {$this->reply_to}\n" : '') . ($this->from != '' ? "From: {$this->from}\n" : "From: " . $core->v('default_email') . "\n") . "Return-Path: " . $core->v('default_email') . "\nMessage-ID: <" . md5(uniqid(time())) . "@" . get_host() . ">\nMIME-Version: 1.0\nContent-type: text/" . $this->eformat . "; charset=" . $this->encoding . "\nContent-transfer-encoding: 8bit\nDate: " . date('r', time()) . "\nX-Priority: 2\nX-MSMail-Priority: High\n" . $this->extra_headers . ($cc != '' ? "Cc: {$cc}\n" : '') . ($bcc != '' ? "Bcc: {$bcc}\n" : ''); // Send message ... removed $this->encode() from subject for time being $empty_to_header = $to == '' ? true : false; $to = $to == '' ? 'Undisclosed-recipients:;' : $to; if ($this->htmle) { $this->msg = entity_decode($this->msg); } if ($core->v('mail_use_smtp')) { require_once XFS . 'core/class.phpmailer.php'; $mail = new PHPMailer(true); $mail->IsSMTP(); try { $mail->SMTPDebug = 0; $mail->Host = 'ssl://smtp.gmail.com:465'; $mail->Port = 465; $mail->Username = $core->v('mail_ticket_login'); $mail->Password = $core->v('mail_ticket_key'); $mail->SMTPAuth = TRUE; $mail->AddAddress($to); if ($this->reply_to != '') { $mail->AddReplyTo($this->reply_to); } if (isset($this->addresses['cc']) && count($this->addresses['cc'])) { foreach ($this->addresses['cc'] as $row) { $mail->AddCC($row); } } if (isset($this->addresses['bcc']) && count($this->addresses['bcc'])) { foreach ($this->addresses['bcc'] as $row) { $mail->AddBCC($row); } } $mail->SetFrom($this->from); $mail->Subject = _utf8($this->subject); $this->msg = _utf8($this->msg); $mail->MsgHTML(str_replace("\n", '<br />', $this->msg)); $mail->AltBody = $this->msg; $mail->Send(); return true; } catch (phpmailerException $e) { echo $e->errorMessage(); //Pretty error messages from PHPMailer } catch (Exception $e) { echo $e->getMessage(); //Boring error messages from anything else! } return; } $result = @mail($to, $this->subject, preg_replace("#(?<!\r)\n#s", "\n", $this->msg), $this->extra_headers, "-f{$core->v('default_email')}"); // Did it work? if (!$result) { trigger_error('Failed sending email :: PHP :: ' . $result); } return true; }
protected function _press_home() { global $bio; $sql = 'SELECT * FROM _newsletter WHERE newsletter_active = 1 LIMIT 1'; if (!($newsletter = _fieldrow($sql))) { $this->warning->set('no_newsletter'); } set_time_limit(0); if (!$newsletter->newsletter_start) { $sql = 'UPDATE _newsletter SET newsletter_start = ? WHERE newsletter_id = ?'; sql_query(sql_filter($sql, time(), $newsletter->newsletter_id)); } $sql = 'SELECT bio_id, bio_alias, bio_name, bio_address, bio_lastvisit FROM _bio b ?? RIGHT JOIN _bio_newsletter bn ON b.bio_id = bn.newsletter_bio AND bn.newsletter_receive = ? WHERE b.bio_lastvisit >= ? AND b.bio_status <> ? ORDER BY b.bio_name LIMIT ??, ??'; $sql_country = ''; if (!empty($newsletter->newsletter_country)) { $sql_country = sql_filter(' LEFT JOIN _countries ON bio_country = country_id AND country_id IN (??)', implode(', ', w($newsletter->newsletter_country))); } $members = _rowset(sql_filter($sql, $sql_country, 1, $newsletter['newsletter_lastvisit'], 2, $newsletter->newsletter_last, $core->v('newsletter_process'))); $i = 0; foreach ($members as $row) { if (!is_email($row['user_email'])) { continue; } $email = array('USERNAME' => $row->username, 'MESSAGE' => entity_decode($email->email_message)); $core->email->init('press', 'mass:plain', $email); $core->email->subject(entity_decode($email['email_subject'])); if (!empty($row['user_public_email']) && $row['user_email'] != $row['user_public_email'] && is_email($row['user_public_email'])) { $core->email->cc($row->bio_address_public); } $core->email->send($row->user_email); $sql_history = array('history_newsletter' => $newsletter->newsletter_id, 'history_bio' => $row->bio_id, 'history_time' => time()); sql_put('_newsletter_history', $sql_history); sleep(2); $i++; } if ($i) { $email['email_last'] += $i; $sql = 'UPDATE _newsletter SET newsletter_last = ? WHERE newsletter_id = ?'; sql_query(sql_filter($sql, $newsletter->newsletter_last, $newsletter->newsletter_id)); } else { $sql = 'UPDATE _newsletter SET newsletter_active = ?, newsletter_end = ? WHERE newsletter_id = ?'; sql_query(sql_filter($sql, 0, time(), $newsletter->newsletter_id)); $this->warning->set('finished: ' . $newsletter->newsletter_id); } return $this->warning->set('completed: ' . $i); }
protected function _feed_home() { global $core; $format = '<?xml version="1.0" encoding="iso-8859-1"?> <rss version="2.0"> <channel> <title>%s</title> <link>%s</link> <language>es-gt</language> <description><![CDATA[%s]]></description> <lastBuildDate>%s</lastBuildDate> <webMaster>%s</webMaster> %s </channel> </rss>'; $tags = w('author title link guid description pubDate'); $last_entry = time(); $feed = ''; $sql = 'SELECT r.ref_subject, r.ref_content, r.ref_time, r.ref_link, b.bio_name FROM _reference r, _reference_type t, _bio b WHERE r.ref_bio = b.bio_id AND r.ref_type = t.type_id ORDER BY r.ref_time DESC LIMIT 20'; $reference = sql_rowset($sql); foreach ($reference as $i => $row) { if (!$i) { $last_entry = $row->ref_time; } $a = array($row->username, '<![CDATA[' . entity_decode($row->ref_subject, false) . ']]>', $row->ref_link, $row->ref_link, '<![CDATA[' . entity_decode($row->ref_content, false) . ']]>', date('D, d M Y H:i:s \\G\\M\\T', $row->ref_time)); $feed .= "\t<item>"; foreach ($a as $j => $v) { $feed .= '<' . $tags[$j] . '>' . $v . '</' . $tags[$j] . '>'; } $feed .= "</item>\n"; } // header('Content-type: text/xml'); $ref_title = entity_decode($core->v('site_name'), false); $ref_desc = entity_decode($core->v('site_details'), false); $this->e(sprintf($format, $ref_title, _link(), $ref_desc, date('D, d M Y H:i:s \\G\\M\\T', $last_entry), $core->v('site_email'), $feed)); }
/** ------------------------------------- /** Clean the values for use in URLs /** -------------------------------------*/ function prep_val($str) { // Oh, PayPal, the hoops I must jump through to woo thee... // PayPal is displaying its cart as UTF-8, sending UTF-8 headers, but when // processing the form data, is obviously wonking with it. This will force // accented characters in item names to display properly on the shopping cart // but alas only for unencrypted data. PayPal won't accept this same // workaround for encrypted form data. // Load the typography helper so we can do entity_decode() ee()->load->helper('typography'); $str = str_replace('&', '&', $str); $str = urlencode(utf8_decode(entity_decode($str, 'utf-8'))); return $str; }
protected function _ticket_home() { global $user, $core; if (!$core->v('cron_enabled')) { return $this->e('CRON_DISABLED'); } foreach (w('mail pop3 emailer htmlparser') as $row) { require_once XFS . 'core/' . $row . '.php'; } $pop3 = new pop3(); if (!$pop3->connect($core->v('mail_server'), $core->v('mail_port'))) { return $this->e('MAIL_NO_CONNECT'); } if (!($total_mail = $pop3->login('recent:' . $core->v('mail_ticket_login'), $core->v('mail_ticket_key')))) { return $this->e('MAIL_NEW_MAIL'); } // $mail = new _mail(); $emailer = new emailer(); // if (!($blacklist = $core->cache_load('ticket_blacklist'))) { $sql = 'SELECT * FROM _tickets_blacklist ORDER BY list_id'; $blacklist = $core->cache_store(_rowset($sql, 'list_address', 'list_id')); } if (!($ticket_status = $core->cache_load('ticket_status_default'))) { $sql = 'SELECT status_id FROM _tickets_status WHERE status_default = 1'; $ticket_status = $core->cache_store(_field($sql, 'status_id', 0)); } $sql = 'SELECT group_id, group_email FROM _groups ORDER BY group_email'; $groups = _rowset($sql, 'group_email', 'group_id'); $sql = 'SELECT group_email, group_name FROM _groups ORDER BY group_email'; $groups_name = _rowset($sql, 'group_email', 'group_name'); $sql = 'SELECT gg.group_email, m.user_email FROM _groups gg, _groups_members g, _members m WHERE g.member_mod = ? AND g.member_uid = m.user_id AND gg.group_id = g.member_group ORDER BY m.user_email'; $groups_mods = _rowset(sql_filter($sql, 1), 'group_email', 'user_email', true); foreach ($groups as $a_group_email => $a_group_id) { if (!isset($groups_mods[$a_group_email])) { $groups_mods[$a_group_email] = w(); } } $sql = 'SELECT s.a_assoc, s.a_value FROM _members_fields f, _members_store s WHERE s.a_field = f.field_id AND f.field_alias LIKE ? ORDER BY s.a_value'; $email_alt = _rowset(sql_filter($sql, 'email%'), 'a_value', 'a_assoc'); // Pre mail process $recv = w(); $now = time(); $line_orig = array(' '); $line_repl = array(' '); $_v = w('from from_d to ticket subject body date mod ip spam blacklist reply other'); $_c = w('normal reply other blacklist spam', 0); for ($i = 1; $i <= $total_mail; $i++) { foreach ($_v as $row) { ${'recv_' . $row} = 0; } $s_header = $mail->parse_header(split("\r\n", implode('', $pop3->top($i)))); $recv_from = $mail->parse_address($s_header['from']); if (isset($blacklist[$recv_from])) { $recv_blacklist = 1; } if ($recv_from == $core->v('mail_ticket_login')) { $recv_blacklist = 1; } _dvar($s_header['to'], ''); _dvar($s_header['cc'], ''); if (f($s_header['cc'])) { $s_header['to'] .= (f($s_header['to']) ? ', ' : '') . $s_header['cc']; } $to_part = array_map('trim', explode(strpos($s_header['to'], ',') ? ',' : ';', $s_header['to'])); foreach ($to_part as $row) { if (strpos($row, '<') !== false) { $row = preg_replace('#.*?<(.*?)>#is', '\\1', $row); } if (isset($blacklist[$row])) { $recv_blacklist = 1; } else { $recv_blacklist = 0; $row_first = array_key(explode('@', $row), 0); if (isset($groups[$row_first])) { $recv_to = $row_first; } } } if (strstr($s_header['to'], _lang('MAIL_TO_UNKNOWN')) !== false) { $recv_to = array_key(explode('@', $core->v('mail_ticket_login')), 0); } if (!$recv_to) { $recv_blacklist = 1; } if (!$recv_blacklist) { $recv_subject = htmlencode(trim($s_header['subject'])); if (preg_match('#\\[\\#(.*?)\\]#is', $recv_subject, $p_subject)) { $sql = 'SELECT ticket_id FROM _tickets WHERE ticket_code = ?'; if ($recv_subject_d = _fieldrow(sql_filter($sql, $p_subject[1]))) { $recv_ticket = $recv_subject_d['ticket_id']; $recv_reply = $p_subject[1]; $recv_subject = substr(strrchr($recv_subject, ']'), 3); } } if ($recv_to . '@' . $core->v('domain') == $recv_from && $recv_from == $core->v('mail_ticket_login') && $recv_reply) { $recv_blacklist = 1; } } if (!$recv_blacklist) { if (isset($email_alt[$recv_from])) { $sql_field = 'id'; $sql_value = $email_alt[$recv_from]; } else { $sql_field = 'username'; $sql_value = array_key(explode('@', $recv_from), 0); } $sql = 'SELECT user_id, user_username, user_firstname, user_lastname FROM _members WHERE user_?? = ?'; if ($recv_from_d = _fieldrow(sql_filter($sql, $sql_field, $sql_value))) { $recv_from_d = serialize(array_row($recv_from_d)); } else { $recv_other = 1; } $d_body = $mail->body($s_header, $pop3->fbody($i), true); $recv_date = $mail->parse_date($s_header['date']); $recv_ip = $mail->parse_ip($s_header['received']); if (isset($groups_email[$recv_to])) { $recv_mod = $groups_email[$recv_to]; } if ($recv_date > $now || $recv_date < $now - 86400) { $recv_date = $now; } if (isset($d_body['text-plain']) && f($d_body['text-plain'])) { $recv_body = trim($d_body['text-plain']); } elseif (isset($d_body['text-html']) && f($d_body['text-html'])) { $htm_text = w(); $tag_open = false; $parser = new HtmlParser($d_body['text-html']); while ($parser->parse()) { $line = trim(str_replace($line_orig, $line_repl, $parser->iNodeValue)); if ($tag_open || strpos($line, '<') !== false) { $tag_open = !$tag_open; continue; } if ($parser->iNodeName == 'Text' && f($line)) { $htm_text[] = preg_replace("/(\r\n){1}/", ' ', $line); } } $recv_body = implode("\n", $htm_text); } if (f($recv_body)) { $recv_body = htmlencode(_utf8($recv_body)); } if (!f($recv_body)) { $recv_blacklist = 1; } } $recv[$i] = w(); foreach ($_v as $row) { $recv[$i][$row] = ${'recv_' . $row}; } } foreach ($recv as $i => $row) { if ($row['spam'] || $row['blacklist']) { $pop3->delete($i); $row_key = $row['spam'] ? 'spam' : 'blacklist'; $_c[$row_key]++; continue; } // Send mail to group admin if ($row['other']) { $_c['other']++; if (count($groups_mods[$row['to']])) { foreach ($groups_mods[$row['to']] as $i => $mod_email) { $email_func = !$i ? 'email_address' : 'cc'; $emailer->{$email_func}($mod_email); } $emailer->from($row['from']); $emailer->replyto($row['from']); $emailer->set_subject(entity_decode($row['subject'])); $emailer->use_template('ticket_other'); $emailer->set_decode(true); $emailer->assign_vars(array('SUBJECT' => entity_decode($row['subject']), 'MESSAGE' => entity_decode($row['body']))); $emailer->send(); $emailer->reset(); } $pop3->delete($i); continue; } $row['code'] = $row['reply'] ? $row['reply'] : substr(md5(unique_id()), 0, 8); $row['from_d'] = unserialize($row['from_d']); $row['group_id'] = $groups[$row['to']]; $row['msubject'] = entity_decode(sprintf('%s [#%s]: %s', $groups_name[$row['to']], $row['code'], $row['subject'])); $row['mbody'] = explode("\n", $row['body']); // $body_const = w(); foreach ($row['mbody'] as $part_i => $part_row) { if (isset($row['mbody'][$part_i - 1]) && f($row['mbody'][$part_i - 1]) && f($row['mbody'][$part_i])) { $row['mbody'][$part_i] = "\n" . $part_row; } } $row['body'] = implode("\n", $row['mbody']); $v_mail = array('USERNAME' => $row['from_d']['user_username'], 'FULLNAME' => entity_decode(_fullname($row['from_d'])), 'SUBJECT' => entity_decode($row['subject']), 'MESSAGE' => entity_decode($row['body']), 'TICKET_URL' => _link('ticket', array('x1' => 'view', 'code' => $row['code']))); if (!$row['reply']) { $_c['normal']++; $sql_insert = array('parent' => 0, 'cat' => 1, 'group' => $row['group_id'], 'title' => _subject($row['subject']), 'text' => _prepare($row['body']), 'code' => $row['code'], 'contact' => $row['from_d']['user_id'], 'aby' => 0, 'status' => $ticket_status, 'start' => $row['date'], 'lastreply' => $row['date'], 'end' => 0, 'ip' => $row['ip']); $sql = 'INSERT INTO _tickets' . _build_array('INSERT', prefix('ticket', $sql_insert)); _sql($sql); // Send mail to user $emailer->email_address($row['from']); $emailer->from($row['to'] . '@' . $core->v('domain')); $emailer->set_subject($row['msubject']); $emailer->use_template('ticket_' . $row['to']); $emailer->set_decode(true); $emailer->assign_vars($v_mail); $emailer->send(); $emailer->reset(); // > Send mail to group admin if (count($groups_mods[$row['to']])) { foreach ($groups_mods[$row['to']] as $i => $mod_email) { $address_func = !$i ? 'email_address' : 'cc'; $emailer->{$address_func}($mod_email); } $emailer->from($row['to'] . '@' . $core->v('domain')); $emailer->set_subject($row['msubject']); $emailer->use_template('ticket_' . ($row['reply'] ? 'reply' : 'tech')); $emailer->set_decode(true); $emailer->assign_vars($v_mail); $emailer->send(); $emailer->reset(); } } else { $_c['reply']++; $sql_insert = array('ticket_id' => $row['ticket'], 'user_id' => $row['from_d']['user_id'], 'note_text' => htmlencode($row['body']), 'note_time' => $row['date'], 'note_cc' => 1); $sql = 'INSERT INTO _tickets_notes' . _build_array('INSERT', $sql_insert); _sql($sql); $sql = 'UPDATE _tickets SET ticket_lastreply = ? WHERE ticket_id = ?'; _sql(sql_filter($sql, $row['date'], $row['ticket'])); // Send mail to group members || user $sql = 'SELECT * FROM _tickets_assign a, _members m WHERE a.assign_ticket = ? AND a.user_id = m.user_id AND m.user_username NOT IN (?)'; $tech = _rowset(sql_filter($sql, $row['ticket'], $row['from_d']['user_username'])); if ($row['mod'] != $row['from_d']['user_username']) { $tech[] = $row['mod']; } if (count($tech)) { foreach ($tech as $tech_i => $tech_row) { $m_method = !$tech_i ? 'email_address' : 'cc'; $emailer->{$m_method}($tech_row . '@' . $core->v('domain')); } $emailer->from($row['to'] . '@' . $core->v('domain')); $emailer->use_template('ticket_reply'); $emailer->set_subject($row['msubject']); $emailer->set_decode(true); $emailer->assign_vars($v_mail); $emailer->send(); $emailer->reset(); } } // Delete mail from server $pop3->delete($i); } // Quit server $pop3->quit(); $ret = ''; foreach ($_c as $k => $v) { $ret .= "\n" . $k . ' = ' . $v . '<br />'; } return $this->e($ret); }
public function send() { global $config, $user; // Escape all quotes, else the eval will fail. $this->msg = str_replace ("'", "\'", $this->msg); $this->msg = preg_replace('#\{([a-z0-9\-_]*?)\}#is', "' . $\\1 . '", $this->msg); // Set vars reset ($this->vars); while (list($key, $val) = each($this->vars)) { $$key = $val; } eval("\$this->msg = '$this->msg';"); // Clear vars reset ($this->vars); while (list($key, $val) = each($this->vars)) { unset($$key); } // We now try and pull a subject from the email body ... if it exists, // do this here because the subject may contain a variable $drop_header = ''; $match = w(); if (preg_match('#^(Subject:(.*?))$#m', $this->msg, $match)) { $this->subject = (trim($match[2]) != '') ? trim($match[2]) : (($this->subject != '') ? $this->subject : 'No Subject'); $drop_header .= '[\r\n]*?' . preg_quote($match[1], '#'); } else { $this->subject = (($this->subject != '') ? $this->subject : 'No Subject'); } if (preg_match('#^(Charset:(.*?))$#m', $this->msg, $match)) { $this->encoding = (trim($match[2]) != '') ? trim($match[2]) : trim($lang['ENCODING']); $drop_header .= '[\r\n]*?' . preg_quote($match[1], '#'); } else { $this->encoding = lang('encoding'); } if ($drop_header != '') { $this->msg = trim(preg_replace('#' . $drop_header . '#s', '', $this->msg)); } $to = $this->addresses['to']; $cc = (isset($this->addresses['cc']) && sizeof($this->addresses['cc'])) ? implode(', ', $this->addresses['cc']) : ''; $bcc = (isset($this->addresses['bcc']) && sizeof($this->addresses['bcc'])) ? implode(', ', $this->addresses['bcc']) : ''; // Build header $this->extra_headers = (($this->reply_to != '') ? "Reply-to: $this->reply_to\n" : '') . (($this->from != '') ? "From: $this->from\n" : "From: " . $config['board_email'] . "\n") . "Return-Path: " . $config['board_email'] . "\nMessage-ID: <" . md5(uniqid(time())) . "@rockrepublik.net" . /*$config['server_name'] . */">\nMIME-Version: 1.0\nContent-type: text/plain; charset=" . $this->encoding . "\nContent-transfer-encoding: 8bit\nDate: " . date('r', time()) . "\nX-Priority: 3\nX-MSMail-Priority: Normal\n" . $this->extra_headers . (($cc != '') ? "Cc: $cc\n" : '') . (($bcc != '') ? "Bcc: $bcc\n" : ''); // Send message ... removed $this->encode() from subject for time being $empty_to_header = ($to == '') ? true : false; $to = ($to == '') ? (($config['sendmail_fix']) ? ' ' : 'Undisclosed-recipients:;') : $to; $this->subject = entity_decode($this->subject); $this->msg = entity_decode($this->msg); $result = @mail($to, $this->subject, preg_replace("#(?<!\r)\n#s", "\n", $this->msg), $this->extra_headers, "-f{$config['board_email']}"); if (!$result && !$config['sendmail_fix'] && $empty_to_header) { $to = ' '; set_config('sendmail_fix', 1); $result = @mail($to, $this->subject, preg_replace("#(?<!\r)\n#s", "\n", $this->msg), $this->extra_headers, "-f{$config['board_email']}"); } if (!$result) { return false; } return true; }
/** * HTML Entity Decode Callback * * Used as a callback for XSS Clean * * @access public * @param array * @return string */ function _decode_entity($match) { $CI =& get_instance(); $CI->load->helper('typography'); return entity_decode($match[0], strtoupper($CI->config->item('charset'))); }
protected function _tech_add() { global $user, $core; gfatal(); if (!_auth_get('ticket_assign_tech') && !_auth_get('ticket_auto_assign')) { _fatal(); } $v = $this->__(array('ticket' => 0, 'tech')); if (_auth_get('ticket_auto_assign') && !$user->v('is_founder') && $user->v('user_username') != $v['tech']) { $this->_error('NO_ASSIGN_OTHER'); } $sql = 'SELECT * FROM _tickets t, _groups g WHERE t.ticket_id = ? AND t.ticket_group = g.group_id'; if (!($tdata = _fieldrow(sql_filter($sql, $v['ticket'])))) { $this->_error('NOT_MEMBER_2'); } $sql = 'SELECT user_id FROM _members WHERE user_username = ?'; $v['tech'] = _field(sql_filter($sql, $v['tech']), 'user_id', 0); $sql = 'SELECT * FROM _members WHERE user_id = ?'; if (!($techdata = _fieldrow(sql_filter($sql, $v['tech'])))) { $this->_error('NOT_MEMBER'); } $sql = 'SELECT ticket_id FROM _tickets WHERE ticket_contact = ? AND ticket_id = ?'; if ($row1 = _field(sql_filter($sql, $v['tech'], $v['ticket']), 'ticket_id', 0)) { $this->_error('CANT_ASSIGN'); } $sql = 'SELECT * FROM _tickets_assign WHERE user_id = ? AND assign_ticket = ?'; if ($row2 = _fieldrow(sql_filter($sql, $v['tech'], $v['ticket']))) { $this->_error('ALREADY_ASSIGN'); } $sql = 'SELECT * FROM _members WHERE user_id = ?'; if (!($cdata = _fieldrow(sql_filter($sql, $tdata['ticket_contact'])))) { $this->_error('NOT_MEMBER_3'); } $sql_insert = array('assign_ticket' => $v['ticket'], 'user_id' => $v['tech'], 'assign_status' => $tdata['ticket_status'], 'assign_end' => 0); $sql = 'INSERT INTO _tickets_assign' . _build_array('INSERT', $sql_insert); _sql($sql); // Send notification require_once XFS . 'core/emailer.php'; $emailer = new emailer(); $ticket_subject = entity_decode($tdata['group_name'] . ' [#' . $tdata['ticket_code'] . ']: ' . $tdata['ticket_title']); $ticket_message = entity_decode($tdata['ticket_text']); $emailer->from($tdata['group_email'] . '@' . $core->v('domain')); $emailer->email_address($techdata['user_email']); $emailer->use_template('ticket_tech'); $emailer->set_subject($ticket_subject); $emailer->assign_vars(array('USERNAME' => $techdata['user_username'], 'FULLNAME' => entity_decode(_fullname($cdata)), 'SUBJECT' => entity_decode($tdata['ticket_title']), 'MESSAGE' => $ticket_message, 'TICKET_URL' => _link($this->m(), array('x1' => 'view', 'code' => $tdata['ticket_code'])))); $emailer->send(); $emailer->reset(); return $this->e(_fullname($cdata)); }
function words($width, $fontsize, $text, $maxline = false, $skip_short = true) { $part = w(); $long = $words = $i = 0; if ($maxline !== false && !is_array($maxline)) { $maxline = array($maxline); } foreach ($text as $j => $word) { $length = $this->cp->getTextWidth($fontsize, entity_decode($word, false)); if ($length > $width) { continue; } if ($maxline !== false) { $eachline = isset($maxline[$i]) ? $maxline[$i] : end($maxline); } if ($width - $long < $length || $maxline !== false && $eachline !== false && $eachline && $words == $eachline) { $long = $words = 0; $i++; } if (!isset($part[$i])) { $part[$i] = ''; } $split_word = explode('>==', $word); if (count($split_word) > 1) { if ($i) { $part[$i - 1] .= ($part[$i - 1] != '' ? ' ' : '') . $split_word[0]; $part[$i] .= ($part[$i] != '' ? ' ' : '') . $split_word[1]; $length = $this->cp->getTextWidth($fontsize, entity_decode($split_word[1], false)); } else { $part[$i] .= ($part[$i] != '' ? ' ' : '') . $split_word[0]; $i++; $long = $words = 0; // $length = $this->cp->getTextWidth($fontsize, entity_decode($split_word[0], false)); if (!isset($part[$i])) { $part[$i] = ''; } $part[$i] .= ($part[$i] != '' ? ' ' : '') . $split_word[1]; } } else { $part[$i] .= ($part[$i] != '' ? ' ' : '') . $split_word[0]; } $long += $length; if (!$skip_short || strlen($word) > 2) { $words++; } } return $part; }