function actionGetvideodata() { $input = array('url' => trim($_POST['url'])); $api = Api_InterfaceAbstract::instance(); $video = $api->callApi('content_video', 'getVideoFromUrl', array($input['url'])); if ($video) { $templater = new vB5_Template('video_edit'); $templater->register('video', $video); $templater->register('existing', 0); $templater->register('editMode', 1); $results['template'] = $templater->render(); } else { $results['error'] = 'Invalid URL.'; } $this->sendAsJson($results); return; }
/** * Redirects the user back to where they were after logging in */ public static function doLoginRedirect() { $url = ''; if (isset($_POST['url']) && $_POST['url']) { $url = base64_decode(trim($_POST['url'])); } if ($url) { $parse = parse_url($url); if (!$parse or empty($parse['scheme']) or $parse['scheme'] != 'http' and $parse['scheme'] != 'https') { $url = NULL; } } if (!$url or strpos($url, '/auth/') !== false or strpos($url, '/register') !== false) { $url = vB5_Template_Options::instance()->get('options.frontendurl'); } if (isset($_POST['associatefb'])) { $joinchar = strpos($url, '?') !== false ? '&' : '?'; $url = $url . $joinchar . 'dofbredirect=1'; } $templater = new vB5_Template('login_redirect'); $templater->register('url', filter_var($url, FILTER_SANITIZE_STRING)); echo $templater->render(); }
/** * Generates HTML for the subscription form page * * @param string Hash used to indicate the transaction within vBulletin * @param string The cost of this payment * @param string The currency of this payment * @param array Information regarding the subscription that is being purchased * @param array Information about the user who is purchasing this subscription * @param array Array containing specific data about the cost and time for the specific subscription period * * @return array Compiled form information */ function generate_form_html($hash, $cost, $currency, $subinfo, $userinfo, $timeinfo) { global $vbphrase, $vbulletin, $show; $item = $hash; $currency = strtoupper($currency); $timenow = vB::getRequest()->getTimeNow(); $sequence = vbrand(1, 1000); $fingerprint = $this->hmac($this->settings['txnkey'], $this->settings['authorize_loginid'] . '^' . $sequence . '^' . $timenow . '^' . $cost . '^' . $currency); $form['action'] = $this->form_target; $form['method'] = 'post'; // load settings into array so the template system can access them $settings =& $this->settings; $templater = new vB5_Template('subscription_payment_authorizenet'); $templater->register('cost', $cost); $templater->register('currency', $currency); $templater->register('fingerprint', $fingerprint); $templater->register('item', $item); $templater->register('sequence', $sequence); $templater->register('settings', $settings); $templater->register('timenow', $timenow); $templater->register('userinfo', $userinfo); $form['hiddenfields'] .= $templater->render(); return $form; }
protected function renderSinglePostTemplate($node, $view, $channelBbcodes, $additionalData = array()) { if (empty($node)) { return ''; } /* TODO: add support for blogs & articles */ if ($view == 'stream') { $templatenamePrefix = 'display_contenttype_conversationreply_'; } else { // thread $templatenamePrefix = 'display_contenttype_conversationreply_threadview_'; } $template = $templatenamePrefix . $node['contenttypeclass']; $templater = new vB5_Template($template); $templater->register('nodeid', $node['nodeid']); $templater->register('conversation', $node['content']); $templater->register('currentConversation', $node); $templater->register('bbcodeOptions', $channelBbcodes); //$templater->register('hidePostIndex', true); // TODO: figure post# bits out. if (isset($additionalData['pagingInfo'])) { $templater->register('pagingInfo', $additionalData['pagingInfo']); } if (isset($additionalData['pagingInfo'])) { $templater->register('postIndex', $additionalData['postIndex']); } $templater->register('reportActivity', $view == 'stream'); $templater->register('showChannelInfo', false); if ($view == 'thread') { $templater->register('showInlineMod', true); //$templater->register('commentsPerPage', $additionalData['comments-perpage']); // TODO: comments } else { if ($view == 'stream' and !$node['isVisitorMessage']) { $templater->register('view', 'conversation_detail'); } } return $templater->render(true, true); }
/** * Generates HTML for the subscription form page * * @param string Hash used to indicate the transaction within vBulletin * @param string The cost of this payment * @param string The currency of this payment * @param array Information regarding the subscription that is being purchased * @param array Information about the user who is purchasing this subscription * @param array Array containing specific data about the cost and time for the specific subscription period * * @return array Compiled form information */ function generate_form_html($hash, $cost, $currency, $subinfo, $userinfo, $timeinfo) { $item = $hash; $currency = strtoupper($currency); $show['notax'] = $subinfo['newoptions']['api']['paypal']['tax'] ? false : true; $show['recurring'] = ($this->supports_recurring and $timeinfo['recurring']) ? true : false; $no_shipping = '1'; switch ($subinfo['newoptions']['api']['paypal']['shipping_address']) { case 'none': $no_shipping = '1'; break; case 'optional': $no_shipping = '0'; break; case 'required': $no_shipping = '2'; break; } $form['action'] = 'https://www.paypal.com/cgi-bin/webscr'; $form['method'] = 'post'; $vbphrase = vB_Api::instanceInternal('phrase')->fetch('sub' . $subinfo['subscriptionid'] . '_title'); $subinfo['title'] = $vbphrase['sub' . $subinfo['subscriptionid'] . '_title']; // load settings into array so the template system can access them $settings =& $this->settings; $templater = new vB5_Template('subscription_payment_paypal'); $templater->register('cost', $cost); $templater->register('currency', $currency); $templater->register('item', $item); $templater->register('no_shipping', $no_shipping); $templater->register('settings', $settings); $templater->register('subinfo', $subinfo); $templater->register('timeinfo', $timeinfo); $templater->register('userinfo', $userinfo); $templater->register('show', $show); $form['hiddenfields'] .= $templater->render(); return $form; }
public function actionLoginForm(array $errors = array(), array $formData = array()) { $disableLoginForm = false; //@TODO: Validate URL to check against whitelisted URLs // VBV-8394 Remove URLPATH querystring from Login form URL // use referer URL instead of querystring // however, if the query string is provided, use that instead to handle older URLs if (empty($_REQUEST['url'])) { // use referrer $url = filter_var(isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : vB5_Template_Options::instance()->get('options.frontendurl'), FILTER_SANITIZE_STRING); } else { // it's an old url. Use the query string $url = filter_var(isset($_REQUEST['url']) ? $_REQUEST['url'] : vB5_Template_Options::instance()->get('options.frontendurl'), FILTER_SANITIZE_STRING); } // if it's encoded, we need to decode it to check if it's gonna try to redirect to the login or registration form. $url_decoded = base64_decode($url, true); $url_decoded = $url_decoded ? $url_decoded : $url; if (!empty($url_decoded) and (strpos($url_decoded, '/auth/') !== false or strpos($url_decoded, '/register') !== false)) { $url = ''; } // Try to resolve some XSS attack. See VBV-1124 // Make sure the URL hasn't been base64 encoded already if (!base64_decode($url, true)) { $url = base64_encode($url); } // VBV-7835 Stop search engine index this page header("X-Robots-Tag: noindex, nofollow"); // START: Enforce using https for login if frontendurl_login is set to https (VBV-8474) // get the current URL and the base login URL for comparison $requestBaseUrl = vB5_Request::instance()->get('vBUrlWebroot'); $loginBaseUrl = vB5_Template_Options::instance()->get('options.frontendurl_login'); $matchA = preg_match('#^(https?)://#', $requestBaseUrl, $matchResultA); $matchB = preg_match('#^(https?)://#', $loginBaseUrl, $matchResultB); // if the URL scheme (http or https) doesn't match, redirect to the right one if (!($matchA and $matchB and $matchResultA[1] === $matchResultB[1])) { // avoid infinite redirects if (isset($_REQUEST['vb_login_redirected']) and $_REQUEST['vb_login_redirected'] == 1) { // Something exteral to vB is redirecting back from https to http. // Since we can't allow logging in over http if configured for https, // we can't show the login form here if (!isset($errors['errors'])) { $errors['errors'] = array(); } $errors['errors'][] = 'unable_to_redirect_to_the_correct_login_url'; $disableLoginForm = true; } else { header('Location: ' . $loginBaseUrl . '/auth/login-form?vb_login_redirected=1&url=' . urlencode($url)); exit; } } // END: Enforce using https for login if frontendurl_login is set to https $user = vB5_User::instance(); $templater = new vB5_Template('login_form'); $templater->register('charset', $user['lang_charset']); $templater->register('errors', $errors); $templater->register('formData', $formData); $templater->register('url', $url); $templater->register('urlpath', $url); $templater->register('disableLoginForm', $disableLoginForm); $this->outputPage($templater->render()); }
/** * Fetches comments of a conversation reply. * */ public function actionFetchComments() { $results = array(); $input = array('parentid' => isset($_POST['parentid']) ? intval($_POST['parentid']) : 0, 'page' => isset($_POST['page']) ? intval($_POST['page']) : 0, 'postindex' => isset($_POST['postindex']) ? intval($_POST['postindex']) : 1, 'isblogcomment' => isset($_POST['isblogcomment']) ? intval($_POST['isblogcomment']) : 0, 'isarticlecomment' => isset($_POST['isarticlecomment']) ? intval($_POST['isarticlecomment']) : 0, 'widgetInstanceId' => isset($_POST['widgetInstanceId']) ? intval($_POST['widgetInstanceId']) : 0); if ($input['page'] == 0) { $is_default = true; $input['page'] = 1; } if ($input['parentid'] > 0) { $params = array('parentid' => $input['parentid'], 'page' => $input['page'], 'perpage' => 25, 'depth' => 1, 'contenttypeid' => null, 'options' => array('sort' => array('created' => 'ASC'))); $api = Api_InterfaceAbstract::instance(); // get comment perpage setting from widget config $widgetConfig = $api->callApi('widget', 'fetchConfig', array($input['widgetInstanceId'])); $params['perpage'] = $commentsPerPage = !empty($widgetConfig['commentsPerPage']) ? $widgetConfig['commentsPerPage'] : 25; $initialCommentsPerPage = isset($widgetConfig['initialCommentsPerPage']) ? $widgetConfig['initialCommentsPerPage'] : 3; //get parent node's total comment count $parentNode = $api->callApi('node', 'getNodeContent', array($input['parentid'])); $totalComments = 1; if ($parentNode) { $parentNode = $parentNode[$input['parentid']]; $totalComments = $parentNode['textcount']; } $totalPages = ceil($parentNode['textcount'] / $commentsPerPage); // flip the pages, first page will have the oldest comments $params['page'] = $totalPages - $input['page'] + 1; if (!empty($is_default) and $params['page'] == $totalPages and ($rem = $parentNode['textcount'] % $commentsPerPage) > 0 and $rem <= $initialCommentsPerPage) { $params['page']--; } $nodes = $api->callApi('node', 'listNodeContent', $params); if ($nodes) { $results['totalcomments'] = $totalComments; $results['page'] = $totalPages - $params['page'] + 1; $commentIndex = ($params['page'] - 1) * $params['perpage'] + 1; if ($commentIndex < 1) { $commentIndex = 1; } $enableInlineMod = (!empty($parentNode['moderatorperms']['canmoderateposts']) or !empty($parentNode['moderatorperms']['candeleteposts']) or !empty($parentNode['moderatorperms']['caneditposts']) or !empty($parentNode['moderatorperms']['canremoveposts'])); $results['templates'] = array(); $templater = new vB5_Template('conversation_comment_item'); // $nodes = array_reverse($nodes, true); //loop backwards because we need to display the comments in ascending order // for ($i = count($nodes) - 1; $i >= 0; $i--) // { // $node = $nodes[$i]; // $templater->register('conversation', $node['content']); // $templater->register('commentIndex', $commentIndex); // $templater->register('conversationIndex', $input['postindex']); // $results['templates'][$node['nodeid']] = $templater->render(); // ++$commentIndex; // } foreach ($nodes as $node) { $templater->register('conversation', $node['content']); $templater->register('commentIndex', $commentIndex); $templater->register('conversationIndex', $input['postindex']); $templater->register('parentNodeIsBlog', $input['isblogcomment']); $templater->register('parentNodeIsArticle', $input['isarticlecomment']); $templater->register('enableInlineMod', $enableInlineMod); $results['templates'][$node['nodeid']] = $templater->render(); ++$commentIndex; } //$results['templates'] = array_reverse($results['templates'], true); } else { $results['error'] = 'Error fetching comments.'; } } else { $results['error'] = 'Cannot fetch comments.'; } return $results; }
public static function getPreheader() { $templater = new vB5_Template('preheader'); if (self::$needCharset) { $templater->register('charset', vB5_String::getTempCharset()); } else { $templater->register('charset', false); } return $templater->render(); }
public function index($pageid) { //the api init can redirect. We need to make sure that happens before we echo anything $api = Api_InterfaceAbstract::instance(); $top = ''; // We should not cache register page for guest. See VBV-7695. if (vB5_Request::get('cachePageForGuestTime') > 0 and !vB5_User::get('userid') and (empty($_REQUEST['routestring']) or $_REQUEST['routestring'] != 'register' and $_REQUEST['routestring'] != 'lostpw')) { // languageid should be in the pagekey to fix VBV-8095 $fullPageKey = 'vBPage_' . md5(serialize($_REQUEST)) . '_' . vB::getCurrentSession()->get('languageid'); $styleid = vB5_Cookie::get('userstyleid', vB5_Cookie::TYPE_UINT); if (!empty($styleid)) { $fullPageKey .= '_' . $styleid; } $fullPage = vB_Cache::instance(vB_Cache::CACHE_LARGE)->read($fullPageKey); if (!empty($fullPage)) { echo $fullPage; exit; } } $preheader = vB5_ApplicationAbstract::getPreheader(); $top .= $preheader; if (vB5_Request::get('useEarlyFlush')) { echo $preheader; flush(); } $router = vB5_ApplicationAbstract::instance()->getRouter(); $arguments = $router->getArguments(); $userAction = $router->getUserAction(); $pageKey = $router->getPageKey(); $api->callApi('page', 'preload', array($pageKey)); if (!empty($userAction)) { $api->callApi('wol', 'register', array($userAction['action'], $userAction['params'], $pageKey, vB::getRequest()->getScriptPath(), !empty($arguments['nodeid']) ? $arguments['nodeid'] : 0)); } if (isset($arguments['pagenum'])) { $arguments['pagenum'] = intval($arguments['pagenum']) > 0 ? intval($arguments['pagenum']) : 1; } $pageid = (int) (isset($arguments['pageid']) ? $arguments['pageid'] : (isset($arguments['contentid']) ? $arguments['contentid'] : 0)); if ($pageid < 1) { // @todo This needs to output a user-friendly "page not found" page throw new Exception('Could not find page.'); } $page = $api->callApi('page', 'fetchPageById', array($pageid, $arguments)); if (!$page) { // @todo This needs to output a user-friendly "page not found" page throw new Exception('Could not find page.'); } // Go to the first new / unread post for this user in this topic if (!empty($_REQUEST['goto']) and $_REQUEST['goto'] == 'newpost' and !empty($arguments['nodeid']) and !empty($arguments['channelid'])) { if ($this->vboptions['threadmarking'] and vB5_User::get('userid')) { // Database read marking $channelRead = $api->callApi('node', 'getNodeReadTime', array($arguments['channelid'])); $topicRead = $api->callApi('node', 'getNodeReadTime', array($arguments['nodeid'])); $topicView = max($topicRead, $channelRead, time() - $this->vboptions['markinglimit'] * 86400); } else { // Cookie read marking $topicView = intval(vB5_Cookie::fetchBbarrayCookie('discussion_view', $arguments['nodeid'])); if (!$topicView) { $topicView = vB5_User::get('lastvisit'); } } $topicView = intval($topicView); // Get the first unread reply $goToNodeId = $api->callApi('node', 'getFirstChildAfterTime', array($arguments['nodeid'], $topicView)); if (empty($goToNodeId)) { $thread = $api->callApi('node', 'getNodes', array(array($arguments['nodeid']))); if (!empty($thread) and isset($thread[$arguments['nodeid']])) { $goToNodeId = $thread[$arguments['nodeid']]['lastcontentid']; } } if ($goToNodeId) { // Redirect to the new post $urlCache = vB5_Template_Url::instance(); $urlKey = $urlCache->register($router->getRouteId(), array('nodeid' => $arguments['nodeid']), array('p' => $goToNodeId)); $replacements = $urlCache->finalBuildUrls(array($urlKey)); $url = $replacements[$urlKey]; if ($url) { $url .= '#post' . $goToNodeId; if (headers_sent()) { echo '<script type="text/javascript">window.location = "' . $url . '";</script>'; } else { header('Location: ' . $url); } exit; } } } $page['routeInfo'] = array('routeId' => $router->getRouteId(), 'arguments' => $arguments, 'queryParameters' => $router->getQueryParameters()); $page['crumbs'] = $router->getBreadcrumbs(); $page['headlinks'] = $router->getHeadLinks(); $page['pageKey'] = $pageKey; // default value for pageSchema $page['pageSchema'] = 'http://schema.org/WebPage'; $queryParameters = $router->getQueryParameters(); /* * VBV-12506 * this is where we would add other things to clean up dangerous query params. * For VBV-12486, I'll just unset anything here that can't use vb:var in the templates, * but really we should just make a whitelist of expected page object parameters that * come from the query string and unset EVERYTHING else. For the expected ones, we * should also force the value into the expected (and hopefully safer) range */ /* * VBV-12506 * $doNotReplaceWithQueryParams is a list of parameters that the page object usually * gets naturally/internally, and we NEVER want to replace with a user provided query * parameter. (In fact, *when* exactly DO we want to do this???) * If we don't do this, it's a potential XSS vulnerability for the items that we * cannot send through vb:var for whatever reason (title for ex) * and even if they *are* sent through vb:var, the replacements can sometimes just * break the page even when it's sent through vb:var (for example, ?pagetemplateid=%0D, * the new line this inserts in var pageData = {...} in the header template tends to * break things (tested on Chrome). * Furthermore, any script that uses the pageData var would get the user injected data * that might cause more problems down the line. * Parameter Notes: * 'titleprefix' * As these two should already be html escaped, we don't want to double escape * them. So we can't us vb:var in the templates. As such, we must prevent a * malicious querystring from being injected into the page object here. * 'title' * Similar to above, but channels are allowed to have HTML in the title, so * they are intentinoally not escaped in the DB, and the templates can't use * vb:var. * 'pageid', 'channelid', 'nodeid' * These are usually set in the arguments, so the array_merge below usually * takes care of not passing a pageid query string through to the page object, * but I'm leaving them in just in case. */ $doNotReplaceWithQueryParams = array('titleprefix', 'title', 'pageid', 'channelid', 'nodeid', 'pagetemplateid', 'url', 'pagenum', 'tagCloudTitle'); foreach ($doNotReplaceWithQueryParams as $key) { unset($queryParameters[$key]); } $arguments = array_merge($queryParameters, $arguments); foreach ($arguments as $key => $value) { $page[$key] = $value; } $options = vB5_Template_Options::instance(); $page['phrasedate'] = $options->get('miscoptions.phrasedate'); $page['optionsdate'] = $options->get('miscoptions.optionsdate'); // if no meta description, use node data or global one instead, prefer node data if (empty($page['metadescription']) and !empty($page['nodedescription'])) { $page['metadescription'] = $page['nodedescription']; } if (empty($page['metadescription'])) { $page['metadescription'] = $options->get('options.description'); } $config = vB5_Config::instance(); // Non-persistent notices @todo - change this to use vB_Cookie $page['ignore_np_notices'] = vB5_ApplicationAbstract::getIgnoreNPNotices(); $templateCache = vB5_Template_Cache::instance(); $templater = new vB5_Template($page['screenlayouttemplate']); //IMPORTANT: If you add any variable to the page object here, // please make sure you add them to other controllers which create page objects. // That includes at a minimum the search controller (in two places currently) // and vB5_ApplicationAbstract::showErrorPage $templater->registerGlobal('page', $page); $page = $this->outputPage($templater->render(), false); $fullPage = $top . $page; if (!empty($fullPageKey) and is_string($fullPageKey)) { vB_Cache::instance(vB_Cache::CACHE_LARGE)->write($fullPageKey, $fullPage, vB5_Request::get('cachePageForGuestTime'), 'vbCachedFullPage'); } // these are the templates rendered for this page $loadedTemplates = vB5_Template::getRenderedTemplates(); $api->callApi('page', 'savePreCacheInfo', array($pageKey)); if (!vB5_Request::get('useEarlyFlush')) { echo $fullPage; } else { echo $page; } }
/** * Place a subscription order */ public function placeOrder($subscriptionid, $subscriptionsubid, $paymentapiclass, $currency) { $this->checkStatus(); $this->checkPermission(); $sub = $this->subobj->subscriptioncache["{$subscriptionid}"]; $sub['newoptions'] = @unserialize($sub['newoptions']); // Verify that the payment api is allowed for this subscription if (empty($sub['newoptions']['api'][$paymentapiclass]['show'])) { throw new vB_Exception_Api('invalid_paymentapiclass'); } $userinfo = vB::getCurrentSession()->fetch_userinfo(); $usercontext = vB::getUserContext(); $membergroupids = fetch_membergroupids_array($userinfo); $allow_secondary_groups = $usercontext->hasPermission('genericoptions', 'allowmembergroups'); if (empty($sub) or !$sub['active']) { throw new vB_Exception_Api('invalidid'); } if (!empty($sub['deniedgroups']) and ($allow_secondary_groups and !count(array_diff($membergroupids, $sub['deniedgroups'])) or !$allow_secondary_groups and in_array($userinfo['usergroupid'], $sub['deniedgroups']))) { throw new vB_Exception_Api('invalidid'); } $costs = unserialize($sub['cost']); if (empty($costs["{$subscriptionsubid}"]['cost']["{$currency}"])) { throw new vB_Exception_Api('invalid_currency'); } $hash = md5($userinfo['userid'] . $userinfo['secret'] . $subscriptionid . uniqid(microtime(), 1)); /* insert query */ vB::getDbAssertor()->insert('vBForum:paymentinfo', array('hash' => $hash, 'completed' => 0, 'subscriptionid' => $subscriptionid, 'subscriptionsubid' => $subscriptionsubid, 'userid' => $userinfo['userid'])); $method = vB::getDbAssertor()->getRow('vBForum:paymentapi', array('active' => 1, 'classname' => $paymentapiclass)); $supportedcurrencies = explode(',', $method['currency']); if (!in_array($currency, $supportedcurrencies)) { throw new vB_Exception_Api('currency_not_supported'); } // TODO: vB_Template::create() has many PHP notices. We need to fix them. error_reporting(E_ALL & ~E_NOTICE); $form = $this->subobj->construct_payment($hash, $method, $costs["{$subscriptionsubid}"], $currency, $sub, $userinfo); $typetext = $method['classname'] . '_order_instructions'; $templater = new vB5_Template('subscription_paymentbit'); $templater->register('form', $form); $templater->register('method', $method); $templater->register('typetext', $typetext); $orderbit = $templater->render(); return $orderbit; }
/** Fetch the photo tab content for the photo selector * ***/ public function actiongetPhotoTabContent() { $user = vB::getCurrentSession()->fetch_userinfo(); if (empty($user) or empty($user['userid'])) { //@TODO: return not logged in status? return; } $nodeid = isset($_GET['nodeid']) ? intval($_GET['nodeid']) : 0; $nodeid = $nodeid ? $nodeid : -2; $photosPerRow = isset($_GET['ppr']) ? intval($_GET['ppr']) : 2; $tabContent = ""; $api = Api_InterfaceAbstract::instance(); $nodes = $api->callApi('profile', 'getAlbum', array(array('nodeid' => $nodeid, 'page' => 1, 'perpage' => 60, 'userid' => $user['userid']))); foreach ($nodes as $nodeid => $node) { $items = array(); $photoFiledataids = array(); $attachFiledataids = array(); $photoCount = 0; foreach ($node['photo'] as $photoid => $photo) { // if it's an attachment, we use the 'id=' param. If it's a photo, 'photoid=' $paramname = (isset($photo['isAttach']) and $photo['isAttach']) ? 'id' : 'photoid'; $items[$photoid] = array('title' => $photo['title'], 'imgUrl' => vB5_Template_Options::instance()->get('options.frontendurl') . '/filedata/fetch?' . $paramname . '=' . $photoid . '&type=thumb'); if (!isset($photo['filedataid']) or !$photo['filedataid']) { if ($photo['isAttach']) { $attachFiledataids[] = $photoid; } else { $photoFiledataids[] = $photoid; } } else { $items[$photoid]['filedataid'] = $photo['filedataid']; } if ($photosPerRow and ++$photoCount % $photosPerRow == 0) { $items[$photoid]['lastinrow'] = true; } } if (!empty($photoFiledataids)) { $photoFileids = $api->callApi('filedata', 'fetchPhotoFiledataid', array($photoFiledataids)); foreach ($photoFileids as $nodeid => $filedataid) { $items[$nodeid]['filedataid'] = $filedataid; } } if (!empty($attachFiledataids)) { $attachFileids = $api->callApi('filedata', 'fetchAttachFiledataid', array($attachFiledataids)); foreach ($attachFileids as $nodeid => $filedataid) { $items[$nodeid]['filedataid'] = $filedataid; } } $templater = new vB5_Template('photo_item'); $templater->register('items', $items); $templater->register('photoSelector', 1); $tabContent = $templater->render(); } $this->outputPage($tabContent); }
/** * Returns a string containing the rendered template * @see vB5_Frontend_Controller_Ajax::actionRender * @see vB5_Frontend_Controller_Page::renderTemplate * @param string $templateName * @param array $data * @param bool $isParentTemplate * @param bool $isAjaxTemplateRender - true if we are rendering for a call to /ajax/render/ and we want CSS <link>s separate * @return string */ public static function staticRender($templateName, $data = array(), $isParentTemplate = true, $isAjaxTemplateRender = false) { if (empty($templateName)) { return null; } $templater = new vB5_Template($templateName); foreach ($data as $varname => $value) { $templater->register($varname, $value); } $core_path = vB5_Config::instance()->core_path; vB5_Autoloader::register($core_path); $result = $templater->render($isParentTemplate, $isAjaxTemplateRender); return $result; }
/** This method gets a photo edit interface. **/ public function actionGetPhotoedit() { //We need a nodeid if (empty($_REQUEST['nodeid']) or !intval($_REQUEST['nodeid'])) { echo ''; return; } $nodeid = intval($_REQUEST['nodeid']); $api = Api_InterfaceAbstract::instance(); $gallery = $api->callApi('content_gallery', 'getContent', array('nodeid' => $nodeid)); if (empty($gallery) or !empty($gallery['errors'])) { echo ''; return; } $templater = new vB5_Template('gallery_edit'); if (!empty($gallery[$nodeid]['photo'])) { $templater->register('maxid', max(array_keys($gallery[$nodeid]['photo']))); } else { $templater->register('maxid', 0); } $templater->register('gallery', $gallery[$nodeid]); $this->outputPage($templater->render()); }
public function actionFetchTagCloud() { $taglevels = 5; $limit = 20; $type = 'search'; $serverData = array_merge($_GET, $_POST); $type = empty($serverData['type']) ? 'search' : $serverData['type']; $taglevels = empty($serverData['taglevels']) ? 5 : $serverData['taglevels']; $limit = empty($serverData['limit']) ? 20 : $serverData['limit']; $tags = vB_Api::instanceInternal('Tags')->fetchTagsForCloud($taglevels, $limit, $type); $templater = new vB5_Template('tag_cloud'); $templater->register('tags', $tags); $templater->register('noformat', $serverData['noformat']); $this->sendAsJson($templater->render()); }
protected function processTopics($nodes, $stickynodes, $maxpages = 0) { $result = array('total' => 0, 'total_with_sticky' => 0, 'lastDate' => 0, 'template' => '', 'pageinfo' => array('pagenumber' => 1, 'totalpages' => 1), 'css_links' => array()); $templater = new vB5_Template('display_Topics'); $canmoderate = false; if (!isset($nodes['errors']) and !empty($nodes['results'])) { foreach ($nodes['results'] as $key => $node) { //only include the starter if ($node['content']['contenttypeclass'] == 'Channel' or $node['content']['starter'] != $node['content']['nodeid']) { unset($nodes['results'][$key]); } else { $result['lastDate'] = max($result['lastDate'], $node['content']['publishdate']); } if (!empty($node['content']['permissions']['canmoderate']) and !$canmoderate) { $canmoderate = 1; $templater->register('canmoderate', $canmoderate); } } $templater->register('topics', $nodes['results']); $result['total_with_sticky'] = $result['total'] = count($nodes['results']); $result['pageinfo']['pagenumber'] = $nodes['pagenumber']; $result['pageinfo']['totalpages'] = (!empty($maxpages) and $maxpages < $nodes['totalpages']) ? $maxpages : $nodes['totalpages']; $result['pageinfo']['resultId'] = $nodes['resultId']; } elseif (isset($nodes['errors'])) { $templater->register('topics', $nodes); } if (!isset($stickynodes['errors']) and !empty($stickynodes['results'])) { $result['total_with_sticky'] = $result['total'] + count($stickynodes['results']); $sticky_templater = new vB5_Template('display_Topics'); $sticky_templater->register('topics', $stickynodes['results']); $sticky_templater->register('topic_list_class', 'sticky-list'); if (!$canmoderate and empty($nodes['results'])) { //It is safe to assume that if user has canmoderate permission for the first topic node in a forum, he/she has the same permission for all the nodes. $firstTopic = reset($stickynodes['results']); $canmoderate = $firstTopic['content']['permissions']['canmoderate']; } $sticky_templater->register('canmoderate', $canmoderate); $result['template'] .= "\n" . $sticky_templater->render() . "\n"; $templater->register('no_header', 1); } if (!empty($nodes['results']) or empty($stickynodes['results'])) { $result['template'] .= "\n" . $templater->render(true, true) . "\n"; $result['css_links'] = vB5_Template_Stylesheet::instance()->getAjaxCssLinks(); } return $result; }