/** * Returns the canonical url pertinent to the content of the page * - for open graph and like button * * @return string, canonical url for the content */ function get_fbcanonicalurl() { global $vbulletin, $og_array; static $fbcanonicalurl; $retval = ''; $skipcache = false; if (empty($fbcanonicalurl)) { if (THIS_SCRIPT == 'showthread') { global $threadinfo; $fbcanonicalurl = create_full_url(fetch_seo_url('thread|js|nosession', $threadinfo, null, null, null, true)); } else { if (THIS_SCRIPT == 'entry') { global $bloginfo; $fbcanonicalurl = create_full_url(fetch_seo_url('entry|js|nosession', $bloginfo, null, null, null, true)); } else { if (THIS_SCRIPT == 'vbcms' and isset($vbulletin->vbcms['content_type']) and $vbulletin->vbcms['content_type'] == 'Article') { $fbcanonicalurl = isset($vbulletin->vbcms['page_url']) ? $vbulletin->vbcms['page_url'] : $og_array['og:url']; } else { // do not cache canonical url in this case $skipcache = true; $retval = $vbulletin->options['bburl']; } } } } ($hook = vBulletinHook::fetch_hook('fb_canonical_url')) ? eval($hook) : false; if ($skipcache) { return $retval; } else { return $fbcanonicalurl; } }
/** * Parses an <a> tag. Matches URL and EMAIL BB code. * * @param string String containing tag attributes * @param string Text within tag * @param string Name of HTML tag. Used if one function parses multiple tags * @param mixed Extra arguments passed in to parsing call or tag rules */ protected function parseTagA($aoptions, $text, $tag_name, $args) { $href = $this->parseWysiwygTagAttribute('href=', $aoptions); if (!trim($href)) { return $this->parseTagByName('a', $text); } if (substr($href, 0, 7) == 'mailto:') { $tag = 'email'; $href = substr($href, 7); } else { if (preg_match('#filedata/fetch\\?filedataid=(\\d+)#si', $href, $matches)) { $tag = 'attach'; unset($href); // the url uses filedataid and we have a tempid. This will be fixed by fixAttachBBCode() in the text library if (preg_match('#data-tempid=(\'|")(.*)(\\1)#siU', $aoptions, $dataMatches)) { $text = $dataMatches[2]; } else { $text = 'n' . $matches[1]; } } else { if (preg_match('#class="[^"]*b-bbcode-user[^"]*"#siU', $aoptions, $matches)) { $tag = 'user'; // look up the user $user = vB::getDbAssertor()->getRow('user', array('username' => $text)); $href = $user['userid']; $text = $user['username']; } else { $tag = 'url'; if (!preg_match('#^[a-z0-9]+:#i', $href)) { // relative URL, prefix it with the URL to this board $href = create_full_url($href); } } } } $tag = strtoupper($tag); if ($this->isBbcodeTagAllowed($tag)) { $tag_b = $tag; if (!empty($href)) { $tag_b .= "=\"{$href}\""; } return "[{$tag_b}]" . $this->parseTagByName('a', $text) . "[/{$tag}]"; } else { // can't auto link, return a plaintext version $inner_text = $this->parseTagByName('a', $text); if ($inner_text != $href) { return "{$inner_text} ({$href})"; } else { return $href; } } }
/** * Prepares the URL of the User's Profile * */ function prepare_profileurl() { if (!isset($this->prepared['profileurl'])) { $profileurl = create_full_url('member.php?u=' . $this->prepared['userid']); if (!preg_match('#^[a-z]+://#i', $profileurl)) { $profileurl = $this->registry->options['bburl'] . '/member.php?u=' . $this->prepared['userid']; } $this->prepared['profileurl'] = $profileurl; } }
eval(standard_error(fetch_error('noreason'))); } $reportobj->do_report($vbulletin->GPC['reason'], $pictureinfo); $url =& $vbulletin->url; eval(print_standard_redirect('redirect_reportthanks')); } } // ####################################################################### if ($_REQUEST['do'] == 'picture') { $vbulletin->input->clean_array_gpc('r', array('pagenumber' => TYPE_UINT, 'perpage' => TYPE_UINT, 'commentid' => TYPE_UINT, 'showignored' => TYPE_BOOL)); if (empty($pictureinfo) or $pictureinfo['state'] == 'moderation' and !can_moderate(0, 'canmoderatepictures') and $pictureinfo['userid'] != $vbulletin->userinfo['userid']) { standard_error(fetch_error('invalidid', $vbphrase['picture'], $vbulletin->options['contactuslink'])); } $pictureinfo['adddate'] = vbdate($vbulletin->options['dateformat'], $pictureinfo['dateline'], true); $pictureinfo['addtime'] = vbdate($vbulletin->options['timeformat'], $pictureinfo['dateline']); $pictureurl = create_full_url("picture.php?albumid={$albuminfo['albumid']}&pictureid={$pictureinfo['pictureid']}"); if (!preg_match('#^[a-z]+://#i', $pictureurl)) { $pictureurl = $vbulletin->options['bburl'] . "/picture.php?albumid={$albuminfo['albumid']}&pictureid={$pictureinfo['pictureid']}"; } $pictureinfo['pictureurl'] = htmlspecialchars_uni($pictureurl); $pictureinfo['caption_censored'] = fetch_censored_text($pictureinfo['caption']); $show['picture_owner'] = $userinfo['userid'] == $vbulletin->userinfo['userid']; $show['edit_picture_option'] = ($userinfo['userid'] == $vbulletin->userinfo['userid'] or can_moderate(0, 'caneditalbumpicture')); $show['add_group_link'] = ($userinfo['userid'] == $vbulletin->userinfo['userid'] and $vbulletin->options['socnet'] & $vbulletin->bf_misc_socnet['enable_groups'] and $vbulletin->options['socnet_groups_albums_enabled'] and $vbulletin->userinfo['permissions']['socialgrouppermissions'] & $vbulletin->bf_ugp_socialgrouppermissions['canviewgroups'] and $vbulletin->userinfo['permissions']['socialgrouppermissions'] & $vbulletin->bf_ugp_socialgrouppermissions['canjoingroups'] and $pictureinfo['state'] != 'moderation'); $show['reportlink'] = ($vbulletin->userinfo['userid'] and ($vbulletin->options['rpforumid'] or $vbulletin->options['enableemail'] and $vbulletin->options['rpemail'])); $navpictures_sql = $db->query_read_slave("\n\t\tSELECT albumpicture.pictureid\n\t\tFROM " . TABLE_PREFIX . "albumpicture AS albumpicture\n\t\tINNER JOIN " . TABLE_PREFIX . "picture AS picture ON (albumpicture.pictureid = picture.pictureid)\n\t\tWHERE albumpicture.albumid = {$albuminfo['albumid']}\n\t\t" . ((!can_moderate(0, 'canmoderatepictures') and $pictureinfo['userid'] != $vbulletin->userinfo['userid']) ? "AND picture.state = 'visible'" : "") . "\n\t\tORDER BY albumpicture.dateline DESC\n\t"); $pic_location = fetch_picture_location_info($navpictures_sql, $pictureinfo['pictureid']); ($hook = vBulletinHook::fetch_hook('album_picture')) ? eval($hook) : false; if ($vbulletin->options['pc_enabled'] and $pictureinfo['state'] == 'visible') { require_once DIR . '/includes/functions_picturecomment.php'; $pagenumber = $vbulletin->GPC['pagenumber'];
/** * Constructor - checks that the registry object has been passed correctly. * * @param array Information about the content that owns these attachments * @param array List of attachments belonging to the specifed post * @param boolean Display download count * @param boolean View has permissions to download attachments * @param boolean Viewer has permission to get attachments * @param boolean Viewer has permission to set thumbnails * * @return void */ function process_attachments(&$post, &$attachments, $hidecounter = false, $canmod = false, $canget = true, $canseethumb = true, $linkonly = false) { global $show, $vbphrase; if (!empty($attachments)) { $show['modattachmentlink'] = ($canmod or $post['userid'] == $this->registry->userinfo['userid']); $show['attachments'] = true; $show['moderatedattachment'] = $show['thumbnailattachment'] = $show['otherattachment'] = false; $show['imageattachment'] = $show['imageattachmentlink'] = false; $attachcount = sizeof($attachments); $thumbcount = 0; if (!$this->registry->options['viewattachedimages']) { $showimagesprev = $this->registry->userinfo['showimages']; $this->registry->userinfo['showimages'] = false; } foreach ($attachments as $attachmentid => $attachment) { if ($canget and $canseethumb and $attachment['thumbnail_filesize'] == $attachment['filesize']) { // This is an image that is already thumbnail sized.. $attachment['hasthumbnail'] = 0; $attachment['forceimage'] = $this->registry->options['viewattachedimages'] ? $this->registry->userinfo['showimages'] : 0; } else { if (!$canseethumb) { $attachment['hasthumbnail'] = 0; } } $show['newwindow'] = $attachment['newwindow']; $attachment['filename'] = fetch_censored_text(htmlspecialchars_uni($attachment['filename'], false)); $attachment['attachmentextension'] = strtolower(file_extension($attachment['filename'])); $attachment['filesize'] = vb_number_format($attachment['filesize'], 1, true); if (vB_Template_Runtime::fetchStyleVar('dirmark')) { $attachment['filename'] .= vB_Template_Runtime::fetchStyleVar('dirmark'); } ($hook = vBulletinHook::fetch_hook('postbit_attachment')) ? eval($hook) : false; if ($attachment['state'] == 'visible') { if ($hidecounter) { $attachment['counter'] = $vbphrase['n_a']; $show['views'] = false; } else { $show['views'] = true; } $lightbox_extensions = array('gif', 'jpg', 'jpeg', 'jpe', 'png', 'bmp'); $ext = $linkonly ? null : $attachment['attachmentextension']; $attachmenturl = create_full_url("attachment.php?{$this->registry->session->vars['sessionurl']}attachmentid={$attachment['attachmentid']}&d={$attachment['dateline']}"); $imageurl = create_full_url("attachment.php?{$this->registry->session->vars['sessionurl']}attachmentid={$attachment['attachmentid']}&stc=1&d={$attachment['dateline']}"); $thumburl = create_full_url("attachment.php?{$this->registry->session->vars['sessionurl']}attachmentid={$attachment['attachmentid']}&stc=1&thumb=1&d={$attachment['thumbnail_dateline']}"); switch ($ext) { case 'gif': case 'jpg': case 'jpeg': case 'jpe': case 'png': case 'bmp': case 'tiff': case 'tif': case 'psd': case 'pdf': if (!$this->registry->userinfo['showimages']) { // Special case for PDF - don't list it as an 'image' if ($attachment['attachmentextension'] == 'pdf') { $templater = vB_Template::create('postbit_attachment'); $templater->register('attachment', $attachment); $templater->register('url', $attachmenturl); $post['otherattachments'] .= $templater->render(); $show['otherattachment'] = true; } else { $templater = vB_Template::create('postbit_attachment'); $templater->register('attachment', $attachment); $templater->register('url', $attachmenturl); $post['imageattachmentlinks'] .= $templater->render(); $show['imageattachmentlink'] = true; } } else { if ($this->registry->options['viewattachedimages'] == 1 or $this->registry->options['viewattachedimages'] == 2 and $attachcount > 1) { if ($attachment['hasthumbnail'] or !$canget and !in_array($attachment['attachmentextension'], array('tiff', 'tif', 'psd', 'pdf'))) { $thumbcount++; if ($this->registry->options['attachrow'] and $thumbcount >= $this->registry->options['attachrow']) { $thumbcount = 0; $show['br'] = true; } else { $show['br'] = false; } $show['cangetattachment'] = ($canget and in_array($attachment['attachmentextension'], $lightbox_extensions)); $templater = vB_Template::create('postbit_attachmentthumbnail'); $templater->register('attachment', $attachment); $templater->register('url', $attachmenturl); $templater->register('pictureurl', $thumburl); $post['thumbnailattachments'] .= $templater->render(); $show['thumbnailattachment'] = true; } else { if (!in_array($attachment['attachmentextension'], array('tiff', 'tif', 'psd', 'pdf')) and $attachment['forceimage']) { $templater = vB_Template::create('postbit_attachmentimage'); $templater->register('attachment', $attachment); $templater->register('url', $attachmenturl); $templater->register('pictureurl', $imageurl); $post['imageattachments'] .= $templater->render(); $show['imageattachment'] = true; } else { // Special case for PDF - don't list it as an 'image' if ($attachment['attachmentextension'] == 'pdf') { $templater = vB_Template::create('postbit_attachment'); $templater->register('attachment', $attachment); $templater->register('url', $attachmenturl); $post['otherattachments'] .= $templater->render(); $show['otherattachment'] = true; } else { $templater = vB_Template::create('postbit_attachment'); $templater->register('attachment', $attachment); $templater->register('url', $attachmenturl); $post['imageattachmentlinks'] .= $templater->render(); $show['imageattachmentlink'] = true; } } } } else { if (!in_array($attachment['attachmentextension'], array('tiff', 'tif', 'psd', 'pdf')) and ($this->registry->options['viewattachedimages'] == 3 or $this->registry->options['viewattachedimages'] == 2 and $attachcount == 1)) { $templater = vB_Template::create('postbit_attachmentimage'); $templater->register('attachment', $attachment); $templater->register('url', $attachmenturl); $templater->register('pictureurl', $imageurl); $post['imageattachments'] .= $templater->render(); $show['imageattachment'] = true; } else { $templater = vB_Template::create('postbit_attachment'); $templater->register('attachment', $attachment); $templater->register('url', $attachmenturl); $post['imageattachmentlinks'] .= $templater->render(); $show['imageattachmentlink'] = true; } } } break; default: $templater = vB_Template::create('postbit_attachment'); $templater->register('attachment', $attachment); $templater->register('url', $attachmenturl); $post['otherattachments'] .= $templater->render(); $show['otherattachment'] = true; } } else { $templater = vB_Template::create('postbit_attachment'); $templater->register('attachment', $attachment); $templater->register('url', $attachmenturl); $post['moderatedattachments'] .= $templater->render(); $show['moderatedattachment'] = true; } } if (!$this->registry->options['viewattachedimages']) { $this->registry->userinfo['showimages'] = $showimagesprev; } } else { $show['attachments'] = false; } }
eval(fetch_email_phrases('activateaccount')); vbmail($email, $subject, $message, true); } else { if ($newusergroupid == 2) { if ($vbulletin->options['welcomemail']) { eval(fetch_email_phrases('welcomemail')); vbmail($email, $subject, $message); } } } ($hook = vBulletinHook::fetch_hook('register_addmember_complete')) ? eval($hook) : false; if ($vbulletin->GPC['coppauser']) { $_REQUEST['do'] = 'coppaform'; } else { if ($vbulletin->options['verifyemail']) { eval(standard_error(fetch_error('registeremail', $username, $email, create_full_url($vbulletin->url . $vbulletin->session->vars['sessionurl_q'])), '', false)); } else { $vbulletin->url = str_replace('"', '', $vbulletin->url); if (!$vbulletin->url) { $vbulletin->url = $vbulletin->options['forumhome'] . '.php' . $vbulletin->session->vars['sessionurl_q']; } else { $vbulletin->url = iif(strpos($vbulletin->url, 'register.php') !== false, $vbulletin->options['forumhome'] . '.php' . $vbulletin->session->vars['sessionurl_q'], $vbulletin->url); } if ($vbulletin->options['moderatenewmembers']) { eval(standard_error(fetch_error('moderateuser', $username, $vbulletin->options['forumhome'], $vbulletin->session->vars['sessionurl_q']), '', false)); } else { eval(standard_error(fetch_error('registration_complete', $username, $vbulletin->session->vars['sessionurl'], $vbulletin->options['bburl'] . '/' . $vbulletin->options['forumhome'] . '.php'), '', false)); } } } }
print_nav_panel(); unset($navigation); echo "</div>\n"; // ************************************************* define('NO_CP_COPYRIGHT', true); unset($DEVDEBUG); print_cp_footer(); } // ############################################################################# // ################################ BUILD FRAMESET ############################# // ############################################################################# if ($_REQUEST['do'] == 'frames' or empty($_REQUEST['do'])) { $vbulletin->input->clean_array_gpc('r', array('loc' => TYPE_NOHTML)); $navframe = "<frame src=\"index.php?" . $vbulletin->session->vars['sessionurl'] . "do=nav" . iif($vbulletin->GPC['nojs'], '&nojs=1') . "\" name=\"nav\" scrolling=\"yes\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" border=\"no\" />\n"; $headframe = "<frame src=\"index.php?" . $vbulletin->session->vars['sessionurl'] . "do=head\" name=\"head\" scrolling=\"no\" noresize=\"noresize\" frameborder=\"0\" marginwidth=\"10\" marginheight=\"0\" border=\"no\" />\n"; $mainframe = "<frame src=\"" . iif(!empty($vbulletin->GPC['loc']) and !preg_match('#^[a-z]+:#i', $vbulletin->GPC['loc']), create_full_url($vbulletin->GPC['loc']), "index.php?" . $vbulletin->session->vars['sessionurl'] . "do=home") . "\" name=\"main\" scrolling=\"yes\" frameborder=\"0\" marginwidth=\"10\" marginheight=\"10\" border=\"no\" />\n"; ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Frameset//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-frameset.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" dir="<?php echo vB_Template_Runtime::fetchStyleVar('textdirection'); ?> " lang="<?php echo vB_Template_Runtime::fetchStyleVar('languagecode'); ?> "> <head> <script type="text/javascript"> <!-- // get out of any containing frameset if (self.parent.frames.length != 0) {
$output .= $xml->output(); unset($xml); } else if (in_array($vbulletin->GPC['type'], array('RSS', 'RSS1', 'RSS2'))) { // RSS output // setup the board title if (empty($title)) { // just show board title $rsstitle = $vbulletin->options['bbtitle']; } else { // show board title plus selection $rsstitle = $vbulletin->options['bbtitle'] . " - $title"; } $rssicon = create_full_url(vB_Template_Runtime::fetchStyleVar('imgdir_misc') . '/rss.png'); $headers[] = 'Cache-control: max-age=' . $expires; $headers[] = 'Expires: ' . gmdate("D, d M Y H:i:s", $expires) . ' GMT'; $headers[] = 'Last-Modified: ' . gmdate('D, d M Y H:i:s', $lastmodified) . ' GMT'; $headers[] = 'ETag: "' . $cachehash . '"'; $headers[] = 'Content-Type: text/xml' . (vB_Template_Runtime::fetchStyleVar('charset') != '' ? '; charset=' . vB_Template_Runtime::fetchStyleVar('charset') : ''); $output = '<?xml version="1.0" encoding="' . vB_Template_Runtime::fetchStyleVar('charset') . '"?>' . "\r\n\r\n"; # Each specs shared code is entered in full (duplicated) to make it easier to read switch($vbulletin->GPC['type']) { case 'RSS': require_once(DIR . '/includes/class_xml.php'); $xml = new vB_XML_Builder($vbulletin);
if ($newpost['visible'] OR can_moderate($foruminfo['forumid'], 'canmoderateposts')) { if ($threadview < $threadinfo['lastpost']) { $vbulletin->url = fetch_seo_url('thread', $threadinfo, array('p' => $newpost['postid'], 'posted' => 1)) . "#post$newpost[postid]"; } else { $vbulletin->url = fetch_seo_url('thread', $threadinfo, array('p' => $newpost['postid'])) . "#post$newpost[postid]"; } // if post is not moderated, attempt to publish this new reply to user's Facebook feed if ($newpost['visible'] AND is_facebookenabled()) { $fblink = str_ireplace('&', '&', $vbulletin->url); publishtofacebook_newreply($threadinfo['title'], $newpost['message'], create_full_url($fblink)); } ($hook = vBulletinHook::fetch_hook('newreply_post_complete')) ? eval($hook) : false; eval(print_standard_redirect('redirect_postthanks', true, $forceredirect)); } else { $vbulletin->url = fetch_seo_url('forum', $foruminfo); ($hook = vBulletinHook::fetch_hook('newreply_post_complete')) ? eval($hook) : false; eval(print_standard_redirect('redirect_postthanks_moderate', true, true)); } } } // end if }
// init user data manager $displaygroupid = ($user['displaygroupid'] > 0 and $user['displaygroupid'] != $user['usergroupid']) ? $user['displaygroupid'] : 2; $userdata =& datamanager_init('User', $vbulletin, ERRTYPE_CP); $userdata->set_existing($user); $userdata->set('usergroupid', 2); $userdata->set_usertitle($user['customtitle'] ? $user['usertitle'] : '', false, $vbulletin->usergroupcache["{$displaygroupid}"], $vbulletin->usergroupcache['2']['genericpermissions'] & $vbulletin->bf_ugp_genericpermissions['canusecustomtitle'] ? true : false, false); $userdata->save(); if ($vbulletin->GPC['send_validated']) { if (!isset($evalemail_validated["{$user['languageid']}"])) { //note that we pass the "all languages" flag as true all the time because if the function does //caching internally and is not smart enough to check if the language requested the second time //was cached on the first pass -- so we make sure that we load and cache all language version //in case the second user has a different language from the first $text_message = fetch_phrase('moderation_validated', 'emailbody', '', true, true, $chosenlanguage, true); $text_subject = fetch_phrase('moderation_validated', 'emailsubject', '', true, true, $chosenlanguage); $text_message = construct_phrase($text_message, create_full_url(fetch_seo_url('forumhome|nosession', array()), true)); $evalemail_validated["{$user['languageid']}"] = ' $message = "' . $text_message . '"; $subject = "' . $text_subject . '"; '; } eval($evalemail_validated["{$user['languageid']}"]); vbmail($user['email'], $subject, $message, true); } if ($vbulletin->options['welcomepm'] and $fromuser and !$user['posts']) { if (!isset($evalpm_validated["{$user['languageid']}"])) { //note that we pass the "all languages" flag as true all the time because if the function does //caching internally and is not smart enough to check if the language requested the second time //was cached on the first pass -- so we make sure that we load and cache all language version //in case the second user has a different language from the first $text_message = fetch_phrase('welcomepm', 'emailbody', '', true, true, $chosenlanguage);
function parse_wysiwyg_anchor($aoptions, $text) { $href = parse_wysiwyg_tag_attribute('href=', $aoptions); if (!trim($href)) { return parse_wysiwyg_recurse('a', $text, 'parse_wysiwyg_anchor'); } if (substr($href, 0, 7) == 'mailto:') { $tag = 'email'; $href = substr($href, 7); } else { $tag = 'url'; if (!preg_match('#^[a-z0-9]+:#i', $href)) { // relative URL, prefix it with the URL to this board $href = create_full_url($href); } } $tag = strtoupper($tag); return "[{$tag}=\"{$href}\"]" . parse_wysiwyg_recurse('a', $text, 'parse_wysiwyg_anchor') . "[/{$tag}]"; }
/** * Parses an <a> tag. Matches URL and EMAIL BB code. * * @param string String containing tag attributes * @param string Text within tag * @param string Name of HTML tag. Used if one function parses multiple tags * @param mixed Extra arguments passed in to parsing call or tag rules */ protected function parse_tag_a($aoptions, $text, $tag_name, $args) { $href = $this->parse_wysiwyg_tag_attribute('href=', $aoptions); if (!trim($href)) { return $this->parse_tag_by_name('a', $text); } if (substr($href, 0, 7) == 'mailto:') { $tag = 'email'; $href = substr($href, 7); } else { $tag = 'url'; if (!preg_match('#^[a-z0-9]+:#i', $href)) { // relative URL, prefix it with the URL to this board $href = create_full_url($href); } } $tag = strtoupper($tag); if ($this->is_bbcode_tag_allowed($tag)) { return "[$tag=\"$href\"]" . $this->parse_tag_by_name('a', $text) . "[/$tag]"; } else { // can't auto link, return a plaintext version $inner_text = $this->parse_tag_by_name('a', $text); if ($inner_text != $href) { return "$inner_text ($href)"; } else { return $href; } } }
} if ($group['membertype'] != 'member' and !can_moderate(0, 'caneditgrouppicture')) { if ($vbulletin->userinfo['permissions']['socialgrouppermissions'] & $vbulletin->bf_ugp_socialgrouppermissions['canjoingroups'] and can_join_group($group)) { standard_error(fetch_error('must_be_group_member_view_add_pictures_join_x', 'group.php?' . $vbulletin->session->vars['sessionurl'] . 'do=join&groupid=' . $group['groupid'])); } else { standard_error(fetch_error('must_be_group_member_view_add_pictures')); } } $pictureinfo = fetch_socialgroup_picture($vbulletin->GPC['attachmentid'], $group['groupid']); if (!$pictureinfo) { standard_error(fetch_error('invalidid', $vbphrase['picture'], $vbulletin->options['contactuslink'])); } $pictureinfo['adddate'] = vbdate($vbulletin->options['dateformat'], $pictureinfo['dateline'], true); $pictureinfo['addtime'] = vbdate($vbulletin->options['timeformat'], $pictureinfo['dateline']); $pictureinfo['caption_html'] = nl2br(fetch_word_wrapped_string(fetch_censored_text($pictureinfo['caption']))); $pictureurl = create_full_url("attachment.php?attachmentid={$pictureinfo['attachmentid']}"); if (!preg_match('#^[a-z]+://#i', $pictureurl)) { $pictureurl = $vbulletin->options['bburl'] . "/attachment.php?attachmentid={$pictureinfo['attachmentid']}"; } $pictureinfo['pictureurl'] = $pictureurl; $navpictures_sql = $db->query_read_slave("\r\n\t\tSELECT\r\n\t\t\ta.attachmentid\r\n\t\tFROM " . TABLE_PREFIX . "attachment AS a\r\n\t\tINNER JOIN " . TABLE_PREFIX . "socialgroupmember AS socialgroupmember ON\r\n\t\t\t(socialgroupmember.userid = a.userid AND socialgroupmember.groupid = {$group['groupid']} AND socialgroupmember.type = 'member')\r\n\t\tWHERE\r\n\t\t\ta.contentid = {$group['groupid']}\r\n\t\t\t\tAND\r\n\t\t\ta.contenttypeid = {$contenttypeid}\r\n\t\tORDER BY a.dateline DESC\r\n\t"); $pic_location = fetch_picture_location_info($navpictures_sql, $pictureinfo['attachmentid']); $db->free_result($navpictures_sql); ($hook = vBulletinHook::fetch_hook('group_picture')) ? eval($hook) : false; $show['edit_picture_option'] = ($pictureinfo['userid'] == $vbulletin->userinfo['userid'] or can_moderate(0, 'caneditgrouppicture')); $show['remove_picture_option'] = ($pictureinfo['userid'] == $vbulletin->userinfo['userid'] or fetch_socialgroup_modperm('canremovepicture', $group)); $show['reportlink'] = ($vbulletin->userinfo['userid'] and ($vbulletin->options['rpforumid'] or $vbulletin->options['enableemail'] and $vbulletin->options['rpemail'])); if ($vbulletin->options['pc_enabled']) { require_once DIR . '/includes/functions_picturecomment.php'; $pagenumber = $vbulletin->GPC['pagenumber']; $perpage = $vbulletin->GPC['perpage'];
/** * Sets up different display variables for the Group Message * * @access protected */ function process_display() { global $show, $vbphrase; // Simplify moderation for templating $this->item['picturecount'] = vb_number_format($this->item['visible']); // Get cover image info $this->item['coverthumburl'] = $this->item['attachmentid'] ? 'attachment.php?' . $this->registry->session->vars['sessionurl'] . "albumid={$this->item['albumid']}&attachmentid={$this->item['attachmentid']}&thumb=1&d={$this->item['thumbnail_dateline']}" : ''; $this->item['coverdimensions'] = $this->item['thumbnail_width'] ? "width=\"{$this->item[thumbnail_width]}px\" height=\"{$this->item[thumbnail_height]}px\"" : ''; if (defined('VB_API') and VB_API === true) { if ($this->item['coverthumburl']) { $this->item['pictureurl'] = create_full_url($this->item['coverthumburl']); } else { $this->item['pictureurl'] = ''; } } // Display album type if ('private' == $this->item['state']) { $show['personalalbum'] = true; $this->item['albumtype'] = $vbphrase['private_album_paren']; } else { if ('profile' == $this->item['state']) { $show['personalalbum'] = true; $this->item['albumtype'] = $vbphrase['profile_album_paren']; } else { $show['personalalbum'] = false; } } // Show moderation details if ($this->item['moderation'] and (can_moderate(0, 'canmoderatepictures') or $vbulletin->userinfo['userid'] == $this->item['userid'])) { $show['moderated'] = true; $this->item['moderatedcount'] = vb_number_format($this->item['moderation']); } else { $show['moderated'] = false; } }
} else { if ($vbulletin->GPC['message'] == '') { eval(standard_error(fetch_error('nomessage'))); } if ($perform_floodcheck) { require_once DIR . '/includes/class_floodcheck.php'; $floodcheck = new vB_FloodCheck($vbulletin, 'user', 'emailstamp'); $floodcheck->commit_key($vbulletin->userinfo['userid'], TIMENOW, TIMENOW - $vbulletin->options['emailfloodtime']); if ($floodcheck->is_flooding()) { eval(standard_error(fetch_error('emailfloodcheck', $vbulletin->options['emailfloodtime'], $floodcheck->flood_wait()))); } } ($hook = vBulletinHook::fetch_hook('sendmessage_domailmember')) ? eval($hook) : false; //magic variables for for phrase eval $message = fetch_censored_text($vbulletin->GPC['message']); $forumhomelink = create_full_url(fetch_seo_url('forumhome|nosession', array()), true); eval(fetch_email_phrases('usermessage', $userinfo['languageid'])); //note that $message is set via the run via eval from fetch_email_phrases. vbmail($userinfo['email'], fetch_censored_text($vbulletin->GPC['emailsubject']), $message, false, $vbulletin->userinfo['email'], '', $vbulletin->userinfo['username']); // parse this next line with eval: $sendtoname = $userinfo['username']; print_standard_redirect(array('redirect_sentemail', $sendtoname)); } } } /*======================================================================*\ || #################################################################### || # Downloaded: 03:13, Sat Sep 7th 2013 || # CVS: $RCSfile$ - $Revision: 58373 $ || #################################################################### \*======================================================================*/
/** * Verify Friendly URL * Ensures the requested URL was in the correct format according to the * friendlyurl option. If not, throw a 301 to the correct route. */ public function assertFriendlyUrl() { // API don't need to redirect if (defined('VB_API') and VB_API === true) { return; } // Only redirect on GET if ('GET' != $_SERVER['REQUEST_METHOD']) { return; } // If this route isn't valid then we'll be 404'ing anyway if (!$this->isValid()) { return; } // If we don't have an entry path then there's nothing to do if (!($request_path = vB_Router::getEntryPath())) { return; } // Allow hooks to handle non canonical urls ($hook = vBulletinHook::fetch_hook('friendlyurl_redirect_canonical_route')) ? eval($hook) : false; // Check if we should be enforcing the canonical url if (vB_Friendly_Url::CANON_OFF == vB::$vbulletin->options['friendlyurl_canonical']) { return; } // Only redirect guests and search engines if (vB::$vbulletin->userinfo['userid'] and !vB::$vbulletin->options['friendlyurl_canonical_registered']) { return; } // Get the canonical path if (!isset($canonical_path)) { $canonical_path = $this->getRoutePath(false, vB_Friendly_Url::CANON_STRICT == vB::$vbulletin->options['friendlyurl_canonical'], true); } // Whether the request was canonical $canonical = true; // If no route path is specified then only rewrite can differ if ($request_path == VB_ROUTER_SEGMENT) { //This looks like a bug. The second "==" should be an "AND". This is based on the fact that how its written doesn't //make a lot of sense and the behavior with the change is more consistant. However its a bug with senority at this //point and fixing it will change how urls behave. For the time being leaving it alone is better than the risk of //changing it. if ((FRIENDLY_URL == FRIENDLY_URL_REWRITE) == (vB::$vbulletin->options['friendlyurl'] == FRIENDLY_URL_REWRITE)) { return; } } // Check the Friendly URL method if (FRIENDLY_URL !== intval(vB::$vbulletin->options['friendlyurl'])) { $canonical = false; } // Check URI if ($canonical and vB_Friendly_URL::CANON_STRICT == vB::$vbulletin->options['friendlyurl_canonical']) { if ($request_path != $canonical_path) { // request may have been in the current charset, try utf-8 $request_path = to_utf8($request_path, vB::$vbulletin->userinfo['lang_charset']); if ($request_path != $canonical_path) { $canonical = false; } } } // Redirect if incorrect if (!$canonical) { // Get the raw redirect url $url = $this->getCurrentURL(null, null, '', false, true); // add any query vars $vars = $_GET; unset($vars[vB::$vbulletin->options['route_requestvar']]); unset($vars['pagenumber']); // Remove duplicate created by shortvar code if (!empty($vars)) { $url .= (strpos($url, '?') ? '&' : '?') . urlimplode($vars, false, true); } //do a quick check to ensure that we aren't trying to redirect to the url //we came in on. This is needed primarily because of a special case where the //friendly url logic doesn't correctly detect the rewrite URL version of the //incoming link and will attempt to redirect because they don't match. $url = create_full_url($url); $cleaned_url = vB::$vbulletin->input->xss_clean(vB::$vbulletin->input->strip_sessionhash($url)); $cleaned_url = $this->domain_to_lower($cleaned_url); //if ($url != VB_URL_CLEAN) if (urldecode($cleaned_url) != urldecode($this->domain_to_lower(VB_URL_CLEAN))) { // redirect to the canonical url exec_header_redirect($url, 301); } } }
print_nav_panel(); unset($navigation); echo "</div>\n"; // ************************************************* define('NO_CP_COPYRIGHT', true); unset($DEVDEBUG); print_cp_footer(); } // ############################################################################# // ################################ BUILD FRAMESET ############################# // ############################################################################# if ($_REQUEST['do'] == 'frames' or empty($_REQUEST['do'])) { $vbulletin->input->clean_array_gpc('r', array('loc' => vB_Cleaner::TYPE_NOHTML)); $navframe = "<frame src=\"index.php?" . vB::getCurrentSession()->get('sessionurl') . "do=nav" . iif($vbulletin->GPC['nojs'], '&nojs=1') . "\" name=\"nav\" scrolling=\"yes\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" border=\"no\" id=\"vb-acp-navframe\" />\n"; $headframe = "<frame src=\"index.php?" . vB::getCurrentSession()->get('sessionurl') . "do=head\" name=\"head\" scrolling=\"no\" noresize=\"noresize\" frameborder=\"0\" marginwidth=\"10\" marginheight=\"0\" border=\"no\" id=\"vb-acp-headframe\" />\n"; $mainframe = "<frame src=\"" . iif(!empty($vbulletin->GPC['loc']) and !preg_match('#^[a-z]+:#i', $vbulletin->GPC['loc']), create_full_url($vbulletin->GPC['loc']), "index.php?" . vB::getCurrentSession()->get('sessionurl') . "do=home") . "\" name=\"main\" scrolling=\"yes\" frameborder=\"0\" marginwidth=\"10\" marginheight=\"10\" border=\"no\" id=\"vb-acp-mainframe\" />\n"; ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Frameset//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-frameset.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" dir="<?php echo vB_Template_Runtime::fetchStyleVar('textdirection'); ?> " lang="<?php echo vB_Template_Runtime::fetchStyleVar('languagecode'); ?> "> <head> <script type="text/javascript"> <!-- // get out of any containing frameset if (self.parent.frames.length != 0) {
protected function saveData($view) { if ($this->data_saved) { return true; } $this->data_saved = true; if (!$this->content->canEdit() AND !$this->content->canPublish() ) { return $vb_phrase['no_edit_permissions']; } require_once DIR . '/includes/functions.php'; // collect error messages $errors = array(); vB::$vbulletin->input->clean_array_gpc('p', array( 'do' => vB_Input::TYPE_STR, 'cms_node_title' => vB_Input::TYPE_STR, 'cms_node_url' => vB_Input::TYPE_STR, 'message' => vB_Input::TYPE_STR, 'url' => vB_Input::TYPE_NOHTML, 'title' => vB_Input::TYPE_NOHTML, 'setpublish' => vB_Input::TYPE_UINT, 'publishdate' => vB_Input::TYPE_UINT, 'html_title' => vB_Input::TYPE_NOHTML, 'publicpreview' => vB_Input::TYPE_UINT, 'new_parentid' => vB_Input::TYPE_UINT, 'comments_enabled' => vB_Input::TYPE_UINT, 'wysiwyg' => vB_Input::TYPE_BOOL, 'parseurl' => vB_Input::TYPE_BOOL, 'posthash' => vB_Input::TYPE_NOHTML, 'poststarttime' => vB_Input::TYPE_UINT, 'htmlstate' => vB_Input::TYPE_NOHTML, )); ($hook = vBulletinHook::fetch_hook('vbcms_article_save_start')) ? eval($hook) : false; $dm = $this->content->getDM(); $dm->set('contentid', $this->content->getId()); if ($this->content->canEdit()) { // get pagetext $pagetext = vB::$vbulletin->GPC['message']; $html_title = vB::$vbulletin->GPC['html_title']; $title = vB::$vbulletin->GPC['title']; // unwysiwygify the incoming data if (vB::$vbulletin->GPC['wysiwyg']) { $html_parser = new vBCms_WysiwygHtmlParser(vB::$vbulletin); $pagetext = $html_parser->parse($pagetext); } $dm->info['parseurl'] = true; $dm->set('pagetext', $pagetext); if ($title) { $dm->set('title', $pagetext); } $bbcodesearch = array(); $video_location = stripos($pagetext, '[video'); $found_image = false; // populate the preview image field with [img] if we can find one if (($i = stripos($pagetext, '[IMG]')) !== false and ($j = stripos($pagetext, '[/IMG]')) AND $j > $i) { $previewimage = htmlspecialchars_uni(substr($pagetext, $i+5, $j - $i - 5)); $image_location = $i; if ($size = @getimagesize($previewimage)) { $dm->set('previewimage', $previewimage); $dm->set('imagewidth', $size[0]); $dm->set('imageheight', $size[1]); $bbcodesearch[] = substr($pagetext, $i, $j + 6); $found_image = true; } } // or populate the preview image field with [attachment] if we can find one if (!$found_image) { $i = stripos($pagetext, "[ATTACH=CONFIG]"); $j = stripos($pagetext, '[/ATTACH]'); if ($j !== false) { if ($i === false) { $i = stripos($pagetext, "[ATTACH]"); if ($i !== false AND ($i > $j)) { $attachmentid = substr($pagetext, $i + 15, $j - $i - 15); $found_image = $this->getAttachData($attachmentid, $dm, $bbcodesearch); } } else if ($i > $j) { $attachmentid = substr($pagetext, $i + 15, $j - $i - 15); $found_image = $this->getAttachData($attachmentid, $dm, $bbcodesearch); } } } if (!$found_image AND $this->content->canDownload()) { require_once(DIR . '/packages/vbattach/attach.php'); $attach = new vB_Attach_Display_Content(vB::$vbulletin, 'vBCms_Article'); $attachments = $attach->fetch_postattach(0, $this->content->getNodeId(), $this->content->getUserId()); if (!empty($attachments)) { foreach($attachments as $attachment) { if ($attachment['hasthumbnail']) { $found_image = $this->getAttachData($attachment['attachmentid'], $dm, $bbcodesearch); if ($found_image) { break; } } } } } // if there are no images in the article body, make sure we unset the preview in the db if (!$found_image ) { $dm->set('previewimage', ''); $dm->set('imagewidth', 0); $dm->set('imageheight', 0); $image_location = intval($video_location) + 1; } $parseurl = false; $providers = $search = $replace = $previewvideo = array(); ($hook = vBulletinHook::fetch_hook('data_preparse_bbcode_video_start')) ? eval($hook) : false; // Convert video bbcode with no option if ((($video_location !== false) AND (intval($video_location) < intval($image_location))) OR $parseurl) { if (!$providers) { $bbcodes = vB::$db->query_read_slave(" SELECT provider, url, regex_url, regex_scrape, tagoption FROM " . TABLE_PREFIX . "bbcode_video ORDER BY priority "); while ($bbcode = vB::$db->fetch_array($bbcodes)) { $providers["$bbcode[tagoption]"] = $bbcode; } } $scraped = 0; if (!empty($providers) AND preg_match_all('#\[video[^\]]*\](.*?)\[/video\]#si', $pagetext, $matches)) { foreach ($matches[1] AS $key => $url) { $match = false; foreach ($providers AS $provider) { $addcaret = ($provider['regex_url'][0] != '^') ? '^' : ''; if (preg_match('#' . $addcaret . $provider['regex_url'] . '#si', $url, $match)) { break; } } if ($match) { if (!$provider['regex_scrape'] AND $match[1]) { $previewvideo['provider'] = $provider['tagoption']; $previewvideo['code'] = $match[1]; $previewvideo['url'] = $url; $bbcodesearch[] = $matches[0][$key]; break; } else if ($provider['regex_scrape'] AND vB::$vbulletin->options['bbcode_video_scrape'] > 0 AND $scraped < vB::$vbulletin->options['bbcode_video_scrape']) { require_once(DIR . '/includes/functions_file.php'); $result = fetch_body_request($url); if (preg_match('#' . $provider['regex_scrape'] . '#si', $result, $scrapematch)) { $previewvideo['provider'] = $provider['tagoption']; $previewvideo['code'] = $scrapematch[1]; $previewvideo['url'] = $url; $bbcodesearch[] = $matches[0][$key]; break; } $scraped++; } } } } } $htmlstate = vB::$vbulletin->GPC_exists['htmlstate'] ? vB::$vbulletin->GPC['htmlstate'] : $this->content->getHtmlState(); // Try to populate previewvideo html if ($previewvideo) { $templater = vB_Template::create('bbcode_video'); $templater->register('url', $previewvideo['url']); $templater->register('provider', $previewvideo['provider']); $templater->register('code', $previewvideo['code']); $dm->set('previewvideo', $templater->render()); $dm->set('previewimage', ''); $dm->set('imagewidth', 0); $dm->set('imageheight', 0); $image_location = -1; } else { $dm->set('previewvideo', ''); } } if ($this->content->canPublish()) { $old_sectionid = $this->content->getParentId(); //set the values, for the dm and update the content. if ( vB::$vbulletin->GPC_exists['new_parentid'] AND intval(vB::$vbulletin->GPC['new_parentid'])) { vBCms_ContentManager::moveSection(array($this->content->getNodeId()), vB::$vbulletin->GPC['new_parentid']); $new_sectionid = vB::$vbulletin->GPC['new_parentid']; } if (vB::$vbulletin->GPC_exists['publicpreview']) { $dm->set('publicpreview', vB::$vbulletin->GPC['publicpreview']); } if (vB::$vbulletin->GPC_exists['comments_enabled']) { $dm->set('comments_enabled', vB::$vbulletin->GPC['comments_enabled']); } if (vB::$vbulletin->GPC_exists['setpublish']) { $dm->set('setpublish', vB::$vbulletin->GPC['setpublish']); } } if (vB::$vbulletin->GPC_exists['html_title']) { $dm->set('html_title', vB::$vbulletin->GPC['html_title']); } if (vB::$vbulletin->GPC_exists['url']) { $dm->set('url', vB::$vbulletin->GPC['url']); } if (vB::$vbulletin->GPC_exists['htmlstate']) { $dm->set('htmlstate', vB::$vbulletin->GPC['htmlstate']); } //We may have some processing to do for public preview. Let's see if comments // are enabled. We never enable them for sections, and they might be turned off globally. vB::$vbulletin->input->clean_array_gpc('r', array( 'publicpreview' => TYPE_UINT)); $success = $dm->saveFromForm($this->content->getNodeId()); $this->changed = true; if ($dm->hasErrors()) { $fieldnames = array( 'html_title' => new vB_Phrase('vbcms', 'html_title'), 'title' => new vB_Phrase('global', 'title') ); $view->errors = $dm->getErrors(array_keys($fieldnames)); $view->error_summary = self::getErrorSummary($dm->getErrors(array_keys($fieldnames)), $fieldnames); $view->status = $view->error_view->title; } else { $view->status = new vB_Phrase('vbcms', 'content_saved'); $this->cleanContentCache(); // Make sure the posthash is valid if (md5(vB::$vbulletin->GPC['poststarttime'] . vB::$vbulletin->userinfo['userid'] . vB::$vbulletin->userinfo['salt']) == vB::$vbulletin->GPC['posthash']) { vB::$vbulletin->db->query_write(" UPDATE " . TABLE_PREFIX . "attachment SET posthash = '', contentid = " . intval($this->content->getNodeId()) . " WHERE posthash = '" . vB::$vbulletin->db->escape_string(vB::$vbulletin->GPC['posthash']) . "' AND contenttypeid = " . intval(vB_Types::instance()->getContentTypeID("vBCms_Article")) . " "); } // only publish to Facebook if we are going from not-published to published, and the date is in the past if (is_facebookenabled() AND $this->content->isPublished()) { $message = new vB_Phrase('posting', 'fbpublish_message_newarticle', vB::$vbulletin->options['bbtitle']); $fblink = vBCms_Route_Content::getURL(array( 'node' => $this->content->getUrlSegment(), 'action' =>'view' )); $fblink = str_ireplace('&', '&', $fblink); publishtofacebook_newarticle($message, $this->content->getTitle(), $this->content->getPageText(), create_full_url($fblink)); } } ($hook = vBulletinHook::fetch_hook('vbcms_article_save_end')) ? eval($hook) : false; //invalidate the navigation cache. vB_Cache::instance()->event('sections_updated'); vB_Cache::instance()->event('articles_updated'); vB_Cache::instance()->event(array_merge($this->content->getCacheEvents(), array($this->content->getContentCacheEvent()))); //Make sure comment count will be updated when a comment is posted if ($threadid = $this->content->getAssociatedThreadId()) { vB_Cache::instance()->event("cms_comments_thread_$threadid"); } vB_Cache::instance()->cleanNow(); $this->content->reset(); //reset the required information $this->content->requireInfo(vBCms_Item_Content::INFO_BASIC); $this->content->requireInfo(vBCms_Item_Content::INFO_CONTENT); $this->content->requireInfo(vBCms_Item_Content::INFO_CONFIG); $this->content->requireInfo(vBCms_Item_Content::INFO_NODE); $this->content->requireInfo(vBCms_Item_Content::INFO_PARENTS); }
/** * Halts execution and redirects to the specified URL invisibly * * @param string Destination URL */ function exec_header_redirect($url, $redirectcode = 302) { global $vbulletin; $url = create_full_url($url); if (class_exists('vBulletinHook', false)) { // this can be called when we don't have the hook class ($hook = vBulletinHook::fetch_hook('header_redirect')) ? eval($hook) : false; } $url = str_replace('&', '&', $url); // prevent possible oddity if (strpos($url, "\r\n") !== false) { trigger_error("Header may not contain more than a single header, new line detected.", E_USER_ERROR); } header("Location: $url", 0, $redirectcode); if ($vbulletin->options['addheaders'] AND (SAPI_NAME == 'cgi' OR SAPI_NAME == 'cgi-fcgi')) { // see #24779 switch($redirectcode) { case 301: header('Status: 301 Moved Permanently'); case 302: header('Status: 302 Found'); break; } } define('NOPMPOPUP', 1); if (defined('NOSHUTDOWNFUNC')) { exec_shut_down(); } exit; }
function parse_wysiwyg_anchor($aoptions, $text) { global $vbulletin; $href = parse_wysiwyg_tag_attribute('href=', $aoptions); if (!trim($href)) { return parse_wysiwyg_recurse('a', $text, 'parse_wysiwyg_anchor'); } if (substr($href, 0, 7) == 'mailto:') { $tag = 'email'; $href = substr($href, 7); } else { $tag = 'url'; if (!preg_match('#^[a-z0-9]+:#i', $href)) { // relative URL, prefix it with the URL to this board $href = create_full_url($href); } } $tag = strtoupper($tag); if ($vbulletin->options['allowedbbcodes'] & ALLOW_BBCODE_URL) { return "[{$tag}=\"{$href}\"]" . parse_wysiwyg_recurse('a', $text, 'parse_wysiwyg_anchor') . "[/{$tag}]"; } else { // can't auto link, return a plaintext version $inner_text = parse_wysiwyg_recurse('a', $text, 'parse_wysiwyg_anchor'); if ($inner_text != $href) { return "{$inner_text} ({$href})"; } else { return $href; } } }
$finishat = $vbulletin->GPC['startat']; while ($avatar = $db->fetch_array($avatars)) { $finishat = ($avatar['avatarid'] > $finishat ? $avatar['avatarid'] : $finishat); echo construct_phrase($vbphrase['processing_x'], "$vbphrase[avatar] : $avatar[avatarid] ($avatar[title])"); $imagepath = $avatar['avatarpath']; $destination = $avatarpath . '/' . $avatar['avatarid'] . '.gif'; $remotefile = false; if ($avatar['avatarpath'][0] == '/') { // absolute web path -- needs to be translated into a full path and handled that way $avatar['avatarpath'] = create_full_url($avatar['avatarpath']); } if (substr($avatar['avatarpath'], 0, 7) == 'http://') { if ($vbulletin->options['safeupload']) { $imagepath = $vbulletin->options['tmppath'] . '/' . md5(uniqid(microtime()) . $avatar['avatarid']); } else { $imagepath = tempnam(ini_get('upload_tmp_dir'), 'vbthumb'); } if ($filenum = @fopen($imagepath, 'wb')) { require_once(DIR . '/includes/class_vurl.php'); $vurl = new vB_vURL($vbulletin);
if ($_REQUEST['do'] == 'logout') { define('NOPMPOPUP', true); if (!VB_API) { $vbulletin->input->clean_gpc('r', 'logouthash', vB_Cleaner::TYPE_STR); if ($vbulletin->userinfo['userid'] != 0 and !verify_security_token($vbulletin->GPC['logouthash'], $vbulletin->userinfo['securitytoken_raw'])) { eval(standard_error(fetch_error('logout_error', vB::getCurrentSession()->get('sessionurl'), $vbulletin->userinfo['securitytoken']))); } } process_logout(); $vbulletin->url = fetch_replaced_session_url($vbulletin->url); $forumHome = vB_Library::instance('content_channel')->getForumHomeChannel(); if (strpos($vbulletin->url, 'do=logout') !== false) { $vbulletin->url = vB5_Route::buildUrl($forumHome['routeid'] . '|fullurl'); } $show['member'] = false; eval(standard_error(fetch_error('cookieclear', create_full_url($vbulletin->url), vB5_Route::buildUrl($forumHome['routeid'] . '|fullurl')), '', false)); } // ############################### start do login ############################### // this was a _REQUEST action but where do we all login via request? if ($_POST['do'] == 'login') { $vbulletin->input->clean_array_gpc('p', array('vb_login_username' => vB_Cleaner::TYPE_STR, 'vb_login_password' => vB_Cleaner::TYPE_STR, 'vb_login_md5password' => vB_Cleaner::TYPE_STR, 'vb_login_md5password_utf' => vB_Cleaner::TYPE_STR, 'postvars' => vB_Cleaner::TYPE_BINARY, 'cookieuser' => vB_Cleaner::TYPE_BOOL, 'logintype' => vB_Cleaner::TYPE_STR, 'cssprefs' => vB_Cleaner::TYPE_STR, 'inlineverify' => vB_Cleaner::TYPE_BOOL)); // TODO: This is a temp fix for VBV-3475 function admin_login_error($error, array $args = array()) { global $vbulletin; if ($vbulletin->GPC['logintype'] === 'cplogin' or $vbulletin->GPC['logintype'] === 'modcplogin') { require_once DIR . '/includes/adminfunctions.php'; $url = unhtmlspecialchars($vbulletin->url); $urlarr = vB_String::parseUrl($url); $urlquery = $urlarr['query']; $oldargs = array();
$show['languagechooser'] = ($languagecount > 1 and empty($_POST['do'])) ? true : false; unset($languagecount); // ############################################################################# // Generate Style Chooser Dropdown if ($vbulletin->options['allowchangestyles'] and empty($_POST['do'])) { $stylecount = 0; $quickchooserbits = construct_style_options(-1, '--', true, true); $show['quickchooser'] = $stylecount > 1 ? true : false; unset($stylecount); } else { $show['quickchooser'] = false; } // ############################################################################# // do cron stuff - goes into footer if ($vbulletin->cron <= TIMENOW) { $cronimage = '<img src="' . create_full_url('cron.php?' . $vbulletin->session->vars['sessionurl'] . 'rand=' . TIMENOW) . '" alt="" width="1" height="1" border="0" />'; } else { $cronimage = ''; } $show['rtl'] = $stylevar['textdirection'] == 'rtl'; $show['admincplink'] = iif($vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel'], true, false); // This generates an extra query for non-admins/supermods on many pages so we have chosen to only display it to supermods & admins // $show['modcplink'] = iif(can_moderate(), true, false); $show['modcplink'] = ($vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel'] or $vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['ismoderator']); $show['registerbutton'] = (!$show['search_engine'] and $vbulletin->options['allowregistration'] and (!$vbulletin->userinfo['userid'] or $vbulletin->options['allowmultiregs'])); $show['searchbuttons'] = (!$show['search_engine'] and $vbulletin->userinfo['permissions']['forumpermissions'] & $vbulletin->bf_ugp_forumpermissions['cansearch'] and $vbulletin->options['enablesearches']); $show['quicksearch'] = ($vbulletin->userinfo['userid'] or !$vbulletin->options['hvcheck_search']); $loggedout = false; if (THIS_SCRIPT == 'login' and $_REQUEST['do'] == 'logout' and $vbulletin->userinfo['userid'] != 0) { $vbulletin->input->clean_gpc('r', 'logouthash', TYPE_STR); if (verify_security_token($vbulletin->GPC['logouthash'], $vbulletin->userinfo['securitytoken_raw'])) {
/** * Render the friendly url. * * @example * FRIENDLY_URL_OFF * showthread.php?t=1234&p=2 * * FRIENDLY_URL_BASIC * showthread.php?1234-Thread-Title/page2&pp=2 * * FRIENDLY_URL_ADVANCED * showthread.php/1234-Thread-Title/page2?pp=2 * * FRIENDLY_URL_REWRITE * /threads/1234-Thread-Title/page2?pp=2 * RewriteRule ^/vb4/threads/([0-9]+)(?:/?$|(?:-[^/]+))(?:/?$|(?:/page([0-9]+)?)) /vb4/showthread.php?t=$1&page=$2 [QSA] * * @param int $method_override - Force a Friendly URL method * @param bool $canonical - Whether to skip encoding for output * @return string */ public function get_url($method_override = false, $canonical = false) { // Get the fragments $uri = $this->get_uri($canonical); // Check ampersand to use $amp = $this->urloptions & SEO_JS ? '&' : '&'; // Get the pageinfo arguments $query = $this->get_query(); // Resolve method $method = false !== $method_override ? $method_override : $this->registry->options['friendlyurl']; if ($method == FRIENDLY_URL_REWRITE) { $base = $this->rewrite_segment; } else { $base = $this->script; } //this is a nasty workaround, but we have to do it. Instead of dealing with the base option //and forcing the full url after we construct the url, do it before. The reason is that //create_full_url can deal poorly with UTF characters encoded as &#xxxx; in the url (because it contains //'#'. This may happen in friendly urls when the title contains UTF characters in this format. if ($this->script_base_option_name and $this->registry->options[$this->script_base_option_name]) { $base = $this->registry->options[$this->script_base_option_name] . '/' . $base; } if ($this->urloptions & SEO_FULLURL) { $base = create_full_url($base, (bool) ($this->urloptions & SEO_FULLURL_FORCEBBURL)); } // Get the appropriate url switch ($method) { case FRIENDLY_URL_BASIC: $sep = '?'; $query_sep = $amp; //if we don't have a uri part, then switch around the seperators so the url still works. if (!$uri) { $sep = ''; $query_sep = '?'; } $url = $base . $sep . $uri . ($query ? $query_sep . $query : ''); break; case FRIENDLY_URL_ADVANCED: $url = $base . ($uri ? '/' : '') . $uri . ($query ? '?' . $query : ''); break; case FRIENDLY_URL_REWRITE: $url = $base . ($uri ? '/' : '') . $uri . ($query ? '?' . $query : ''); break; case FRIENDLY_URL_OFF: default: $fullquery = array(); if ($this->id) { $fullquery[] = $this->idvar . '=' . $this->id; } if ($this->page > 1) { $fullquery[] = $this->pagevar . '=' . $this->page; } if ($query) { $fullquery[] = $query; } $fullquery = implode($amp, $fullquery); $url = $base . ($fullquery ? '?' : '') . $fullquery; break; } if (class_exists('vBulletinHook', false)) { ($hook = vBulletinHook::fetch_hook('friendlyurl_geturl')) ? eval($hook) : false; } return $url; }
exec_header_redirect($vbulletin->options['forumhome'] . '.php'); } // ############################### start logout ############################### if ($_REQUEST['do'] == 'logout') { define('NOPMPOPUP', true); $vbulletin->input->clean_gpc('r', 'logouthash', TYPE_STR); if ($vbulletin->userinfo['userid'] != 0 and !verify_security_token($vbulletin->GPC['logouthash'], $vbulletin->userinfo['securitytoken_raw'])) { eval(standard_error(fetch_error('logout_error', $vbulletin->session->vars['sessionurl'], $vbulletin->userinfo['securitytoken']))); } process_logout(); $vbulletin->url = fetch_replaced_session_url($vbulletin->url); if (strpos($vbulletin->url, 'do=logout') !== false) { $vbulletin->url = $vbulletin->options['forumhome'] . '.php' . $vbulletin->session->vars['sessionurl_q']; } $show['member'] = false; eval(standard_error(fetch_error('cookieclear', create_full_url($vbulletin->url), $vbulletin->options['forumhome'], $vbulletin->session->vars['sessionurl_q']), '', false)); } // ############################### start do login ############################### // this was a _REQUEST action but where do we all login via request? if ($_POST['do'] == 'login') { $vbulletin->input->clean_array_gpc('p', array('vb_login_username' => TYPE_STR, 'vb_login_password' => TYPE_STR, 'vb_login_md5password' => TYPE_STR, 'vb_login_md5password_utf' => TYPE_STR, 'postvars' => TYPE_BINARY, 'cookieuser' => TYPE_BOOL, 'logintype' => TYPE_STR, 'cssprefs' => TYPE_STR)); // can the user login? $strikes = verify_strike_status($vbulletin->GPC['vb_login_username']); if ($vbulletin->GPC['vb_login_username'] == '') { eval(standard_error(fetch_error('badlogin', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl'], $strikes))); } // make sure our user info stays as whoever we were (for example, we might be logged in via cookies already) $original_userinfo = $vbulletin->userinfo; if (!verify_authentication($vbulletin->GPC['vb_login_username'], $vbulletin->GPC['vb_login_password'], $vbulletin->GPC['vb_login_md5password'], $vbulletin->GPC['vb_login_md5password_utf'], $vbulletin->GPC['cookieuser'], true)) { ($hook = vBulletinHook::fetch_hook('login_failure')) ? eval($hook) : false; // check password
else { eval(print_standard_redirect('redirect_postthanks_nopermission', true, true)); } } else if ($newpost['visible']) { if ($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewthreads']) { $vbulletin->url = fetch_seo_url('thread', $threadinfo, array('p' => $newpost['postid'] . "#post$newpost[postid]")); // attempt to publish this new thread to user's Facebook feed if (is_facebookenabled()) { $fblink = str_ireplace('&', '&', $vbulletin->url); publishtofacebook_newthread($newpost['title'], $newpost['message'], create_full_url($fblink)); } eval(print_standard_redirect('redirect_postthanks')); } else { $vbulletin->url = fetch_seo_url('forum', $foruminfo); eval(print_standard_redirect('redirect_postthanks_nopermission', true, true)); } } else { $vbulletin->url = fetch_seo_url('forum', $foruminfo); eval(print_standard_redirect('redirect_postthanks_moderate', true, true)); }
/** * Halts execution and shows the specified message * * @param string Message to display * @param mixed If specified, a redirect will be performed to the URL in this parameter * @param integer If redirect is specified, this is the time in seconds to delay before redirect * @param string If specified, will provide a specific URL for "Go Back". If empty, no button will be displayed! * @param bool If true along with redirect, 'CONTINUE' button will be used instead of automatic redirect */ function print_cp_message($text = '', $redirect = NULL, $delay = 1, $backurl = NULL, $continue = false) { global $vbulletin, $vbphrase; if ($redirect and $vbulletin->session->vars['sessionurl']) { if (strpos($redirect, '?') === false) { $redirect .= '?'; } $redirect .= '&' . $vbulletin->session->vars['sessionurl']; } if (!defined('DONE_CPHEADER')) { print_cp_header($vbphrase['vbulletin_message']); } echo '<p> </p><p> </p>'; print_form_header('', '', 0, 1, 'messageform', '65%'); print_table_header($vbphrase['vbulletin_message']); print_description_row("<blockquote><br />{$text}<br /><br /></blockquote>"); if ($redirect and $redirect !== NULL) { // redirect to the new page if ($continue) { $continueurl = str_replace('&', '&', $redirect); print_table_footer(2, construct_button_code($vbphrase['continue'], create_full_url($continueurl))); } else { print_table_footer(); $redirect_click = create_full_url($redirect); $redirect_click = str_replace('"', '', $redirect_click); echo '<p align="center" class="smallfont">' . construct_phrase($vbphrase['if_you_are_not_automatically_redirected_click_here_x'], $redirect_click) . "</p>\n"; print_cp_redirect($redirect, $delay); } } else { // end the table and halt if ($backurl === NULL) { $backurl = 'javascript:history.back(1)'; } if (strpos($backurl, 'history.back(') !== false) { //if we are attempting to run a history.back(1), check we have a history to go back to, otherwise attempt to close the window. $back_button = ' <input type="button" id="backbutton" class="button" value="' . $vbphrase['go_back'] . '" title="" tabindex="1" onclick="if (history.length) { history.back(1); } else { self.close(); }"/> <script type="text/javascript"> <!-- if (history.length < 1 || ((is_saf || is_moz) && history.length <= 1)) // safari + gecko start at 1 { document.getElementById("backbutton").parentNode.removeChild(document.getElementById("backbutton")); } //--> </script>'; } else { if ($backurl !== '') { // regular window.location=url call $backurl = create_full_url($backurl); $backurl = str_replace(array('"', "'"), '', $backurl); $back_button = '<input type="button" class="button" value="' . $vbphrase['go_back'] . '" title="" tabindex="1" onclick="window.location=\'' . $backurl . '\';"/>'; } else { $back_button = ''; } } print_table_footer(2, $back_button); } // and now terminate the script print_cp_footer(); }
$optionvalue = htmlspecialchars_uni($borderwidth); $optionclass = ''; $optionselected = ($borderwidth == $selector["border_width"] ? ' selected="selected"' : ''); $optiontitle = !empty($vbphrase["usercss_borderwidth_$key"]) ? $vbphrase["usercss_borderwidth_$key"] : $key; $borderwidthselect .= render_option_template($optiontitle, $optionvalue, $optionselected, $optionclass); } } if ($field_names['background_image']) { if (!empty($selector['background_image'])) { if (preg_match("/^([0-9]+),([0-9]+)$/", $selector['background_image'], $picture)) { $selector['background_image'] = create_full_url("attachment.php?attachmentid=" . $picture[2] . "&albumid=" . $picture[1]); } } } if ($field_names['padding']) { $paddingselect = ''; foreach ($allowedpaddings AS $key => $padding) { $optionvalue = htmlspecialchars_uni($padding); $optionclass = ''; $optionselected = ($padding == $selector['padding'] ? ' selected="selected"' : ''); $optiontitle = !empty($vbphrase["usercss_padding_$key"]) ? $vbphrase["usercss_padding_$key"] : $key;
} } if ($field_names['border_width']) { $borderwidthselect = ''; foreach ($allowedborderwidths as $key => $borderwidth) { $optionvalue = htmlspecialchars_uni($borderwidth); $optionclass = ''; $optionselected = $borderwidth == $selector["border_width"] ? ' selected="selected"' : ''; $optiontitle = !empty($vbphrase["usercss_borderwidth_{$key}"]) ? $vbphrase["usercss_borderwidth_{$key}"] : $key; eval('$borderwidthselect .= "' . fetch_template('option') . '";'); } } if ($field_names['background_image']) { if (!empty($selector['background_image'])) { if (preg_match("/^([0-9]+),([0-9]+)\$/", $selector['background_image'], $picture)) { $selector['background_image'] = create_full_url("picture.php?albumid=" . $picture[1] . "&pictureid=" . $picture[2]); } } } if ($field_names['padding']) { $paddingselect = ''; foreach ($allowedpaddings as $key => $padding) { $optionvalue = htmlspecialchars_uni($padding); $optionclass = ''; $optionselected = $padding == $selector['padding'] ? ' selected="selected"' : ''; $optiontitle = !empty($vbphrase["usercss_padding_{$key}"]) ? $vbphrase["usercss_padding_{$key}"] : $key; eval('$paddingselect .= "' . fetch_template('option') . '";'); } } if ($field_names) { $border_style_selected = array($selector['border_style'] => ' selected="selected"');
} $xml->close_group('source'); $output .= $xml->output(); unset($xml); } else { if (in_array($vbulletin->GPC['type'], array('RSS', 'RSS1', 'RSS2'))) { // RSS output // setup the board title if (empty($title)) { // just show board title $rsstitle = $vbulletin->options['bbtitle']; } else { // show board title plus selection $rsstitle = $vbulletin->options['bbtitle'] . " - {$title}"; } $rssicon = create_full_url($stylevar['imgdir_misc'] . '/rss.jpg'); $headers[] = 'Cache-control: max-age=' . $expires; $headers[] = 'Expires: ' . gmdate("D, d M Y H:i:s", $expires) . ' GMT'; $headers[] = 'Last-Modified: ' . gmdate('D, d M Y H:i:s', $lastmodified) . ' GMT'; $headers[] = 'ETag: "' . $cachehash . '"'; $headers[] = 'Content-Type: text/xml' . ($stylevar['charset'] != '' ? '; charset=' . $stylevar['charset'] : ''); $output = '<?xml version="1.0" encoding="' . $stylevar['charset'] . '"?>' . "\r\n\r\n"; # Each specs shared code is entered in full (duplicated) to make it easier to read switch ($vbulletin->GPC['type']) { case 'RSS': require_once DIR . '/includes/class_xml.php'; $xml = new vB_XML_Builder($vbulletin); $xml->add_group('rss', array('version' => '0.91')); $xml->add_group('channel'); $xml->add_tag('title', $rsstitle); $xml->add_tag('link', $vbulletin->options['bburl'], array(), false, true);