function bb_attachments_process_post($post_id = 0, $display = 0) { global $bbdb, $bb_attachments; if (!$post_id) { $post_id = intval($_GET['bb_attachments']); } // only can upload if user is allowed to edit post $user_id = bb_get_current_user_info('id'); if (!isset($_FILES['bb_attachments']) || !is_array($_FILES['bb_attachments']) || !$user_id || !$post_id || !bb_current_user_can('edit_post', $post_id) || !bb_current_user_can($bb_attachments['role']['upload'])) { return; } $user_ip = $_SERVER["REMOTE_ADDR"]; // $GLOBALS["HTTP_SERVER_VARS"]["REMOTE_ADDR"]; $time = time(); $inject = ""; $bb_post = bb_get_post($post_id); $topic_id = $bb_post->topic_id; // fetch related topic $topic_attachments = intval(bb_get_topicmeta($topic_id, "bb_attachments")); // generally how many on topic (may be off if post moved) $count = intval($bbdb->get_var("SELECT COUNT(*) FROM " . $bb_attachments['db'] . " WHERE post_id = {$post_id} AND status = 0")); // how many currently on post $offset = 0; // counter for this pass $strip = array(' ', '`', '"', '\'', '\\', '/', '..', '__'); // filter for filenames $maxlength = bb_attachments_lookup($bb_attachments['max']['filename']); reset($_FILES); $output = "<h3>" . __("Uploads") . "</h3><ol>"; // start output while (list($key, $value) = each($_FILES['bb_attachments']['name'])) { if (!empty($value)) { // don't trust these, check after upload $_FILES['bb_attachments']['type'] $_FILES['bb_attachments']['size'] $filename = trim(str_replace($strip, '_', stripslashes($value))); // sanitize filename further ??? if (empty($filename)) { $filename = "unknown"; } if (intval($_FILES['bb_attachments']['error'][$key]) == 0 && $_FILES['bb_attachments']['size'][$key] > 0) { $ext = strrpos($filename, '.') === false ? "" : trim(strtolower(substr($filename, strrpos($filename, '.') + 1))); if (strlen($filename) > $maxlength) { $filename = substr($filename, 0, $maxlength - strlen($ext) + 1) . "." . $ext; } // fix filename length $tmp = $bb_attachments['path'] . md5(rand(0, 99999) . time() . $_FILES['bb_attachments']['tmp_name'][$key]); // make random temp name that can't be guessed if (@is_uploaded_file($_FILES['bb_attachments']['tmp_name'][$key]) && @move_uploaded_file($_FILES['bb_attachments']['tmp_name'][$key], $tmp)) { $size = filesize($tmp); $mime = bb_attachments_mime_type($tmp); $status = 0; $id = 0; } else { $status = 2; // file move to temp name failed for some unknown reason $size = $_FILES['bb_attachments']['size'][$key]; // we'll trust the upload sequence for the size since it doesn't matter, it failed $mime = ""; $id = 0; } if ($status == 0 && !in_array($ext, bb_attachments_lookup($bb_attachments['allowed']['extensions']))) { $status = 3; } // disallowed extension if ($status == 0 && !in_array($mime, bb_attachments_lookup($bb_attachments['allowed']['mime_types']))) { $status = 4; } // disallowed mime if ($status == 0 && $size > bb_attachments_lookup($bb_attachments['max']['size'], $ext)) { $status = 5; } // disallowed size if ($status == 0 && $count + 1 > bb_attachments_lookup($bb_attachments['max']['per_post'])) { $status = 6; } // disallowed attachment count if ($size > 0 && $filename) { // we still save the status code if any but don't copy file until status = 0 $failed = $bbdb->get_var("\n\t\t\t\tINSERT INTO " . $bb_attachments['db'] . " ( time , post_id , user_id, user_ip, status , size , ext , mime , filename )\n\t\t\t\tVALUES ('{$time}', '{$post_id}' , '{$user_id}' , inet_aton('{$user_ip}') , {$status}, '{$size}', '" . addslashes($ext) . "', '{$mime}', '" . addslashes($filename) . "')\t\t\t\t\n\t\t\t\t"); if ($status == 0 && !$failed) { $id = intval($bbdb->get_var("SELECT LAST_INSERT_ID()")); } // fetch the assigned unique id # if ($failed || !$id) { $status = 2; } // db failure ? if ($status == 0) { // successful db insert - bbdb returns NULL on success so that !NULL is it's wierd way $dir = $bb_attachments['path'] . floor($id / 1000); if (function_exists('get_current_user') && function_exists('posix_setuid')) { // try to set user's id so file/dir creation is under their account $current = get_current_user(); if (!($current && !in_array($current, array("nobody", "httpd", "apache", "root")) && strpos(__FILE__, $current))) { $current = ""; } $x = posix_getuid(); if (0 == $x && $current) { $org_uid = posix_getuid(); $pw_info = posix_getpwnam($current); $uid = $pw_info["uid"]; posix_setuid($uid); } } if (!file_exists($dir)) { // check for sub-directory based on file number 0,1,2,3,4 etc. $oldumask = umask(0); @mkdir($dir, 0755); // I've found that as long as the PARENT is 777, the children don't have to be umask($oldumask); } $file = $dir . "/" . $id . "." . $filename; // file is commited here if (!$failed && $id > 0 && file_exists($tmp)) { @rename($tmp, $file); // now it's officially named @chmod($file, 0777); // make accessable via ftp for ease of management if ($bb_attachments['aws']['enable']) { bb_attachments_aws("{$dir}/", "{$id}.{$filename}", $mime); } // copy to S3 $count++; $offset++; // count how many successfully uploaded this time } else { $status = 2; // failed - not necessarily user's fault, could be filesystem } if (isset($org_uid) && $org_uid > 0 && function_exists('posix_setuid')) { posix_setuid($org_uid); } } else { if ($status == 0) { $status = 2; } // failed for db? } } } else { $status = 2; } if (!empty($tmp) && file_exists($tmp)) { @unlink($tmp); } // never, ever, leave temporary file behind for security if ($status > 0) { if ($id > 0) { $bbdb->query("UPDATE " . $bb_attachments['db'] . " SET 'status' = {$status} WHERE 'id' = {$id}"); } $error = ""; if ($_FILES['bb_attachments']['error'][$key] > 0) { $error = " (" . $bb_attachments['errors'][$_FILES['bb_attachments']['error'][$key]] . ") "; } $output .= "<li><span style='color:red'><strong>{$filename} " . " <span class='num'>(" . round($size / 1024, 1) . " KB)</span> " . __('error:') . " " . $bb_attachments['status'][$status] . "</strong>{$error}</span></li>"; } else { $output .= "<li><span style='color:green'><strong>{$filename} " . " <span class='num'>(" . round($size / 1024, 1) . " KB)</span> " . __('successful') . "</strong></span></li>"; if ($bb_attachments['inline']['auto'] && (list($width, $height, $type) = getimagesize($file))) { if ($display) { $location = bb_attachments_location(); $can_inline = true; if (!($bb_attachments['role']['inline'] == "read" || bb_current_user_can($bb_attachments['role']['inline']))) { $can_inline = false; } if ($location == "edit.php" && $can_inline) { $output .= '<scr' . 'ipt type="text/javascript" defer="defer"> bbat_field = document.getElementsByTagName("textarea")[0]; bbat_value=" [attachment="+' . $post_id . '+","+' . $id . '+"] "; bbat_field.value += bbat_value;</script>'; } // above auto-injects newly uploaded attachment if edit form present } else { $inject .= " [attachment={$post_id},{$id}]"; } } } } // end !$empty } // end while $output .= "</ol>"; if ($display) { echo $output; } elseif (!empty($inject) && $bb_attachments['inline']['auto']) { $bb_post->post_text = apply_filters('edit_text', $bb_post->post_text . $inject); bb_insert_post($bb_post); } // auto-inject bb_update_topicmeta($topic_id, 'bb_attachments', $topic_attachments + $offset); }
function socialit_insert_in_post($post_content) { global $socialit_plugopts, $bbdb; // decide whether or not to generate the bookmarks. $istopic = bb_is_topic(); if ($istopic && $socialit_plugopts['topic'] == 1 || bb_is_feed() && $socialit_plugopts['feed'] == 1 && bb_get_topicmeta(get_topic_id(), 'hide_socialit') != "true") { //socials should be generated and added $post_id_fc = get_post_id(); //post id for check if (bb_is_first($post_id_fc)) { $post_content .= get_socialit(); } } return $post_content; }
/** * Sends a single pingback if a link is found * * @return integer The number of pingbacks sent */ function send_pingback($topic_id, $post_text) { if (!$topic_id || !$post_text) { return 0; } // Get all links in the text and add them to an array if (!preg_match_all('@<a ([^>]+)>@im', make_clickable($post_text), $post_links)) { return 0; } $_links = array(); foreach ($post_links[1] as $post_link_attributes) { $post_link_attributes = preg_split('@\\s+@im', $post_link_attributes, -1, PREG_SPLIT_NO_EMPTY); foreach ($post_link_attributes as $post_link_attribute) { if (strpos($post_link_attribute, '=', 1) !== false) { list($_key, $_value) = explode('=', $post_link_attribute, 2); if (strtolower($_key) === 'href') { $_links[] = trim($_value, "'\""); } } } } // Get pingbacks which have already been performed from this topic $past_pingbacks = bb_get_topicmeta($topic_id, 'pingback_performed'); $new_pingbacks = array(); foreach ($_links as $_link) { // If it's already been pingbacked, then skip it if ($past_pingbacks && in_array($_link, $past_pingbacks)) { continue; } // If it's trying to ping itself, then skip it if ($topic = bb_get_topic_from_uri($_link)) { if ($topic->topic_id === $topic_id) { continue; } } // Make sure it's a page on a site and not the root if (!($_url = parse_url($_link))) { continue; } if (!isset($_url['query'])) { if ($_url['path'] == '' || $_url['path'] == '/') { continue; } } // Add the URL to the array of those to be pingbacked $new_pingbacks[] = $_link; } include_once BACKPRESS_PATH . '/class.ixr.php'; $count = 0; foreach ($new_pingbacks as $pingback_to_url) { if (!($pingback_endpoint_uri = BB_Pingbacks::get_endpoint_uri($pingback_to_url))) { continue; } // Stop this nonsense after 60 seconds @set_time_limit(60); // Get the URL to pingback from $pingback_from_url = get_topic_link($topic_id); // Using a timeout of 3 seconds should be enough to cover slow servers $client = new IXR_Client($pingback_endpoint_uri); $client->timeout = 3; $client->useragent .= ' -- bbPress/' . bb_get_option('version'); // When set to true, this outputs debug messages by itself $client->debug = false; // If successful or the ping already exists then add to the pingbacked list if ($client->query('pingback.ping', $pingback_from_url, $pingback_to_url) || isset($client->error->code) && 48 == $client->error->code) { $count++; $past_pingbacks[] = $pingback_to_url; } } bb_update_topicmeta($topic_id, 'pingback_performed', $past_pingbacks); return $count; }