function xthreads_phptpl_eval_expr($s)
{
require_once MYBB_ROOT . 'inc/xthreads/xt_phptpl_lib.php';
return eval('return (' . xthreads_phptpl_expr_parse($s) . ');');
}
function xthreads_buildtfcache_parseitem(&$tf)
{
require_once MYBB_ROOT . 'inc/xthreads/xt_phptpl_lib.php';
// remove unnecessary fields
if ($tf['editable_gids']) {
$tf['editable'] = 0;
}
if (!$tf['viewable_gids']) {
unset($tf['unviewableval']);
}
switch ($tf['inputtype']) {
case XTHREADS_INPUT_FILE_URL:
unset($tf['multival'], $tf['multival_limit'], $tf['dispitemformat']);
case XTHREADS_INPUT_FILE:
unset($tf['editable_values'], $tf['formatmap'], $tf['textmask'], $tf['inputformat'], $tf['maxlen'], $tf['vallist'], $tf['sanitize'], $tf['allowfilter'], $tf['defaultval'], $tf['fieldheight']);
if (!$tf['fileimage']) {
unset($tf['fileimgthumbs']);
}
$tf['datatype'] = XTHREADS_DATATYPE_TEXT;
break;
case XTHREADS_INPUT_TEXTAREA:
unset($tf['allowfilter']);
// fall through
// fall through
case XTHREADS_INPUT_TEXT:
unset($tf['vallist']);
break;
case XTHREADS_INPUT_RADIO:
unset($tf['multival'], $tf['multival_limit']);
// fall through
// fall through
case XTHREADS_INPUT_CHECKBOX:
case XTHREADS_INPUT_SELECT:
unset($tf['textmask'], $tf['maxlen']);
}
switch ($tf['inputtype']) {
case XTHREADS_INPUT_FILE:
case XTHREADS_INPUT_FILE_URL:
break;
case XTHREADS_INPUT_TEXT:
case XTHREADS_INPUT_CHECKBOX:
unset($tf['fieldheight']);
// fall through
// fall through
default:
unset($tf['filemagic'], $tf['fileexts'], $tf['filemaxsize'], $tf['fileimage'], $tf['fileimgthumbs']);
}
if (xthreads_empty($tf['multival'])) {
unset($tf['dispitemformat'], $tf['multival_limit']);
} else {
$tf['datatype'] = XTHREADS_DATATYPE_TEXT;
}
if ($tf['datatype'] != XTHREADS_DATATYPE_TEXT) {
// disable santizer for a free speed boost
if (($tf['sanitize'] & XTHREADS_SANITIZE_MASK) != XTHREADS_SANITIZE_PARSER) {
$tf['sanitize'] = XTHREADS_SANITIZE_NONE;
}
}
// preformat stuff to save time later
if ($tf['formatmap']) {
$tf['formatmap'] = @unserialize($tf['formatmap']);
} else {
$tf['formatmap'] = null;
}
if (!xthreads_empty($tf['vallist'])) {
$vallist = $tf['vallist'];
$tf['vallist'] = array();
foreach (array_map('trim', explode("\n", str_replace("\r", '', $vallist))) as $vallistitem) {
if (($p = strpos($vallistitem, '{|}')) !== false) {
$tf['vallist'][substr($vallistitem, 0, $p)] = substr($vallistitem, $p + 3);
} else {
$tf['vallist'][$vallistitem] = $vallistitem;
}
}
}
// TODO: explode forums, fileexts?
if ($tf['editable_gids']) {
$tf['editable_gids'] = array_unique(explode(',', $tf['editable_gids']));
}
if ($tf['viewable_gids']) {
$tf['viewable_gids'] = array_unique(explode(',', $tf['viewable_gids']));
}
if ($tf['fileimgthumbs']) {
$thumbarray = array_unique(explode('|', $tf['fileimgthumbs']));
$tf['fileimgthumbs'] = array();
foreach ($thumbarray as &$thumb) {
if (preg_match('~^([a-zA-Z0-9_]+)\\=~', $thumb, $m)) {
$chain = substr($thumb, strlen($m[0]));
// add additionally allowed funcs
require_once MYBB_ROOT . 'inc/xthreads/xt_image.php';
$extra_funcs =& $GLOBALS['phptpl_additional_functions'];
$extra_funcs = array('newXTImg');
foreach (get_class_methods('XTImageTransform') as $meth) {
if ($meth[0] != '_') {
// this is ugly, but should be good enough
// problem is that it's difficult to see the source object for method calls, so just allow any object
$extra_funcs[] = '->' . $meth;
}
}
// TODO: put in extra functions
$fitk =& $tf['fileimgthumbs'][strtolower($m[1])];
//$fitk = '$img->'.$chain;
$fitk = xthreads_phptpl_expr_parse('->' . $chain, array('WIDTH' => '$img->WIDTH', 'OWIDTH' => '$img->OWIDTH', 'HEIGHT' => '$img->HEIGHT', 'OHEIGHT' => '$img->OHEIGHT', 'TYPE' => '$img->TYPE', 'FILENAME' => '$img->FILENAME'));
if ($fitk && $fitk != 'false') {
$fitk = '$img' . $fitk;
}
// prevents transform to $GLOBALS['img']
unset($GLOBALS['phptpl_additional_functions']);
} elseif (preg_match('~^\\d+x\\d+$~', $thumb)) {
$tf['fileimgthumbs'][$thumb] = false;
}
}
}
if (!xthreads_empty($tf['filemagic'])) {
$tf['filemagic'] = array_map('urldecode', array_unique(explode('|', $tf['filemagic'])));
}
// fix sanitize
switch ($tf['inputtype']) {
case XTHREADS_INPUT_TEXT:
//if($tf['sanitize'] == XTHREADS_SANITIZE_HTML_NL)
// $tf['sanitize'] = XTHREADS_SANITIZE_HTML;
break;
case XTHREADS_INPUT_SELECT:
$tf['sanitize'] = XTHREADS_SANITIZE_HTML;
break;
case XTHREADS_INPUT_CHECKBOX:
case XTHREADS_INPUT_RADIO:
$tf['sanitize'] = XTHREADS_SANITIZE_NONE;
break;
}
// santize -> separate mycode stuff?
if ($tf['allowfilter']) {
$tf['ignoreblankfilter'] = $tf['editable'] == XTHREADS_EDITABLE_REQ;
if ($tf['ignoreblankfilter'] && !empty($tf['vallist'])) {
$tf['ignoreblankfilter'] = !isset($tf['vallist']['']);
}
}
if (!xthreads_empty($tf['editable_values'])) {
if ($tf['editable'] == XTHREADS_EDITABLE_NONE) {
unset($tf['editable_values']);
} else {
$tf['editable_values'] = @unserialize($tf['editable_values']);
}
}
// sanitise eval'd stuff
if ($tf['inputtype'] == XTHREADS_INPUT_FILE) {
$sanitise_fields = array('DOWNLOADS', 'DOWNLOADS_FRIENDLY', 'FILENAME', 'UPLOADMIME', 'URL', 'FILESIZE', 'FILESIZE_FRIENDLY', 'MD5HASH', 'UPLOAD_TIME', 'UPLOAD_DATE', 'UPDATE_TIME', 'UPDATE_DATE', 'THUMBS', 'DIMS');
$validate_fields = array('FILENAME', 'FILESIZE', 'NUM_FILES');
} else {
$sanitise_fields = array('VALUE', 'RAWVALUE');
$tf['regex_tokens'] = $tf['unviewableval'] && preg_match('~\\{(?:RAW)?VALUE\\$\\d+\\}~', $tf['unviewableval']) || $tf['dispformat'] && preg_match('~\\{(?:RAW)?VALUE\\$\\d+\\}~', $tf['dispformat']) || $tf['dispitemformat'] && preg_match('~\\{(?:RAW)?VALUE\\$\\d+\\}~', $tf['dispitemformat']);
$validate_fields = array('VALUE');
}
if ($tf['defaultval']) {
xthreads_sanitize_eval($tf['defaultval']);
}
if (!empty($tf['formatmap']) && is_array($tf['formatmap'])) {
foreach ($tf['formatmap'] as &$fm) {
xthreads_sanitize_eval($fm);
}
}
foreach (array('inputformat', 'inputvalidate', 'unviewableval', 'dispformat', 'dispitemformat', 'blankval') as $field) {
if (isset($tf[$field])) {
if ($field == 'blankval' || $field == 'defaultval') {
xthreads_sanitize_eval($tf[$field]);
} elseif ($field == 'inputformat') {
xthreads_sanitize_eval($tf[$field], array('VALUE' => null));
} elseif ($field == 'inputvalidate') {
xthreads_sanitize_eval($tf[$field], xthreads_eval_flipfields($validate_fields));
} elseif ($tf['inputtype'] == XTHREADS_INPUT_FILE && !xthreads_empty($tf['multival']) && ($field == 'unviewableval' || $field == 'dispformat')) {
// special case for multi file inputs
xthreads_sanitize_eval($tf[$field], array('VALUE' => null));
} else {
xthreads_sanitize_eval($tf[$field], xthreads_eval_flipfields($sanitise_fields));
}
}
}
$formhtml = xthreads_default_threadfields_formhtml($tf['inputtype']);
if ($tf['formhtml'] !== '') {
switch ($tf['inputtype']) {
case XTHREADS_INPUT_SELECT:
case XTHREADS_INPUT_CHECKBOX:
case XTHREADS_INPUT_RADIO:
case XTHREADS_INPUT_FILE:
// item block extraction
$tf['formhtml_item'] = '';
$GLOBALS['__xt_formhtml_item'] =& $tf['formhtml_item'];
$GLOBALS['__xt_formhtml_sanitise_fields'] =& $formhtml[1];
$tf['formhtml'] = preg_replace_callback('~\\<\\!\\[ITEM\\[(.*?)\\]\\]\\>~is', 'xthreads_buildcache_parseitem_formhtml_pr', $tf['formhtml'], 1);
unset($GLOBALS['__xt_formhtml_item'], $GLOBALS['__xt_formhtml_sanitise_fields']);
$formhtml[1][] = 'ITEMS';
}
xthreads_sanitize_eval($tf['formhtml'], xthreads_eval_flipfields($formhtml[1]));
}
}
function _xthreads_phptpl_expr_parse2($str, $fields = array())
{
if (!$str && $str !== '0') {
return '';
}
// unescapes the slashes added by xthreads_sanitize_eval
$str = strtr($str, array('\\$' => '$', '\\"' => '"', '\\\\' => '\\'));
return xthreads_phptpl_expr_parse($str, $fields);
}
