Пример #1
0
function xthreads_phptpl_eval_text($s)
{
    require_once MYBB_ROOT . 'inc/xthreads/xt_phptpl_lib.php';
    xthreads_sanitize_eval($s);
    return eval_str($s);
}
Пример #2
0
function xthreads_input_generate(&$data, &$threadfields, $fid, $tid = 0)
{
    global $tfinput, $tfinputrow, $extra_threadfields, $lang, $xthreads_threadin_tabindex_shift, $mybb;
    if (!$lang->xthreads_attachfile) {
        $lang->load('xthreads');
    }
    // if a thread ID is supplied, grab the current values
    if ($tid) {
        static $tfd_cache = null;
        if (!isset($tfd_cache)) {
            $tfd_cache = array();
        }
        if (!isset($tfd_cache[$tid])) {
            // we should only ever have one thread, but we'll be flexible...
            global $db;
            $tfd_cache[$tid] = $db->fetch_array($db->simple_select('threadfields_data', '*', 'tid=' . $tid));
        }
        $tfd =& $tfd_cache[$tid];
    }
    $tfinput = $tfinputrow = array();
    $extra_threadfields = '';
    foreach ($threadfields as $k => $tf) {
        $tf['title'] = htmlspecialchars_uni($tf['title']);
        $tf['field'] = htmlspecialchars_uni($tf['field']);
        $tf['desc'] = htmlspecialchars_uni($tf['desc']);
        $vars = array('KEY' => $tf['field'], 'NAME_PROP' => ' name="xthreads_' . $tf['field'] . '"', 'MAXLEN' => (int) $tf['maxlen'], 'WIDTH' => (int) $tf['fieldwidth'], 'HEIGHT' => (int) $tf['fieldheight'], 'TABINDEX' => '', 'TABINDEX_PROP' => '', 'REQUIRED' => $tf['editable'] == XTHREADS_EDITABLE_REQ, 'MULTIPLE' => xthreads_empty($tf['multival']) ? '' : 1, 'MULTIPLE_LIMIT' => $tf['multival_limit'], 'MULTIPLE_PROP' => '');
        if ($vars['MAXLEN']) {
            $vars['MAXLEN_PROP'] = ' maxlength="' . $vars['MAXLEN'] . '"';
        }
        if ($vars['WIDTH']) {
            $vars['WIDTH_PROP_SIZE'] = ' size="' . $vars['WIDTH'] . '"';
            $vars['WIDTH_CSS'] = 'width: ' . $vars['WIDTH'] / 2 . 'em;';
            // only used for select box [in Firefox, seems we need to divide by 2 to get the equivalent width]
            $vars['WIDTH_PROP_COLS'] = ' cols="' . $vars['WIDTH'] . '"';
        }
        if (!$vars['HEIGHT'] && !xthreads_empty($tf['multival'])) {
            $vars['HEIGHT'] = 5;
        }
        if ($vars['HEIGHT']) {
            $vars['HEIGHT_PROP_SIZE'] = ' size="' . $vars['HEIGHT'] . '"';
            $vars['HEIGHT_CSS'] = 'height: ' . $vars['HEIGHT'] / 2 . 'em;';
            $vars['HEIGHT_PROP_ROWS'] = ' rows="' . $vars['HEIGHT'] . '"';
        }
        if ($vars['MULTIPLE']) {
            $vars['MULTIPLE_PROP'] = ' multiple="multiple"';
        }
        if ($vars['REQUIRED']) {
            $vars['REQUIRED_PROP'] = ' required="required"';
        }
        $using_default = false;
        if (!isset($data)) {
            // no threadfield data set for this thread
            $defval = '';
        } elseif (isset($data[$k])) {
            $defval = $data[$k];
        } elseif ($tid) {
            // currently set value
            $defval = $tfd[$k];
        } elseif ($tf['inputtype'] != XTHREADS_INPUT_FILE) {
            $defval = eval_str($tf['defaultval']);
            // we don't want $defval to be an array for textual inputs, so split it later
            $using_default = true;
        }
        unset($defvals);
        switch ($tf['inputtype']) {
            case XTHREADS_INPUT_SELECT:
            case XTHREADS_INPUT_RADIO:
            case XTHREADS_INPUT_CHECKBOX:
                $vals = $tf['vallist'];
                if (!xthreads_empty($tf['multival'])) {
                    if ($using_default) {
                        $defval = explode("\n", str_replace("\r", '', $defval));
                    }
                    if (is_array($defval)) {
                        $defvals =& $defval;
                    } else {
                        $defvals = explode("\n", str_replace("\r", '', $defval));
                    }
                    $defvals = array_map('htmlspecialchars_uni', $defvals);
                    unset($vals['']);
                } elseif ($tf['editable'] != XTHREADS_EDITABLE_REQ && $tf['inputtype'] != XTHREADS_INPUT_CHECKBOX) {
                    if (!isset($vals[''])) {
                        // can't array_unshift with a key...
                        $vals = array('' => '<span style="font-style: italic;">' . $lang->xthreads_val_blank . '</span>') + $vals;
                    }
                } else {
                    unset($vals['']);
                }
                break;
            case XTHREADS_INPUT_FILE:
                if (!xthreads_empty($tf['multival']) && !is_array($defval)) {
                    $defval = explode(',', $defval);
                }
        }
        if (!isset($defvals) && ($tf['inputtype'] != XTHREADS_INPUT_FILE && $tf['inputtype'] != XTHREADS_INPUT_FILE_URL)) {
            $defval = htmlspecialchars_uni($defval);
        }
        if ($tf['tabstop']) {
            $vars['TABINDEX'] = ++$xthreads_threadin_tabindex_shift + 1;
            $vars['TABINDEX_PROP'] = ' tabindex="__xt_' . $vars['TABINDEX'] . '"';
            xthreads_fix_tabindexes();
        }
        if ($tf['formhtml']) {
            $evalfunc = 'xthreads_evalcache_' . $tf['field'];
        } else {
            $evalfunc = 'xthreads_input_generate_defhtml_' . $tf['inputtype'];
        }
        switch ($tf['inputtype']) {
            case XTHREADS_INPUT_TEXTAREA:
                $vars['VALUE'] =& $defval;
                break;
            case XTHREADS_INPUT_SELECT:
                if (!xthreads_empty($tf['multival'])) {
                    $vars['NAME_PROP'] = ' name="xthreads_' . $tf['field'] . '[]"';
                }
                $vars['ITEMS'] = '';
                foreach ($vals as $val => $valdisp) {
                    if ((!$tid || $tfd[$k] != $val) && !xthreads_tfvalue_settable($tf, $val)) {
                        continue;
                    }
                    $val = htmlspecialchars_uni($val);
                    $vars['VALUE'] =& $val;
                    $vars['SELECTED'] = isset($defvals) && in_array($val, $defvals) || $defval === $val ? ' selected="selected"' : '';
                    if (preg_match('~^\\<span style\\="([^"]*?)"\\>(.*)\\</span\\>$~is', $valdisp, $style)) {
                        $vars['LABEL'] = $style[2];
                        $vars['STYLECSS'] = $style[1];
                        $vars['STYLE'] = ' style="' . $vars['STYLECSS'] . '"';
                    } else {
                        $vars['LABEL'] = $valdisp;
                        $vars['STYLE'] = $vars['STYLECSS'] = '';
                    }
                    $vars['LABEL'] = htmlspecialchars_uni($vars['LABEL']);
                    $vars['ITEMS'] .= $evalfunc('formhtml_item', $vars);
                }
                break;
            case XTHREADS_INPUT_CHECKBOX:
                $vars['NAME_PROP'] = ' name="xthreads_' . $tf['field'] . '[]"';
                // fall through
            // fall through
            case XTHREADS_INPUT_RADIO:
                $vars['ITEMS'] = '';
                foreach ($vals as $val => &$valdisp) {
                    if ((!$tid || $tfd[$k] != $val) && !xthreads_tfvalue_settable($tf, $val)) {
                        continue;
                    }
                    $val = htmlspecialchars_uni($val);
                    if (isset($defvals) && in_array($val, $defvals) || $defval === $val) {
                        $vars['SELECTED'] = ' selected="selected"';
                        $vars['CHECKED'] = ' checked="checked"';
                    } else {
                        $vars['SELECTED'] = $vars['CHECKED'] = '';
                    }
                    $vars['VALUE'] =& $val;
                    $vars['LABEL'] =& $valdisp;
                    $vars['ITEMS'] .= $evalfunc('formhtml_item', $vars);
                    $vars['TABINDEX_PROP'] = '';
                    // or maybe make each thing tabbable?
                }
                break;
            case XTHREADS_INPUT_FILE:
                if (!xthreads_empty($tf['multival'])) {
                    $vars['NAME_PROP'] = ' name="xthreads_' . $tf['field'] . '[]"';
                    // lame language hack
                    $GLOBALS['lang_xthreads_attachfile'] = $lang->xthreads_attachfile_plural;
                    $GLOBALS['lang_xthreads_attachurl'] = $lang->xthreads_attachurl_plural;
                } else {
                    $GLOBALS['lang_xthreads_attachfile'] = $lang->xthreads_attachfile;
                    $GLOBALS['lang_xthreads_attachurl'] = $lang->xthreads_attachurl;
                }
                $vars['MAXSIZE'] = $tf['filemaxsize'];
                $vars['RESTRICT_TYPE'] = $tf['fileimage'] ? 'image' : '';
                $vars['ACCEPT_PROP'] = $vars['RESTRICT_TYPE'] ? ' accept="' . $vars['RESTRICT_TYPE'] . '/*"' : '';
                if (XTHREADS_ALLOW_URL_FETCH) {
                    // TODO: test if this environment can really fetch URLs
                    $vars['VALUE_URL'] = htmlspecialchars_uni($mybb->input['xtaurl_' . $tf['field']]);
                    if (xthreads_empty($vars['VALUE_URL'])) {
                        $vars['VALUE_URL'] = 'http://';
                    }
                    if ($vars['VALUE_URL'] != 'http://' || $mybb->input['xtasel_' . $tf['field']] == 'url') {
                        $vars['CHECKED_UPLOAD'] = '';
                        $vars['SELECTED_UPLOAD'] = '';
                        $vars['CHECKED_URL'] = ' checked="checked"';
                        $vars['SELECTED_URL'] = ' selected="selected"';
                    } else {
                        $vars['CHECKED_UPLOAD'] = ' checked="checked"';
                        $vars['SELECTED_UPLOAD'] = ' selected="selected"';
                        $vars['CHECKED_URL'] = '';
                        $vars['SELECTED_URL'] = '';
                    }
                }
                $vars['ITEMS'] = '';
                global $xta_cache, $db;
                if ($defval) {
                    foreach (is_array($defval) ? $defval : array($defval) as $aid) {
                        if (!$aid || !is_numeric($aid)) {
                            continue;
                        }
                        if (!isset($xta_cache[$aid])) {
                            static $done_xta_cache = false;
                            // need to cache them
                            if (!$done_xta_cache) {
                                $done_xta_cache = true;
                                $qextra = '';
                                if ($mybb->input['posthash']) {
                                    $qextra .= ' OR posthash="' . $db->escape_string($mybb->input['posthash']) . '"';
                                }
                                if ($GLOBALS['thread']['tid']) {
                                    $qextra .= ' OR tid=' . $GLOBALS['thread']['tid'];
                                }
                                $query = $db->simple_select('xtattachments', '*', 'aid IN(' . (is_array($defval) ? implode(',', $defval) : $defval) . ')' . $qextra);
                                while ($xta = $db->fetch_array($query)) {
                                    $xta_cache[$xta['aid']] = $xta;
                                }
                                $db->free_result($query);
                                unset($xta);
                            }
                        }
                        xthreads_sanitize_disp_set_xta_fields($vars['ATTACH'], $aid, $tf);
                        if (isset($vars['ATTACH']['md5hash'])) {
                            $vars['ATTACH_MD5_TITLE'] = ' title="' . $lang->sprintf($lang->xthreads_md5hash, $vars['ATTACH']['md5hash']) . '" ';
                        }
                        if (is_array($mybb->input['xtarm_' . $tf['field']])) {
                            if ($mybb->input['xtarm_' . $tf['field']][$aid]) {
                                $vars['REMOVE_CHECKED'] = ' checked="checked"';
                            }
                        } else {
                            if ($mybb->input['xtarm_' . $tf['field']]) {
                                $vars['REMOVE_CHECKED'] = ' checked="checked"';
                            }
                        }
                        $vars['ITEMS'] .= $evalfunc('formhtml_item', $vars);
                    }
                }
                break;
            case XTHREADS_INPUT_FILE_URL:
                // TODO:
                break;
            default:
                // text
                $vars['VALUE'] =& $defval;
                if (!xthreads_empty($tf['multival'])) {
                    $defval = str_replace("\n", ', ', $defval);
                }
                break;
        }
        $tfinput[$k] = $evalfunc('formhtml', $vars);
        $altbg = alt_trow();
        $inputfield =& $tfinput[$k];
        eval('$tfinputrow[$k] = "' . $GLOBALS['templates']->get('post_threadfields_inputrow') . '";');
        if (!($tf['hidefield'] & XTHREADS_HIDE_INPUT)) {
            $extra_threadfields .= $tfinputrow[$k];
        }
    }
}
Пример #3
0
    function xthreads_moderation_custom_do(&$tids, $editstr)
    {
        if (!$editstr) {
            return;
        }
        $edits = array();
        // caching stuff
        static $threadfields = null;
        if (!isset($threadfields)) {
            $threadfields = xthreads_gettfcache();
        }
        // grab all threadfields
        require_once MYBB_ROOT . 'inc/xthreads/xt_phptpl_lib.php';
        foreach (explode("\n", str_replace("{\n}", "\r", str_replace("\r", '', $editstr))) as $editline) {
            $editline = trim(str_replace("\r", "\n", $editline));
            list($n, $v) = explode('=', $editline, 2);
            if (!isset($v)) {
                continue;
            }
            // don't allow editing of file fields
            if (!isset($threadfields[$n]) || $threadfields[$n]['inputtype'] == XTHREADS_INPUT_FILE) {
                continue;
            }
            // we don't do much validation here as we trust admins, right?
            // this is just a prelim check (speed optimisation) - we'll need to check this again after evaluating conditionals
            $upperv = strtoupper($v);
            if (($upperv === '' || $upperv == 'NULL' || $upperv == 'NUL') && $threadfields[$n]['datatype'] != XTHREADS_DATATYPE_TEXT) {
                $edits[$n] = null;
            } else {
                $edits[$n] = $v;
                xthreads_sanitize_eval($edits[$n], array('VALUE' => null, 'TID' => null));
            }
        }
        if (empty($edits)) {
            return;
        }
        $modfields = array_keys($edits);
        global $db;
        $query = $db->query('
			SELECT t.tid, tfd.`' . implode('`, tfd.`', $modfields) . '`
			FROM ' . TABLE_PREFIX . 'threads t
			LEFT JOIN ' . TABLE_PREFIX . 'threadfields_data tfd ON t.tid=tfd.tid
			WHERE t.tid IN (' . implode(',', $tids) . ')
		');
        //$query = $db->simple_select('threadfields_data', 'tid,`'.implode('`,`', $modfields).'`', 'tid IN ('.implode(',', $tids).')');
        while ($thread = $db->fetch_array($query)) {
            $updates = array();
            foreach ($edits as $n => $v) {
                if ($v !== null) {
                    // TODO: allowing conditionals direct access to multivals?
                    $v = trim(eval_str($v, array('VALUE' => $thread[$n], 'TID' => $thread['tid'])));
                    if ($threadfields[$n]['datatype'] != XTHREADS_DATATYPE_TEXT) {
                        $upperv = strtoupper($v);
                        if ($upperv == '' || $upperv == 'NULL' || $upperv == 'NUL') {
                            $v = null;
                        }
                        // TODO: intval/floatval here?
                    }
                }
                if ($v !== $thread[$n]) {
                    // we'll do some basic validation for multival fields
                    if (!xthreads_empty($threadfields[$n]['multival'])) {
                        $d = "\n";
                        if ($threadfields[$n]['inputtype'] == XTHREADS_INPUT_TEXT) {
                            $d = ',';
                        }
                        $v = array_unique(array_map('trim', explode($d, str_replace("\r", '', $v))));
                        foreach ($v as $key => &$val) {
                            if (xthreads_empty($val)) {
                                unset($v[$key]);
                            }
                        }
                        $v = implode($d, $v);
                    }
                    $updates[$n] = $v;
                }
            }
            if (!empty($updates)) {
                xthreads_db_update_replace('threadfields_data', $updates, 'tid', $thread['tid']);
            }
        }
        $db->free_result($query);
    }