/**
* Executes StringUtil::encodeHTML on the given text if disableEncoding is false.
* @see \wcf\util\StringUtil::encodeHTML()
*/
protected function encodeHTML($text)
{
if (!$this->disableEncoding) {
$text = StringUtil::encodeHTML($text);
}
return $text;
}
/**
* Parses search keywords.
*
* @param string $keywordString
*/
protected function parseKeywords($keywordString)
{
// convert encoding if necessary
if (!StringUtil::isUTF8($keywordString)) {
$keywordString = StringUtil::convertEncoding('ISO-8859-1', 'UTF-8', $keywordString);
}
// remove bad wildcards
$keywordString = preg_replace('/(?<!\\w)\\*/', '', $keywordString);
// remove search operators
$keywordString = preg_replace('/[\\+\\-><()~]+/', '', $keywordString);
if (mb_substr($keywordString, 0, 1) == '"' && mb_substr($keywordString, -1) == '"') {
// phrases search
$keywordString = StringUtil::trim(mb_substr($keywordString, 1, -1));
if (!empty($keywordString)) {
$this->keywords = array_merge($this->keywords, array(StringUtil::encodeHTML($keywordString)));
}
} else {
// replace word delimiters by space
$keywordString = str_replace(array('.', ','), ' ', $keywordString);
$keywords = ArrayUtil::encodeHTML(ArrayUtil::trim(explode(' ', $keywordString)));
if (!empty($keywords)) {
$this->keywords = array_merge($this->keywords, $keywords);
}
}
}
/**
* @see \wcf\data\user\avatar\IUserAvatar::getImageTag()
*/
public function getImageTag($size = null)
{
if ($size === null) {
$size = $this->size;
}
return '<img src="' . StringUtil::encodeHTML($this->getURL($size)) . '" style="width: ' . $size . 'px; height: ' . $size . 'px" alt="" class="userAvatarImage" />';
}
/**
* @see \wcf\system\option\user\IUserOptionOutput::getOutput()
*/
public function getOutput(User $user, UserOption $option, $value)
{
if (empty($value)) {
return '';
}
return '<img src="' . StringUtil::encodeHTML($value) . '" alt="" />';
}
/**
* @see \wcf\system\bbcode\IBBCode::getParsedTag()
*/
public function getParsedTag(array $openingTag, $content, array $closingTag, BBCodeParser $parser)
{
$src = '';
if (isset($openingTag['attributes'][0])) {
$src = $openingTag['attributes'][0];
}
if ($parser->getOutputType() == 'text/html') {
$float = '';
if (isset($openingTag['attributes'][1])) {
$float = $openingTag['attributes'][1];
}
$style = '';
if ($float == 'left' || $float == 'right') {
$style = 'float: ' . $float . '; margin: ' . ($float == 'left' ? '0 15px 7px 0' : '0 0 7px 15px') . ';';
}
$width = 0;
if (isset($openingTag['attributes'][2])) {
$width = $openingTag['attributes'][2];
$style .= 'width: ' . $width . 'px;';
}
return '<img src="' . $src . '" class="jsResizeImage" alt=""' . ($style ? ' style="' . $style . '"' : '') . ' />';
} else {
if ($parser->getOutputType() == 'text/simplified-html') {
$src = StringUtil::decodeHTML($src);
$path = parse_url($src, PHP_URL_PATH);
if ($path !== false) {
return StringUtil::encodeHTML(basename($path));
}
return '';
}
}
}
/**
* @see \wcf\system\option\user\IUserOptionOutput::getOutput()
*/
public function getOutput(User $user, UserOption $option, $value)
{
if (empty($value) || $value == 'http://') {
return '';
}
$value = self::getURL($value);
$value = StringUtil::encodeHTML($value);
return '<a href="' . $value . '" class="externalURL"' . (EXTERNAL_LINK_REL_NOFOLLOW ? ' rel="nofollow"' : '') . (EXTERNAL_LINK_TARGET_BLANK ? ' target="_blank"' : '') . '>' . $value . '</a>';
}
/**
* @see \wcf\system\bbcode\highlighter\Highlighter::cacheQuotes()
*/
protected function cacheQuotes($string)
{
if ($this->quotesRegEx !== null) {
$string = $this->quotesRegEx->replace($string, new Callback(function (array $matches) {
return StringStack::pushToStringStack('<span class="hlQuotes">' . StringUtil::encodeHTML($matches[0]) . '</span>', 'highlighterQuotes', "");
}));
}
return $string;
}
/**
* @see \wcf\system\option\user\IUserOptionOutput::getOutput()
*/
public function getOutput(User $user, UserOption $option, $value)
{
if (empty($value)) {
return '';
}
$url = StringUtil::encodeHTML('https://plus.google.com/' . $value . '/posts');
$value = StringUtil::encodeHTML($value);
return '<a href="' . $url . '" class="externalURL"' . (EXTERNAL_LINK_REL_NOFOLLOW ? ' rel="me nofollow"' : ' rel="me"') . (EXTERNAL_LINK_TARGET_BLANK ? ' target="_blank"' : '') . '>' . $value . '</a>';
}
/**
* @see \wcf\system\bbcode\highlighter\Highlighter::cacheQuotes()
*/
protected function cacheQuotes($string)
{
$string = parent::cacheQuotes($string);
// highlight CDATA-Tags as quotes
$string = Regex::compile('<!\\[CDATA\\[.*?\\]\\]>', Regex::DOT_ALL)->replace($string, new Callback(function (array $matches) {
return StringStack::pushToStringStack('<span class="hlQuotes">' . StringUtil::encodeHTML($matches[0]) . '</span>', 'highlighterQuotes');
}));
return $string;
}
/**
* Returns the formatted username.
*
* @return string
*/
public function getFormattedUsername()
{
$username = StringUtil::encodeHTML($this->username);
if ($this->userOnlineMarking && $this->userOnlineMarking != '%s') {
$username = str_replace('%s', $username, $this->userOnlineMarking);
}
if ($this->canViewOnlineStatus == 3) {
$username .= WCF::getLanguage()->get('wcf.user.usersOnline.invisible');
}
return $username;
}
/**
* Returns the image of this user rank.
*
* @return string html code
*/
public function getImage()
{
if ($this->rankImage) {
$image = '<img src="' . (!preg_match('~^(/|https?://)~i', $this->rankImage) ? WCF::getPath() : '') . StringUtil::encodeHTML($this->rankImage) . '" alt="" />';
if ($this->repeatImage > 1) {
$image = str_repeat($image, $this->repeatImage);
}
return $image;
}
return '';
}
/**
* Converts html special characters in the given array.
*
* @param array $array
* @return array
*/
public static function encodeHTML($array)
{
if (!is_array($array)) {
return StringUtil::encodeHTML($array);
} else {
foreach ($array as $key => $val) {
$array[$key] = self::encodeHTML($val);
}
return $array;
}
}
/**
* Sets option values for a specific user.
*
* @param \wcf\data\user\User $user
*/
public function setOptionValue(User $user)
{
$userOption = 'userOption' . $this->optionID;
$optionValue = $user->{$userOption};
// use output class
if ($this->outputClass) {
$outputObj = $this->getOutputObject();
$this->optionValue = $outputObj->getOutput($user, $this->getDecoratedObject(), $optionValue);
} else {
$this->optionValue = StringUtil::encodeHTML($optionValue);
}
}
/**
* @see wcf\system\template\IBlockTemplatePlugin::execute()
*/
public function execute($tagArgs, $blockContent, TemplateEngine $tplObj)
{
if (!isset($tagArgs['controller'])) {
throw new SystemException("missing 'controller' argument in link tag");
}
if (!isset($tagArgs['application']) || empty($tagArgs['application'])) {
$tagArgs['application'] = 'wcf';
}
if (isset($tagArgs['encode']) && !$tagArgs['encode']) {
return LinkHandler::getInstance()->getLink($tagArgs['controller'], $tagArgs, $blockContent);
}
return StringUtil::encodeHTML(LinkHandler::getInstance()->getLink($tagArgs['controller'], $tagArgs, $blockContent));
}
/**
* @see \wcf\system\option\IOptionType::getFormElement()
*/
public function getFormElement(Option $option, $value)
{
// get selected group
$selectedGroups = explode(',', $value);
// get all groups
$groups = UserGroup::getGroupsByType();
// generate html
$html = '';
foreach ($groups as $group) {
$html .= '<label><input type="checkbox" name="values[' . StringUtil::encodeHTML($option->optionName) . '][]" value="' . $group->groupID . '" ' . (in_array($group->groupID, $selectedGroups) ? 'checked="checked" ' : '') . '/> ' . $group->getName() . '</label>';
}
return $html;
}
/**
* Generates the select list.
*
* @param integer $parentID id of the parent template group
* @param integer $depth current list depth
* @param array $ignore list of template group ids to ignore in result
*/
protected static function makeSelectList($parentID = 0, $depth = 0, $ignore = array()) {
if (!isset(self::$templateGroupStructure[$parentID])) return;
foreach (self::$templateGroupStructure[$parentID] as $templateGroup) {
if (!empty($ignore) && in_array($templateGroup->templateGroupID, $ignore)) continue;
// we must encode html here because the htmloptions plugin doesn't do it
$title = StringUtil::encodeHTML($templateGroup->templateGroupName);
if ($depth > 0) $title = str_repeat(' ', $depth). ' ' . $title;
self::$selectList[$templateGroup->templateGroupID] = $title;
self::makeSelectList($templateGroup->templateGroupID, $depth + 1, $ignore);
}
}
/**
* @see \wcf\system\payment\method\IPaymentMethod::getPurchaseButton()
*/
public function getPurchaseButton($cost, $currency, $name, $token, $returnURL, $cancelReturnURL, $isRecurring = false, $subscriptionLength = 0, $subscriptionLengthUnit = '')
{
if ($isRecurring) {
// subscribe button
return '<form method="post" action="https://www.' . (ENABLE_DEBUG_MODE ? 'sandbox.' : '') . 'paypal.com/cgi-bin/webscr">
<input type="hidden" name="a3" value="' . $cost . '" />
<input type="hidden" name="p3" value="' . $subscriptionLength . '" />
<input type="hidden" name="t3" value="' . $subscriptionLengthUnit . '" />
<input type="hidden" name="src" value="1" />
<input type="hidden" name="business" value="' . StringUtil::encodeHTML(PAYPAL_EMAIL_ADDRESS) . '" />
<input type="hidden" name="cancel_return" value="' . StringUtil::encodeHTML($cancelReturnURL) . '" />
<input type="hidden" name="charset" value="utf-8" />
<input type="hidden" name="cmd" value="_xclick-subscriptions" />
<input type="hidden" name="currency_code" value="' . $currency . '" />
<input type="hidden" name="custom" value="' . StringUtil::encodeHTML($token) . '" />
<input type="hidden" name="email" value="' . StringUtil::encodeHTML(WCF::getUser()->email) . '" />
<input type="hidden" name="item_name" value="' . StringUtil::encodeHTML($name) . '" />
<input type="hidden" name="lc" value="' . strtoupper(WCF::getLanguage()->languageCode) . '" />
<input type="hidden" name="no_note" value="1" />
<input type="hidden" name="no_shipping" value="1" />
<input type="hidden" name="notify_url" value="' . StringUtil::encodeHTML(LinkHandler::getInstance()->getLink('PaypalCallback', array('appendSession' => false))) . '" />
<input type="hidden" name="quantity" value="1" />
<input type="hidden" name="return" value="' . StringUtil::encodeHTML($returnURL) . '" />
<button class="small" type="submit">' . WCF::getLanguage()->get('wcf.payment.paypal.button.subscribe') . '</button>
</form>';
} else {
return '<form method="post" action="https://www.' . (ENABLE_DEBUG_MODE ? 'sandbox.' : '') . 'paypal.com/cgi-bin/webscr">
<input type="hidden" name="amount" value="' . $cost . '" />
<input type="hidden" name="business" value="' . StringUtil::encodeHTML(PAYPAL_EMAIL_ADDRESS) . '" />
<input type="hidden" name="cancel_return" value="' . StringUtil::encodeHTML($cancelReturnURL) . '" />
<input type="hidden" name="charset" value="utf-8" />
<input type="hidden" name="cmd" value="_xclick" />
<input type="hidden" name="currency_code" value="' . $currency . '" />
<input type="hidden" name="custom" value="' . StringUtil::encodeHTML($token) . '" />
<input type="hidden" name="email" value="' . StringUtil::encodeHTML(WCF::getUser()->email) . '" />
<input type="hidden" name="item_name" value="' . StringUtil::encodeHTML($name) . '" />
<input type="hidden" name="lc" value="' . strtoupper(WCF::getLanguage()->languageCode) . '" />
<input type="hidden" name="no_note" value="1" />
<input type="hidden" name="no_shipping" value="1" />
<input type="hidden" name="notify_url" value="' . StringUtil::encodeHTML(LinkHandler::getInstance()->getLink('PaypalCallback', array('appendSession' => false))) . '" />
<input type="hidden" name="quantity" value="1" />
<input type="hidden" name="return" value="' . StringUtil::encodeHTML($returnURL) . '" />
<button class="small" type="submit">' . WCF::getLanguage()->get('wcf.payment.paypal.button.purchase') . '</button>
</form>';
}
}
/**
* @see wcf\system\template\IBlockTemplatePlugin::execute()
*/
public function execute($tagArgs, $blockContent, TemplateEngine $tplObj) {
if (!array_key_exists('controller', $tagArgs)) {
$tagArgs['controller'] = null;
}
if (!isset($tagArgs['application']) || empty($tagArgs['application'])) {
$tagArgs['application'] = 'wcf';
}
if (isset($tagArgs['encode']) && !$tagArgs['encode']) {
unset($tagArgs['encode']);
return LinkHandler::getInstance()->getLink($tagArgs['controller'], $tagArgs, $blockContent);
}
return StringUtil::encodeHTML(LinkHandler::getInstance()->getLink($tagArgs['controller'], $tagArgs, $blockContent));
}
/**
* Adds or replaces a meta tag.
*
* @param string $identifier
* @param string $name
* @param string $value
* @param boolean $isProperty
*/
public function addTag($identifier, $name, $value, $isProperty = false) {
if (!$this->regex->match($value)) {
$value = StringUtil::encodeHTML($value);
}
$this->objects[$identifier] = array(
'isProperty' => $isProperty,
'name' => $name,
'value' => $value
);
// replace description if Open Graph Protocol tag was given
if ($name == 'og:description') {
$this->objects['description']['value'] = $value;
}
$this->indexToObject[] = $identifier;
}
/**
* @see \wcf\system\bbcode\IBBCode::getParsedTag()
*/
public function getParsedTag(array $openingTag, $content, array $closingTag, BBCodeParser $parser)
{
$content = StringUtil::trim($content);
if ($parser->getOutputType() == 'text/html') {
foreach (BBCodeMediaProvider::getCache() as $provider) {
if ($provider->matches($content)) {
return $provider->getOutput($content);
}
}
}
if ($parser->getOutputType() == 'text/simplified-html') {
foreach (BBCodeMediaProvider::getCache() as $provider) {
if ($provider->matches($content)) {
return StringUtil::getAnchorTag($content);
}
}
}
return StringUtil::encodeHTML($content);
}
/**
* @see \wcf\system\bbcode\highlighter\Highlighter::highlight()
*/
public function highlight($data)
{
$lines = explode("\n", $data);
foreach ($lines as $key => $val) {
if (in_array(mb_substr($val, 0, 1), $this->info) || in_array($val, $this->splitter)) {
$lines[$key] = '<span class="hlComments">' . StringUtil::encodeHTML($val) . '</span>';
} else {
if (in_array(mb_substr($val, 0, 1), $this->add)) {
$lines[$key] = '<span class="hlAdded">' . StringUtil::encodeHTML($val) . '</span>';
} else {
if (in_array(mb_substr($val, 0, 1), $this->delete)) {
$lines[$key] = '<span class="hlRemoved">' . StringUtil::encodeHTML($val) . '</span>';
} else {
$lines[$key] = StringUtil::encodeHTML($val);
}
}
}
}
$data = implode("\n", $lines);
return $data;
}
/**
* Sets option values for a specific user.
*
* @param wcf\data\user\User $user
* @param string $outputType
*/
public function setOptionValue(User $user, $outputType = 'normal')
{
$userOption = 'userOption' . $this->optionID;
$optionValue = $user->{$userOption};
// use output class
if ($this->outputClass) {
$outputObj = $this->getOutputObject();
if ($outputObj instanceof IUserOptionOutputContactInformation) {
$this->outputData = $outputObj->getOutputData($user, $this->getDecoratedObject(), $optionValue);
}
if ($outputType == 'normal') {
$this->optionValue = $outputObj->getOutput($user, $this->getDecoratedObject(), $optionValue);
} else {
if ($outputType == 'short') {
$this->optionValue = $outputObj->getShortOutput($user, $this->getDecoratedObject(), $optionValue);
} else {
$outputType = $outputObj->getMediumOutput($user, $this->getDecoratedObject(), $optionValue);
}
}
} else {
$this->optionValue = StringUtil::encodeHTML($optionValue);
}
}
/**
* @see \wcf\data\user\avatar\IUserAvatar::getCropImageTag()
*/
public function getCropImageTag($size = null)
{
$imageTag = $this->getImageTag($size);
// append CSS classes and append title
$title = StringUtil::encodeHTML(WCF::getLanguage()->get('wcf.user.avatar.type.custom.crop'));
return str_replace('class="userAvatarImage"', 'class="userAvatarImage userAvatarCrop jsTooltip" title="' . $title . '"', $imageTag);
}
/**
* Prints the error page.
*/
public function show()
{
$this->information .= '<b>sql type:</b> ' . StringUtil::encodeHTML($this->getDBType()) . '<br />';
$this->information .= '<b>sql error:</b> ' . StringUtil::encodeHTML($this->getErrorDesc()) . '<br />';
$this->information .= '<b>sql error number:</b> ' . StringUtil::encodeHTML($this->getErrorNumber()) . '<br />';
$this->information .= '<b>sql version:</b> ' . StringUtil::encodeHTML($this->getSQLVersion()) . '<br />';
if ($this->preparedStatement !== null) {
$this->information .= '<b>sql query:</b> ' . StringUtil::encodeHTML($this->preparedStatement->getSQLQuery()) . '<br />';
$parameters = $this->preparedStatement->getSQLParameters();
if (!empty($parameters)) {
foreach ($parameters as $index => $parameter) {
$this->information .= '<b>sql query parameter ' . $index . ':</b>' . StringUtil::encodeHTML($parameter) . '<br />';
}
}
}
parent::show();
}
/**
* Returns a list of the users online markings.
*
* @return array
*/
public function getUsersOnlineMarkings()
{
if ($this->usersOnlineMarkings === null) {
$this->usersOnlineMarkings = $priorities = array();
// get groups
foreach (UserGroup::getGroupsByType() as $group) {
if ($group->userOnlineMarking != '%s') {
$priorities[] = $group->priority;
$this->usersOnlineMarkings[] = str_replace('%s', StringUtil::encodeHTML(WCF::getLanguage()->get($group->groupName)), $group->userOnlineMarking);
}
}
// sort list
array_multisort($priorities, SORT_DESC, $this->usersOnlineMarkings);
}
return $this->usersOnlineMarkings;
}
/**
* Return text.
*
* @return string
*/
public function getText()
{
if ($this->type == self::TYPE_HTML) {
return $this->text;
} else {
if ($this->type == self::TYPE_BBCODE) {
return MessageParser::getInstance()->parse($this->text);
} else {
return StringUtil::encodeHTML($this->text);
}
}
}
/**
* @see \Iterator::current()
*/
public function current()
{
$tag = $this->objects[$this->indexToObject[$this->index]];
return '<meta ' . ($tag['isProperty'] ? 'property' : 'name') . '="' . $tag['name'] . '" content="' . StringUtil::encodeHTML($tag['value']) . '" />';
}
/**
* Gets the list of results.
*/
protected function readUsers()
{
// get user ids
$userIDs = array();
$sql = "SELECT\t\tuser_table.userID\n\t\t\tFROM\t\twcf" . WCF_N . "_user user_table\n\t\t\t" . (isset($this->options[$this->sortField]) ? "LEFT JOIN wcf" . WCF_N . "_user_option_value user_option_value ON (user_option_value.userID = user_table.userID)" : '') . "\n\t\t\t" . $this->conditions . "\n\t\t\tORDER BY\t" . ($this->sortField != 'email' && isset($this->options[$this->sortField]) ? 'user_option_value.userOption' . $this->options[$this->sortField]['optionID'] : $this->sortField) . " " . $this->sortOrder;
$statement = WCF::getDB()->prepareStatement($sql, $this->itemsPerPage, ($this->pageNo - 1) * $this->itemsPerPage);
$statement->execute($this->conditions->getParameters());
while ($row = $statement->fetchArray()) {
$userIDs[] = $row['userID'];
}
// get user data
if (count($userIDs)) {
$userToGroups = array();
// get group ids
$conditions = new PreparedStatementConditionBuilder();
$conditions->add("user_table.userID IN (?)", array($userIDs));
$sql = "SELECT\tuserID, groupID\n\t\t\t\tFROM\twcf" . WCF_N . "_user_to_group user_table\n\t\t\t\t" . $conditions;
$statement = WCF::getDB()->prepareStatement($sql);
$statement->execute($conditions->getParameters());
while ($row = $statement->fetchArray()) {
$userToGroups[$row['userID']][] = $row['groupID'];
}
$sql = "SELECT\t\toption_value.*, user_table.*\n\t\t\t\tFROM\t\twcf" . WCF_N . "_user user_table\n\t\t\t\tLEFT JOIN\twcf" . WCF_N . "_user_option_value option_value\n\t\t\t\tON\t\t(option_value.userID = user_table.userID)\n\t\t\t\t" . $conditions . "\n\t\t\t\tORDER BY\t" . ($this->sortField != 'email' && isset($this->options[$this->sortField]) ? 'option_value.userOption' . $this->options[$this->sortField]['optionID'] : 'user_table.' . $this->sortField) . " " . $this->sortOrder;
$statement = WCF::getDB()->prepareStatement($sql);
$statement->execute($conditions->getParameters());
while ($row = $statement->fetchArray()) {
$row['groupIDs'] = implode(',', $userToGroups[$row['userID']]);
$accessible = UserGroup::isAccessibleGroup($userToGroups[$row['userID']]);
$row['accessible'] = $accessible;
$row['deletable'] = $accessible && WCF::getSession()->getPermission('admin.user.canDeleteUser') && $row['userID'] != WCF::getUser()->userID ? 1 : 0;
$row['editable'] = $accessible && WCF::getSession()->getPermission('admin.user.canEditUser') ? 1 : 0;
$row['isMarked'] = intval(in_array($row['userID'], $this->markedUsers));
$this->users[] = new User(null, $row);
}
// get special columns
foreach ($this->users as $key => $user) {
foreach ($this->columns as $column) {
switch ($column) {
case 'email':
$this->columnValues[$user->userID][$column] = '<a href="mailto:' . StringUtil::encodeHTML($user->email) . '">' . StringUtil::encodeHTML($user->email) . '</a>';
break;
case 'registrationDate':
$this->columnValues[$user->userID][$column] = DateUtil::format(DateUtil::getDateTimeByTimestamp($user->{$column}), DateUtil::DATE_FORMAT);
break;
default:
if (isset($this->options[$column])) {
if ($this->options[$column]->outputClass) {
$this->options[$column]->setOptionValue($user);
$outputObj = $this->options[$column]->getOutputObject();
$this->columnValues[$user->userID][$column] = $outputObj->getOutput($user, $this->options[$column]->getDecoratedObject(), $user->{$column});
} else {
$this->columnValues[$user->userID][$column] = StringUtil::encodeHTML($user->{$column});
}
}
break;
}
}
}
}
}
/**
* @see \wcf\system\option\user\IUserOptionOutput::getOutput()
*/
public function getOutput(User $user, UserOption $option, $value)
{
return nl2br(StringUtil::encodeHTML($value));
}
/**
* @see \wcf\system\bbcode\highlighter\Highlighter::highlight()
*/
public function highlight($code)
{
return StringUtil::encodeHTML($code);
}
