function do_upload_avatar() { $cleaned = vB::getCleaner()->cleanArray($_REQUEST, array('upload' => vB_Cleaner::TYPE_FILE)); if (empty($cleaned['upload'])) { return json_error(ERR_NO_PERMISSION); } $upload_result = vB_Api::instance('profile')->upload($cleaned['upload']); if (!empty($upload_result['errors'])) { return json_error(ERR_NO_PERMISSION); } return true; }
public function message($message, $userid) { $cleaner = vB::getCleaner(); $message = $cleaner->clean($message, vB_Cleaner::TYPE_STR); $userid = $cleaner->clean($userid, vB_Cleaner::TYPE_STR); $parentid = vB_Api::instanceInternal('node')->fetchVMChannel(); $data = array('title' => '(Untitled)', 'parentid' => $parentid, 'channelid' => '', 'nodeid' => '', 'setfor' => $userid, 'rawtext' => $message); $result = vB_Api::instanceInternal('content_text')->add($data, array('wysiwyg' => false)); if (!empty($result['errors'])) { return array('response' => array('postpreview' => array('invalidid'))); } return array('response' => array('errormessage' => array('visitormessagethanks'))); }
/** * Login with fabecook logged user * * @param [string] $signed_request [fb info] * @return [array] [response -> errormessage and session params] */ public function facebook($signed_request) { $cleaner = vB::getCleaner(); $signed_request = $cleaner->clean($signed_request, vB_Cleaner::TYPE_STR); $user_api = vB_Api::instance('user'); $loginInfo = $user_api->loginExternal('facebook', array('signedrequest' => $signed_request)); if (empty($loginInfo) || isset($loginInfo['errors'])) { //the api doesn't allow us to be that specific about our errors here. //and the app gets very cranky if the login returns an unexpected error code return array('response' => array('errormessage' => array('badlogin_facebook'))); } $result = array('session' => array('dbsessionhash' => $loginInfo['login']['sessionhash'], 'userid' => $loginInfo['login']['userid']), 'response' => array('errormessage' => array('redirect_login'))); return $result; }
public function editpost($postid) { $cleaner = vB::getCleaner(); $postid = $cleaner->clean($postid, vB_Cleaner::TYPE_UINT); $post = vB_Api::instance('node')->getFullContentforNodes(array($postid)); if (empty($post)) { return array("response" => array("errormessage" => array("invalidid"))); } $post = $post[0]; $prefixes = vB_Library::instance('vb4_functions')->getPrefixes($postid); $options = vB::getDatastore()->getValue('options'); $out = array('show' => array('tag_option' => 1), 'vboptions' => array('postminchars' => $options['postminchars'], 'titlemaxchars' => $options['titlemaxchars']), 'response' => array('prefix_options' => $prefixes, 'poststarttime' => 0, 'posthash' => vB_Library::instance('vb4_posthash')->getNewPosthash())); return $out; }
/** * Returns list of vbUser info about the list of facebook user ids * @param [string] $facebookidList [Comma separated list of Facebook user ids] * @return [array] $usersArray [Array of the userInfo for the required userids] */ public function getVbfromfacebook($facebookidList) { $cleaner = vB::getCleaner(); $facebookidList = $cleaner->clean($facebookidList, vB_Cleaner::TYPE_STR); $usersArray = array(); $listIds = explode(',', $facebookidList); $users = vB::getDbAssertor()->getRows('user', array('fbuserid' => $listIds)); if (!empty($users) || !isset($users['errors'])) { foreach ($users as $user) { $usersArray[] = array('userid' => $user['userid'], 'username' => $user['username'], 'fbuserid' => $user['fbuserid']); } } return $usersArray; }
public function docopythread($threadid, $destforumid) { $cleaner = vB::getCleaner(); $threadid = $cleaner->clean($threadid, vB_Cleaner::TYPE_UINT); $destforumid = $cleaner->clean($destforumid, vB_Cleaner::TYPE_UINT); if (empty($threadid) || empty($destforumid)) { return array('response' => array('errormessage' => 'invalidid')); } $result = vB_Api::instance('node')->cloneNodes(array($threadid), $destforumid); if ($result === null || isset($result['errors'])) { return vB_Library::instance('vb4_functions')->getErrorResponse($result); } else { return array('response' => array('errormessage' => array('redirect_movethread'))); } }
function do_get_announcement() { $cleaned = vB::getCleaner()->cleanArray($_REQUEST, array('forumid' => vB_Cleaner::TYPE_UINT)); if (!isset($cleaned['forumid']) || $cleaned['forumid'] < 1) { return json_error(ERR_NO_PERMISSION); } $result = vB_Api::instance('announcement')->fetch($cleaned['forumid']); if ($result === null || isset($result['errors'])) { return json_error(ERR_NO_PERMISSION); } $posts = array(); foreach ($result as $ann) { $posts[] = fr_parse_post($ann); } return array('posts' => $posts, 'total_posts' => count($posts)); }
function do_subscribe_thread() { $userinfo = vB_Api::instance('user')->fetchUserInfo(); if ($userinfo['userid'] < 1) { return json_error(ERR_NO_PERMISSION); } $cleaned = vB::getCleaner()->cleanArray($_REQUEST, array('threadid' => vB_Cleaner::TYPE_UINT)); if (empty($cleaned['threadid'])) { return json_error(ERR_INVALID_SUB); } $result = vB_Api::instance('follow')->add($cleaned['threadid'], vB_Api_Follow::FOLLOWTYPE_CONTENT); if (empty($result) || !empty($result['errors'])) { return json_error(ERR_INVALID_SUB); } return true; }
function do_post_edit() { $userinfo = vB_Api::instance('user')->fetchUserInfo(); if ($userinfo['userid'] < 1) { return json_error(ERR_NO_PERMISSION); } $cleaned = vB::getCleaner()->cleanArray($_REQUEST, array('postid' => vB_Cleaner::TYPE_UINT, 'message' => vB_Cleaner::TYPE_STR, 'poststarttime' => vB_Cleaner::TYPE_UINT, 'hvinput' => fr_get_hvtoken())); if (empty($cleaned['postid']) || empty($cleaned['message'])) { return json_error(ERR_NO_PERMISSION); } fr_do_attachment($cleaned['postid'], $cleaned['poststarttime']); $result = vB_Api::instance('content_text')->update($cleaned['postid'], array('rawtext' => fr_process_message($cleaned['message']))); if (empty($result) || !empty($result['errors'])) { return json_error(ERR_INVALID_THREAD); } return true; }
public function sendemail($postid, $reason) { $cleaner = vB::getCleaner(); $postid = $cleaner->clean($postid, vB_Cleaner::TYPE_UINT); $reason = $cleaner->clean($reason, vB_Cleaner::TYPE_STR); if (empty($postid)) { return array('response' => array('errormessage' => array('invalidid'))); } if (empty($reason)) { return array('response' => array('errormessage' => array('invalidid'))); } $userinfo = vB_Api::instance('user')->fetchUserinfo(); $data = array('reportnodeid' => $postid, 'rawtext' => $reason, 'created' => vB::getRequest()->getTimeNow(), 'userid' => $userinfo['userid'], 'authorname' => $userinfo['username']); $result = vB_Api::instance('content_report')->add($data, array('wysiwyg' => false)); if ($result === null || isset($result['errors'])) { return vB_Library::instance('vb4_functions')->getErrorResponse($result); } return array('response' => array('errormessage' => array('redirect_reportthanks'))); }
public function newthread($forumid) { $cleaner = vB::getCleaner(); $forumid = $cleaner->clean($forumid, vB_Cleaner::TYPE_UINT); $forum = vB_Api::instance('node')->getFullContentforNodes(array($forumid)); if (empty($forum)) { return array("response" => array("errormessage" => array("invalidid"))); } $forum = $forum[0]; $foruminfo = vB_Library::instance('vb4_functions')->parseForumInfo($forum); $prefixes = vB_Library::instance('vb4_functions')->getPrefixes($forumid); $options = vB::getDatastore()->getValue('options'); $postattachment = $forum['content']['createpermissions']['vbforum_attach']; $postattachment = empty($postattachment) ? 0 : intval($postattachment); $usercontext = vB::getUserContext($this->currentUserId); $maxtags = $usercontext->getChannelLimits($forumid, 'maxstartertags'); $out = array('show' => array('tag_option' => 1), 'vboptions' => array('postminchars' => $options['postminchars'], 'titlemaxchars' => $options['titlemaxchars'], 'maxtags' => $maxtags), 'response' => array('forumrules' => array('can' => array('postattachment' => $postattachment)), 'prefix_options' => $prefixes, 'foruminfo' => $foruminfo, 'poststarttime' => vB::getRequest()->getTimeNow(), 'posthash' => vB_Library::instance('vb4_posthash')->getNewPosthash())); return $out; }
public function newreply($threadid, $disablesmilies = false) { $cleaner = vB::getCleaner(); $threadid = $cleaner->clean($threadid, vB_Cleaner::TYPE_UINT); $thread = vB_Api::instance('node')->getFullContentforNodes(array($threadid)); if (empty($thread)) { return array("response" => array("errormessage" => array("invalidid"))); } $thread = $thread[0]; $prefixes = vB_Library::instance('vb4_functions')->getPrefixes($threadid); $options = vB::getDatastore()->getValue('options'); $postattachment = $thread['content']['createpermissions']['vbforum_attach']; $postattachment = empty($postattachment) ? 0 : intval($postattachment); /* additional options' checked checkboxes array... */ $checked = array('parseurl' => 1, 'signature' => "", "subscribe" => $thread['content']['subscribed']); // SIGNATURE $userContext = vB::getUserContext(); $currentUserId = $userContext->fetchUserId(); $signature = vB_Api::instanceInternal('user')->fetchSignature($currentUserId); if (!empty($signature)) { $checked['signature'] = 1; } // DISABLESMILIES // getDataForParse converts channel.options into bbcodeoptions, and this is used by the // frontend nodetext / bbcode parsers $textDataArray = vB_Api::instanceInternal('content_text')->getDataForParse(array($threadid)); $channelAllowsSmilies = $textDataArray[$threadid]['bbcodeoptions']['allowsmilies']; if ($channelAllowsSmilies) { if (!empty($disablesmilies)) { $checked['disablesmilies'] = 1; } else { $checked['disablesmilies'] = ""; } $show['smiliebox'] = 1; } else { $show['smiliebox'] = 0; } $out = array('show' => array('tag_option' => 1, 'smiliebox' => $show['smiliebox']), 'vboptions' => array('postminchars' => $options['postminchars'], 'titlemaxchars' => $options['titlemaxchars']), 'response' => array('title' => '', 'forumrules' => array('can' => array('postattachment' => $postattachment)), 'prefix_options' => $prefixes, 'poststarttime' => 0, 'posthash' => vB_Library::instance('vb4_posthash')->getNewPosthash()), 'checked' => $checked); return $out; }
function do_get_forum_data() { $cleaned = vB::getCleaner()->cleanArray($_REQUEST, array('forumids' => vB_Cleaner::TYPE_STR)); if (!isset($cleaned['forumids']) || strlen($cleaned['forumids']) == 0) { return array('forums' => array()); } $forumids = explode(',', $cleaned['forumids']); $forum_data = array(); foreach ($forumids as $forumid) { $forum = fr_get_and_parse_forum($forumid); if ($forum != null) { $forum_data[] = $forum; } } if (!empty($forum_data)) { return array('forums' => $forum_data); } else { return null; } }
function do_delete_attachment() { $userinfo = vB_Api::instance('user')->fetchUserInfo(); if ($userinfo['userid'] < 1) { return json_error(ERR_NO_PERMISSION); } $cleaned = vB::getCleaner()->cleanArray($_REQUEST, array('attachmentid' => vB_Cleaner::TYPE_UINT)); if (empty($cleaned['attachmentid'])) { return json_error(ERR_NO_PERMISSION); } $fr_attach = vB_dB_Assertor::instance()->assertQuery('ForumRunner:getAttachmentMarkerById', array('id' => $cleaned['attachmentid'])); if (empty($fr_attach)) { return json_error(ERR_NO_PERMISSION); } $result = vB_Api::instance('content_attach')->deleteAttachment($fr_attach['attachmentid']); if (empty($result) || !empty($result['errors'])) { return json_error(ERR_NO_PERMISSION); } vB_dB_Assertor::instance()->assertQuery('ForumRunner:deleteAttachmentMarker', array('id' => $cleaned['attachmentid'])); return true; }
public function __construct(&$routeInfo, &$matches, &$queryString = '') { $cleaner = vB::getCleaner(); if (isset($matches['params']) and !empty($matches['params'])) { $paramString = strpos($matches['params'], '/') === 0 ? substr($matches['params'], 1) : $matches['params']; list($this->userid) = explode('/', $paramString); } else { if (isset($matches['userid'])) { $this->userid = $matches['userid']; } } $this->userid = $cleaner->clean($this->userid, vB_Cleaner::TYPE_INT); $routeInfo['arguments']['subtemplate'] = $this->subtemplate; $userid = vB::getCurrentSession()->get('userid'); $pmquota = vB::getUserContext($userid)->getLimit('pmquota'); $vboptions = vB::getDatastore($userid)->getValue('options'); $canUsePmSystem = ($vboptions['enablepms'] and $pmquota); if (!$canUsePmSystem) { throw new vB_Exception_NodePermission('privatemessage'); } }
public function importAdminCP($parsedXML, $startat = 0, $perpage = 1, $overwrite = false, $styleid = -1, $anyversion = false, $extra = array()) { /* * Since this function allows passing in a string rather than pulling a file from the filesystem, we should * be more careful about who can call it * This check is based on the admincp/template.php script @ if ($_REQUEST['do'] == 'upload'). We should keep them in line. */ if (!vB::getUserContext()->hasAdminPermission('canadmintemplates') or !vB::getUserContext()->hasAdminPermission('canadminstyles')) { require_once DIR . '/includes/adminfunctions.php'; print_cp_no_permission(); } if (empty($parsedXML['guid'])) { // todo: some error handling here if basic xml file validation isn't okay. } $this->parsedXML['theme'] = $parsedXML; // make sure we have the theme parent, as any imported themes will be its children if (empty(self::$themeParent['guid'])) { $this->getDefaultParentTheme(); } /* * drop any unexpected extra variables. * Let's also clean them, since there might be someway a user w/ the right permissions * hits this function directly. So here we have an issue. If coming through the adminCP page, * things will already be cleaned, so STRINGS will already be escaped. However, I don't think * the title should contain any special HTML characters, so I think we don't have to worry about * double escaping here. If we do end up having to worry about double escaping, we need to remove * the cleaning here, and just rely on the adminCP page's cleaning, then make sure NOTHING HERE * GOES STRAIGHT TO DB without going through the assertor in adminfunctions_template.php */ $unclean = $extra; $extra = array(); $cleanMap = array('title' => vB_Cleaner::TYPE_STR, 'parentid' => vB_Cleaner::TYPE_INT, 'displayorder' => vB_Cleaner::TYPE_INT, 'userselect' => vB_Cleaner::TYPE_BOOL); foreach ($unclean as $key => $value) { if (isset($cleanMap[$key])) { $extra[$key] = vB::getCleaner()->clean($value, $cleanMap[$key]); } } return $this->import($startat, $perpage, $overwrite, $styleid, $anyversion, $extra); }
public function manageattach($posthash, $attachment) { $cleaner = vB::getCleaner(); $posthash = $cleaner->clean($posthash, vB_Cleaner::TYPE_STR); $attach = $cleaner->clean($attachment, vB_Cleaner::TYPE_FILE); // vB5 doesn't understand multiple file uploads. // Manually split them. $attachments = array(); foreach ($attach as $key => $value) { for ($i = 0; $i < count($value); $i++) { $attachments[$i][$key] = $value[$i]; } } unset($attach); foreach ($attachments as $attachment) { $result = vB_Api::instance('content_attach')->upload($attachment); if (empty($result) || !empty($result['errors'])) { return vB_Library::instance('vb4_functions')->getErrorResponse($result); } vB_Library::instance('vb4_posthash')->addFiledataid($posthash, $result['filedataid']); } return array('response' => array()); }
/** * Constructor - initializes the nozip system, * and calls and instance of the vB_Input_Cleaner class */ function vB_Registry() { // variable to allow bypassing of gzip compression $this->nozip = defined('NOZIP') ? true : (@ini_get('zlib.output_compression') ? true : false); // variable that controls HTTP header output $this->noheader = defined('NOHEADER') ? true : false; @ini_set('zend.ze1_compatibility_mode', 0); // initialize the input handler $this->cleaner =& vB::getCleaner(); $this->input = new vB_Input_Cleaner($this); // initialize the shutdown handler $this->shutdown = vB_Shutdown::instance(); $this->config =& vB::getConfig(); $this->csrf_skip_list = defined('CSRF_SKIP_LIST') ? explode(',', CSRF_SKIP_LIST) : array(); }
/** * Checks the various options as to whether the current user can physically remove a post * @param integer $nodeid * * @return integer 0 or 1 */ public function canRemovePost($nodeid) { if ($this->disabled) { // if disabled we do not have permission return 0; } $nodeid = vB::getCleaner()->clean($nodeid, vB_Cleaner::TYPE_INT); $userContext = vB::getUserContext(); //if the user has global canremove, we're done if ($userContext->hasPermission('moderatorpermissions', 'canremoveposts') or $userContext->getChannelPermission('moderatorpermissions', 'canremoveposts', $nodeid)) { return 1; } //If this is is a visitor message, we check some other permissions. $node = vB_Library::instance('node')->getNodeBare($nodeid); if ($node['starter'] > 0 and $node['setfor'] > 0) { if ($userContext->hasPermission('moderatorpermissions2', 'canremovevisitormessages')) { return 1; } else { if ($node['setfor'] == vB::getCurrentSession()->get('userid') and $userContext->hasPermission('visitormessagepermissions', 'candeleteownmessages')) { return 1; } } } return 0; }
/** * Search phrases * @param array $criteria Criteria to search phrases. It may have the following items: * 'searchstring' => Search for Text * 'searchwhere' => Search in: 0 - Phrase Text Only, 1 - Phrase Variable Name Only, 2 - Phrase Text and Phrase Variable Name * 'casesensitive' => Case-Sensitive 1 - Yes, 0 - No * 'exactmatch' => Exact Match 1 - Yes, 0 - No * 'languageid' => Search in Language. The ID of the language * 'phrasetype' => Phrase Type. Phrase group IDs to search in. * 'transonly' => Search Translated Phrases Only 1 - Yes, 0 - No * 'product' => Product ID to search in. * * @return array Phrases */ public function search($criteria) { //This should only be called from admincp, and the permission there is 'canadminlanguages'. if (!vB::getUserContext()->hasAdminPermission('canadminlanguages')) { throw new vB_Exception_Api('no_permission'); } //if searchstring is not set, throw exception if ($criteria['searchstring'] == '') { throw new vB_Exception_Api('please_complete_required_fields'); } $criteria['searchstring'] = vB::getCleaner()->clean($criteria['searchstring'], vB_Cleaner::TYPE_STR); //if searchwhere criteria is not set, defaults to 0 - Phrase Text Only search, mimicking admincp phrase search settings if (!isset($criteria['searchwhere'])) { $criteria['searchwhere'] = 0; } $criteria['searchwhere'] = vB::getCleaner()->clean($criteria['searchwhere'], vB_Cleaner::TYPE_INT); //if casesensitive criteria is not set, defaults to 0, mimicking admincp phrase search settings if (!isset($criteria['casesensitive'])) { $criteria['casesensitive'] = 0; } $criteria['casesensitive'] = vB::getCleaner()->clean($criteria['casesensitive'], vB_Cleaner::TYPE_INT); //if exactmatch criteria is not set, defaults to 0, mimicking admincp phrase search settings if (!isset($criteria['exactmatch'])) { $criteria['exactmatch'] = 0; } $criteria['exactmatch'] = vB::getCleaner()->clean($criteria['exactmatch'], vB_Cleaner::TYPE_INT); //if language criteria is not set, defaults to -10, mimicking admincp phrase search settings if (!isset($criteria['languageid'])) { $criteria['languageid'] = -10; } $criteria['languageid'] = vB::getCleaner()->clean($criteria['languageid'], vB_Cleaner::TYPE_INT); //if transonly criteria is not set, defaults to 0, mimicking admincp phrase search settings if (!isset($criteria['transonly'])) { $criteria['transonly'] = 0; } $criteria['transonly'] = vB::getCleaner()->clean($criteria['transonly'], vB_Cleaner::TYPE_INT); //if product criteria is not set, defaults to all products, mimicking admincp phrase search settings if (!isset($criteria['product'])) { $criteria['product'] = ''; } $criteria['product'] = vB::getCleaner()->clean($criteria['product'], vB_Cleaner::TYPE_STR); $phrases = vB::getDbAssertor()->getRows('searchPhrases', array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_METHOD, 'criteria' => $criteria)); if (empty($phrases)) { return array(); } $phrasearray = array(); foreach ($phrases as $phrase) { // check to see if the languageid is already set if ($criteria['languageid'] > 0 and isset($phrasearray["{$phrase['fieldname']}"]["{$phrase['varname']}"]["{$criteria['languageid']}"])) { continue; } $phrasearray["{$phrase['fieldname']}"]["{$phrase['varname']}"]["{$phrase['languageid']}"] = $phrase; } return $phrasearray; }
/** * Cleans the input in the $data array, directly updating $data. * * @param mixed Array of fieldname => data pairs, passed by reference. * @param int|false Nodeid of the node being edited, false if creating new */ public function cleanInput(&$data, $nodeid = false) { $parentid = empty($data['parentid']) ? $nodeid : $data['parentid']; $userCanUseHtml = false; if (!empty($parentid)) { $userCanUseHtml = vB::getUserContext()->getChannelPermission('forumpermissions2', 'canusehtml', $parentid); } // We're only allowing html in titles and descriptions for channels. // htmltitle not included because if it was provided, it should still not have html in it anyway. $htmlFields = array('title', 'description'); $htmlData = array(); $cleaner = vB::getCleaner(); if ($userCanUseHtml) { foreach ($htmlFields as $fieldname) { if (isset($data[$fieldname])) { $htmlData[$fieldname] = $cleaner->clean($data[$fieldname], vB_Cleaner::TYPE_STR); } } } parent::cleanInput($data, $nodeid); // Let vB_Api_Content cleanInput do it's thing, then just replace the html fields if they were set. foreach ($htmlData as $fieldname => $value) { $data[$fieldname] = $value; } }
/** * Insert a new usergroup promotion or update an existing one * * @param array $promotion Promotion information with fields: * * usergroupid * * reputation * * date * * posts * * strategy * * type * * reputationtype * * joinusergroupid * @param int $usergroupid * @param int $userpromotionid Existing Usergroup promotion ID to be updated * @return int new or existing userpromotion ID */ public function savePromotion($promotion, $usergroupid, $userpromotionid = 0) { $cleaner = vB::getCleaner(); $promotion = $cleaner->clean($promotion, vB_Cleaner::TYPE_ARRAY); $usergroupid = $cleaner->clean($usergroupid, vB_Cleaner::TYPE_INT); $userpromotionid = $cleaner->clean($userpromotionid, vB_Cleaner::TYPE_INT); $this->checkHasAdminPermission('canadminpermissions'); $usergroupid = intval($usergroupid); $userpromotionid = intval($userpromotionid); if (!isset($promotion['joinusergroupid']) or $promotion['joinusergroupid'] == -1) { throw new vB_Exception_Api('invalid_usergroup_specified'); } if (!empty($promotion['reputationtype']) and $promotion['strategy'] <= 16) { $promotion['strategy'] += 8; } unset($promotion['reputationtype']); // update if (!empty($userpromotionid)) { if ($usergroupid == $promotion['joinusergroupid']) { throw new vB_Exception_Api('promotion_join_same_group'); } $data = array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_UPDATE, vB_dB_Query::CONDITIONS_KEY => array('userpromotionid' => $userpromotionid)); $data += $promotion; vB::getDbAssertor()->assertQuery('userpromotion', $data); return $userpromotionid; } else { $usergroupid = $promotion['usergroupid']; if ($usergroupid == $promotion['joinusergroupid']) { throw new vB_Exception_Api('promotion_join_same_group'); } /*insert query*/ $data = array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_INSERT); $data += $promotion; $promotion_id = vB::getDbAssertor()->assertQuery('userpromotion', $data); return $promotion_id; } }
function do_start_conversation() { $userinfo = vB_Api::instance('user')->fetchUserInfo(); if (!$userinfo['userid']) { return json_error(ERR_INVALID_LOGGEDIN, RV_NOT_LOGGED_IN); } $cleaned = vB::getCleaner()->cleanArray($_REQUEST, array('recipients' => vB_Cleaner::TYPE_STR, 'title' => vB_Cleaner::TYPE_STR, 'message' => vB_Cleaner::TYPE_STR)); $cleaned['recipients'] = str_replace(';', ',', $cleaned['recipients']); if (preg_match('/^,/', $cleaned['recipients'])) { $cleaned['recipients'] = substr($cleaned['recipients'], 1); } if (preg_match('/,$/', $cleaned['recipients'])) { $cleaned['recipients'] = substr($cleaned['recipients'], 0, -1); } $data = array('msgRecipients' => $cleaned['recipients'], 'title' => $cleaned['title'], 'rawtext' => $cleaned['message']); $pm = vB_Api::instance('content_privatemessage')->add($data); if (isset($pm['errors'])) { return json_error(ERR_INVALID_PM); } return true; }
/** * Constructor - Checks for necessity of registry object * * @param vB_Registry Instance of the vBulletin data registry object - expected to have the database object as one of its $this->db member. * @param integer One of the ERRTYPE_x constants */ public function __construct(&$registry = NULL, $errtype = NULL) { parent::__construct($registry, $errtype); $this->cleaner = vB::getCleaner(); // Legacy Hook 'stylevardata_start' Removed // }
/** * Process the exclude filter * * @param array $nodeids the ids of the nodes (and it's children) to exclude */ protected function process_exclude_filters($nodeids) { if (empty($nodeids)) { return; } if (is_numeric($nodeids)) { $nodeids = array($nodeids); } $nodeids = vB::getCleaner()->clean($nodeids, vB_Cleaner::TYPE_ARRAY_UINT); if (empty($this->join['closure'])) { $this->join['closure'] = "JOIN " . TABLE_PREFIX . "closure AS closure ON node.nodeid = closure.child"; } $this->join['exclude_closure'] = "LEFT JOIN " . TABLE_PREFIX . "closure AS exclude_closure\n\t\t\tON (exclude_closure.child = closure.child AND\n\t\t\t\texclude_closure.parent IN (" . implode(',', $nodeids) . " ))\n"; $this->where[] = "exclude_closure.child IS NULL "; }
public function dodeletespam($threadids, $deletetype) { $cleaner = vB::getCleaner(); $threadids = $cleaner->clean($threadids, vB_Cleaner::TYPE_STR); $deletetype = $cleaner->clean($deletetype, vB_Cleaner::TYPE_UINT); $threadids = explode(',', $threadids); $threadids = array_map("trim", $threadids); if (empty($threadids)) { return array('response' => array('errormessage' => 'you_did_not_select_any_valid_threads')); } $deletereason = null; $hard = false; if ($deletetype == 2) { $hard = true; } $result = vB_Api::instance('node')->deleteNodes($threadids, $hard, $deletereason); if ($result === null || isset($result['errors'])) { return vB_Library::instance('vb4_functions')->getErrorResponse($result); } return array('response' => array('errormessage' => 'redirect_inline_deleted')); }
function do_ban_user() { $userinfo = vB_Api::instance('user')->fetchUserInfo(); if ($userinfo['userid'] < 1) { return json_error(ERR_NO_PERMISSION); } $cleaned = vB::getCleaner()->cleanArray($_REQUEST, array('userid' => vB_Cleaner::TYPE_UINT, 'usergroupid' => vB_Cleaner::TYPE_UINT, 'period' => vB_Cleaner::TYPE_STR, 'reason' => vB_Cleaner::TYPE_STR)); if (!isset($cleaned['userid']) || !isset($cleaned['period'])) { return json_error(ERR_NO_PERMISSION); } !isset($cleaned['usergroupid']) || $cleaned['usergroupid'] < 1 ? $banusergroupid = 8 : ($banusergroupid = $cleaned['usergroupid']); $user = vB_Api::instance('user')->banUsers(array($cleaned['userid']), $banusergroupid, $cleaned['period'], $cleaned['reason']); if ($user === null || isset($user['errors'])) { return false; } return true; }
function do_register() { $cleaned = vB::getCleaner()->cleanArray($_REQUEST, array('username' => vB_Cleaner::TYPE_STR, 'email' => vB_Cleaner::TYPE_STR, 'password' => vB_Cleaner::TYPE_STR, 'birthday' => vB_Cleaner::TYPE_STR, 'timezone_name' => vB_Cleaner::TYPE_STR)); if (empty($cleaned['username'])) { return fr_register_info(); } if (empty($cleaned['email']) || empty($cleaned['password'])) { return json_error(ERR_NO_PERMISSION); } $data = array('username' => $cleaned['username'], 'email' => $cleaned['email']); if (!empty($cleaned['birthday'])) { $data['birthday'] = $cleaned['birthday']; } $result = vB_Api::instance('user')->save(0, $cleaned['password'], $data, array(), array(), array()); if (empty($result) || !empty($result['errors'])) { if (is_array($result['errors'])) { $errorstr = ''; foreach ($result['errors'] as $error) { $phraseAux = vB_Api::instanceInternal('phrase')->fetch(array($error[0])); if (isset($phraseAux[$error[0]])) { $message = $phraseAux[$error[0]]; } else { $message = $error[0]; } if (sizeof($error) > 1) { $error[0] = $message; $message = call_user_func_array('construct_phrase', $error); } $errorstr .= strip_tags($message) . " "; } return json_error($errorstr); } return json_error(ERR_NO_PERMISSION); } return true; }
/** * Creates a valid string of comma-separated integers * * @param mixed Either specify a string of integers separated by parameter 2, or an array of integers * @param string The 'glue' for the string. Usually a comma or a space. * @param boolean Whether or not to exclude zero from the list * * @return boolean */ function verify_list(&$list, $glue = ',', $dropzero = false) { if ($list !== '') { // turn strings into arrays if (!is_array($list)) { if (preg_match_all('#(-?\\d+)#s', $list, $matches)) { $list = $matches[1]; } else { $list = ''; return true; } } // clean array values and remove duplicates, then sort into order $cleaner = vB::getCleaner(); $list = array_unique($cleaner->clean($list, vB_Cleaner::TYPE_ARRAY_INT)); sort($list); // remove zero values if ($dropzero) { $key = array_search(0, $list); if ($key !== false) { unset($list["{$key}"]); } } // implode back into a string $list = implode($glue, $list); } return true; }
function do_search_searchid() { $userinfo = vB_Api::instance('user')->fetchUserInfo(); if ($userinfo['userid'] < 1) { return json_error(ERR_NO_PERMISSION); } $cleaned = vB::getCleaner()->cleanArray($_REQUEST, array('searchid' => vB_Cleaner::TYPE_UINT, 'page' => vB_Cleaner::TYPE_UINT, 'perpage' => vB_Cleaner::TYPE_UINT, 'previewtype' => vB_Cleaner::TYPE_UINT)); $cleaned['page'] = empty($cleaned['page']) ? 1 : $cleaned['page']; $cleaned['perpage'] = empty($cleaned['perpage']) ? 10 : $cleaned['perpage']; $cleaned['previewtype'] = empty($cleaned['previewtype']) ? 1 : $cleaned['previewtype']; if (empty($cleaned['searchid'])) { return json_error(ERR_NO_PERMISSION); } return fr_search_results($cleaned['searchid'], $cleaned['page'], $cleaned['perpage'], $cleaned['previewtype']); }