/**
* Returns the canonical url pertinent to the content of the page
* - for open graph and like button
*
* @return string, canonical url for the content
*/
function get_fbcanonicalurl()
{
global $vbulletin, $og_array;
static $fbcanonicalurl;
$retval = '';
$skipcache = false;
if (empty($fbcanonicalurl)) {
if (THIS_SCRIPT == 'showthread') {
global $threadinfo;
$fbcanonicalurl = create_full_url(fetch_seo_url('thread|js|nosession', $threadinfo, null, null, null, true));
} else {
if (THIS_SCRIPT == 'entry') {
global $bloginfo;
$fbcanonicalurl = create_full_url(fetch_seo_url('entry|js|nosession', $bloginfo, null, null, null, true));
} else {
if (THIS_SCRIPT == 'vbcms' and isset($vbulletin->vbcms['content_type']) and $vbulletin->vbcms['content_type'] == 'Article') {
$fbcanonicalurl = isset($vbulletin->vbcms['page_url']) ? $vbulletin->vbcms['page_url'] : $og_array['og:url'];
} else {
// do not cache canonical url in this case
$skipcache = true;
$retval = $vbulletin->options['bburl'];
}
}
}
}
($hook = vBulletinHook::fetch_hook('fb_canonical_url')) ? eval($hook) : false;
if ($skipcache) {
return $retval;
} else {
return $fbcanonicalurl;
}
}
/**
* Parses an <a> tag. Matches URL and EMAIL BB code.
*
* @param string String containing tag attributes
* @param string Text within tag
* @param string Name of HTML tag. Used if one function parses multiple tags
* @param mixed Extra arguments passed in to parsing call or tag rules
*/
protected function parseTagA($aoptions, $text, $tag_name, $args)
{
$href = $this->parseWysiwygTagAttribute('href=', $aoptions);
if (!trim($href)) {
return $this->parseTagByName('a', $text);
}
if (substr($href, 0, 7) == 'mailto:') {
$tag = 'email';
$href = substr($href, 7);
} else {
if (preg_match('#filedata/fetch\\?filedataid=(\\d+)#si', $href, $matches)) {
$tag = 'attach';
unset($href);
// the url uses filedataid and we have a tempid. This will be fixed by fixAttachBBCode() in the text library
if (preg_match('#data-tempid=(\'|")(.*)(\\1)#siU', $aoptions, $dataMatches)) {
$text = $dataMatches[2];
} else {
$text = 'n' . $matches[1];
}
} else {
if (preg_match('#class="[^"]*b-bbcode-user[^"]*"#siU', $aoptions, $matches)) {
$tag = 'user';
// look up the user
$user = vB::getDbAssertor()->getRow('user', array('username' => $text));
$href = $user['userid'];
$text = $user['username'];
} else {
$tag = 'url';
if (!preg_match('#^[a-z0-9]+:#i', $href)) {
// relative URL, prefix it with the URL to this board
$href = create_full_url($href);
}
}
}
}
$tag = strtoupper($tag);
if ($this->isBbcodeTagAllowed($tag)) {
$tag_b = $tag;
if (!empty($href)) {
$tag_b .= "=\"{$href}\"";
}
return "[{$tag_b}]" . $this->parseTagByName('a', $text) . "[/{$tag}]";
} else {
// can't auto link, return a plaintext version
$inner_text = $this->parseTagByName('a', $text);
if ($inner_text != $href) {
return "{$inner_text} ({$href})";
} else {
return $href;
}
}
}
/**
* Prepares the URL of the User's Profile
*
*/
function prepare_profileurl()
{
if (!isset($this->prepared['profileurl'])) {
$profileurl = create_full_url('member.php?u=' . $this->prepared['userid']);
if (!preg_match('#^[a-z]+://#i', $profileurl)) {
$profileurl = $this->registry->options['bburl'] . '/member.php?u=' . $this->prepared['userid'];
}
$this->prepared['profileurl'] = $profileurl;
}
}
eval(standard_error(fetch_error('noreason')));
}
$reportobj->do_report($vbulletin->GPC['reason'], $pictureinfo);
$url =& $vbulletin->url;
eval(print_standard_redirect('redirect_reportthanks'));
}
}
// #######################################################################
if ($_REQUEST['do'] == 'picture') {
$vbulletin->input->clean_array_gpc('r', array('pagenumber' => TYPE_UINT, 'perpage' => TYPE_UINT, 'commentid' => TYPE_UINT, 'showignored' => TYPE_BOOL));
if (empty($pictureinfo) or $pictureinfo['state'] == 'moderation' and !can_moderate(0, 'canmoderatepictures') and $pictureinfo['userid'] != $vbulletin->userinfo['userid']) {
standard_error(fetch_error('invalidid', $vbphrase['picture'], $vbulletin->options['contactuslink']));
}
$pictureinfo['adddate'] = vbdate($vbulletin->options['dateformat'], $pictureinfo['dateline'], true);
$pictureinfo['addtime'] = vbdate($vbulletin->options['timeformat'], $pictureinfo['dateline']);
$pictureurl = create_full_url("picture.php?albumid={$albuminfo['albumid']}&pictureid={$pictureinfo['pictureid']}");
if (!preg_match('#^[a-z]+://#i', $pictureurl)) {
$pictureurl = $vbulletin->options['bburl'] . "/picture.php?albumid={$albuminfo['albumid']}&pictureid={$pictureinfo['pictureid']}";
}
$pictureinfo['pictureurl'] = htmlspecialchars_uni($pictureurl);
$pictureinfo['caption_censored'] = fetch_censored_text($pictureinfo['caption']);
$show['picture_owner'] = $userinfo['userid'] == $vbulletin->userinfo['userid'];
$show['edit_picture_option'] = ($userinfo['userid'] == $vbulletin->userinfo['userid'] or can_moderate(0, 'caneditalbumpicture'));
$show['add_group_link'] = ($userinfo['userid'] == $vbulletin->userinfo['userid'] and $vbulletin->options['socnet'] & $vbulletin->bf_misc_socnet['enable_groups'] and $vbulletin->options['socnet_groups_albums_enabled'] and $vbulletin->userinfo['permissions']['socialgrouppermissions'] & $vbulletin->bf_ugp_socialgrouppermissions['canviewgroups'] and $vbulletin->userinfo['permissions']['socialgrouppermissions'] & $vbulletin->bf_ugp_socialgrouppermissions['canjoingroups'] and $pictureinfo['state'] != 'moderation');
$show['reportlink'] = ($vbulletin->userinfo['userid'] and ($vbulletin->options['rpforumid'] or $vbulletin->options['enableemail'] and $vbulletin->options['rpemail']));
$navpictures_sql = $db->query_read_slave("\n\t\tSELECT albumpicture.pictureid\n\t\tFROM " . TABLE_PREFIX . "albumpicture AS albumpicture\n\t\tINNER JOIN " . TABLE_PREFIX . "picture AS picture ON (albumpicture.pictureid = picture.pictureid)\n\t\tWHERE albumpicture.albumid = {$albuminfo['albumid']}\n\t\t" . ((!can_moderate(0, 'canmoderatepictures') and $pictureinfo['userid'] != $vbulletin->userinfo['userid']) ? "AND picture.state = 'visible'" : "") . "\n\t\tORDER BY albumpicture.dateline DESC\n\t");
$pic_location = fetch_picture_location_info($navpictures_sql, $pictureinfo['pictureid']);
($hook = vBulletinHook::fetch_hook('album_picture')) ? eval($hook) : false;
if ($vbulletin->options['pc_enabled'] and $pictureinfo['state'] == 'visible') {
require_once DIR . '/includes/functions_picturecomment.php';
$pagenumber = $vbulletin->GPC['pagenumber'];
/**
* Constructor - checks that the registry object has been passed correctly.
*
* @param array Information about the content that owns these attachments
* @param array List of attachments belonging to the specifed post
* @param boolean Display download count
* @param boolean View has permissions to download attachments
* @param boolean Viewer has permission to get attachments
* @param boolean Viewer has permission to set thumbnails
*
* @return void
*/
function process_attachments(&$post, &$attachments, $hidecounter = false, $canmod = false, $canget = true, $canseethumb = true, $linkonly = false)
{
global $show, $vbphrase;
if (!empty($attachments)) {
$show['modattachmentlink'] = ($canmod or $post['userid'] == $this->registry->userinfo['userid']);
$show['attachments'] = true;
$show['moderatedattachment'] = $show['thumbnailattachment'] = $show['otherattachment'] = false;
$show['imageattachment'] = $show['imageattachmentlink'] = false;
$attachcount = sizeof($attachments);
$thumbcount = 0;
if (!$this->registry->options['viewattachedimages']) {
$showimagesprev = $this->registry->userinfo['showimages'];
$this->registry->userinfo['showimages'] = false;
}
foreach ($attachments as $attachmentid => $attachment) {
if ($canget and $canseethumb and $attachment['thumbnail_filesize'] == $attachment['filesize']) {
// This is an image that is already thumbnail sized..
$attachment['hasthumbnail'] = 0;
$attachment['forceimage'] = $this->registry->options['viewattachedimages'] ? $this->registry->userinfo['showimages'] : 0;
} else {
if (!$canseethumb) {
$attachment['hasthumbnail'] = 0;
}
}
$show['newwindow'] = $attachment['newwindow'];
$attachment['filename'] = fetch_censored_text(htmlspecialchars_uni($attachment['filename'], false));
$attachment['attachmentextension'] = strtolower(file_extension($attachment['filename']));
$attachment['filesize'] = vb_number_format($attachment['filesize'], 1, true);
if (vB_Template_Runtime::fetchStyleVar('dirmark')) {
$attachment['filename'] .= vB_Template_Runtime::fetchStyleVar('dirmark');
}
($hook = vBulletinHook::fetch_hook('postbit_attachment')) ? eval($hook) : false;
if ($attachment['state'] == 'visible') {
if ($hidecounter) {
$attachment['counter'] = $vbphrase['n_a'];
$show['views'] = false;
} else {
$show['views'] = true;
}
$lightbox_extensions = array('gif', 'jpg', 'jpeg', 'jpe', 'png', 'bmp');
$ext = $linkonly ? null : $attachment['attachmentextension'];
$attachmenturl = create_full_url("attachment.php?{$this->registry->session->vars['sessionurl']}attachmentid={$attachment['attachmentid']}&d={$attachment['dateline']}");
$imageurl = create_full_url("attachment.php?{$this->registry->session->vars['sessionurl']}attachmentid={$attachment['attachmentid']}&stc=1&d={$attachment['dateline']}");
$thumburl = create_full_url("attachment.php?{$this->registry->session->vars['sessionurl']}attachmentid={$attachment['attachmentid']}&stc=1&thumb=1&d={$attachment['thumbnail_dateline']}");
switch ($ext) {
case 'gif':
case 'jpg':
case 'jpeg':
case 'jpe':
case 'png':
case 'bmp':
case 'tiff':
case 'tif':
case 'psd':
case 'pdf':
if (!$this->registry->userinfo['showimages']) {
// Special case for PDF - don't list it as an 'image'
if ($attachment['attachmentextension'] == 'pdf') {
$templater = vB_Template::create('postbit_attachment');
$templater->register('attachment', $attachment);
$templater->register('url', $attachmenturl);
$post['otherattachments'] .= $templater->render();
$show['otherattachment'] = true;
} else {
$templater = vB_Template::create('postbit_attachment');
$templater->register('attachment', $attachment);
$templater->register('url', $attachmenturl);
$post['imageattachmentlinks'] .= $templater->render();
$show['imageattachmentlink'] = true;
}
} else {
if ($this->registry->options['viewattachedimages'] == 1 or $this->registry->options['viewattachedimages'] == 2 and $attachcount > 1) {
if ($attachment['hasthumbnail'] or !$canget and !in_array($attachment['attachmentextension'], array('tiff', 'tif', 'psd', 'pdf'))) {
$thumbcount++;
if ($this->registry->options['attachrow'] and $thumbcount >= $this->registry->options['attachrow']) {
$thumbcount = 0;
$show['br'] = true;
} else {
$show['br'] = false;
}
$show['cangetattachment'] = ($canget and in_array($attachment['attachmentextension'], $lightbox_extensions));
$templater = vB_Template::create('postbit_attachmentthumbnail');
$templater->register('attachment', $attachment);
$templater->register('url', $attachmenturl);
$templater->register('pictureurl', $thumburl);
$post['thumbnailattachments'] .= $templater->render();
$show['thumbnailattachment'] = true;
} else {
if (!in_array($attachment['attachmentextension'], array('tiff', 'tif', 'psd', 'pdf')) and $attachment['forceimage']) {
$templater = vB_Template::create('postbit_attachmentimage');
$templater->register('attachment', $attachment);
$templater->register('url', $attachmenturl);
$templater->register('pictureurl', $imageurl);
$post['imageattachments'] .= $templater->render();
$show['imageattachment'] = true;
} else {
// Special case for PDF - don't list it as an 'image'
if ($attachment['attachmentextension'] == 'pdf') {
$templater = vB_Template::create('postbit_attachment');
$templater->register('attachment', $attachment);
$templater->register('url', $attachmenturl);
$post['otherattachments'] .= $templater->render();
$show['otherattachment'] = true;
} else {
$templater = vB_Template::create('postbit_attachment');
$templater->register('attachment', $attachment);
$templater->register('url', $attachmenturl);
$post['imageattachmentlinks'] .= $templater->render();
$show['imageattachmentlink'] = true;
}
}
}
} else {
if (!in_array($attachment['attachmentextension'], array('tiff', 'tif', 'psd', 'pdf')) and ($this->registry->options['viewattachedimages'] == 3 or $this->registry->options['viewattachedimages'] == 2 and $attachcount == 1)) {
$templater = vB_Template::create('postbit_attachmentimage');
$templater->register('attachment', $attachment);
$templater->register('url', $attachmenturl);
$templater->register('pictureurl', $imageurl);
$post['imageattachments'] .= $templater->render();
$show['imageattachment'] = true;
} else {
$templater = vB_Template::create('postbit_attachment');
$templater->register('attachment', $attachment);
$templater->register('url', $attachmenturl);
$post['imageattachmentlinks'] .= $templater->render();
$show['imageattachmentlink'] = true;
}
}
}
break;
default:
$templater = vB_Template::create('postbit_attachment');
$templater->register('attachment', $attachment);
$templater->register('url', $attachmenturl);
$post['otherattachments'] .= $templater->render();
$show['otherattachment'] = true;
}
} else {
$templater = vB_Template::create('postbit_attachment');
$templater->register('attachment', $attachment);
$templater->register('url', $attachmenturl);
$post['moderatedattachments'] .= $templater->render();
$show['moderatedattachment'] = true;
}
}
if (!$this->registry->options['viewattachedimages']) {
$this->registry->userinfo['showimages'] = $showimagesprev;
}
} else {
$show['attachments'] = false;
}
}
eval(fetch_email_phrases('activateaccount'));
vbmail($email, $subject, $message, true);
} else {
if ($newusergroupid == 2) {
if ($vbulletin->options['welcomemail']) {
eval(fetch_email_phrases('welcomemail'));
vbmail($email, $subject, $message);
}
}
}
($hook = vBulletinHook::fetch_hook('register_addmember_complete')) ? eval($hook) : false;
if ($vbulletin->GPC['coppauser']) {
$_REQUEST['do'] = 'coppaform';
} else {
if ($vbulletin->options['verifyemail']) {
eval(standard_error(fetch_error('registeremail', $username, $email, create_full_url($vbulletin->url . $vbulletin->session->vars['sessionurl_q'])), '', false));
} else {
$vbulletin->url = str_replace('"', '', $vbulletin->url);
if (!$vbulletin->url) {
$vbulletin->url = $vbulletin->options['forumhome'] . '.php' . $vbulletin->session->vars['sessionurl_q'];
} else {
$vbulletin->url = iif(strpos($vbulletin->url, 'register.php') !== false, $vbulletin->options['forumhome'] . '.php' . $vbulletin->session->vars['sessionurl_q'], $vbulletin->url);
}
if ($vbulletin->options['moderatenewmembers']) {
eval(standard_error(fetch_error('moderateuser', $username, $vbulletin->options['forumhome'], $vbulletin->session->vars['sessionurl_q']), '', false));
} else {
eval(standard_error(fetch_error('registration_complete', $username, $vbulletin->session->vars['sessionurl'], $vbulletin->options['bburl'] . '/' . $vbulletin->options['forumhome'] . '.php'), '', false));
}
}
}
}
print_nav_panel();
unset($navigation);
echo "</div>\n";
// *************************************************
define('NO_CP_COPYRIGHT', true);
unset($DEVDEBUG);
print_cp_footer();
}
// #############################################################################
// ################################ BUILD FRAMESET #############################
// #############################################################################
if ($_REQUEST['do'] == 'frames' or empty($_REQUEST['do'])) {
$vbulletin->input->clean_array_gpc('r', array('loc' => TYPE_NOHTML));
$navframe = "<frame src=\"index.php?" . $vbulletin->session->vars['sessionurl'] . "do=nav" . iif($vbulletin->GPC['nojs'], '&nojs=1') . "\" name=\"nav\" scrolling=\"yes\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" border=\"no\" />\n";
$headframe = "<frame src=\"index.php?" . $vbulletin->session->vars['sessionurl'] . "do=head\" name=\"head\" scrolling=\"no\" noresize=\"noresize\" frameborder=\"0\" marginwidth=\"10\" marginheight=\"0\" border=\"no\" />\n";
$mainframe = "<frame src=\"" . iif(!empty($vbulletin->GPC['loc']) and !preg_match('#^[a-z]+:#i', $vbulletin->GPC['loc']), create_full_url($vbulletin->GPC['loc']), "index.php?" . $vbulletin->session->vars['sessionurl'] . "do=home") . "\" name=\"main\" scrolling=\"yes\" frameborder=\"0\" marginwidth=\"10\" marginheight=\"10\" border=\"no\" />\n";
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Frameset//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-frameset.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="<?php
echo vB_Template_Runtime::fetchStyleVar('textdirection');
?>
" lang="<?php
echo vB_Template_Runtime::fetchStyleVar('languagecode');
?>
">
<head>
<script type="text/javascript">
<!--
// get out of any containing frameset
if (self.parent.frames.length != 0)
{
$output .= $xml->output();
unset($xml);
}
else if (in_array($vbulletin->GPC['type'], array('RSS', 'RSS1', 'RSS2')))
{ // RSS output
// setup the board title
if (empty($title))
{ // just show board title
$rsstitle = $vbulletin->options['bbtitle'];
}
else
{ // show board title plus selection
$rsstitle = $vbulletin->options['bbtitle'] . " - $title";
}
$rssicon = create_full_url(vB_Template_Runtime::fetchStyleVar('imgdir_misc') . '/rss.png');
$headers[] = 'Cache-control: max-age=' . $expires;
$headers[] = 'Expires: ' . gmdate("D, d M Y H:i:s", $expires) . ' GMT';
$headers[] = 'Last-Modified: ' . gmdate('D, d M Y H:i:s', $lastmodified) . ' GMT';
$headers[] = 'ETag: "' . $cachehash . '"';
$headers[] = 'Content-Type: text/xml' . (vB_Template_Runtime::fetchStyleVar('charset') != '' ? '; charset=' . vB_Template_Runtime::fetchStyleVar('charset') : '');
$output = '<?xml version="1.0" encoding="' . vB_Template_Runtime::fetchStyleVar('charset') . '"?>' . "\r\n\r\n";
# Each specs shared code is entered in full (duplicated) to make it easier to read
switch($vbulletin->GPC['type'])
{
case 'RSS':
require_once(DIR . '/includes/class_xml.php');
$xml = new vB_XML_Builder($vbulletin);
if ($newpost['visible'] OR can_moderate($foruminfo['forumid'], 'canmoderateposts'))
{
if ($threadview < $threadinfo['lastpost'])
{
$vbulletin->url = fetch_seo_url('thread', $threadinfo, array('p' => $newpost['postid'], 'posted' => 1)) . "#post$newpost[postid]";
}
else
{
$vbulletin->url = fetch_seo_url('thread', $threadinfo, array('p' => $newpost['postid'])) . "#post$newpost[postid]";
}
// if post is not moderated, attempt to publish this new reply to user's Facebook feed
if ($newpost['visible'] AND is_facebookenabled())
{
$fblink = str_ireplace('&', '&', $vbulletin->url);
publishtofacebook_newreply($threadinfo['title'], $newpost['message'], create_full_url($fblink));
}
($hook = vBulletinHook::fetch_hook('newreply_post_complete')) ? eval($hook) : false;
eval(print_standard_redirect('redirect_postthanks', true, $forceredirect));
}
else
{
$vbulletin->url = fetch_seo_url('forum', $foruminfo);
($hook = vBulletinHook::fetch_hook('newreply_post_complete')) ? eval($hook) : false;
eval(print_standard_redirect('redirect_postthanks_moderate', true, true));
}
}
} // end if
}
// init user data manager
$displaygroupid = ($user['displaygroupid'] > 0 and $user['displaygroupid'] != $user['usergroupid']) ? $user['displaygroupid'] : 2;
$userdata =& datamanager_init('User', $vbulletin, ERRTYPE_CP);
$userdata->set_existing($user);
$userdata->set('usergroupid', 2);
$userdata->set_usertitle($user['customtitle'] ? $user['usertitle'] : '', false, $vbulletin->usergroupcache["{$displaygroupid}"], $vbulletin->usergroupcache['2']['genericpermissions'] & $vbulletin->bf_ugp_genericpermissions['canusecustomtitle'] ? true : false, false);
$userdata->save();
if ($vbulletin->GPC['send_validated']) {
if (!isset($evalemail_validated["{$user['languageid']}"])) {
//note that we pass the "all languages" flag as true all the time because if the function does
//caching internally and is not smart enough to check if the language requested the second time
//was cached on the first pass -- so we make sure that we load and cache all language version
//in case the second user has a different language from the first
$text_message = fetch_phrase('moderation_validated', 'emailbody', '', true, true, $chosenlanguage, true);
$text_subject = fetch_phrase('moderation_validated', 'emailsubject', '', true, true, $chosenlanguage);
$text_message = construct_phrase($text_message, create_full_url(fetch_seo_url('forumhome|nosession', array()), true));
$evalemail_validated["{$user['languageid']}"] = '
$message = "' . $text_message . '";
$subject = "' . $text_subject . '";
';
}
eval($evalemail_validated["{$user['languageid']}"]);
vbmail($user['email'], $subject, $message, true);
}
if ($vbulletin->options['welcomepm'] and $fromuser and !$user['posts']) {
if (!isset($evalpm_validated["{$user['languageid']}"])) {
//note that we pass the "all languages" flag as true all the time because if the function does
//caching internally and is not smart enough to check if the language requested the second time
//was cached on the first pass -- so we make sure that we load and cache all language version
//in case the second user has a different language from the first
$text_message = fetch_phrase('welcomepm', 'emailbody', '', true, true, $chosenlanguage);
function parse_wysiwyg_anchor($aoptions, $text)
{
$href = parse_wysiwyg_tag_attribute('href=', $aoptions);
if (!trim($href)) {
return parse_wysiwyg_recurse('a', $text, 'parse_wysiwyg_anchor');
}
if (substr($href, 0, 7) == 'mailto:') {
$tag = 'email';
$href = substr($href, 7);
} else {
$tag = 'url';
if (!preg_match('#^[a-z0-9]+:#i', $href)) {
// relative URL, prefix it with the URL to this board
$href = create_full_url($href);
}
}
$tag = strtoupper($tag);
return "[{$tag}=\"{$href}\"]" . parse_wysiwyg_recurse('a', $text, 'parse_wysiwyg_anchor') . "[/{$tag}]";
}
/**
* Parses an <a> tag. Matches URL and EMAIL BB code.
*
* @param string String containing tag attributes
* @param string Text within tag
* @param string Name of HTML tag. Used if one function parses multiple tags
* @param mixed Extra arguments passed in to parsing call or tag rules
*/
protected function parse_tag_a($aoptions, $text, $tag_name, $args)
{
$href = $this->parse_wysiwyg_tag_attribute('href=', $aoptions);
if (!trim($href))
{
return $this->parse_tag_by_name('a', $text);
}
if (substr($href, 0, 7) == 'mailto:')
{
$tag = 'email';
$href = substr($href, 7);
}
else
{
$tag = 'url';
if (!preg_match('#^[a-z0-9]+:#i', $href))
{
// relative URL, prefix it with the URL to this board
$href = create_full_url($href);
}
}
$tag = strtoupper($tag);
if ($this->is_bbcode_tag_allowed($tag))
{
return "[$tag=\"$href\"]" . $this->parse_tag_by_name('a', $text) . "[/$tag]";
}
else
{
// can't auto link, return a plaintext version
$inner_text = $this->parse_tag_by_name('a', $text);
if ($inner_text != $href)
{
return "$inner_text ($href)";
}
else
{
return $href;
}
}
}
}
if ($group['membertype'] != 'member' and !can_moderate(0, 'caneditgrouppicture')) {
if ($vbulletin->userinfo['permissions']['socialgrouppermissions'] & $vbulletin->bf_ugp_socialgrouppermissions['canjoingroups'] and can_join_group($group)) {
standard_error(fetch_error('must_be_group_member_view_add_pictures_join_x', 'group.php?' . $vbulletin->session->vars['sessionurl'] . 'do=join&groupid=' . $group['groupid']));
} else {
standard_error(fetch_error('must_be_group_member_view_add_pictures'));
}
}
$pictureinfo = fetch_socialgroup_picture($vbulletin->GPC['attachmentid'], $group['groupid']);
if (!$pictureinfo) {
standard_error(fetch_error('invalidid', $vbphrase['picture'], $vbulletin->options['contactuslink']));
}
$pictureinfo['adddate'] = vbdate($vbulletin->options['dateformat'], $pictureinfo['dateline'], true);
$pictureinfo['addtime'] = vbdate($vbulletin->options['timeformat'], $pictureinfo['dateline']);
$pictureinfo['caption_html'] = nl2br(fetch_word_wrapped_string(fetch_censored_text($pictureinfo['caption'])));
$pictureurl = create_full_url("attachment.php?attachmentid={$pictureinfo['attachmentid']}");
if (!preg_match('#^[a-z]+://#i', $pictureurl)) {
$pictureurl = $vbulletin->options['bburl'] . "/attachment.php?attachmentid={$pictureinfo['attachmentid']}";
}
$pictureinfo['pictureurl'] = $pictureurl;
$navpictures_sql = $db->query_read_slave("\r\n\t\tSELECT\r\n\t\t\ta.attachmentid\r\n\t\tFROM " . TABLE_PREFIX . "attachment AS a\r\n\t\tINNER JOIN " . TABLE_PREFIX . "socialgroupmember AS socialgroupmember ON\r\n\t\t\t(socialgroupmember.userid = a.userid AND socialgroupmember.groupid = {$group['groupid']} AND socialgroupmember.type = 'member')\r\n\t\tWHERE\r\n\t\t\ta.contentid = {$group['groupid']}\r\n\t\t\t\tAND\r\n\t\t\ta.contenttypeid = {$contenttypeid}\r\n\t\tORDER BY a.dateline DESC\r\n\t");
$pic_location = fetch_picture_location_info($navpictures_sql, $pictureinfo['attachmentid']);
$db->free_result($navpictures_sql);
($hook = vBulletinHook::fetch_hook('group_picture')) ? eval($hook) : false;
$show['edit_picture_option'] = ($pictureinfo['userid'] == $vbulletin->userinfo['userid'] or can_moderate(0, 'caneditgrouppicture'));
$show['remove_picture_option'] = ($pictureinfo['userid'] == $vbulletin->userinfo['userid'] or fetch_socialgroup_modperm('canremovepicture', $group));
$show['reportlink'] = ($vbulletin->userinfo['userid'] and ($vbulletin->options['rpforumid'] or $vbulletin->options['enableemail'] and $vbulletin->options['rpemail']));
if ($vbulletin->options['pc_enabled']) {
require_once DIR . '/includes/functions_picturecomment.php';
$pagenumber = $vbulletin->GPC['pagenumber'];
$perpage = $vbulletin->GPC['perpage'];
/**
* Sets up different display variables for the Group Message
*
* @access protected
*/
function process_display()
{
global $show, $vbphrase;
// Simplify moderation for templating
$this->item['picturecount'] = vb_number_format($this->item['visible']);
// Get cover image info
$this->item['coverthumburl'] = $this->item['attachmentid'] ? 'attachment.php?' . $this->registry->session->vars['sessionurl'] . "albumid={$this->item['albumid']}&attachmentid={$this->item['attachmentid']}&thumb=1&d={$this->item['thumbnail_dateline']}" : '';
$this->item['coverdimensions'] = $this->item['thumbnail_width'] ? "width=\"{$this->item[thumbnail_width]}px\" height=\"{$this->item[thumbnail_height]}px\"" : '';
if (defined('VB_API') and VB_API === true) {
if ($this->item['coverthumburl']) {
$this->item['pictureurl'] = create_full_url($this->item['coverthumburl']);
} else {
$this->item['pictureurl'] = '';
}
}
// Display album type
if ('private' == $this->item['state']) {
$show['personalalbum'] = true;
$this->item['albumtype'] = $vbphrase['private_album_paren'];
} else {
if ('profile' == $this->item['state']) {
$show['personalalbum'] = true;
$this->item['albumtype'] = $vbphrase['profile_album_paren'];
} else {
$show['personalalbum'] = false;
}
}
// Show moderation details
if ($this->item['moderation'] and (can_moderate(0, 'canmoderatepictures') or $vbulletin->userinfo['userid'] == $this->item['userid'])) {
$show['moderated'] = true;
$this->item['moderatedcount'] = vb_number_format($this->item['moderation']);
} else {
$show['moderated'] = false;
}
}
} else {
if ($vbulletin->GPC['message'] == '') {
eval(standard_error(fetch_error('nomessage')));
}
if ($perform_floodcheck) {
require_once DIR . '/includes/class_floodcheck.php';
$floodcheck = new vB_FloodCheck($vbulletin, 'user', 'emailstamp');
$floodcheck->commit_key($vbulletin->userinfo['userid'], TIMENOW, TIMENOW - $vbulletin->options['emailfloodtime']);
if ($floodcheck->is_flooding()) {
eval(standard_error(fetch_error('emailfloodcheck', $vbulletin->options['emailfloodtime'], $floodcheck->flood_wait())));
}
}
($hook = vBulletinHook::fetch_hook('sendmessage_domailmember')) ? eval($hook) : false;
//magic variables for for phrase eval
$message = fetch_censored_text($vbulletin->GPC['message']);
$forumhomelink = create_full_url(fetch_seo_url('forumhome|nosession', array()), true);
eval(fetch_email_phrases('usermessage', $userinfo['languageid']));
//note that $message is set via the run via eval from fetch_email_phrases.
vbmail($userinfo['email'], fetch_censored_text($vbulletin->GPC['emailsubject']), $message, false, $vbulletin->userinfo['email'], '', $vbulletin->userinfo['username']);
// parse this next line with eval:
$sendtoname = $userinfo['username'];
print_standard_redirect(array('redirect_sentemail', $sendtoname));
}
}
}
/*======================================================================*\
|| ####################################################################
|| # Downloaded: 03:13, Sat Sep 7th 2013
|| # CVS: $RCSfile$ - $Revision: 58373 $
|| ####################################################################
\*======================================================================*/
/**
* Verify Friendly URL
* Ensures the requested URL was in the correct format according to the
* friendlyurl option. If not, throw a 301 to the correct route.
*/
public function assertFriendlyUrl()
{
// API don't need to redirect
if (defined('VB_API') and VB_API === true) {
return;
}
// Only redirect on GET
if ('GET' != $_SERVER['REQUEST_METHOD']) {
return;
}
// If this route isn't valid then we'll be 404'ing anyway
if (!$this->isValid()) {
return;
}
// If we don't have an entry path then there's nothing to do
if (!($request_path = vB_Router::getEntryPath())) {
return;
}
// Allow hooks to handle non canonical urls
($hook = vBulletinHook::fetch_hook('friendlyurl_redirect_canonical_route')) ? eval($hook) : false;
// Check if we should be enforcing the canonical url
if (vB_Friendly_Url::CANON_OFF == vB::$vbulletin->options['friendlyurl_canonical']) {
return;
}
// Only redirect guests and search engines
if (vB::$vbulletin->userinfo['userid'] and !vB::$vbulletin->options['friendlyurl_canonical_registered']) {
return;
}
// Get the canonical path
if (!isset($canonical_path)) {
$canonical_path = $this->getRoutePath(false, vB_Friendly_Url::CANON_STRICT == vB::$vbulletin->options['friendlyurl_canonical'], true);
}
// Whether the request was canonical
$canonical = true;
// If no route path is specified then only rewrite can differ
if ($request_path == VB_ROUTER_SEGMENT) {
//This looks like a bug. The second "==" should be an "AND". This is based on the fact that how its written doesn't
//make a lot of sense and the behavior with the change is more consistant. However its a bug with senority at this
//point and fixing it will change how urls behave. For the time being leaving it alone is better than the risk of
//changing it.
if ((FRIENDLY_URL == FRIENDLY_URL_REWRITE) == (vB::$vbulletin->options['friendlyurl'] == FRIENDLY_URL_REWRITE)) {
return;
}
}
// Check the Friendly URL method
if (FRIENDLY_URL !== intval(vB::$vbulletin->options['friendlyurl'])) {
$canonical = false;
}
// Check URI
if ($canonical and vB_Friendly_URL::CANON_STRICT == vB::$vbulletin->options['friendlyurl_canonical']) {
if ($request_path != $canonical_path) {
// request may have been in the current charset, try utf-8
$request_path = to_utf8($request_path, vB::$vbulletin->userinfo['lang_charset']);
if ($request_path != $canonical_path) {
$canonical = false;
}
}
}
// Redirect if incorrect
if (!$canonical) {
// Get the raw redirect url
$url = $this->getCurrentURL(null, null, '', false, true);
// add any query vars
$vars = $_GET;
unset($vars[vB::$vbulletin->options['route_requestvar']]);
unset($vars['pagenumber']);
// Remove duplicate created by shortvar code
if (!empty($vars)) {
$url .= (strpos($url, '?') ? '&' : '?') . urlimplode($vars, false, true);
}
//do a quick check to ensure that we aren't trying to redirect to the url
//we came in on. This is needed primarily because of a special case where the
//friendly url logic doesn't correctly detect the rewrite URL version of the
//incoming link and will attempt to redirect because they don't match.
$url = create_full_url($url);
$cleaned_url = vB::$vbulletin->input->xss_clean(vB::$vbulletin->input->strip_sessionhash($url));
$cleaned_url = $this->domain_to_lower($cleaned_url);
//if ($url != VB_URL_CLEAN)
if (urldecode($cleaned_url) != urldecode($this->domain_to_lower(VB_URL_CLEAN))) {
// redirect to the canonical url
exec_header_redirect($url, 301);
}
}
}
print_nav_panel();
unset($navigation);
echo "</div>\n";
// *************************************************
define('NO_CP_COPYRIGHT', true);
unset($DEVDEBUG);
print_cp_footer();
}
// #############################################################################
// ################################ BUILD FRAMESET #############################
// #############################################################################
if ($_REQUEST['do'] == 'frames' or empty($_REQUEST['do'])) {
$vbulletin->input->clean_array_gpc('r', array('loc' => vB_Cleaner::TYPE_NOHTML));
$navframe = "<frame src=\"index.php?" . vB::getCurrentSession()->get('sessionurl') . "do=nav" . iif($vbulletin->GPC['nojs'], '&nojs=1') . "\" name=\"nav\" scrolling=\"yes\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" border=\"no\" id=\"vb-acp-navframe\" />\n";
$headframe = "<frame src=\"index.php?" . vB::getCurrentSession()->get('sessionurl') . "do=head\" name=\"head\" scrolling=\"no\" noresize=\"noresize\" frameborder=\"0\" marginwidth=\"10\" marginheight=\"0\" border=\"no\" id=\"vb-acp-headframe\" />\n";
$mainframe = "<frame src=\"" . iif(!empty($vbulletin->GPC['loc']) and !preg_match('#^[a-z]+:#i', $vbulletin->GPC['loc']), create_full_url($vbulletin->GPC['loc']), "index.php?" . vB::getCurrentSession()->get('sessionurl') . "do=home") . "\" name=\"main\" scrolling=\"yes\" frameborder=\"0\" marginwidth=\"10\" marginheight=\"10\" border=\"no\" id=\"vb-acp-mainframe\" />\n";
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Frameset//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-frameset.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="<?php
echo vB_Template_Runtime::fetchStyleVar('textdirection');
?>
" lang="<?php
echo vB_Template_Runtime::fetchStyleVar('languagecode');
?>
">
<head>
<script type="text/javascript">
<!--
// get out of any containing frameset
if (self.parent.frames.length != 0)
{
protected function saveData($view)
{
if ($this->data_saved)
{
return true;
}
$this->data_saved = true;
if (!$this->content->canEdit() AND !$this->content->canPublish() )
{
return $vb_phrase['no_edit_permissions'];
}
require_once DIR . '/includes/functions.php';
// collect error messages
$errors = array();
vB::$vbulletin->input->clean_array_gpc('p', array(
'do' => vB_Input::TYPE_STR,
'cms_node_title' => vB_Input::TYPE_STR,
'cms_node_url' => vB_Input::TYPE_STR,
'message' => vB_Input::TYPE_STR,
'url' => vB_Input::TYPE_NOHTML,
'title' => vB_Input::TYPE_NOHTML,
'setpublish' => vB_Input::TYPE_UINT,
'publishdate' => vB_Input::TYPE_UINT,
'html_title' => vB_Input::TYPE_NOHTML,
'publicpreview' => vB_Input::TYPE_UINT,
'new_parentid' => vB_Input::TYPE_UINT,
'comments_enabled' => vB_Input::TYPE_UINT,
'wysiwyg' => vB_Input::TYPE_BOOL,
'parseurl' => vB_Input::TYPE_BOOL,
'posthash' => vB_Input::TYPE_NOHTML,
'poststarttime' => vB_Input::TYPE_UINT,
'htmlstate' => vB_Input::TYPE_NOHTML,
));
($hook = vBulletinHook::fetch_hook('vbcms_article_save_start')) ? eval($hook) : false;
$dm = $this->content->getDM();
$dm->set('contentid', $this->content->getId());
if ($this->content->canEdit())
{
// get pagetext
$pagetext = vB::$vbulletin->GPC['message'];
$html_title = vB::$vbulletin->GPC['html_title'];
$title = vB::$vbulletin->GPC['title'];
// unwysiwygify the incoming data
if (vB::$vbulletin->GPC['wysiwyg'])
{
$html_parser = new vBCms_WysiwygHtmlParser(vB::$vbulletin);
$pagetext = $html_parser->parse($pagetext);
}
$dm->info['parseurl'] = true;
$dm->set('pagetext', $pagetext);
if ($title)
{
$dm->set('title', $pagetext);
}
$bbcodesearch = array();
$video_location = stripos($pagetext, '[video');
$found_image = false;
// populate the preview image field with [img] if we can find one
if (($i = stripos($pagetext, '[IMG]')) !== false and ($j = stripos($pagetext, '[/IMG]')) AND $j > $i)
{
$previewimage = htmlspecialchars_uni(substr($pagetext, $i+5, $j - $i - 5));
$image_location = $i;
if ($size = @getimagesize($previewimage))
{
$dm->set('previewimage', $previewimage);
$dm->set('imagewidth', $size[0]);
$dm->set('imageheight', $size[1]);
$bbcodesearch[] = substr($pagetext, $i, $j + 6);
$found_image = true;
}
}
// or populate the preview image field with [attachment] if we can find one
if (!$found_image)
{
$i = stripos($pagetext, "[ATTACH=CONFIG]");
$j = stripos($pagetext, '[/ATTACH]');
if ($j !== false)
{
if ($i === false)
{
$i = stripos($pagetext, "[ATTACH]");
if ($i !== false AND ($i > $j))
{
$attachmentid = substr($pagetext, $i + 15, $j - $i - 15);
$found_image = $this->getAttachData($attachmentid, $dm, $bbcodesearch);
}
}
else if ($i > $j)
{
$attachmentid = substr($pagetext, $i + 15, $j - $i - 15);
$found_image = $this->getAttachData($attachmentid, $dm, $bbcodesearch);
}
}
}
if (!$found_image AND $this->content->canDownload())
{
require_once(DIR . '/packages/vbattach/attach.php');
$attach = new vB_Attach_Display_Content(vB::$vbulletin, 'vBCms_Article');
$attachments = $attach->fetch_postattach(0, $this->content->getNodeId(), $this->content->getUserId());
if (!empty($attachments))
{
foreach($attachments as $attachment)
{
if ($attachment['hasthumbnail'])
{
$found_image = $this->getAttachData($attachment['attachmentid'], $dm, $bbcodesearch);
if ($found_image)
{
break;
}
}
}
}
}
// if there are no images in the article body, make sure we unset the preview in the db
if (!$found_image )
{
$dm->set('previewimage', '');
$dm->set('imagewidth', 0);
$dm->set('imageheight', 0);
$image_location = intval($video_location) + 1;
}
$parseurl = false;
$providers = $search = $replace = $previewvideo = array();
($hook = vBulletinHook::fetch_hook('data_preparse_bbcode_video_start')) ? eval($hook) : false;
// Convert video bbcode with no option
if ((($video_location !== false) AND (intval($video_location) < intval($image_location))) OR $parseurl)
{
if (!$providers)
{
$bbcodes = vB::$db->query_read_slave("
SELECT
provider, url, regex_url, regex_scrape, tagoption
FROM " . TABLE_PREFIX . "bbcode_video
ORDER BY priority
");
while ($bbcode = vB::$db->fetch_array($bbcodes))
{
$providers["$bbcode[tagoption]"] = $bbcode;
}
}
$scraped = 0;
if (!empty($providers) AND preg_match_all('#\[video[^\]]*\](.*?)\[/video\]#si', $pagetext, $matches))
{
foreach ($matches[1] AS $key => $url)
{
$match = false;
foreach ($providers AS $provider)
{
$addcaret = ($provider['regex_url'][0] != '^') ? '^' : '';
if (preg_match('#' . $addcaret . $provider['regex_url'] . '#si', $url, $match))
{
break;
}
}
if ($match)
{
if (!$provider['regex_scrape'] AND $match[1])
{
$previewvideo['provider'] = $provider['tagoption'];
$previewvideo['code'] = $match[1];
$previewvideo['url'] = $url;
$bbcodesearch[] = $matches[0][$key];
break;
}
else if ($provider['regex_scrape'] AND vB::$vbulletin->options['bbcode_video_scrape'] > 0 AND $scraped < vB::$vbulletin->options['bbcode_video_scrape'])
{
require_once(DIR . '/includes/functions_file.php');
$result = fetch_body_request($url);
if (preg_match('#' . $provider['regex_scrape'] . '#si', $result, $scrapematch))
{
$previewvideo['provider'] = $provider['tagoption'];
$previewvideo['code'] = $scrapematch[1];
$previewvideo['url'] = $url;
$bbcodesearch[] = $matches[0][$key];
break;
}
$scraped++;
}
}
}
}
}
$htmlstate = vB::$vbulletin->GPC_exists['htmlstate'] ? vB::$vbulletin->GPC['htmlstate']
: $this->content->getHtmlState();
// Try to populate previewvideo html
if ($previewvideo)
{
$templater = vB_Template::create('bbcode_video');
$templater->register('url', $previewvideo['url']);
$templater->register('provider', $previewvideo['provider']);
$templater->register('code', $previewvideo['code']);
$dm->set('previewvideo', $templater->render());
$dm->set('previewimage', '');
$dm->set('imagewidth', 0);
$dm->set('imageheight', 0);
$image_location = -1;
}
else
{
$dm->set('previewvideo', '');
}
}
if ($this->content->canPublish())
{
$old_sectionid = $this->content->getParentId();
//set the values, for the dm and update the content.
if ( vB::$vbulletin->GPC_exists['new_parentid'] AND intval(vB::$vbulletin->GPC['new_parentid']))
{
vBCms_ContentManager::moveSection(array($this->content->getNodeId()), vB::$vbulletin->GPC['new_parentid']);
$new_sectionid = vB::$vbulletin->GPC['new_parentid'];
}
if (vB::$vbulletin->GPC_exists['publicpreview'])
{
$dm->set('publicpreview', vB::$vbulletin->GPC['publicpreview']);
}
if (vB::$vbulletin->GPC_exists['comments_enabled'])
{
$dm->set('comments_enabled', vB::$vbulletin->GPC['comments_enabled']);
}
if (vB::$vbulletin->GPC_exists['setpublish'])
{
$dm->set('setpublish', vB::$vbulletin->GPC['setpublish']);
}
}
if (vB::$vbulletin->GPC_exists['html_title'])
{
$dm->set('html_title', vB::$vbulletin->GPC['html_title']);
}
if (vB::$vbulletin->GPC_exists['url'])
{
$dm->set('url', vB::$vbulletin->GPC['url']);
}
if (vB::$vbulletin->GPC_exists['htmlstate'])
{
$dm->set('htmlstate', vB::$vbulletin->GPC['htmlstate']);
}
//We may have some processing to do for public preview. Let's see if comments
// are enabled. We never enable them for sections, and they might be turned off globally.
vB::$vbulletin->input->clean_array_gpc('r', array(
'publicpreview' => TYPE_UINT));
$success = $dm->saveFromForm($this->content->getNodeId());
$this->changed = true;
if ($dm->hasErrors())
{
$fieldnames = array(
'html_title' => new vB_Phrase('vbcms', 'html_title'),
'title' => new vB_Phrase('global', 'title')
);
$view->errors = $dm->getErrors(array_keys($fieldnames));
$view->error_summary = self::getErrorSummary($dm->getErrors(array_keys($fieldnames)), $fieldnames);
$view->status = $view->error_view->title;
}
else
{
$view->status = new vB_Phrase('vbcms', 'content_saved');
$this->cleanContentCache();
// Make sure the posthash is valid
if (md5(vB::$vbulletin->GPC['poststarttime'] . vB::$vbulletin->userinfo['userid'] . vB::$vbulletin->userinfo['salt']) == vB::$vbulletin->GPC['posthash'])
{
vB::$vbulletin->db->query_write("
UPDATE " . TABLE_PREFIX . "attachment
SET
posthash = '',
contentid = " . intval($this->content->getNodeId()) . "
WHERE
posthash = '" . vB::$vbulletin->db->escape_string(vB::$vbulletin->GPC['posthash']) . "'
AND
contenttypeid = " . intval(vB_Types::instance()->getContentTypeID("vBCms_Article")) . "
");
}
// only publish to Facebook if we are going from not-published to published, and the date is in the past
if (is_facebookenabled() AND $this->content->isPublished())
{
$message = new vB_Phrase('posting', 'fbpublish_message_newarticle', vB::$vbulletin->options['bbtitle']);
$fblink = vBCms_Route_Content::getURL(array(
'node' => $this->content->getUrlSegment(),
'action' =>'view'
));
$fblink = str_ireplace('&', '&', $fblink);
publishtofacebook_newarticle($message, $this->content->getTitle(), $this->content->getPageText(), create_full_url($fblink));
}
}
($hook = vBulletinHook::fetch_hook('vbcms_article_save_end')) ? eval($hook) : false;
//invalidate the navigation cache.
vB_Cache::instance()->event('sections_updated');
vB_Cache::instance()->event('articles_updated');
vB_Cache::instance()->event(array_merge($this->content->getCacheEvents(),
array($this->content->getContentCacheEvent())));
//Make sure comment count will be updated when a comment is posted
if ($threadid = $this->content->getAssociatedThreadId())
{
vB_Cache::instance()->event("cms_comments_thread_$threadid");
}
vB_Cache::instance()->cleanNow();
$this->content->reset();
//reset the required information
$this->content->requireInfo(vBCms_Item_Content::INFO_BASIC);
$this->content->requireInfo(vBCms_Item_Content::INFO_CONTENT);
$this->content->requireInfo(vBCms_Item_Content::INFO_CONFIG);
$this->content->requireInfo(vBCms_Item_Content::INFO_NODE);
$this->content->requireInfo(vBCms_Item_Content::INFO_PARENTS);
}
/**
* Halts execution and redirects to the specified URL invisibly
*
* @param string Destination URL
*/
function exec_header_redirect($url, $redirectcode = 302)
{
global $vbulletin;
$url = create_full_url($url);
if (class_exists('vBulletinHook', false))
{
// this can be called when we don't have the hook class
($hook = vBulletinHook::fetch_hook('header_redirect')) ? eval($hook) : false;
}
$url = str_replace('&', '&', $url); // prevent possible oddity
if (strpos($url, "\r\n") !== false)
{
trigger_error("Header may not contain more than a single header, new line detected.", E_USER_ERROR);
}
header("Location: $url", 0, $redirectcode);
if ($vbulletin->options['addheaders'] AND (SAPI_NAME == 'cgi' OR SAPI_NAME == 'cgi-fcgi'))
{
// see #24779
switch($redirectcode)
{
case 301:
header('Status: 301 Moved Permanently');
case 302:
header('Status: 302 Found');
break;
}
}
define('NOPMPOPUP', 1);
if (defined('NOSHUTDOWNFUNC'))
{
exec_shut_down();
}
exit;
}
function parse_wysiwyg_anchor($aoptions, $text)
{
global $vbulletin;
$href = parse_wysiwyg_tag_attribute('href=', $aoptions);
if (!trim($href)) {
return parse_wysiwyg_recurse('a', $text, 'parse_wysiwyg_anchor');
}
if (substr($href, 0, 7) == 'mailto:') {
$tag = 'email';
$href = substr($href, 7);
} else {
$tag = 'url';
if (!preg_match('#^[a-z0-9]+:#i', $href)) {
// relative URL, prefix it with the URL to this board
$href = create_full_url($href);
}
}
$tag = strtoupper($tag);
if ($vbulletin->options['allowedbbcodes'] & ALLOW_BBCODE_URL) {
return "[{$tag}=\"{$href}\"]" . parse_wysiwyg_recurse('a', $text, 'parse_wysiwyg_anchor') . "[/{$tag}]";
} else {
// can't auto link, return a plaintext version
$inner_text = parse_wysiwyg_recurse('a', $text, 'parse_wysiwyg_anchor');
if ($inner_text != $href) {
return "{$inner_text} ({$href})";
} else {
return $href;
}
}
}
$finishat = $vbulletin->GPC['startat'];
while ($avatar = $db->fetch_array($avatars))
{
$finishat = ($avatar['avatarid'] > $finishat ? $avatar['avatarid'] : $finishat);
echo construct_phrase($vbphrase['processing_x'], "$vbphrase[avatar] : $avatar[avatarid] ($avatar[title])");
$imagepath = $avatar['avatarpath'];
$destination = $avatarpath . '/' . $avatar['avatarid'] . '.gif';
$remotefile = false;
if ($avatar['avatarpath'][0] == '/')
{
// absolute web path -- needs to be translated into a full path and handled that way
$avatar['avatarpath'] = create_full_url($avatar['avatarpath']);
}
if (substr($avatar['avatarpath'], 0, 7) == 'http://')
{
if ($vbulletin->options['safeupload'])
{
$imagepath = $vbulletin->options['tmppath'] . '/' . md5(uniqid(microtime()) . $avatar['avatarid']);
}
else
{
$imagepath = tempnam(ini_get('upload_tmp_dir'), 'vbthumb');
}
if ($filenum = @fopen($imagepath, 'wb'))
{
require_once(DIR . '/includes/class_vurl.php');
$vurl = new vB_vURL($vbulletin);
if ($_REQUEST['do'] == 'logout') {
define('NOPMPOPUP', true);
if (!VB_API) {
$vbulletin->input->clean_gpc('r', 'logouthash', vB_Cleaner::TYPE_STR);
if ($vbulletin->userinfo['userid'] != 0 and !verify_security_token($vbulletin->GPC['logouthash'], $vbulletin->userinfo['securitytoken_raw'])) {
eval(standard_error(fetch_error('logout_error', vB::getCurrentSession()->get('sessionurl'), $vbulletin->userinfo['securitytoken'])));
}
}
process_logout();
$vbulletin->url = fetch_replaced_session_url($vbulletin->url);
$forumHome = vB_Library::instance('content_channel')->getForumHomeChannel();
if (strpos($vbulletin->url, 'do=logout') !== false) {
$vbulletin->url = vB5_Route::buildUrl($forumHome['routeid'] . '|fullurl');
}
$show['member'] = false;
eval(standard_error(fetch_error('cookieclear', create_full_url($vbulletin->url), vB5_Route::buildUrl($forumHome['routeid'] . '|fullurl')), '', false));
}
// ############################### start do login ###############################
// this was a _REQUEST action but where do we all login via request?
if ($_POST['do'] == 'login') {
$vbulletin->input->clean_array_gpc('p', array('vb_login_username' => vB_Cleaner::TYPE_STR, 'vb_login_password' => vB_Cleaner::TYPE_STR, 'vb_login_md5password' => vB_Cleaner::TYPE_STR, 'vb_login_md5password_utf' => vB_Cleaner::TYPE_STR, 'postvars' => vB_Cleaner::TYPE_BINARY, 'cookieuser' => vB_Cleaner::TYPE_BOOL, 'logintype' => vB_Cleaner::TYPE_STR, 'cssprefs' => vB_Cleaner::TYPE_STR, 'inlineverify' => vB_Cleaner::TYPE_BOOL));
// TODO: This is a temp fix for VBV-3475
function admin_login_error($error, array $args = array())
{
global $vbulletin;
if ($vbulletin->GPC['logintype'] === 'cplogin' or $vbulletin->GPC['logintype'] === 'modcplogin') {
require_once DIR . '/includes/adminfunctions.php';
$url = unhtmlspecialchars($vbulletin->url);
$urlarr = vB_String::parseUrl($url);
$urlquery = $urlarr['query'];
$oldargs = array();
$show['languagechooser'] = ($languagecount > 1 and empty($_POST['do'])) ? true : false;
unset($languagecount);
// #############################################################################
// Generate Style Chooser Dropdown
if ($vbulletin->options['allowchangestyles'] and empty($_POST['do'])) {
$stylecount = 0;
$quickchooserbits = construct_style_options(-1, '--', true, true);
$show['quickchooser'] = $stylecount > 1 ? true : false;
unset($stylecount);
} else {
$show['quickchooser'] = false;
}
// #############################################################################
// do cron stuff - goes into footer
if ($vbulletin->cron <= TIMENOW) {
$cronimage = '<img src="' . create_full_url('cron.php?' . $vbulletin->session->vars['sessionurl'] . 'rand=' . TIMENOW) . '" alt="" width="1" height="1" border="0" />';
} else {
$cronimage = '';
}
$show['rtl'] = $stylevar['textdirection'] == 'rtl';
$show['admincplink'] = iif($vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel'], true, false);
// This generates an extra query for non-admins/supermods on many pages so we have chosen to only display it to supermods & admins
// $show['modcplink'] = iif(can_moderate(), true, false);
$show['modcplink'] = ($vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel'] or $vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['ismoderator']);
$show['registerbutton'] = (!$show['search_engine'] and $vbulletin->options['allowregistration'] and (!$vbulletin->userinfo['userid'] or $vbulletin->options['allowmultiregs']));
$show['searchbuttons'] = (!$show['search_engine'] and $vbulletin->userinfo['permissions']['forumpermissions'] & $vbulletin->bf_ugp_forumpermissions['cansearch'] and $vbulletin->options['enablesearches']);
$show['quicksearch'] = ($vbulletin->userinfo['userid'] or !$vbulletin->options['hvcheck_search']);
$loggedout = false;
if (THIS_SCRIPT == 'login' and $_REQUEST['do'] == 'logout' and $vbulletin->userinfo['userid'] != 0) {
$vbulletin->input->clean_gpc('r', 'logouthash', TYPE_STR);
if (verify_security_token($vbulletin->GPC['logouthash'], $vbulletin->userinfo['securitytoken_raw'])) {
/**
* Render the friendly url.
*
* @example
* FRIENDLY_URL_OFF
* showthread.php?t=1234&p=2
*
* FRIENDLY_URL_BASIC
* showthread.php?1234-Thread-Title/page2&pp=2
*
* FRIENDLY_URL_ADVANCED
* showthread.php/1234-Thread-Title/page2?pp=2
*
* FRIENDLY_URL_REWRITE
* /threads/1234-Thread-Title/page2?pp=2
* RewriteRule ^/vb4/threads/([0-9]+)(?:/?$|(?:-[^/]+))(?:/?$|(?:/page([0-9]+)?)) /vb4/showthread.php?t=$1&page=$2 [QSA]
*
* @param int $method_override - Force a Friendly URL method
* @param bool $canonical - Whether to skip encoding for output
* @return string
*/
public function get_url($method_override = false, $canonical = false)
{
// Get the fragments
$uri = $this->get_uri($canonical);
// Check ampersand to use
$amp = $this->urloptions & SEO_JS ? '&' : '&';
// Get the pageinfo arguments
$query = $this->get_query();
// Resolve method
$method = false !== $method_override ? $method_override : $this->registry->options['friendlyurl'];
if ($method == FRIENDLY_URL_REWRITE) {
$base = $this->rewrite_segment;
} else {
$base = $this->script;
}
//this is a nasty workaround, but we have to do it. Instead of dealing with the base option
//and forcing the full url after we construct the url, do it before. The reason is that
//create_full_url can deal poorly with UTF characters encoded as &#xxxx; in the url (because it contains
//'#'. This may happen in friendly urls when the title contains UTF characters in this format.
if ($this->script_base_option_name and $this->registry->options[$this->script_base_option_name]) {
$base = $this->registry->options[$this->script_base_option_name] . '/' . $base;
}
if ($this->urloptions & SEO_FULLURL) {
$base = create_full_url($base, (bool) ($this->urloptions & SEO_FULLURL_FORCEBBURL));
}
// Get the appropriate url
switch ($method) {
case FRIENDLY_URL_BASIC:
$sep = '?';
$query_sep = $amp;
//if we don't have a uri part, then switch around the seperators so the url still works.
if (!$uri) {
$sep = '';
$query_sep = '?';
}
$url = $base . $sep . $uri . ($query ? $query_sep . $query : '');
break;
case FRIENDLY_URL_ADVANCED:
$url = $base . ($uri ? '/' : '') . $uri . ($query ? '?' . $query : '');
break;
case FRIENDLY_URL_REWRITE:
$url = $base . ($uri ? '/' : '') . $uri . ($query ? '?' . $query : '');
break;
case FRIENDLY_URL_OFF:
default:
$fullquery = array();
if ($this->id) {
$fullquery[] = $this->idvar . '=' . $this->id;
}
if ($this->page > 1) {
$fullquery[] = $this->pagevar . '=' . $this->page;
}
if ($query) {
$fullquery[] = $query;
}
$fullquery = implode($amp, $fullquery);
$url = $base . ($fullquery ? '?' : '') . $fullquery;
break;
}
if (class_exists('vBulletinHook', false)) {
($hook = vBulletinHook::fetch_hook('friendlyurl_geturl')) ? eval($hook) : false;
}
return $url;
}
exec_header_redirect($vbulletin->options['forumhome'] . '.php');
}
// ############################### start logout ###############################
if ($_REQUEST['do'] == 'logout') {
define('NOPMPOPUP', true);
$vbulletin->input->clean_gpc('r', 'logouthash', TYPE_STR);
if ($vbulletin->userinfo['userid'] != 0 and !verify_security_token($vbulletin->GPC['logouthash'], $vbulletin->userinfo['securitytoken_raw'])) {
eval(standard_error(fetch_error('logout_error', $vbulletin->session->vars['sessionurl'], $vbulletin->userinfo['securitytoken'])));
}
process_logout();
$vbulletin->url = fetch_replaced_session_url($vbulletin->url);
if (strpos($vbulletin->url, 'do=logout') !== false) {
$vbulletin->url = $vbulletin->options['forumhome'] . '.php' . $vbulletin->session->vars['sessionurl_q'];
}
$show['member'] = false;
eval(standard_error(fetch_error('cookieclear', create_full_url($vbulletin->url), $vbulletin->options['forumhome'], $vbulletin->session->vars['sessionurl_q']), '', false));
}
// ############################### start do login ###############################
// this was a _REQUEST action but where do we all login via request?
if ($_POST['do'] == 'login') {
$vbulletin->input->clean_array_gpc('p', array('vb_login_username' => TYPE_STR, 'vb_login_password' => TYPE_STR, 'vb_login_md5password' => TYPE_STR, 'vb_login_md5password_utf' => TYPE_STR, 'postvars' => TYPE_BINARY, 'cookieuser' => TYPE_BOOL, 'logintype' => TYPE_STR, 'cssprefs' => TYPE_STR));
// can the user login?
$strikes = verify_strike_status($vbulletin->GPC['vb_login_username']);
if ($vbulletin->GPC['vb_login_username'] == '') {
eval(standard_error(fetch_error('badlogin', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl'], $strikes)));
}
// make sure our user info stays as whoever we were (for example, we might be logged in via cookies already)
$original_userinfo = $vbulletin->userinfo;
if (!verify_authentication($vbulletin->GPC['vb_login_username'], $vbulletin->GPC['vb_login_password'], $vbulletin->GPC['vb_login_md5password'], $vbulletin->GPC['vb_login_md5password_utf'], $vbulletin->GPC['cookieuser'], true)) {
($hook = vBulletinHook::fetch_hook('login_failure')) ? eval($hook) : false;
// check password
else
{
eval(print_standard_redirect('redirect_postthanks_nopermission', true, true));
}
}
else if ($newpost['visible'])
{
if ($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewthreads'])
{
$vbulletin->url = fetch_seo_url('thread', $threadinfo, array('p' => $newpost['postid'] . "#post$newpost[postid]"));
// attempt to publish this new thread to user's Facebook feed
if (is_facebookenabled())
{
$fblink = str_ireplace('&', '&', $vbulletin->url);
publishtofacebook_newthread($newpost['title'], $newpost['message'], create_full_url($fblink));
}
eval(print_standard_redirect('redirect_postthanks'));
}
else
{
$vbulletin->url = fetch_seo_url('forum', $foruminfo);
eval(print_standard_redirect('redirect_postthanks_nopermission', true, true));
}
}
else
{
$vbulletin->url = fetch_seo_url('forum', $foruminfo);
eval(print_standard_redirect('redirect_postthanks_moderate', true, true));
}
/**
* Halts execution and shows the specified message
*
* @param string Message to display
* @param mixed If specified, a redirect will be performed to the URL in this parameter
* @param integer If redirect is specified, this is the time in seconds to delay before redirect
* @param string If specified, will provide a specific URL for "Go Back". If empty, no button will be displayed!
* @param bool If true along with redirect, 'CONTINUE' button will be used instead of automatic redirect
*/
function print_cp_message($text = '', $redirect = NULL, $delay = 1, $backurl = NULL, $continue = false)
{
global $vbulletin, $vbphrase;
if ($redirect and $vbulletin->session->vars['sessionurl']) {
if (strpos($redirect, '?') === false) {
$redirect .= '?';
}
$redirect .= '&' . $vbulletin->session->vars['sessionurl'];
}
if (!defined('DONE_CPHEADER')) {
print_cp_header($vbphrase['vbulletin_message']);
}
echo '<p> </p><p> </p>';
print_form_header('', '', 0, 1, 'messageform', '65%');
print_table_header($vbphrase['vbulletin_message']);
print_description_row("<blockquote><br />{$text}<br /><br /></blockquote>");
if ($redirect and $redirect !== NULL) {
// redirect to the new page
if ($continue) {
$continueurl = str_replace('&', '&', $redirect);
print_table_footer(2, construct_button_code($vbphrase['continue'], create_full_url($continueurl)));
} else {
print_table_footer();
$redirect_click = create_full_url($redirect);
$redirect_click = str_replace('"', '', $redirect_click);
echo '<p align="center" class="smallfont">' . construct_phrase($vbphrase['if_you_are_not_automatically_redirected_click_here_x'], $redirect_click) . "</p>\n";
print_cp_redirect($redirect, $delay);
}
} else {
// end the table and halt
if ($backurl === NULL) {
$backurl = 'javascript:history.back(1)';
}
if (strpos($backurl, 'history.back(') !== false) {
//if we are attempting to run a history.back(1), check we have a history to go back to, otherwise attempt to close the window.
$back_button = '
<input type="button" id="backbutton" class="button" value="' . $vbphrase['go_back'] . '" title="" tabindex="1" onclick="if (history.length) { history.back(1); } else { self.close(); }"/>
<script type="text/javascript">
<!--
if (history.length < 1 || ((is_saf || is_moz) && history.length <= 1)) // safari + gecko start at 1
{
document.getElementById("backbutton").parentNode.removeChild(document.getElementById("backbutton"));
}
//-->
</script>';
} else {
if ($backurl !== '') {
// regular window.location=url call
$backurl = create_full_url($backurl);
$backurl = str_replace(array('"', "'"), '', $backurl);
$back_button = '<input type="button" class="button" value="' . $vbphrase['go_back'] . '" title="" tabindex="1" onclick="window.location=\'' . $backurl . '\';"/>';
} else {
$back_button = '';
}
}
print_table_footer(2, $back_button);
}
// and now terminate the script
print_cp_footer();
}
$optionvalue = htmlspecialchars_uni($borderwidth);
$optionclass = '';
$optionselected = ($borderwidth == $selector["border_width"] ? ' selected="selected"' : '');
$optiontitle = !empty($vbphrase["usercss_borderwidth_$key"]) ? $vbphrase["usercss_borderwidth_$key"] : $key;
$borderwidthselect .= render_option_template($optiontitle, $optionvalue, $optionselected, $optionclass);
}
}
if ($field_names['background_image'])
{
if (!empty($selector['background_image']))
{
if (preg_match("/^([0-9]+),([0-9]+)$/", $selector['background_image'], $picture))
{
$selector['background_image'] = create_full_url("attachment.php?attachmentid=" . $picture[2] . "&albumid=" . $picture[1]);
}
}
}
if ($field_names['padding'])
{
$paddingselect = '';
foreach ($allowedpaddings AS $key => $padding)
{
$optionvalue = htmlspecialchars_uni($padding);
$optionclass = '';
$optionselected = ($padding == $selector['padding'] ? ' selected="selected"' : '');
$optiontitle = !empty($vbphrase["usercss_padding_$key"]) ? $vbphrase["usercss_padding_$key"] : $key;
}
}
if ($field_names['border_width']) {
$borderwidthselect = '';
foreach ($allowedborderwidths as $key => $borderwidth) {
$optionvalue = htmlspecialchars_uni($borderwidth);
$optionclass = '';
$optionselected = $borderwidth == $selector["border_width"] ? ' selected="selected"' : '';
$optiontitle = !empty($vbphrase["usercss_borderwidth_{$key}"]) ? $vbphrase["usercss_borderwidth_{$key}"] : $key;
eval('$borderwidthselect .= "' . fetch_template('option') . '";');
}
}
if ($field_names['background_image']) {
if (!empty($selector['background_image'])) {
if (preg_match("/^([0-9]+),([0-9]+)\$/", $selector['background_image'], $picture)) {
$selector['background_image'] = create_full_url("picture.php?albumid=" . $picture[1] . "&pictureid=" . $picture[2]);
}
}
}
if ($field_names['padding']) {
$paddingselect = '';
foreach ($allowedpaddings as $key => $padding) {
$optionvalue = htmlspecialchars_uni($padding);
$optionclass = '';
$optionselected = $padding == $selector['padding'] ? ' selected="selected"' : '';
$optiontitle = !empty($vbphrase["usercss_padding_{$key}"]) ? $vbphrase["usercss_padding_{$key}"] : $key;
eval('$paddingselect .= "' . fetch_template('option') . '";');
}
}
if ($field_names) {
$border_style_selected = array($selector['border_style'] => ' selected="selected"');
}
$xml->close_group('source');
$output .= $xml->output();
unset($xml);
} else {
if (in_array($vbulletin->GPC['type'], array('RSS', 'RSS1', 'RSS2'))) {
// RSS output
// setup the board title
if (empty($title)) {
// just show board title
$rsstitle = $vbulletin->options['bbtitle'];
} else {
// show board title plus selection
$rsstitle = $vbulletin->options['bbtitle'] . " - {$title}";
}
$rssicon = create_full_url($stylevar['imgdir_misc'] . '/rss.jpg');
$headers[] = 'Cache-control: max-age=' . $expires;
$headers[] = 'Expires: ' . gmdate("D, d M Y H:i:s", $expires) . ' GMT';
$headers[] = 'Last-Modified: ' . gmdate('D, d M Y H:i:s', $lastmodified) . ' GMT';
$headers[] = 'ETag: "' . $cachehash . '"';
$headers[] = 'Content-Type: text/xml' . ($stylevar['charset'] != '' ? '; charset=' . $stylevar['charset'] : '');
$output = '<?xml version="1.0" encoding="' . $stylevar['charset'] . '"?>' . "\r\n\r\n";
# Each specs shared code is entered in full (duplicated) to make it easier to read
switch ($vbulletin->GPC['type']) {
case 'RSS':
require_once DIR . '/includes/class_xml.php';
$xml = new vB_XML_Builder($vbulletin);
$xml->add_group('rss', array('version' => '0.91'));
$xml->add_group('channel');
$xml->add_tag('title', $rsstitle);
$xml->add_tag('link', $vbulletin->options['bburl'], array(), false, true);