public function __call($method, $arguments)
{
try {
$logger = vB::getLogger('api.' . $this->controller . '.' . $method);
//check so that we don't var_export large variables when we don't have to
if ($logger->isInfoEnabled()) {
if (!($ip = vB::getRequest()->getAltIp())) {
$ip = vB::getRequest()->getIpAddress();
}
$message = str_repeat('=', 80) . "\ncalled {$method} on {$this->controller} from ip {$ip} \n\$arguments = " . var_export($arguments, true) . "\n" . str_repeat('=', 80) . "\n";
$logger->info($message);
$logger->info("time: " . microtime(true));
}
if ($logger->isTraceEnabled()) {
$message = str_repeat('=', 80) . "\n " . $this->getTrace() . str_repeat('=', 80) . "\n";
$logger->trace($message);
}
$c = $this->api;
// This is a hack to prevent method parameter reference error. See VBV-5546
$hackedarguments = array();
foreach ($arguments as $k => &$arg) {
$hackedarguments[$k] =& $arg;
}
$return = call_user_func_array(array(&$c, $method), $hackedarguments);
//check so that we don't var_export large variables when we don't have to
if ($logger->isDebugEnabled()) {
$message = str_repeat('=', 80) . "\ncalled {$method} on {$this->controller}\n\$return = " . var_export($return, true) . "\n" . str_repeat('=', 80) . "\n";
$logger->debug($message);
}
return $return;
} catch (vB_Exception_Api $e) {
$errors = $e->get_errors();
$config = vB::getConfig();
if (!empty($config['Misc']['debug'])) {
$trace = '## ' . $e->getFile() . '(' . $e->getLine() . ") Exception Thrown \n" . $e->getTraceAsString();
$errors[] = array("exception_trace", $trace);
}
return array('errors' => $errors);
} catch (vB_Exception_Database $e) {
$config = vB::getConfig();
if (!empty($config['Misc']['debug']) or vB::getUserContext()->hasAdminPermission('cancontrolpanel')) {
$errors = array('Error ' . $e->getMessage());
$trace = '## ' . $e->getFile() . '(' . $e->getLine() . ") Exception Thrown \n" . $e->getTraceAsString();
$errors[] = array("exception_trace", $trace);
return array('errors' => $errors);
} else {
// This text is purposely hard-coded since we don't have
// access to the database to get a phrase
return array('errors' => array(array('There has been a database error, and the current page cannot be displayed. Site staff have been notified.')));
}
} catch (Exception $e) {
$errors = array(array('unexpected_error', $e->getMessage()));
$config = vB::getConfig();
if (!empty($config['Misc']['debug'])) {
$trace = '## ' . $e->getFile() . '(' . $e->getLine() . ") Exception Thrown \n" . $e->getTraceAsString();
$errors[] = array("exception_trace", $trace);
}
return array('errors' => $errors);
}
}
public function __construct(&$config, &$db_assertor)
{
parent::__construct($config, $db_assertor);
if (defined('SKIP_DEFAULTDATASTORE')) {
$this->cacheableitems = array('options', 'bitfields');
}
//this define is only used in this file so move it here.
$vb5_config =& vB::getConfig();
if (!empty($vb5_config['Misc']['datastorepath'])) {
$this->datastoreLocation = $vb5_config['Misc']['datastorepath'];
return;
}
//It's cool if the user can set this in fileSystem cache and let this pick it up.
if (!empty($vb5_config['Cache']['fileCachePath']) and file_exists($vb5_config['Cache']['fileCachePath']) and is_dir($vb5_config['Cache']['fileCachePath'])) {
$path = $vb5_config['Cache']['fileCachePath'] . '/datastore';
if (!file_exists($path)) {
mkdir($path);
file_put_contents($path . '/index.html', '');
}
if (is_dir($path)) {
if (!file_exists($path . '/datastore_cache.php') and file_exists(DIR . '/includes/datastore/datastore_cache.php')) {
copy(DIR . '/includes/datastore/datastore_cache.php', $path . '/datastore_cache.php');
}
if (!file_exists($path . 'datastore_cache.php')) {
$this->datastoreLocation = $path;
}
return;
}
}
$this->datastoreLocation = DIR . '/includes/datastore';
}
public function createSession($userid = 1)
{
//$this->session = vB_Session_Web::getSession(1);
$this->session = new vB_Session_Cli(vB::getDbAssertor(), vB::getDatastore(), vB::getConfig(), $userid);
vB::setCurrentSession($this->session);
$this->timeNow = time();
}
/**
* Create a session for this page load
*
* Should only be called from the Request code.
* Will use a reexisting session that matches the session hash
*
* @param string $sessionhash -- the token given to the client for session handling. If the client has this token they
* can use the session.
* @param array $restoreSessionInfo -- Information to handle "remember me" logic.
* * remembermetoken -- Token value for "remember me". Stored in the "password" cookie for legacy reasons. There are
* so special values to indicate that we should reauthentic via a method other than the internal vB remember me
* system.
* * userid -- user we are remembering
* * fbsr_{appid} (optional) -- Only valid if facebook is enabled, and only used if "remembermetoken" is "facebook".
*/
public static function createSessionNew($sessionhash, $restoreSessionInfo = array())
{
$assertor = vB::getDbAssertor();
$datastore = vB::getDatastore();
$config = vB::getConfig();
//this looks weird but its valid. Will create the an instance of whatever session class this was called
//on. So vB_Session_Web::createSessionNew() will do the expected thing.
$session = new vB_Session_WebApi($assertor, $datastore, $config, $sessionhash, $restoreSessionInfo);
return $session;
}
public static function createSession($vbApiParamsToVerify, $vBApiRequests)
{
self::$vBApiParamsToVerify = $vbApiParamsToVerify;
self::$vBApiRequests = $vBApiRequests;
$assertor = vB::getDbAssertor();
$datastore = vB::getDatastore();
$config = vB::getConfig();
$session = new vB_Session_Api($assertor, $datastore, $config, '', $vbApiParamsToVerify, $vBApiRequests);
return $session;
}
public static function getSession($userId, $sessionHash = '', &$dBAssertor = null, &$datastore = null, &$config = null)
{
$dBAssertor = $dBAssertor ? $dBAssertor : vB::getDbAssertor();
$datastore = $datastore ? $datastore : vB::getDatastore();
$config = $config ? $config : vB::getConfig();
$restoreSessionInfo = array('userid' => $userId);
$session = new vB_Session_Web($dBAssertor, $datastore, $config, $sessionHash, $restoreSessionInfo);
$session->set('userid', $userId);
$session->fetch_userinfo();
return $session;
}
/**
* Constructor protected to enforce singleton use.
* @see instance()
*/
protected function __construct($cachetype)
{
parent::__construct($cachetype);
//get the APC prefix.
$config = vB::getConfig();
if (empty($config['Cache']['apcprefix'])) {
$this->prefix = $config['Database']['tableprefix'];
} else {
$this->prefix = $config['Cache']['apcprefix'];
}
}
/** Standard vB exception constructor for database exceptions.
*
* @param string text message
* @param mixed array of data- intended for debug mode
* @code mixed normally an error flog. If passed FALSE we won't send an email.
*/
public function __construct($message = "", $data = array(), $code = 0)
{
$this->sql = $message;
$this->data = $data;
$message = $this->createMessage();
$config = vB::getConfig();
parent::__construct($message, $code);
if (!empty($config['Database']['technicalemail']) and $code !== FALSE) {
// This text is purposely hard-coded since we don't have
// access to the database to get a phrase
vB_Mail::vbmail($config['Database']['technicalemail'], 'Database Error', $message, true, $config['Database']['technicalemail'], '', '', true);
}
}
/**
* Constructor public to allow for separate automated unit testing. Actual code should use
* vB_Cache::instance();
* @see vB_Cache::instance()
*/
public function __construct($cachetype)
{
parent::__construct($cachetype);
$this->requestStart = vB::getRequest()->getTimeNow();
$config = vB::getConfig();
$this->cachetype = $cachetype;
if (!isset($config['Cache']['fileCachePath'])) {
throw new vB_Exception_Cache('need_filecache_location');
}
$this->cacheLocation = $config['Cache']['fileCachePath'];
if (!is_dir($this->cacheLocation) or !is_writable($this->cacheLocation)) {
throw new vB_Exception_Cache('invalid_filecache_location- ' . $this->cacheLocation);
}
}
public static function instance()
{
if (!isset(self::$instance)) {
if (class_exists('Memcached', FALSE)) {
$class = 'vB_Memcached';
} else {
if (class_exists('Memcache', FALSE)) {
$class = __CLASS__;
} else {
throw new Exception('Memcached is not installed');
}
}
self::$instance = new $class();
self::$instance->config = vB::getConfig();
}
return self::$instance;
}
/**
* Constructor protected to enforce singleton use.
* @see instance()
*/
protected function __construct($cachetype)
{
parent::__construct($cachetype);
$this->memcached = vB_Memcache::instance();
$check = $this->memcached->connect();
if ($check === 3) {
trigger_error('Unable to connect to memcache server', E_USER_ERROR);
}
$this->expiration = 48 * 60 * 60;
// two days
$this->timeNow = vB::getRequest()->getTimeNow();
//get the memcache prefix.
$config = vB::getConfig();
if (empty($config['Cache']['memcacheprefix'])) {
$this->prefix = $config['Database']['tableprefix'];
} else {
$this->prefix = $config['Cache']['memcacheprefix'];
}
}
public function __call($method, $arguments)
{
try {
// check if API method is enabled
// @TODO this is a temp fix, fix as part of VBV-10619
// performing checkApiState for those being called through callNamed is definitive
// Also Skip state check for the 'getRoute' and 'checkBeforeView' api calls, because
// this state check uses the route info from getRoute and calls checkBeforeView to
// determine state. See VBV-11808 and the vB5_ApplicationAbstract::checkState calls
// in vB5_Frontend_Routing::setRoutes.
if (!in_array($method, array('callNamed', 'getRoute', 'checkBeforeView'))) {
if (!$this->api->checkApiState($method)) {
return false;
}
}
$result = null;
$type = $this->validateCall($this->api, $method, $arguments);
if ($type) {
if (is_callable(array($this->api, $method))) {
$call = call_user_func_array(array(&$this->api, $method), $arguments);
if ($call !== null) {
$result = $call;
}
}
}
if ($elist = vB_Api_Extensions::getExtensions($this->controller)) {
foreach ($elist as $class) {
if (is_callable(array($class, $method))) {
$args = $arguments;
array_unshift($args, $result);
$call = call_user_func_array(array($class, $method), $args);
if ($call !== null) {
$result = $call;
}
}
}
}
return $result;
} catch (vB_Exception_Api $e) {
$errors = $e->get_errors();
$config = vB::getConfig();
if (!empty($config['Misc']['debug'])) {
$trace = '## ' . $e->getFile() . '(' . $e->getLine() . ") Exception Thrown \n" . $e->getTraceAsString();
$errors[] = array("exception_trace", $trace);
}
return array('errors' => $errors);
} catch (vB_Exception_Database $e) {
$config = vB::getConfig();
if (!empty($config['Misc']['debug']) or vB::getUserContext()->hasAdminPermission('cancontrolpanel')) {
$errors = array('Error ' . $e->getMessage());
$trace = '## ' . $e->getFile() . '(' . $e->getLine() . ") Exception Thrown \n" . $e->getTraceAsString();
$errors[] = array("exception_trace", $trace);
return array('errors' => $errors);
} else {
// This text is purposely hard-coded since we don't have
// access to the database to get a phrase
return array('errors' => array(array('There has been a database error, and the current page cannot be displayed. Site staff have been notified.')));
}
} catch (Exception $e) {
$errors = array(array('unexpected_error', $e->getMessage()));
$config = vB::getConfig();
if (!empty($config['Misc']['debug'])) {
$trace = '## ' . $e->getFile() . '(' . $e->getLine() . ") Exception Thrown \n" . $e->getTraceAsString();
$errors[] = array("exception_trace", $trace);
}
return array('errors' => $errors);
}
}
/**
* Process the filters for the query string
*
* @param vB_Legacy_Current_User $user user requesting the search
* @param vB_Search_Criteria $criteria search criteria to process
*/
protected function process_keywords_filters(vB_Search_Criteria &$criteria)
{
$keywords = $criteria->get_keywords();
// nothing to process
if (empty($keywords)) {
return;
}
$words = array();
// get the map table names for the keywords. these tables will be joined into the search query
$has_or_joiner = false;
foreach ($keywords as $word_details) {
$suffix = vBDBSearch_Core::get_table_name($word_details['word']);
//$words[$suffix][$clean_word] = array('wordid'=>false,'joiner'=>$word['joiner']);
$words[$word_details['word']] = array('suffix' => $suffix, 'word' => $word_details['word'], 'joiner' => $word_details['joiner']);
if ($word_details['joiner'] == "OR") {
$has_or_joiner = true;
}
}
// nothing to process
if (empty($words)) {
return;
}
$set = $this->db->query_read_slave($query = "\n\t\t\t\t\tSELECT *\n\t\t\t\t\tFROM " . TABLE_PREFIX . "words as words\n\t\t\t\t\tWHERE " . self::make_equals_filter('words', 'word', array_keys($words)));
$config = vB::getConfig();
if (!empty($config['Misc']['debug_sql']) or self::DEBUG) {
echo "{$query};\n";
}
$wordids = array();
while ($word_details = $this->db->fetch_array($set)) {
$wordids[$word_details['word']] = $word_details['wordid'];
}
$this->db->free_result($set);
$word_details = array();
foreach ($words as $word => $details) {
// if the word was not found
if (!isset($wordids[$word])) {
// and it's not with a NOT or OR operator
if (!$has_or_joiner and $details['joiner'] != 'NOT') {
// this word is not indexed so there is nothing to return
$this->where[] = "0 /** word is not indexed **/";
$this->sort = array('node.created' => 'ASC');
return;
}
// still need to add this word to the mix (either as a NOT operator or maybe as an OR). we use the word itself as a key to make it unique
$key = $word;
$details['wordid'] = 0;
} else {
$key = $details['wordid'] = $wordids[$word];
}
$word_details[$key] = $details;
}
unset($wordids);
unset($words);
if (count($word_details) == 1) {
$this->process_one_word_rank(array_pop($word_details), $criteria->is_title_only());
} elseif ($has_or_joiner or isset($this->sort['rank'])) {
$this->process_existing_words_or($word_details, $criteria->is_title_only());
} else {
$this->process_existing_words_and($word_details, $criteria->is_title_only());
}
}
/**
* Adds theme data (GUID, icon, preview image) to a style if in debug mode. (used by update & insert)
*
* @param string $guid Theme GUID
* @param binary $icon Theme icon
* @param boolean $iconRemove Whether to remove the current icon (if there is one, and we're not uploading a new one)
* @param binary $previewImage Theme preview image
* @param boolean $previewImageRemove Whether to remove the current preview image (if there is one, and we're not uploading a new one)
*/
protected function addThemeData($dostyleid, $guid, $icon, $iconRemove, $previewImage, $previewImageRemove)
{
$config = vB::getConfig();
if (empty($config['Misc']['debug'])) {
// only modify theme information in debug mode.
return;
}
$style = $this->library->fetchStyleByID($dostyleid);
$themeImporter = new vB_Xml_Import_Theme();
$updateValues = array();
// ----- GUID -----
if (!empty($guid)) {
$updateValues['guid'] = $guid;
} else {
$updateValues['guid'] = vB_dB_Query::VALUE_ISNULL;
}
// ----- Icon -----
if (!empty($icon)) {
// upload it & get a filedataid
$filedataid = $themeImporter->uploadThemeImageData($icon);
if ($filedataid > 0 and $filedataid != $style['filedataid']) {
$updateValues['filedataid'] = $filedataid;
}
}
if ($style['filedataid'] > 0 and ($iconRemove or !empty($updateValues['filedataid']))) {
// remove previous icon (if there was one and they checked 'remove' or if there was one and we just uploaded a new one)
vB::getDbAssertor()->assertQuery('decrementFiledataRefcount', array('filedataid' => $style['filedataid']));
// set icon to blank if we don't have a new one
if (empty($updateValues['filedataid'])) {
$updateValues['filedataid'] = 0;
}
}
// ----- Preview Image -----
if (!empty($previewImage)) {
// upload it & get a previewfiledataid
$previewfiledataid = $themeImporter->uploadThemeImageData($previewImage);
if ($previewfiledataid > 0 and $previewfiledataid != $style['previewfiledataid']) {
$updateValues['previewfiledataid'] = $previewfiledataid;
}
}
if ($style['previewfiledataid'] > 0 and ($previewImageRemove or !empty($updateValues['previewfiledataid']))) {
// remove previous preview image (if there was one and they checked 'remove' or if there was one and we just uploaded a new one)
vB::getDbAssertor()->assertQuery('decrementFiledataRefcount', array('filedataid' => $style['previewfiledataid']));
// set preview image to blank if we don't have a new one
if (empty($updateValues['previewfiledataid'])) {
$updateValues['previewfiledataid'] = 0;
}
}
// save
if (!empty($updateValues)) {
vB::getDbAssertor()->update('style', $updateValues, array('styleid' => $dostyleid));
}
}
global $phrasegroups, $specialtemplates, $vbphrase, $vbulletin;
$phrasegroups = array('cron', 'logging');
$specialtemplates = array();
// ########################## REQUIRE BACK-END ############################
require_once dirname(__FILE__) . '/global.php';
// ######################## CHECK ADMIN PERMISSIONS #######################
if (is_demo_mode() or !can_administer('canadmincron')) {
print_cp_no_permission();
}
// ############################# LOG ACTION ###############################
$vbulletin->input->clean_array_gpc('r', array('cronid' => vB_Cleaner::TYPE_INT));
log_admin_action(iif($vbulletin->GPC['cronid'] != 0, 'cron id = ' . $vbulletin->GPC['cronid']));
// ########################################################################
// ######################### START MAIN SCRIPT ############################
// ########################################################################
$vb5_config =& vB::getConfig();
print_cp_header($vbphrase['scheduled_task_manager_gcron']);
if (empty($_REQUEST['do'])) {
$_REQUEST['do'] = 'modify';
}
// ############## quick enabled/disabled status ################
if ($_POST['do'] == 'updateenabled') {
$vbulletin->input->clean_gpc('p', 'enabled', vB_Cleaner::TYPE_ARRAY_BOOL);
$updates = array();
//$crons_result = $vbulletin->db->query_read("SELECT varname, active FROM " . TABLE_PREFIX . "cron");
$crons_result = vB::getDbAssertor()->assertQuery('cron');
foreach ($crons_result as $cron) {
$old = $cron['active'] ? 1 : 0;
$new = $vbulletin->GPC['enabled']["{$cron['varname']}"] ? 1 : 0;
if ($old != $new) {
$updates["{$cron['varname']}"] = $new;
/**
* Saves an uploaded file into the filedata system.
*
* @param int $userid Id of user uploading the image. This user's permissions will be checked when necessary
* @param array $filearray Array of data describing the uploaded file with data-types & keys:
* string 'name' Filename
* int 'size' Filesize
* string 'type' Filetype
* string 'tmp_name' Filepath to the temporary file created on the server
* int 'parentid' Optional. Node/Channelid this file will be uploaded under. If provided
* permissions will be checked under this node.
* bool 'is_sigpic' Optional. If this is not empty, the saved filedata will replace
* the user's sigpicnew record (or inserted for the user if none exists),
* and the filedata record will have refcount incremented & publicview
* set to 1.
* @param string $fileContents String(?) containing file content BLOB
* @param int $filesize File size
* @param string $extension File extension
* @param bool $imageOnly If true, this function will throw an exception if the file is not an image
* @param bool $skipUploadPermissionCheck Optional boolean to skip permission checks. Only used internally when the system
* saves a theme icon. Do not use for normal calls to this function.
*
* @return array Array of saved filedata info with data-types & keys:
* int 'filedataid'
* int 'filesize'
* int 'thumbsize' file size of the thumbnail of the saved filedata
* string 'extension'
* string 'filename'
* string[] 'headers' array containing the content-type http header of the saved filedata
* boolean 'isimage'
*
* @throws vB_Exception_Api('invalid_attachment_storage') If 'attachfile' ("Save attachments as File") is enabled and the path specified
* by 'attachpath' option is not writable for some reason
* @throws vB_Exception_Api('dangerous_image_rejected') If image verification failed for $fileContents or $filearray['tmp_name']
* @throws vB_Exception_Api('upload_attachfull_total') If attachment quota specified by 'attachtotalspace' option is exceeded
* @throws vB_Exception_Api('cannot_create_file') If the user fails the permission checks
* @throws vB_Exception_Api('upload_invalid_image') If $imageOnly is true and the uploaded file is not an image
* @throws vB_Exception_Api('unable_to_add_filedata') If adding the filedata record failed
* @throws vB_Exception_Api('attachpathfailed') If 'attachfile' ("Save attachments as File") is enabled and creating or fetching
* the path to the attachment directory for the user failed
* @throws vB_Exception_Api('upload_file_system_is_not_writable_path') If 'attachfile' ("Save attachments as File") is enabled and the
* path retrieved for the user is not writable.
*
* @access public
*/
public function saveUpload($userid, $filearray, $fileContents, $filesize, $extension, $imageOnly = false, $skipUploadPermissionCheck = false)
{
$assertor = vB::getDbAssertor();
$datastore = vB::getDatastore();
$options = $datastore->getValue('options');
$config = vB::getConfig();
$usercontext = vB::getUserContext($userid);
//make sure there's a place to put attachments.
if ($options['attachfile'] and (empty($options['attachpath']) or !file_exists($options['attachpath']) or !is_writable($options['attachpath']) or !is_dir($options['attachpath']))) {
throw new vB_Exception_Api('invalid_attachment_storage');
}
//make sure the file is good.
if (!$this->imageHandler->verifyImageFile($fileContents, $filearray['tmp_name'])) {
@unlink($filearray['tmp_name']);
throw new vB_Exception_Api('dangerous_image_rejected');
}
// Check if this is an image extension we're dealing with for displaying later.
// exif_imagetype() will check the validity of image
$isImageExtension = $isImage = $this->imageHandler->isImage($extension);
if ($isImage and function_exists('exif_imagetype')) {
$imageType = @exif_imagetype($filearray['tmp_name']);
$isImage = (bool) $imageType;
} else {
if ($isImage and function_exists('finfo_open') and function_exists('finfo_file')) {
/*
* TODO: When pdf thumbnail support is fixed, this check might have to be updated.
*/
// Just in case exif_imagetype is not there. finfo extension should be installed
// by default (except windows), and is an alternative way to detect
// if this is an image.
// In the future, perhaps we can just use below to set the mimetype in the database,
// and have the fetchImage functions return the mimetype as well rather than
// trying to set it based on the filedata.extension (which may not be correct).
$finfo = finfo_open(FILEINFO_MIME_TYPE);
$mimetype = finfo_file($finfo, $filearray['tmp_name']);
if ($mimetype) {
$mimetype = explode('/', $mimetype);
$toplevel = $mimetype[0];
if ($toplevel != 'image') {
$isImage = false;
}
} else {
$isImage = false;
}
}
}
/*
* Note, this is for identification only, NOT for security!
* If we're going to depend on the extension to determine if it's an image,
* let's at least check that it's an image.
*/
if ($isImageExtension and !$isImage) {
// Do not allow a non-image to use an image extension.
throw new vB_Exception_Api('image_extension_but_wrong_type');
}
// Thumbnails are a different story altogether. Something like a PDF
// might have a thumbnail.
$canHaveThumbnail = $this->imageHandler->imageThumbnailSupported($extension);
/*
* TODO: We might want to check that the extension matches the mimetype.
*
*/
//We check to see if this file already exists.
$filehash = md5($fileContents);
$fileCheck = $assertor->getRow('vBForum:getFiledataWithThumb', array('filehash' => $filehash, 'filesize' => $filesize));
// Does filedata already exist?
if (empty($fileCheck) or $fileCheck['userid'] != $userid) {
// Check if we are not exceeding the quota
if ($options['attachtotalspace'] > 0) {
$usedSpace = $assertor->getField('vBForum:getUserFiledataFilesizeSum', array('userid' => $userid));
$overage = $usedSpace + $filesize - $options['attachtotalspace'];
if ($overage > 0) {
$overage = vb_number_format($overage, 1, true);
$userinfo = vB::getCurrentSession()->fetch_userinfo();
$maildata = vB_Api::instanceInternal('phrase')->fetchEmailPhrases('attachfull', array($userinfo['username'], $options['attachtotalspace'], $options['bburl'], 'admincp'), array($options['bbtitle']), 0);
vB_Mail::vbmail($options['webmasteremail'], $maildata['subject'], $maildata['message']);
throw new vB_Exception_Api('upload_attachfull_total', $overage);
}
}
// Can we move this permission check out of this library function?
if (!$usercontext->canUpload($filesize, $extension, !empty($filearray['parentid']) ? $filearray['parentid'] : false) and !$skipUploadPermissionCheck) {
@unlink($filearray['tmp_name']);
throw new vB_Exception_Api('cannot_create_file');
}
if ($imageOnly and !$isImage) {
throw new vB_Exception_Api('upload_invalid_image');
}
$timenow = vB::getRequest()->getTimeNow();
if ($canHaveThumbnail) {
//Get the image size information.
$imageInfo = $this->imageHandler->fetchImageInfo($filearray['tmp_name']);
$sizes = @unserialize($options['attachresizes']);
if (!isset($sizes['thumb']) or empty($sizes['thumb'])) {
$sizes['thumb'] = 100;
}
$thumbnail = $this->imageHandler->fetchThumbnail($filearray['name'], $filearray['tmp_name'], $sizes['thumb'], $sizes['thumb'], $options['thumbquality']);
} else {
$thumbnail = array('filesize' => 0, 'width' => 0, 'height' => 0, 'filedata' => null);
}
$thumbnail_data = array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_INSERT, 'resize_type' => 'thumb', 'resize_dateline' => $timenow, 'resize_filesize' => $thumbnail['filesize'], 'resize_width' => $thumbnail['width'], 'resize_height' => $thumbnail['height']);
// Note, unless this is a sigpic (defined as !empty($filearray['is_sigpic'])), below will set
// the refcount of the new filedata record to 0.
// So the caller MUST increment the refcount if this image should not be removed by the cron.
$data = array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_INSERT, 'userid' => $userid, 'dateline' => $timenow, 'filesize' => $filesize, 'filehash' => $filehash, 'extension' => $extension, 'refcount' => 0);
if (!empty($imageInfo)) {
$data['width'] = $imageInfo[0];
$data['height'] = $imageInfo[1];
}
//Looks like we're ready to store. But do we put it in the database or the filesystem?
if ($options['attachfile']) {
//We name the files based on the filedata record, but we don't have that until we create the record. So we need
// to do an insert, then create/move the files.
$filedataid = $assertor->assertQuery('filedata', $data);
if (is_array($filedataid)) {
$filedataid = $filedataid[0];
}
if (!intval($filedataid)) {
throw new vB_Exception_Api('unable_to_add_filedata');
}
$path = $this->verifyAttachmentPath($userid);
if (!$path) {
throw new vB_Exception_Api('attachpathfailed');
}
if (!is_writable($path)) {
throw new vB_Exception_Api('upload_file_system_is_not_writable_path', array(htmlspecialchars($path)));
}
if (!empty($thumbnail['filedata'])) {
file_put_contents($path . $filedataid . '.thumb', $thumbnail['filedata']);
}
rename($filearray['tmp_name'], $path . $filedataid . '.attach');
} else {
//We put the file contents into the data record.
$data['filedata'] = $fileContents;
$filedataid = $assertor->assertQuery('filedata', $data);
if (is_array($filedataid)) {
$filedataid = $filedataid[0];
}
$thumbnail_data['resize_filedata'] = $thumbnail['filedata'];
}
$thumbnail_data['filedataid'] = $filedataid;
if ($canHaveThumbnail) {
$assertor->assertQuery('vBForum:filedataresize', $thumbnail_data);
}
if (!empty($filearray['name'])) {
$filename = $filearray['name'];
} else {
$filename = '';
}
$result = array('filedataid' => $filedataid, 'filesize' => $filesize, 'thumbsize' => $thumbnail['filesize'], 'extension' => $extension, 'filename' => $filename, 'headers' => $this->getAttachmentHeaders(strtolower($extension)), 'isimage' => $isImage);
if (!empty($filearray['is_sigpic'])) {
$assertor->assertQuery('replaceSigpic', array('userid' => $userid, 'filedataid' => $filedataid));
$assertor->assertQuery('incrementFiledataRefcountAndMakePublic', array('filedataid' => $filedataid));
}
} else {
// file already exists so we are not going to insert a new one
$filedataid = $fileCheck['filedataid'];
if (!empty($filearray['is_sigpic'])) {
// Get old signature picture data and decrease refcount
$oldfiledata = vB::getDbAssertor()->getRow('vBForum:sigpicnew', array('userid' => $userid));
if ($oldfiledata) {
vB::getDbAssertor()->assertQuery('decrementFiledataRefcount', array('filedataid' => $oldfiledata['filedataid']));
}
$assertor->assertQuery('replaceSigpic', array('userid' => $fileCheck['userid'], 'filedataid' => $filedataid));
$assertor->assertQuery('incrementFiledataRefcountAndMakePublic', array('filedataid' => $filedataid));
}
$result = array('filedataid' => $filedataid, 'filesize' => $fileCheck['filesize'], 'thumbsize' => $fileCheck['resize_filesize'], 'extension' => $extension, 'filename' => $filearray['name'], 'headers' => $this->getAttachmentHeaders(strtolower($extension)), 'isimage' => $isImage);
}
return $result;
}
/**
* Constructor - checks that the registry object has been passed correctly.
*
* @param integer One of the ERRTYPE_x constants
*/
function vB_DataManager_Moderator($registry = NULL, $errtype = vB_DataManager_Constants::ERRTYPE_STANDARD)
{
parent::__construct($registry, $errtype);
$this->config = vB::getConfig();
// Legacy Hook 'moderatordata_start' Removed //
}
/**
* Handles facebook exceptions (expose the exception if in debug mode)
*
* @param object The facebook exception
*/
protected function handleFacebookException(Exception $e)
{
$config = vB::getConfig();
if (isset($config['Misc']['debug']) and $config['Misc']['debug']) {
throw $e;
}
}
/**
* Prints a language row for use in language.php?do=modify
*
* @param array Language array containing languageid, title
*/
function print_language_row($language)
{
global $vbulletin, $typeoptions, $vbphrase;
$vb5_config = vB::getConfig();
$languageid = $language['languageid'];
$cell = array();
$cell[] = iif($vb5_config['Misc']['debug'] and $languageid != -1, '-- ', '') . fetch_tag_wrap($language['title'], 'b', $languageid == $vbulletin->options['languageid']);
$cell[] = "<a href=\"language.php?" . vB::getCurrentSession()->get('sessionurl') . "do=edit&dolanguageid={$languageid}\">" . construct_phrase($vbphrase['edit_translate_x_y_phrases'], $language['title'], '') . "</a>";
$cell[] = iif($languageid != -1, construct_link_code($vbphrase['edit_settings_glanguage'], "language.php?" . vB::getCurrentSession()->get('sessionurl') . "do=edit_settings&dolanguageid={$languageid}") . construct_link_code($vbphrase['delete'], "language.php?" . vB::getCurrentSession()->get('sessionurl') . "do=delete&dolanguageid={$languageid}")) . construct_link_code($vbphrase['download'], "language.php?" . vB::getCurrentSession()->get('sessionurl') . "do=files&dolanguageid={$languageid}");
$cell[] = iif($languageid != -1, "<input type=\"button\" class=\"button\" value=\"{$vbphrase['set_default']}\" tabindex=\"1\"" . iif($languageid == $vbulletin->options['languageid'], ' disabled="disabled"') . " onclick=\"window.location='language.php?" . vB::getCurrentSession()->get('sessionurl') . "do=setdefault&dolanguageid={$languageid}';\" />", '');
print_cells_row($cell, 0, '', -2);
}
/**
* Does the actual work to make a variable safe
*
* @param mixed The data we want to make safe
* @param integer The type of the data
*
* @return mixed
*/
protected function &doClean(&$data, $type)
{
static $booltypes = array('1', 'yes', 'y', 'true', 'on');
switch ($type) {
case self::TYPE_NUM:
case self::TYPE_UNUM:
$userinfo = vB::getCurrentSession()->fetch_userinfo();
// Account for language specific separators
if (isset($userinfo['lang_decimalsep']) and $userinfo['lang_decimalsep'] != '') {
$data = strtr($data, array($userinfo['lang_decimalsep'] => '.', $userinfo['lang_thousandsep'] => ''));
}
}
switch ($type) {
case self::TYPE_INT:
$data = intval($data);
break;
case self::TYPE_UINT:
$data = ($data = intval($data)) < 0 ? 0 : $data;
break;
case self::TYPE_NUM:
$data = strval($data) + 0;
break;
case self::TYPE_UNUM:
$data = strval($data) + 0;
$data = $data < 0 ? 0 : $data;
break;
case self::TYPE_BINARY:
$data = strval($data);
break;
case self::TYPE_STR:
$data = trim(strval($data));
break;
case self::TYPE_NOTRIM:
$data = strval($data);
break;
case self::TYPE_NOHTML:
$data = vB_String::htmlSpecialCharsUni(trim(strval($data)));
break;
case self::TYPE_BOOL:
$data = in_array(strtolower($data), $booltypes) ? 1 : 0;
break;
case self::TYPE_ARRAY:
$data = is_array($data) ? $data : array();
break;
case self::TYPE_NOHTMLCOND:
$data = trim(strval($data));
if (strcspn($data, '<>"') < strlen($data) or strpos($data, '&') !== false and !preg_match('/&(#[0-9]+|amp|lt|gt|quot);/si', $data)) {
// data is not htmlspecialchars because it still has characters or entities it shouldn't
$data = vB_String::htmlSpecialCharsUni($data);
}
break;
case self::TYPE_FILE:
// perhaps redundant :p
if (is_array($data)) {
if (is_array($data['name'])) {
$files = count($data['name']);
for ($index = 0; $index < $files; $index++) {
$data['name']["{$index}"] = trim(strval($data['name']["{$index}"]));
$data['type']["{$index}"] = trim(strval($data['type']["{$index}"]));
$data['tmp_name']["{$index}"] = trim(strval($data['tmp_name']["{$index}"]));
$data['error']["{$index}"] = intval($data['error']["{$index}"]);
$data['size']["{$index}"] = intval($data['size']["{$index}"]);
}
} else {
$data['name'] = trim(strval($data['name']));
$data['type'] = trim(strval($data['type']));
$data['tmp_name'] = trim(strval($data['tmp_name']));
$data['error'] = intval($data['error']);
$data['size'] = intval($data['size']);
}
} else {
$data = array('name' => '', 'type' => '', 'tmp_name' => '', 'error' => 0, 'size' => 4);
}
break;
case self::TYPE_UNIXTIME:
if (is_array($data)) {
$data = $this->clean($data, vB_Cleaner::TYPE_ARRAY_UINT);
if ($data['month'] and $data['day'] and $data['year']) {
require_once DIR . '/includes/functions_misc.php';
$data = vbmktime($data['hour'], $data['minute'], $data['second'], $data['month'], $data['day'], $data['year']);
} else {
$data = 0;
}
} else {
$data = ($data = intval($data)) < 0 ? 0 : $data;
}
break;
// null actions should be deifned here so we can still catch typos below
// null actions should be deifned here so we can still catch typos below
case self::TYPE_NOCLEAN:
break;
default:
if ($config = vB::getConfig() and $config['Misc']['debug']) {
trigger_error('vB_Cleaner::doClean() Invalid data type specified', E_USER_WARNING);
}
}
// strip out characters that really have no business being in non-binary data
switch ($type) {
case self::TYPE_STR:
case self::TYPE_NOTRIM:
case self::TYPE_NOHTML:
case self::TYPE_NOHTMLCOND:
$data = str_replace(chr(0), '', $data);
}
return $data;
}
/**
* Lock tables
*
* @param mixed List of tables to lock
* @param string Type of lock to perform
*
*/
function lock_tables($tablelist)
{
if (!empty($tablelist) and is_array($tablelist)) {
$vb5_config =& vB::getConfig();
$sql = '';
foreach ($tablelist as $name => $type) {
$sql .= (!empty($sql) ? ', ' : '') . TABLE_PREFIX . $name . " " . $type;
}
$this->query_write("LOCK TABLES {$sql}");
$this->locked = true;
}
}
function construct_banned_user_row($user, $canunbanuser)
{
global $vbulletin, $vbphrase;
$vb5_config =& vB::getConfig();
if ($user['liftdate'] == 0) {
$user['banperiod'] = $vbphrase['permanent'];
$user['banlift'] = $vbphrase['never'];
$user['banremaining'] = $vbphrase['forever'];
} else {
$user['banlift'] = vbdate($vbulletin->options['dateformat'] . ', ~' . $vbulletin->options['timeformat'], $user['liftdate']);
$user['banperiod'] = ceil(($user['liftdate'] - $user['bandate']) / 86400);
if ($user['banperiod'] == 1) {
$user['banperiod'] .= " {$vbphrase['day']}";
} else {
$user['banperiod'] .= " {$vbphrase['days']}";
}
$remain = $user['liftdate'] - TIMENOW;
$remain_days = floor($remain / 86400);
$remain_hours = ceil(($remain - $remain_days * 86400) / 3600);
if ($remain_hours == 24) {
$remain_days += 1;
$remain_hours = 0;
}
if ($remain_days < 0) {
$user['banremaining'] = "<i>{$vbphrase['will_be_lifted_soon']}</i>";
} else {
if ($remain_days == 1) {
$day_word = $vbphrase['day'];
} else {
$day_word = $vbphrase['days'];
}
if ($remain_hours == 1) {
$hour_word = $vbphrase['hour'];
} else {
$hour_word = $vbphrase['hours'];
}
$user['banremaining'] = "{$remain_days} {$day_word}, {$remain_hours} {$hour_word}";
}
}
$cell = array("<a href=\"" . (can_administer('canadminusers') ? '../admincp/' : '') . 'user.php?' . vB::getCurrentSession()->get('sessionurl') . "do=edit&u={$user['userid']}\"><b>{$user['username']}</b></a>");
if ($user['bandate']) {
$cell[] = $user['adminid'] ? "<a href=\"" . (can_administer('canadminusers') ? '../admincp/' : '') . 'user.php?' . vB::getCurrentSession()->get('sessionurl') . "do=edit&u={$user['adminid']}\">{$user['adminname']}</a>" : $vbphrase['n_a'];
$cell[] = vbdate($vbulletin->options['dateformat'], $user['bandate']);
} else {
$cell[] = $vbphrase['n_a'];
$cell[] = $vbphrase['n_a'];
}
$cell[] = $user['banperiod'];
$cell[] = $user['banlift'];
$cell[] = $user['banremaining'];
if ($canunbanuser) {
$cell[] = construct_link_code($vbphrase['lift_ban'], 'banning.php?' . vB::getCurrentSession()->get('sessionurl') . "do=liftban&u={$user['userid']}");
}
$cell[] = construct_link_code(!empty($user['reason']) ? $user['reason'] : $vbphrase['n_a'], 'banning.php?' . vB::getCurrentSession()->get('sessionurl') . "do=editreason&userid=" . $user['userid']);
return $cell;
}
/**
* Halts execution of the entire system and displays an error message
*
* @param string Text of the error message. Leave blank to use $this->sql as error text.
*
* @return integer
*/
function halt($errortext = '')
{
static $called = false;
/* if ($this->inTransaction)
{
$this->rollbackTransaction();
}
*/
if ($called) {
if (!empty($errortext)) {
$this->error = $errortext;
}
return $this->error;
} else {
$called = true;
}
if ($this->connection_recent) {
$this->error = $this->error($this->connection_recent);
$this->errno = $this->errno($this->connection_recent);
}
if ($this->errno == -1) {
throw new exception('no_vb5_database');
}
if ($this->reporterror) {
if ($errortext == '') {
$this->sql = "Invalid SQL:\r\n" . chop($this->sql) . ';';
$errortext =& $this->sql;
if (strlen($errortext) > 2048) {
$truncated_errortext = "\r\n[Showing truncated query, original length: " . strlen($this->sql) . "]\r\n[First 500 chars]\r\n" . substr($errortext, 0, 500) . "\r\n[Last 500 chars]\r\n" . substr($errortext, -500);
$errortext = $truncated_errortext;
unset($truncated_errortext);
}
}
$session = vB::getCurrentSession();
if ($session) {
$userinfo = $session->fetch_userinfo();
}
//TODO -- need to clean up VB_AREA stuff
if (defined('VB_AREA') and (VB_AREA == 'Upgrade' or VB_AREA == 'Install')) {
$display_db_error = true;
} else {
$userContext = vB::getUserContext();
$display_db_error = $userContext ? $userContext->isAdministrator() : false;
}
// Hide the MySQL Version if its going in the source
if (!$display_db_error) {
$mysqlversion = '';
} else {
if ($this->connection_recent) {
$this->hide_errors();
list($mysqlversion) = $this->query_first("SELECT VERSION() AS version", self::DBARRAY_NUM);
$this->show_errors();
}
}
$vb5_config = vB::getConfig();
$request = vB::getRequest();
if ($request) {
$timeNow = $request->getTimeNow();
$scriptpath = 'unknown';
$ipAddress = 'unknown';
$scriptpath = $request->getScriptPath();
$ipAddress = $request->getIpAddress();
$referer = $request->getReferrer();
} else {
$timeNow = time();
$scriptpath = '';
$ipAddress = '';
$referer = '';
}
$vboptions = vB::getDatastore()->getValue('options');
$technicalemail =& $vb5_config['Database']['technicalemail'];
$data = array();
$data['error'] = $this->error;
$data['errno'] = $this->errno;
$data['requestdate'] = date('l, F jS Y @ h:i:s A', $timeNow);
$data['date'] = date('l, F jS Y @ h:i:s A');
$data['host'] = "";
//todo figure this out for non http requests
$data['scriptpath'] = str_replace('&', '&', $scriptpath);
$data['referer'] = $referer;
$data['ipaddress'] = $ipAddress;
$data['username'] = isset($userinfo['username']) ? $userinfo['username'] : "";
$data['classname'] = get_class($this);
$data['mysqlversion'] = $mysqlversion;
$data['technicalemail'] = $technicalemail;
$data['appname'] = $this->appname;
$data['templateversion'] = $vboptions['templateversion'];
if ($vb5_config['Misc']['debug']) {
$data['trace'] = debug_backtrace();
}
$dbexception = new vB_Exception_Database($errortext, $data);
//log message
require_once DIR . '/includes/functions_log_error.php';
if (function_exists('log_vbulletin_error')) {
log_vbulletin_error($dbexception->getMessage(), 'database');
}
if ($this->reporterror) {
throw $dbexception;
}
} else {
if (!empty($errortext)) {
$this->error = $errortext;
}
}
}
public static function processLogout()
{
global $vbulletin;
$assertor = vB::getDbAssertor();
$userinfo = vB::getCurrentSession()->fetch_userinfo();
$timeNow = vB::getRequest()->getTimeNow();
$options = vB::getDatastore()->get_value('options');
$session = vB::getCurrentSession();
if ($userinfo['userid'] and $userinfo['userid'] != -1) {
// init user data manager
$userdata = new vB_Datamanager_User(vB_DataManager_Constants::ERRTYPE_SILENT);
$userdata->set_existing($userinfo);
$userdata->set('lastactivity', $timeNow - $options['cookietimeout']);
$userdata->set('lastvisit', $timeNow);
$userdata->save();
if (!defined('VB_API')) {
$assertor->delete('session', array('userid' => $userinfo['userid'], 'apiaccesstoken' => null));
$assertor->delete('cpsession', array('userid' => $userinfo['userid']));
}
}
$assertor->delete('session', array('sessionhash' => $session->get('dbsessionhash')));
// Remove accesstoken from apiclient table so that a new one will be generated
if (defined('VB_API') and VB_API === true and $vbulletin->apiclient['apiclientid']) {
$assertor->update('apiclient', array('apiaccesstoken' => '', 'userid' => 0), array('apiclientid' => intval($vbulletin->apiclient['apiclientid'])));
$vbulletin->apiclient['apiaccesstoken'] = '';
}
if ($vbulletin->session->created == true and (!defined('VB_API') or !VB_API)) {
// if we just created a session on this page, there's no reason not to use it
$newsession = $vbulletin->session;
} else {
// API should always create a new session here to generate a new accesstoken
$newsession = vB_Session::getNewSession(vB::getDbAssertor(), vB::getDatastore(), vB::getConfig(), '', 0, '', vB::getCurrentSession()->get('styleid'));
}
$newsession->set('userid', 0);
$newsession->set('loggedin', 0);
$vbulletin->session =& $newsession;
$result = array();
$result['sessionhash'] = $newsession->get('dbsessionhash');
$result['apiaccesstoken'] = $newsession->get('apiaccesstoken');
if (defined('VB_API') and VB_API === true) {
if ($_REQUEST['api_c']) {
$assertor->update('apiclient', array('apiaccesstoken' => $result['apiaccesstoken'], 'userid' => 0), array('apiclientid' => intval($_REQUEST['api_c'])));
}
}
return $result;
}
/**
* Renders the template.
*
* @param boolean Whether to suppress the HTML comment surrounding option (for JS, etc)
* @return string Rendered version of the template
*/
public function render($suppress_html_comments = false, $final = false, $nopermissioncheck = false)
{
global $vbulletin, $show;
$vb5_config =& vB::getConfig();
$callback = vB_APICallback::instance();
if ($final) {
self::remove_common_show($show);
// register whitelisted globals
$this->register_globals();
$callback->setname('result_prewhitelist');
$callback->addParamRef(0, $this->registered);
$callback->callback();
if (!($vb5_config['Misc']['debug'] and $vbulletin->GPC['showall'])) {
$this->whitelist_filter();
}
$callback->setname('result_overwrite');
$callback->addParamRef(0, $this->registered);
$callback->callback();
if ($vb5_config['Misc']['debug'] and $vbulletin->GPC['debug']) {
return '<pre>' . htmlspecialchars(var_export($this->registered, true)) . '</pre>' . '<br />' . number_format(memory_get_usage() / 1024) . 'KB';
} else {
// only render data on final render
return $this->render_output($suppress_html_comments, $nopermissioncheck);
}
} else {
$callback->setname('result_prerender');
$callback->addParam(0, $this->template);
$callback->addParamRef(1, $this->registered);
$callback->callback();
}
return $this->render_token();
}
|| # http://www.vbulletin.com | http://www.vbulletin.com/license.html # ||
|| ###################################################################### ||
\*========================================================================*/
// ######################## SET PHP ENVIRONMENT ###########################
error_reporting(E_ALL & ~E_NOTICE);
// ##################### DEFINE IMPORTANT CONSTANTS #######################
define('CVS_REVISION', '$RCSfile$ - $Revision: 83432 $');
// #################### PRE-CACHE TEMPLATES AND DATA ######################
global $phrasegroups, $specialtemplates;
$phrasegroups = array();
$specialtemplates = array();
// ########################## REQUIRE BACK-END ############################
require_once dirname(__FILE__) . '/global.php';
require_once DIR . '/includes/class_rss_poster.php';
header('Content-Type: text/xml; charset=utf-8');
$licenseid = 'LD18132D6F';
$config = vB::getConfig();
if (isset($config['Misc']['licenseid'])) {
$licenseid = $config['Misc']['licenseid'];
}
if ($result = fetch_file_via_socket('http://version.vbulletin.com/news.xml?v=' . SIMPLE_VERSION . "&id={$licenseid}", array('type' => ''))) {
echo $result['body'];
} else {
echo 'Error';
}
/*=========================================================================*\
|| #######################################################################
|| # Downloaded: 15:45, Tue Sep 8th 2015
|| # CVS: $RCSfile$ - $Revision: 83432 $
|| #######################################################################
\*=========================================================================*/
/**
* Determine if the url is safe to load
*
* @param $urlinfo -- The parsed url info from vB_String::parseUrl -- scheme, port, host
* @return boolean
*/
private function validateUrl($urlinfo)
{
// VBV-11823, only allow http/https schemes
if (!isset($urlinfo['scheme']) or !in_array(strtolower($urlinfo['scheme']), array('http', 'https'))) {
return false;
}
// VBV-11823, do not allow localhost and 127.0.0.0/8 range by default
if (!isset($urlinfo['host']) or preg_match('#localhost|127\\.(\\d)+\\.(\\d)+\\.(\\d)+#i', $urlinfo['host'])) {
return false;
}
if (empty($urlinfo['port'])) {
if ($urlinfo['scheme'] == 'https') {
$urlinfo['port'] = 443;
} else {
$urlinfo['port'] = 80;
}
}
// VBV-11823, restrict detination ports to 80 and 443 by default
// allow the admin to override the allowed ports in config.php (in case they have a proxy server they need to go to).
$config = vB::getConfig();
$allowedPorts = isset($config['Misc']['uploadallowedports']) ? $config['Misc']['uploadallowedports'] : array();
if (!is_array($allowedPorts)) {
$allowedPorts = array(80, 443, $allowedPorts);
} else {
$allowedPorts = array_merge(array(80, 443), $allowedPorts);
}
if (!in_array($urlinfo['port'], $allowedPorts)) {
return false;
}
return true;
}
/**
* Performs fetching of the file if possible
*
* @return integer Returns one of two constants, VURL_NEXT or VURL_HANDLED
*/
function exec()
{
$urlinfo = @vB_String::parseUrl($this->vurl->options[VURL_URL]);
// VBV-11823, only allow http/https schemes
if (!isset($urlinfo['scheme']) or !in_array(strtolower($urlinfo['scheme']), array('http', 'https'))) {
return VURL_NEXT;
}
// VBV-11823, do not allow localhost and 127.0.0.0/8 range by default
if (!isset($urlinfo['host']) or preg_match('#localhost|127\\.(\\d)+\\.(\\d)+\\.(\\d)+#i', $urlinfo['host'])) {
return VURL_NEXT;
}
if (empty($urlinfo['port'])) {
if ($urlinfo['scheme'] == 'https') {
$urlinfo['port'] = 443;
} else {
$urlinfo['port'] = 80;
}
}
// VBV-11823, restrict destination ports to 80 and 443 by default
// allow the admin to override the allowed ports in config.php (in case they have a proxy server they need to go to).
$config = vB::getConfig();
$allowedPorts = isset($config['Misc']['uploadallowedports']) ? $config['Misc']['uploadallowedports'] : array();
if (!is_array($allowedPorts)) {
$allowedPorts = array(80, 443, $allowedPorts);
} else {
$allowedPorts = array_merge(array(80, 443), $allowedPorts);
}
if (!in_array($urlinfo['port'], $allowedPorts)) {
return VURL_NEXT;
}
if (!function_exists('curl_init') or ($this->ch = curl_init()) === false) {
return VURL_NEXT;
}
if ($urlinfo['scheme'] == 'https') {
// curl_version crashes if no zlib support in cURL (php <= 5.2.5)
$curlinfo = curl_version();
if (empty($curlinfo['ssl_version'])) {
curl_close($this->ch);
return VURL_NEXT;
}
}
curl_setopt($this->ch, CURLOPT_URL, $this->vurl->options[VURL_URL]);
curl_setopt($this->ch, CURLOPT_TIMEOUT, $this->vurl->options[VURL_TIMEOUT]);
if (!empty($this->vurl->options[VURL_CUSTOMREQUEST])) {
curl_setopt($this->ch, CURLOPT_CUSTOMREQUEST, $this->vurl->options[VURL_CUSTOMREQUEST]);
} else {
if ($this->vurl->bitoptions & VURL_POST) {
curl_setopt($this->ch, CURLOPT_POST, 1);
curl_setopt($this->ch, CURLOPT_POSTFIELDS, $this->vurl->options[VURL_POSTFIELDS]);
} else {
curl_setopt($this->ch, CURLOPT_POST, 0);
}
}
curl_setopt($this->ch, CURLOPT_HEADER, $this->vurl->bitoptions & VURL_HEADER ? 1 : 0);
curl_setopt($this->ch, CURLOPT_HTTPHEADER, $this->vurl->options[VURL_HTTPHEADER]);
curl_setopt($this->ch, CURLOPT_RETURNTRANSFER, $this->vurl->bitoptions & VURL_RETURNTRANSFER ? 1 : 0);
if ($this->vurl->bitoptions & VURL_NOBODY) {
curl_setopt($this->ch, CURLOPT_NOBODY, 1);
}
if ($this->vurl->bitoptions & VURL_FOLLOWLOCATION) {
if (@curl_setopt($this->ch, CURLOPT_FOLLOWLOCATION, 1) === false) {
curl_close($this->ch);
return VURL_NEXT;
}
curl_setopt($this->ch, CURLOPT_MAXREDIRS, $this->vurl->options[VURL_MAXREDIRS]);
} else {
curl_setopt($this->ch, CURLOPT_FOLLOWLOCATION, 0);
}
if ($this->vurl->options[VURL_ENCODING]) {
@curl_setopt($this->ch, CURLOPT_ENCODING, $this->vurl->options[VURL_ENCODING]);
// this will work on versions of cURL after 7.10, though was broken on PHP 4.3.6/Win32
}
$this->reset();
curl_setopt($this->ch, CURLOPT_WRITEFUNCTION, array(&$this, 'curl_callback_response'));
curl_setopt($this->ch, CURLOPT_HEADERFUNCTION, array(&$this, 'curl_callback_header'));
if (!($this->vurl->bitoptions & VURL_VALIDSSLONLY)) {
curl_setopt($this->ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($this->ch, CURLOPT_SSL_VERIFYHOST, 0);
}
$result = curl_exec($this->ch);
if ($urlinfo['scheme'] == 'https' and $result === false and curl_errno($this->ch) == '60') {
curl_setopt($this->ch, CURLOPT_CAINFO, DIR . '/includes/paymentapi/ca-bundle.crt');
$result = curl_exec($this->ch);
}
curl_close($this->ch);
if ($this->fp) {
fclose($this->fp);
$this->fp = null;
}
if ($result !== false or !$this->vurl->options[VURL_DIEONMAXSIZE] and $this->max_limit_reached) {
return VURL_HANDLED;
}
return VURL_NEXT;
}
/**
* Check if the DM currently has errors. Will kill execution if it does and $die is true.
*
* @param bool Whether or not to end execution if errors are found; ignored if the error type is ERRTYPE_SILENT
*
* @return bool True if there *are* errors, false otherwise
*/
public function has_errors($die = true)
{
if (!empty($this->errors)) {
if ($this->error_handler == vB_DataManager_Constants::ERRTYPE_SILENT or $die == false) {
return true;
} else {
if ($this->error_handler == vB_DataManager_Constants::ERRTYPE_UPGRADE) {
return true;
} else {
$error = '';
$config = vB::getConfig();
if (!empty($config['Misc']['debug'])) {
$trace = debug_backtrace();
foreach ($trace as $level => $record) {
if (!empty($level)) {
echo "Level {$level}<br/>\n\t\tFunction " . $record['function'] . '..Line ' . (empty($record['line']) ? ' ' : $record['line']) . "..<br/>\n" . (empty($record['file']) ? '' : "in\t\t " . $record['file'] . "<br/>\n");
}
}
$error .= var_export($this->errors, true);
}
$error .= '</ul>Unable to proceed with save while $errors array is not empty in class <strong>' . get_class($this) . '</strong>';
trigger_error($error, E_USER_ERROR);
return true;
}
}
} else {
return false;
}
}
/**
* Creates a session for a specific user
*
* Used to create session for a particular user based on the current
* request information. Useful for creating a session after the user logs in.
* This will overwrite the current Session in this request class and the
* vB current session.
*
* @param $userid integer The user to create the session for.
* @return $session vB_Session The session created. Not that this will be a subclass
* of the abstract vB_Session Class
*/
public function createSessionForUser($userid)
{
//refactored from vB_User login code
//if we currently have a session, get rid of it.
$currentSession = vB::getCurrentSession();
if ($currentSession) {
$currentSession->delete();
}
$sessionClass = $this->getSessionClass();
//these are references so we need to set to locals.
$db =& vB::getDbAssertor();
$store =& vB::getDatastore();
$config =& vB::getConfig();
$this->session = call_user_func(array($sessionClass, 'getSession'), $userid, '', $db, $store, $config);
vB::setCurrentSession($this->session);
return $this->session;
}
