function tabClass($option, $task, $uid) { global $_CB_framework, $_PLUGINS, $_REQUEST, $_POST; $user =& loadComprofilerUser($uid); $cbUser =& CBuser::getInstance($user === null ? null : $user->id); $unsecureChars = array('/', '\\', ':', ';', '{', '}', '(', ')', "\"", "'", '.', ',', "", ' ', "\t", "\n", "\r", "\v"); $appendClass = false; if ($task == 'fieldclass') { $reason = cbGetParam($_REQUEST, 'reason'); if ($user && $user->id) { $_PLUGINS->loadPluginGroup('user'); if ($reason === 'edit') { $msg = cbCheckIfUserCanPerformUserTask($user->id, 'allowModeratorsUserEdit'); if ($uid != $_CB_framework->myId() && $msg === null) { // safeguard against missconfiguration of the above: also avoids lower-level users editing higher level ones: $msg = checkCBpermissions(array((int) $user->id), 'edit', true); } $_PLUGINS->trigger('onBeforeUserProfileEditRequest', array($user->id, &$msg, 1)); } elseif ($reason === 'profile' || $reason === 'list') { if (CBuser::getMyInstance()->authoriseView('profile', $user->id)) { $msg = null; } else { $msg = CBTxt::Th('UE_NOT_AUTHORIZED', 'You are not authorized to view this page!'); } $_PLUGINS->trigger('onBeforeUserProfileAccess', array($user->id, &$msg, 1)); } else { $msg = CBTxt::Th('UE_NO_INDICATION', 'No indication'); } if ($msg) { echo $msg; return; } } elseif ($reason == 'register') { if ($_CB_framework->myId() != 0) { echo CBTxt::Th('UE_ALREADY_LOGGED_IN', 'You are already logged in'); return; } } else { $msg = CBTxt::Th('UE_NOT_AUTHORIZED', 'You are not authorized to view this page!'); echo $msg; return; } $fieldName = trim(substr(str_replace($unsecureChars, '', urldecode(stripslashes(cbGetParam($_REQUEST, "field")))), 0, 50)); if (!$fieldName) { echo 'no field'; return; } $pluginName = null; $tabClassName = null; $method = null; } elseif ($task == 'tabclass') { $tabClassName = urldecode(stripslashes(cbGetParam($_REQUEST, "tab"))); if (!$tabClassName) { return; } $pluginName = null; $tabClassName = substr(str_replace($unsecureChars, '', $tabClassName), 0, 32); $method = 'getTabComponent'; $fieldName = null; $reason = null; } elseif ($task == 'pluginclass') { $pluginName = urldecode(stripslashes(cbGetParam($_REQUEST, "plugin"))); if (!$pluginName) { return; } $tabClassName = 'CBplug_' . strtolower(substr(str_replace($unsecureChars, '', $pluginName), 0, 32)); $method = 'getCBpluginComponent'; $appendClass = cbGetParam($_REQUEST, 'format') != 'raw' && cbGetParam($_REQUEST, 'format') != 'rawraw' ? true : false; $fieldName = null; $reason = null; } else { throw new LogicException('Unexpected task for CB tabClass'); } $tabs = $cbUser->_getCbTabs(false); if ($task == 'fieldclass') { ob_start(); $results = $tabs->fieldCall($fieldName, $user, $_POST, $reason); $result = ob_get_contents() . $results; ob_end_clean(); } else { ob_start(); $results = $tabs->tabClassPluginTabs($user, $_POST, $pluginName, $tabClassName, $method); $result = ob_get_contents() . $results; ob_end_clean(); } if ($result === false) { if ($_PLUGINS->is_errors()) { echo "<script type=\"text/javascript\">alert(\"" . $_PLUGINS->getErrorMSG() . "\"); </script>\n"; } } elseif ($result !== null) { if ($appendClass) { $pageClass = $_CB_framework->getMenuPageClass(); echo '<div class="cb_template cb_template_' . selectTemplate('dir') . ($pageClass ? ' ' . htmlspecialchars($pageClass) : null) . '">' . $result . '</div>'; $_CB_framework->setMenuMeta(); } else { echo $result; } } }
function tabClass( $option, $task, $uid ) { global $_CB_framework, $_PLUGINS, $ueConfig, $_REQUEST, $_POST; $user =& loadComprofilerUser( $uid ); $cbUser =& CBuser::getInstance( ( $user === null ? null : $user->id ) ); $unsecureChars = array( '/', '\\', ':', ';', '{', '}', '(', ')', "\"", "'", '.', ',', "\0", ' ', "\t", "\n", "\r", "\x0B" ); if ( $task == 'fieldclass' ) { $reason = cbGetParam( $_REQUEST, 'reason' ); if ( $user && $user->id ) { if ( $reason === 'edit' ) { $msg = cbCheckIfUserCanPerformUserTask( $user->id, 'allowModeratorsUserEdit' ); if ( ( $uid != $_CB_framework->myId() ) && ( $msg === null ) ) { // safeguard against missconfiguration of the above: also avoids lower-level users editing higher level ones: $msg = checkCBpermissions( array( (int) $user->id ), 'edit', true ); } } elseif ( ( $reason === 'profile' ) || ( $reason === 'list' ) ) { if ( allowAccess( $ueConfig['allow_profileviewbyGID'], 'RECURSE', userGID( $_CB_framework->myId() ) ) ) { $msg = null; } else { $msg = _UE_NOT_AUTHORIZED; } } else { $msg = _UE_NO_INDICATION; } if ( $msg ) { echo $msg; return; } } elseif ( $reason == 'register' ) { if ( $_CB_framework->myId() != 0 ) { echo _UE_ALREADY_LOGGED_IN; return; } } else { /* if ( ( ! ( ( ( $_CB_framework->getCfg( 'allowUserRegistration' ) == '0' ) && ( ( ! isset($ueConfig['reg_admin_allowcbregistration']) ) || $ueConfig['reg_admin_allowcbregistration'] != '1' ) ) ) ) && allowAccess( $ueConfig['allow_profileviewbyGID'], 'RECURSE', $_CB_framework->acl->get_group_id('Registered','ARO') ) ) { $msg = _UE_REGISTERFORPROFILEVIEW; echo $msg; return; } else { $msg = _UE_NOT_AUTHORIZED; echo $msg; return; } */ $msg = _UE_NOT_AUTHORIZED; echo $msg; return; } $fieldName = trim( substr( str_replace( $unsecureChars, '', urldecode( stripslashes( cbGetParam( $_REQUEST, "field" ) ) ) ), 0, 50 ) ); if ( ! $fieldName ) { echo 'no field'; return; } } elseif ( $task == 'tabclass' ) { $tabClassName = urldecode( stripslashes( cbGetParam( $_REQUEST, "tab" ) ) ); if ( ! $tabClassName ) { return; } $pluginName = null; $tabClassName = substr( str_replace( $unsecureChars, '', $tabClassName ), 0, 32 ); $method = 'getTabComponent'; } elseif ( $task == 'pluginclass' ) { $pluginName = urldecode( stripslashes( cbGetParam( $_REQUEST, "plugin" ) ) ); if ( ! $pluginName ) { return; } $tabClassName = 'CBplug_' . strtolower( substr( str_replace( $unsecureChars, '', $pluginName ), 0, 32 ) ); $method = 'getCBpluginComponent'; } $tabs = $cbUser->_getCbTabs( false ); if ( $task == 'fieldclass' ) { $result = $tabs->fieldCall( $fieldName, $user, $_POST, $reason ); } else { $result = $tabs->tabClassPluginTabs( $user, $_POST, $pluginName, $tabClassName, $method ); } if ( $result === false ) { if( $_PLUGINS->is_errors() ) { echo "<script type=\"text/javascript\">alert(\"" . $_PLUGINS->getErrorMSG() . "\"); </script>\n"; } } elseif ( $result !== null ) { echo $result; } }
/** * @param int $uid * @param string $msg */ public function getProfile( $uid, &$msg ) { if ( ( ! Application::Cms()->getClientId() ) && ( ! cbprivacyClass::checkUserModerator() ) ) { $user = loadComprofilerUser( $uid ); if ( $user && ( Application::MyUser()->getUserId() != $user->get( 'id' ) ) && ( ! cbprivacyClass::checkProfileDisplayAccess( $user ) ) ) { $msg = CBTxt::Th( 'UE_NOT_AUTHORIZED', 'You are not authorized to view this page!' ); } } }