/**
* Parses search keywords.
*
* @param string $keywordString
*/
protected static function parseKeywords($keywordString)
{
// convert encoding if necessary
if (CHARSET == 'UTF-8' && !StringUtil::isASCII($keywordString) && !StringUtil::isUTF8($keywordString)) {
$keywordString = StringUtil::convertEncoding('ISO-8859-1', 'UTF-8', $keywordString);
}
// remove bad wildcards
$keywordString = preg_replace('/(?<!\\w)\\*/', '', $keywordString);
// remove search operators
$keywordString = preg_replace('/[\\+\\-><()~]+/', '', $keywordString);
if (StringUtil::substring($keywordString, 0, 1) == '"' && StringUtil::substring($keywordString, -1) == '"') {
// phrases search
$keywordString = StringUtil::trim(StringUtil::substring($keywordString, 1, -1));
if (!empty($keywordString)) {
self::$keywords = array_merge(self::$keywords, array(StringUtil::encodeHTML($keywordString)));
}
} else {
// replace word delimiters by space
$keywordString = preg_replace('/[.,]/', ' ', $keywordString);
$keywords = ArrayUtil::encodeHTML(ArrayUtil::trim(explode(' ', $keywordString)));
if (count($keywords) > 0) {
self::$keywords = array_merge(self::$keywords, $keywords);
}
}
}
/**
* Gets the search query keywords.
*/
protected static function getSearchQuery()
{
self::$searchQuery = false;
if (isset($_GET['highlight'])) {
$keywordString = $_GET['highlight'];
// remove search operators
$keywordString = preg_replace('/[\\+\\-><()~\\*]+/', '', $keywordString);
if (StringUtil::substring($keywordString, 0, 1) == '"' && StringUtil::substring($keywordString, -1) == '"') {
// phrases search
$keywordString = StringUtil::trim(StringUtil::substring($keywordString, 1, -1));
if (!empty($keywordString)) {
self::$searchQuery = $keywordString;
}
} else {
self::$searchQuery = ArrayUtil::trim(explode(' ', $keywordString));
if (count(self::$searchQuery) == 0) {
self::$searchQuery = false;
} else {
if (count(self::$searchQuery) == 1) {
self::$searchQuery = reset(self::$searchQuery);
}
}
}
}
}
public static function parseFlags($input)
{
$flags = array();
$parts = ArrayUtil::trim(explode(',', $input));
foreach ($parts as $part) {
$flag = ArrayUtil::trim(explode('=', $part, 2));
$flags[$flag[0]] = isset($flag[1]) ? $flag[1] : true;
}
return $flags;
}
/**
* @see SearchableUserOption::getCondition()
*/
public function getCondition($optionData, $value, $matchesExactly = true)
{
if (!is_array($value) || !count($value)) {
return false;
}
$value = ArrayUtil::trim($value);
if (!count($value)) {
return false;
}
return "option_value.userOption" . $optionData['optionID'] . " = '" . implode("\n", array_map('escapeString', $value)) . "'";
}
/**
* @see Page::readParameters()
*/
public function readParameters()
{
parent::readParameters();
if (isset($_REQUEST['query'])) {
$queryString = $_REQUEST['query'];
if (CHARSET != 'UTF-8') {
$queryString = StringUtil::convertEncoding('UTF-8', CHARSET, $queryString);
}
$this->query = ArrayUtil::trim(explode(',', $queryString));
}
}
/**
* @see SocketServerClient::onRead()
*/
public function onRead()
{
$string = StringUtil::unifyNewlines($this->readBuffer);
echo '#~->', strlen($string) > 500 ? substr($string, 0, 500) : $string;
if (!$this->isValidString($string)) {
return;
}
$lines = ArrayUtil::trim(explode("\n", $string));
$this->handleRequest($lines);
$this->read_buffer = '';
}
/**
* Returns true, if the active user has a buddy with the given user.
*
* @param int user id
* @return bool
*/
public function hasBuddy($userID)
{
if ($this->buddies === null) {
if ($this->buddy) {
$this->buddies = ArrayUtil::trim(explode(',', $this->buddy));
} else {
$this->buddies = array();
}
}
return in_array($userID, $this->buddies);
}
public static function getIconPath($icons) {
if (self::$iconCache === null)
self::$iconCache = WCF::getCache()->get('icon-'.PACKAGE_ID.'-'.StyleManager::getStyle()->styleID);
$icon = '';
$icons = ArrayUtil::trim(explode(',', $icons));
foreach ($icons as $icon) {
if (isset(self::$iconCache[$icon]))
return self::$iconCache[$icon];
}
return RELATIVE_WCF_DIR.'icon/'.$icon;
}
/**
* @see Action::readParameters()
*/
public function readParameters()
{
parent::readParameters();
// get object id
if (isset($_REQUEST['objectID'])) {
$this->objectID = intval($_REQUEST['objectID']);
}
// get quote(s)
if (isset($_REQUEST['text'])) {
$this->text = $_REQUEST['text'];
}
if (is_array($this->text)) {
$this->text = ArrayUtil::unifyNewlines(ArrayUtil::trim($this->text));
if (CHARSET != 'UTF-8') {
$this->text = ArrayUtil::convertEncoding('UTF-8', CHARSET, $this->text);
}
} else {
$this->text = StringUtil::unifyNewlines(StringUtil::trim($this->text));
if (CHARSET != 'UTF-8') {
$this->text = StringUtil::convertEncoding('UTF-8', CHARSET, $this->text);
}
}
}
/**
* Gets the page URLs.
*
* @return array
*/
protected static function getPageURLs()
{
$urlString = '';
if (defined('PAGE_URL')) {
$urlString .= PAGE_URL;
}
if (defined('PAGE_URLS')) {
$urlString .= "\n" . PAGE_URLS;
}
$urlString = StringUtil::unifyNewlines($urlString);
self::$pageURLs = ArrayUtil::trim(explode("\n", $urlString));
}
/**
* @see EventListener::execute()
*/
public function execute($eventObj, $className, $eventName)
{
if (MODULE_MODERATED_USER_GROUP == 1) {
if ($eventObj instanceof GroupEditForm && $eventObj->group->groupType < 4) {
// a default group can't be a moderated group
return;
}
if ($eventName == 'readFormParameters') {
if (isset($_POST['groupDescription'])) {
$this->groupDescription = StringUtil::trim($_POST['groupDescription']);
}
if (isset($_POST['groupType'])) {
$this->groupType = intval($_POST['groupType']);
}
if (isset($_POST['groupLeaders'])) {
$this->groupLeaders = StringUtil::trim($_POST['groupLeaders']);
}
} else {
if ($eventName == 'validate') {
try {
// group type
if ($this->groupType < 4 || $this->groupType > 7) {
throw new UserInputException('groupType');
}
// group leaders
// explode multiple names to an array
$nameArray = ArrayUtil::trim(explode(',', $this->groupLeaders));
$error = array();
// loop through names
foreach ($nameArray as $name) {
try {
// get user group
$sql = "SELECT\tgroupID, groupName\n\t\t\t\t\t\t\t\tFROM\twcf" . WCF_N . "_group\n\t\t\t\t\t\t\t\tWHERE\tgroupName = '" . escapeString($name) . "'";
$row = WCF::getDB()->getFirstRow($sql);
if (!empty($row['groupID']) && (!$eventObj instanceof GroupEditForm || $row['groupID'] != $eventObj->groupID)) {
$this->leaders[] = new Group($row['groupID']);
} else {
// get user
$user = new User(null, null, $name);
if (!$user->userID) {
throw new UserInputException('username', 'notFound');
}
$this->leaders[] = $user;
}
} catch (UserInputException $e) {
$error[] = array('type' => $e->getType(), 'username' => $name);
}
}
if (count($error)) {
throw new UserInputException('groupLeaders', $error);
}
} catch (UserInputException $e) {
$eventObj->errorType[$e->getField()] = $e->getType();
}
} else {
if ($eventName == 'save') {
// save
$eventObj->additionalFields['groupDescription'] = $this->groupDescription;
$eventObj->additionalFields['groupType'] = $this->groupType;
// reset values
if (!$eventObj instanceof GroupEditForm) {
$this->groupDescription = '';
$this->groupType = 4;
}
} else {
if ($eventName == 'saved') {
if ($eventObj instanceof GroupEditForm) {
// delete old group leaders
$sql = "DELETE FROM\twcf" . WCF_N . "_group_leader\n\t\t\t\t\t\tWHERE\t\tgroupID = " . $eventObj->group->groupID;
WCF::getDB()->sendQuery($sql);
// deleted old applications
if ($this->groupType != 6 && $this->groupType != 7) {
$sql = "DELETE FROM\twcf" . WCF_N . "_group_application\n\t\t\t\t\t\t\tWHERE\t\tgroupID = " . $eventObj->group->groupID;
WCF::getDB()->sendQuery($sql);
}
}
// save group leaders
$inserts = '';
foreach ($this->leaders as $leader) {
if (!empty($inserts)) {
$inserts .= ',';
}
$inserts .= '(' . $eventObj->group->groupID . ', ' . ($leader instanceof User ? $leader->userID : 0) . ', ' . ($leader instanceof Group ? $leader->groupID : 0) . ')';
}
if (!empty($inserts)) {
$sql = "INSERT IGNORE INTO\twcf" . WCF_N . "_group_leader\n\t\t\t\t\t\t\t\t\t(groupID, leaderUserID, leaderGroupID)\n\t\t\t\t\t\tVALUES\t\t\t" . $inserts;
WCF::getDB()->sendQuery($sql);
}
// reset values
if (!$eventObj instanceof GroupEditForm) {
$this->groupLeaders = '';
}
} else {
if ($eventName == 'assignVariables') {
if (!count($_POST) && $eventObj instanceof GroupEditForm) {
// get default values
$this->groupDescription = $eventObj->group->groupDescription;
$this->groupType = $eventObj->group->groupType;
// get group leaders
$this->groupLeaders = '';
$sql = "SELECT\t\tCASE WHEN user_table.username IS NOT NULL THEN user_table.username ELSE usergroup.groupName END AS name\n\t\t\t\t\t\tFROM\t\twcf" . WCF_N . "_group_leader leader\n\t\t\t\t\t\tLEFT JOIN\twcf" . WCF_N . "_user user_table\n\t\t\t\t\t\tON\t\t(user_table.userID = leader.leaderUserID)\n\t\t\t\t\t\tLEFT JOIN\twcf" . WCF_N . "_group usergroup\n\t\t\t\t\t\tON\t\t(usergroup.groupID = leader.leaderGroupID)\n\t\t\t\t\t\tWHERE\t\tleader.groupID = " . $eventObj->group->groupID . "\n\t\t\t\t\t\tORDER BY\tname";
$result = WCF::getDB()->sendQuery($sql);
while ($row = WCF::getDB()->fetchArray($result)) {
if (!empty($this->groupLeaders)) {
$this->groupLeaders .= ', ';
}
$this->groupLeaders .= $row['name'];
}
}
// assign variables
WCF::getTPL()->assign(array('groupDescription' => $this->groupDescription, 'groupType' => $this->groupType, 'groupLeaders' => $this->groupLeaders, 'errorField' => $eventObj->errorField, 'errorType' => $eventObj->errorType));
WCF::getTPL()->append('additionalFields', WCF::getTPL()->fetch('groupAddModeratedGroups'));
}
}
}
}
}
}
}
/**
* Checks a sql string.
*
* @param integer $packageID
* @param string $action
*/
protected function checkSQL($packageID, $action)
{
// checked tables should be overwritten
$this->checkedTables = isset($_POST['checkedTables']) ? ArrayUtil::trim($_POST['checkedTables']) : array();
// delete comments
$this->sqlStr = QueryParser::deleteComments($this->sqlStr);
/*
Before installing,updating or alter any table, it will be checked if any statement
from the sql file is illegal.
Not the MySQL Syntax will be checked but the woltlab package philosophy.
No table will be installed, altered or dropped until all statements are proved.
*/
// get existing tables from database
$this->existingTables = WCF::getDB()->getTableNames();
// get logged and external tables
$this->getTableConditions($packageID);
// get IDs from packages which got logged tables and are in the same package environment
$this->getMandatoryPackageIDs($packageID);
/*
The following "preg_match-parts" are checking if the actual package got the rights
to install or update the tables which are in the sql file (i.e. install.sql).
An exception will be thrown if illegal operations appear.
If overwriting is allowed (external tables) the "overwrite-template" will be shown
and the user can decide which tables should be overwritten or not.
*/
// ckeck "DATABASE"-statements. don't allow any DATABASE manipulation
$matches = array();
if (preg_match_all("%(DROP|ALTER|CREATE)\\s+DATABASE%i", $this->sqlStr, $matches)) {
throw new SystemException("Illegal statement '" . $matches[1] . " DATABASE ...'.", 13017);
}
// check other statements
$this->checkDropTables($packageID, $action);
$this->checkAlterTables($packageID, $action);
$this->checkCreateTables($packageID, $action);
$this->checkRenameTables($packageID, $action);
$this->checkCreateIndeces($packageID, $action);
$this->checkDropIndeces($packageID, $action);
}
/**
* Takes a string of comma separated tags and splits it into an array.
*
* @param string $tags
* @param string $separators
* @return array
*/
public static function splitString($tags, $separators = ',;')
{
return array_unique(ArrayUtil::trim(preg_split('/[' . preg_quote($separators) . ']/', $tags)));
}
/**
* @see MessageForm::validateText()
*/
protected function validateText()
{
if (empty($this->text)) {
return;
}
parent::validateText();
// check image count
$imageCount = preg_match_all('!\\[img=.+?\\]!i', $this->text, $m) + preg_match_all('!\\[img\\].+?(\\[/img\\]|$)!is', $this->text, $m);
if ($imageCount > WCF::getUser()->getPermission('user.profile.signature.maxImages')) {
throw new UserInputException('text', 'tooManyImages');
}
if (WCF::getUser()->getPermission('user.profile.signature.maxImageSize') > 0 || WCF::getUser()->getPermission('user.profile.signature.maxImageWidth') > 0 || WCF::getUser()->getPermission('user.profile.signature.maxImageHeight') > 0) {
// get images
$images = array();
// [img=path][/img] syntax
preg_match_all("!\\[img=(?:'([^'\\\\]+|\\\\.)*'|(.+?))(?:,(?:'(?:left|right)'|(?:left|right)))?\\]!i", $this->text, $matches);
$images = array_merge($images, ArrayUtil::trim($matches[1]), ArrayUtil::trim($matches[2]));
// [img]path[/img] syntax
preg_match_all("!\\[img\\](.+?)(\\[/img\\]|\$)!is", $this->text, $matches);
$images = array_merge($images, ArrayUtil::trim($matches[1]));
$errors = array();
foreach ($images as $image) {
// download file
try {
if (@($tmpFile = FileUtil::downloadFileFromHttp($image, 'image_'))) {
if (WCF::getUser()->getPermission('user.profile.signature.maxImageSize') > 0) {
// get remote image size (byte)
if (filesize($tmpFile) > WCF::getUser()->getPermission('user.profile.signature.maxImageSize')) {
$errors[] = array('errorType' => 'tooLarge', 'image' => $image);
continue;
}
}
// get remote image size (pixel)
if (WCF::getUser()->getPermission('user.profile.signature.maxImageWidth') > 0 || WCF::getUser()->getPermission('user.profile.signature.maxImageHeight') > 0) {
if ($size = @getImageSize($tmpFile)) {
$width = $size[0];
$height = $size[1];
if ($width > WCF::getUser()->getPermission('user.profile.signature.maxImageWidth') || $height > WCF::getUser()->getPermission('user.profile.signature.maxImageHeight')) {
$errors[] = array('errorType' => 'tooLarge', 'image' => $image);
}
}
}
}
} catch (SystemException $e) {
}
}
if (count($errors) > 0) {
throw new UserInputException('text', $errors);
}
}
}
/**
* reads the parameters the user entered in the form
*/
protected function readFormParameters()
{
if (isset($_POST['permissions']) && is_array($_POST['permissions'])) {
$this->selectedPermissions = ArrayUtil::trim($_POST['permissions']);
}
}
/**
* Gets the page URLs.
*
* @return array
*/
public static function getPageURLs()
{
$urlString = '';
if (defined('PAGE_URL')) {
$urlString .= PAGE_URL;
}
if (defined('PAGE_URLS')) {
$urlString .= "\n" . PAGE_URLS;
}
$urlString = StringUtil::unifyNewlines($urlString);
return ArrayUtil::trim(explode("\n", $urlString));
}
/**
* Reads the given parameters.
*/
public function readParams()
{
$pollOptionsText = '';
$this->data['votesNotChangeable'] = $this->data['sortByResult'] = 0;
if (isset($_POST['pollQuestion'])) {
$this->data['question'] = StringUtil::trim($_POST['pollQuestion']);
}
if (isset($_POST['pollOptions'])) {
$pollOptionsText = StringUtil::unifyNewlines(StringUtil::trim($_POST['pollOptions']));
}
if (isset($_POST['choiceCount'])) {
$this->data['choiceCount'] = intval($_POST['choiceCount']);
}
if (isset($_POST['votesNotChangeable'])) {
$this->data['votesNotChangeable'] = intval($_POST['votesNotChangeable']);
}
if (isset($_POST['sortByResult'])) {
$this->data['sortByResult'] = intval($_POST['sortByResult']);
}
if ($this->canStartPublicPoll) {
$this->data['isPublic'] = 0;
if (isset($_POST['isPublic'])) {
$this->data['isPublic'] = intval($_POST['isPublic']);
}
}
// end time
if (isset($_POST['endTimeDay'])) {
$this->endTimeDay = intval($_POST['endTimeDay']);
}
if (isset($_POST['endTimeMonth'])) {
$this->endTimeMonth = intval($_POST['endTimeMonth']);
}
if (isset($_POST['endTimeYear'])) {
$this->endTimeYear = intval($_POST['endTimeYear']);
}
if (isset($_POST['endTimeHour'])) {
$this->endTimeHour = intval($_POST['endTimeHour']);
}
if (isset($_POST['endTimeMinutes'])) {
$this->endTimeMinutes = intval($_POST['endTimeMinutes']);
}
$this->pollOptionsArray = array_unique(ArrayUtil::trim(explode("\n", $pollOptionsText)));
$this->assign();
}
/**
* Returns censored words from a text.
*
* @param string $text
* @return mixed $matches / false
*/
public static function test($text)
{
// reset matches
self::$matches = array();
// get words which should be censored
$censoredWords = explode("\n", StringUtil::unifyNewlines(StringUtil::toLowerCase(CENSORED_WORDS)));
// format censored words
$censoredWords = ArrayUtil::trim($censoredWords);
// string to lower case
$text = StringUtil::toLowerCase($text);
// ignore bbcode tags
$text = preg_replace('~\\[/?[a-z]+[^\\]]*\\]~i', '', $text);
// split the text in single words
self::$words = preg_split("!" . self::$delimiters . "+!", $text, -1, PREG_SPLIT_NO_EMPTY);
// check each word if it censored.
for ($i = 0, $count = count(self::$words); $i < $count; $i++) {
$word = self::$words[$i];
foreach ($censoredWords as $censoredWord) {
// check for direct matches ("badword" == "badword")
if ($censoredWord == $word) {
// store censored word
if (isset(self::$matches[$word])) {
self::$matches[$word]++;
} else {
self::$matches[$word] = 1;
}
continue 2;
} else {
if (StringUtil::indexOf($censoredWord, '*') !== false) {
$censoredWord = StringUtil::replace('\\*', '.*', preg_quote($censoredWord));
if (preg_match('!^' . $censoredWord . '$!', $word)) {
// store censored word
if (isset(self::$matches[$word])) {
self::$matches[$word]++;
} else {
self::$matches[$word] = 1;
}
continue 2;
}
} else {
if (StringUtil::indexOf($censoredWord, '~') !== false) {
$censoredWord = StringUtil::replace('~', '', $censoredWord);
if (($position = StringUtil::indexOf($censoredWord, $word)) !== false) {
if ($position > 0) {
// look behind
if (!self::lookBehind($i - 1, StringUtil::substring($censoredWord, 0, $position))) {
continue;
}
}
if ($position + StringUtil::length($word) < StringUtil::length($censoredWord)) {
// look ahead
if ($newIndex = self::lookAhead($i + 1, StringUtil::substring($censoredWord, $position + StringUtil::length($word)))) {
$i = $newIndex;
} else {
continue;
}
}
// store censored word
if (isset(self::$matches[$censoredWord])) {
self::$matches[$censoredWord]++;
} else {
self::$matches[$censoredWord] = 1;
}
continue 2;
}
}
}
}
}
}
// at least one censored word was found
if (count(self::$matches) > 0) {
return self::$matches;
} else {
return false;
}
}
