function fetch_keywords_list($threadinfo, $pagetext = '')
{
global $vbphrase, $vbulletin;
require_once DIR . '/includes/functions_search.php';
require_once DIR . '/includes/class_taggablecontent.php';
$keywords = vB_Taggable_Content_Item::filter_tag_list($threadinfo['taglist'], $errors, false);
if (!empty($threadinfo['prefixid'])) {
$prefix = $vbphrase["prefix_{$threadinfo['prefixid']}_title_plain"];
$keywords[] = trim($prefix);
}
if (!empty($pagetext)) {
// title has already been htmlspecialchar'd, pagetext has not
$words = fetch_postindex_text(unhtmlspecialchars($threadinfo['title']) . ' ' . $pagetext);
$wordarray = split_string($words);
$sorted_counts = array_count_values($wordarray);
arsort($sorted_counts);
require DIR . '/includes/searchwords.php';
// get the stop word list; allow multiple requires
$badwords = array_merge($badwords, preg_split('/\\s+/s', $vbulletin->options['badwords'], -1, PREG_SPLIT_NO_EMPTY));
foreach ($sorted_counts as $word => $count) {
$word = trim($word);
if (in_array(vbstrtolower($word), $badwords)) {
continue;
}
if (vbstrlen($word) <= $vbulletin->options['minsearchlength'] and !in_array(vbstrtolower($word), $goodwords)) {
continue;
}
$word = htmlspecialchars_uni($word);
if (!in_array($word, $keywords)) {
$keywords[] = $word;
}
if (sizeof($keywords) >= 50) {
break;
}
}
}
return implode(', ', $keywords);
}
function verify_word_allowed(&$word)
{
global $vbulletin, $phrasequery;
$wordlower = strtolower($word);
// check if the word contains wildcards
if (strpos($wordlower, '*') !== false) {
// check if wildcards are allowed
if ($vbulletin->options['allowwildcards']) {
// check the length of the word with all * characters removed
// and make sure it's at least (minsearchlength - 1) characters long
// in order to prevent searches like *a**... which would be bad
if (vbstrlen(str_replace('*', '', $wordlower)) < $vbulletin->options['minsearchlength'] - 1) {
// word is too short
$word = htmlspecialchars_uni($word);
eval(standard_error(fetch_error('searchinvalidterm', $word, $vbulletin->options['minsearchlength'])));
} else {
// word is of valid length
return true;
}
} else {
// wildcards are not allowed - error
$word = htmlspecialchars_uni($word);
eval(standard_error(fetch_error('searchinvalidterm', $word, $vbulletin->options['minsearchlength'])));
}
} else {
if ($wordokay = is_index_word($word)) {
return true;
} else {
// word is a bad word (common, too long, or too short; don't search on it)
return false;
}
}
}
/**
* Contructs a Post Tree
*
* @param string The template Name to use
* @param integer The Thread ID
* @param integer The "Root" post for which to work from
* @param integer The current "Depth" within the tree
*
* @return string The Generated Tree
*
*/
function &construct_post_tree($templatename, $threadid, $parentid = 0, $depth = 1)
{
global $vbulletin, $stylevar, $parentassoc, $show, $vbphrase, $threadedmode;
static $postcache;
if (!$threadedmode and $vbulletin->userinfo['postorder']) {
$postorder = 'DESC';
}
$depthnext = $depth + 2;
if (!$postcache) {
$posts = $vbulletin->db->query_read_slave("\n\t\t\tSELECT post.parentid, post.postid, post.userid, post.pagetext, post.dateline, IF(visible = 2, 1, 0) AS isdeleted,\n\t\t\t\tIF(user.username <> '', user.username, post.username) AS username\n\t\t\tFROM " . TABLE_PREFIX . "post AS post\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "user AS user ON user.userid = post.userid\n\t\t\tWHERE post.threadid = {$threadid}\n\t\t\tORDER BY dateline {$postorder}\n\t\t");
while ($post = $vbulletin->db->fetch_array($posts)) {
if (!$threadedmode) {
$post['parentid'] = 0;
}
$postcache[$post['parentid']][$post['postid']] = $post;
}
ksort($postcache);
}
$counter = 0;
$postbits = '';
if (is_array($postcache["{$parentid}"])) {
foreach ($postcache["{$parentid}"] as $post) {
$parentassoc[$post['postid']] = $post['parentid'];
if (($depth + 1) % 4 == 0) {
// alternate colors when switching depths; depth gets incremented by 2 each time
$post['backcolor'] = '{firstaltcolor}';
$post['bgclass'] = 'alt1';
} else {
$post['backcolor'] = '{secondaltcolor}';
$post['bgclass'] = 'alt2';
}
$post['postdate'] = vbdate($vbulletin->options['dateformat'], $post['dateline'], true);
$post['posttime'] = vbdate($vbulletin->options['timeformat'], $post['dateline']);
// cut page text short if too long
if (vbstrlen($post['pagetext']) > 100) {
$spacepos = strpos($post['pagetext'], ' ', 100);
if ($spacepos != 0) {
$post['pagetext'] = substr($post['pagetext'], 0, $spacepos) . '...';
}
}
$post['pagetext'] = nl2br(htmlspecialchars_uni($post['pagetext']));
($hook = vBulletinHook::fetch_hook('threadmanage_construct_post_tree')) ? eval($hook) : false;
eval('$postbits .= "' . fetch_template($templatename) . '";');
$ret =& construct_post_tree($templatename, $threadid, $post['postid'], $depthnext);
$postbits .= $ret;
}
}
return $postbits;
}
/**
* Verify that the name doesn't already exists
*
* @param string Group Name
*
* @return boolean
*/
function verify_name(&$name)
{
// replace html-encoded spaces with actual spaces
$name = preg_replace('/&#(0*32|x0*20);/', ' ', $name);
$name = trim($name);
if (!$this->condition or $name != $this->existing['name']) {
$dupegroup = $this->registry->db->query_first("\n\t\t\t\tSELECT *\n\t\t\t\tFROM " . TABLE_PREFIX . "socialgroup\n\t\t\t\tWHERE name = '" . $this->registry->db->escape_string($name) . "'\n\t\t\t\t\tAND groupid <> " . intval($this->fetch_field('groupid')));
if ($dupegroup) {
$this->error('group_already_exists_view_x', 'group.php?' . $this->registry->session->vars['sessionurl'] . 'do=view&groupid=' . $dupegroup['groupid']);
return false;
}
}
if (empty($name)) {
$this->error('must_enter_group_name');
return false;
}
if (vbstrlen($name, true) > $this->registry->options['sg_name_maxchars']) {
$this->error('name_too_long_max_x', vb_number_format($this->registry->options['sg_name_maxchars']));
return false;
}
return true;
}
function photoplog_hexdec()
{
global $stylevar;
$photoplog_r = 255;
$photoplog_g = 255;
$photoplog_b = 255;
if ($stylevar['panel_bgcolor']) {
$photoplog_rgb = str_replace(array('#', ';'), '', $stylevar['panel_bgcolor']);
if (vbstrlen($photoplog_rgb) == 6) {
$photoplog_r = intval(hexdec(substr($photoplog_rgb, 0, 2)));
$photoplog_g = intval(hexdec(substr($photoplog_rgb, 2, 2)));
$photoplog_b = intval(hexdec(substr($photoplog_rgb, 4, 2)));
} else {
if (vbstrlen($photoplog_rgb) == 3) {
$photoplog_r = intval(hexdec(str_repeat(substr($photoplog_rgb, 0, 1), 2)));
$photoplog_g = intval(hexdec(str_repeat(substr($photoplog_rgb, 1, 1), 2)));
$photoplog_b = intval(hexdec(str_repeat(substr($photoplog_rgb, 2, 1), 2)));
}
}
}
return array($photoplog_r, $photoplog_g, $photoplog_b);
}
/**
* Verifies the page text is valid and sets it up for saving.
*
* @param string Page text
*
* @param bool Whether the text is valid
*/
function verify_pagetext(&$pagetext)
{
if (empty($this->info['is_automated'])) {
if ($this->registry->options['postmaxchars'] != 0 and ($postlength = vbstrlen($pagetext)) > $this->registry->options['postmaxchars']) {
$this->error('toolong', $postlength, $this->registry->options['postmaxchars']);
return false;
}
$this->registry->options['postminchars'] = intval($this->registry->options['postminchars']);
if ($this->registry->options['postminchars'] <= 0) {
$this->registry->options['postminchars'] = 1;
}
if (vbstrlen(strip_bbcode($pagetext, $this->registry->options['ignorequotechars'])) < $this->registry->options['postminchars']) {
$this->error('tooshort', $this->registry->options['postminchars']);
return false;
}
}
return parent::verify_pagetext($pagetext);
}
/**
* Stops text being all UPPER CASE
*
* @param string The text to apply 'anti-shouting' to
*
* @return string The text with 'anti-shouting' applied
*
*/
function fetch_no_shouting_text($text)
{
global $vbulletin;
$effective_string = preg_replace('#[^a-z0-9\\s]#i', '\\2', strip_bbcode($text, true, false));
if ($vbulletin->options['stopshouting'] and vbstrlen($effective_string) >= $vbulletin->options['stopshouting'] and $effective_string == strtoupper($effective_string)) {
return fetch_sentence_case($text);
} else {
return $text;
}
}
}
if ($photoplog_wysiwyg) {
require_once DIR . '/includes/functions_wysiwyg.php';
$photoplog_file_description = str_replace($vbulletin->options['bburl'] . "/images/smilies/", "images/smilies/", $photoplog_file_description);
$photoplog_file_description = convert_wysiwyg_html_to_bbcode($photoplog_file_description, $do_html);
}
if (is_array($photoplog_userfile['name'])) {
$photoplog_userfile['name'] = $photoplog_userfile['name'][0];
$photoplog_userfile['type'] = $photoplog_userfile['type'][0];
$photoplog_userfile['tmp_name'] = $photoplog_userfile['tmp_name'][0];
$photoplog_userfile['error'] = $photoplog_userfile['error'][0];
$photoplog_userfile['size'] = $photoplog_userfile['size'][0];
}
$photoplog_urlflag = 0;
$photoplog_file_error = 1;
if (vbstrlen($photoplog_userlink) > 0) {
@ini_set('user_agent', 'PHP');
$photoplog_urlflag = 0;
$photoplog_file_error = 1;
$photoplog_urllink = str_replace(array(' ', '..'), array('+', ''), $photoplog_userlink);
if (eregi('^(http|ftp)s?://[^./]+\\.[^.]+.*/.+(\\.(gif|jpeg|jpg|png))$', $photoplog_urllink)) {
$photoplog_parse_url = @parse_url($photoplog_urllink);
$photoplog_file_check = @getimagesize($photoplog_urllink);
$photoplog_file_name = photoplog_strip_text(trim(basename($photoplog_parse_url['path'])));
if (!empty($photoplog_file_check) && is_array($photoplog_file_check) && !empty($photoplog_file_name) && eregi(".+\\.(gif|jpeg|jpg|png)\$", $photoplog_file_name)) {
if (!in_array($photoplog_file_check[2], array(1, 2, 3))) {
photoplog_output_page('photoplog_error_page', $vbphrase['photoplog_error'], $vbphrase['photoplog_bad_file']);
}
$photoplog_file_type = htmlspecialchars_uni($photoplog_file_check['mime']);
$photoplog_file_tmp_name = '';
$photoplog_file_error = 1;
/**
* Verifies that the description is not too long
*
* @param string $description
* @return boolean
*/
function verify_description(&$description)
{
if (($currentlength = vbstrlen($description, true)) > $this->registry->options['sg_maxdescriptionchars']) {
$this->error('description_toolong_max_x', $currentlength, $this->registry->options['sg_maxdescriptionchars']);
return false;
}
return true;
}
protected static function is_tag_valid($tagtext, &$errors)
{
$options = vB::getDatastore()->getValue('options');
static $taggoodwords = null;
static $tagbadwords = null;
// construct stop words and exception lists (if not previously constructed)
if (is_null($taggoodwords) or is_null($tagbadwords)) {
// filter the stop words by adding custom stop words (tagbadwords) and allowing through exceptions (taggoodwords)
if (!is_array($tagbadwords)) {
$tagbadwords = preg_split('/\\s+/s', vbstrtolower($options['tagbadwords']), -1, PREG_SPLIT_NO_EMPTY);
}
if (!is_array($taggoodwords)) {
$taggoodwords = preg_split('/\\s+/s', vbstrtolower($options['taggoodwords']), -1, PREG_SPLIT_NO_EMPTY);
}
// get the stop word list
$badwords = vB_Api::instanceInternal("Search")->get_bad_words();
// merge hard-coded badwords and tag-specific badwords
$tagbadwords = array_merge($badwords, $tagbadwords);
}
if ($tagtext === '') {
return false;
}
if (in_array(vbstrtolower($tagtext), $taggoodwords)) {
return true;
}
$char_strlen = vbstrlen($tagtext, true);
if ($options['tagminlen'] and $char_strlen < $options['tagminlen']) {
$errors['min_length'] = array('tag_too_short_min_x', $options['tagminlen']);
return false;
}
if ($char_strlen > $options['tagmaxlen']) {
$errors['max_length'] = array('tag_too_long_max_x', $options['tagmaxlen']);
return false;
}
if (strlen($tagtext) > 100) {
// only have 100 bytes to store a tag
$errors['max_length'] = array('tag_too_long_max_x', $options['tagmaxlen']);
return false;
}
$censored = fetch_censored_text($tagtext);
if ($censored != $tagtext) {
// can't have tags with censored text
$errors['censor'] = 'tag_no_censored';
return false;
}
if (count(self::split_tag_list($tagtext)) > 1) {
// contains a delimiter character
$errors['comma'] = $evalerrors ? fetch_error('tag_no_comma') : 'tag_no_comma';
return false;
}
if (in_array(strtolower($tagtext), $tagbadwords)) {
$errors['common'] = array('tag_x_not_be_common_words', $tagtext);
return false;
}
return true;
}
foreach ($scripts as $script) {
preg_match_all('#^[0-9].*|\\W#i', $script, $matches);
$check = trim(str_replace(' ', '#', implode('', $matches[0])));
if ($check) {
print_stop_message('invalid_script');
}
}
if (strlen($vbulletin->GPC['show']) > 30) {
print_stop_message('invalid_script');
}
preg_match_all('#^[0-9].*|\\W#i', $vbulletin->GPC['identity'], $matches);
$check = trim(str_replace(' ', '#', implode('', $matches[0])));
if ($check or strlen($vbulletin->GPC['identity']) > 20) {
print_stop_message('invalid_identity');
}
if (!$vbulletin->GPC['title'] or vbstrlen($vbulletin->GPC['title']) > 50) {
print_stop_message('invalid_title');
}
if ($vbulletin->GPC['type'] != 'menu' and (!$vbulletin->GPC['url'] or strlen($vbulletin->GPC['url']) > 500)) {
print_stop_message('invalid_url');
}
if ($vbulletin->GPC['type'] != 'tab' and !in_array($vbulletin->GPC['parent'], $vbulletin->GPC['type'] == 'link' ? array_keys($parents) : array_keys($tabs))) {
print_stop_message('invalid_parent');
}
if (!in_array($vbulletin->GPC['product'], array_keys($products))) {
print_stop_message('invalid_productid');
}
//-- end checks --//
$sqlset = $sqlfields = '';
($hook = vBulletinHook::fetch_hook('navigation_admin_doadd')) ? eval($hook) : false;
collapse_navigation_state($vbulletin->GPC);
/**
* Prepare any data needed for the output
*
* @param string The id of the block
* @param array Options specific to the block
*/
function prepare_output($id = '', $options = array())
{
global $show, $vbphrase;
$show['infractions'] = false;
($hook = vBulletinHook::fetch_hook('member_infraction_start')) ? eval($hook) : false;
$perpage = $options['perpage'];
$pagenumber = $options['pagenumber'];
$totalinfractions = $this->registry->db->query_first_slave("\n\t\t\tSELECT COUNT(*) AS count\n\t\t\tFROM " . TABLE_PREFIX . "infraction AS infraction\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "post AS post ON (infraction.postid = post.postid)\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "thread AS thread ON (post.threadid = thread.threadid)\n\t\t\tWHERE infraction.userid = " . $this->profile->userinfo['userid'] . "\n\t\t");
if ($totalinfractions['count']) {
if (!$pagenumber or $options['tab'] != $id) {
$pagenumber = 1;
}
// set defaults
sanitize_pageresults($totalinfractions['count'], $pagenumber, $perpage, 100, 5);
$limitlower = ($pagenumber - 1) * $perpage + 1;
$limitupper = $pagenumber * $perpage;
if ($limitupper > $totalinfractions['count']) {
$limitupper = $totalinfractions['count'];
if ($limitlower > $totalinfractions['count']) {
$limitlower = $totalinfractions['count'] - $perpage;
}
}
if ($limitlower <= 0) {
$limitlower = 1;
}
if ($this->profile->userinfo['userid'] != $this->registry->userinfo['userid'] and $this->registry->userinfo['permissions']['genericpermissions'] & $this->registry->bf_ugp_genericpermissions['canreverseinfraction']) {
$show['reverse'] = true;
}
require_once DIR . '/includes/class_bbcode.php';
$bbcode_parser = new vB_BbCodeParser($this->registry, fetch_tag_list());
$infractions = $this->registry->db->query_read_slave("\n\t\t\t\tSELECT infraction.*, thread.title, thread.threadid, user.username, thread.visible AS thread_visible, post.visible,\n\t\t\t\t\tforumid, postuserid, IF(ISNULL(post.postid) AND infraction.postid != 0, 1, 0) AS postdeleted\n\t\t\t\tFROM " . TABLE_PREFIX . "infraction AS infraction\n\t\t\t\tLEFT JOIN " . TABLE_PREFIX . "post AS post ON (infraction.postid = post.postid)\n\t\t\t\tLEFT JOIN " . TABLE_PREFIX . "thread AS thread ON (post.threadid = thread.threadid)\n\t\t\t\tINNER JOIN " . TABLE_PREFIX . "user AS user ON (infraction.whoadded = user.userid)\n\t\t\t\tWHERE infraction.userid = " . $this->profile->userinfo['userid'] . "\n\t\t\t\tORDER BY infraction.dateline DESC\n\t\t\t\tLIMIT " . ($limitlower - 1) . ", {$perpage}\n\t\t\t");
while ($infraction = $this->registry->db->fetch_array($infractions)) {
$show['expired'] = $show['reversed'] = $show['neverexpires'] = false;
$card = $infraction['points'] > 0 ? 'redcard' : 'yellowcard';
$infraction['timeline'] = vbdate($this->registry->options['timeformat'], $infraction['dateline']);
$infraction['dateline'] = vbdate($this->registry->options['dateformat'], $infraction['dateline']);
switch ($infraction['action']) {
case 0:
if ($infraction['expires'] != 0) {
$infraction['expires_timeline'] = vbdate($this->registry->options['timeformat'], $infraction['expires']);
$infraction['expires_dateline'] = vbdate($this->registry->options['dateformat'], $infraction['expires']);
$show['neverexpires'] = false;
} else {
$show['neverexpires'] = true;
}
break;
case 1:
$show['expired'] = true;
break;
case 2:
$show['reversed'] = true;
break;
}
$infraction['threadtitle'] = vbstrlen($infraction['title']) > 25 ? fetch_trimmed_title($infraction['title'], 24) : $infraction['title'];
$infraction['reason'] = !empty($vbphrase['infractionlevel' . $infraction['infractionlevelid'] . '_title']) ? $vbphrase['infractionlevel' . $infraction['infractionlevelid'] . '_title'] : ($infraction['customreason'] ? $infraction['customreason'] : $vbphrase['n_a']);
$show['threadtitle'] = true;
$show['postdeleted'] = false;
if ($infraction['postid'] != 0) {
if ($infraction['postdeleted']) {
$show['postdeleted'] = true;
} else {
if ((!$infraction['visible'] or !$infraction['thread_visible']) and !can_moderate($infraction['forumid'], 'canmoderateposts')) {
$show['threadtitle'] = false;
} else {
if (($infraction['visible'] == 2 or $infraction['thread_visible'] == 2) and !can_moderate($infraction['forumid'], 'candeleteposts')) {
$show['threadtitle'] = false;
} else {
$forumperms = fetch_permissions($infraction['forumid']);
if (!($forumperms & $this->registry->bf_ugp_forumpermissions['canview'])) {
$show['threadtitle'] = false;
}
if (!($forumperms & $this->registry->bf_ugp_forumpermissions['canviewothers']) and ($infraction['postuserid'] != $this->registry->userinfo['userid'] or $this->registry->userinfo['userid'] == 0)) {
$show['threadtitle'] = false;
}
}
}
}
}
($hook = vBulletinHook::fetch_hook('member_infractionbit')) ? eval($hook) : false;
$threadinfo = array('threadid' => $infraction['threadid'], 'title' => $infraction['title']);
$pageinfo = array('p' => $infraction['postid']);
$memberinfo = array('userid' => $infraction['whoadded'], 'username' => $infraction['username']);
$templater = vB_Template::create('memberinfo_infractionbit');
$templater->register('card', $card);
$templater->register('infraction', $infraction);
$templater->register('memberinfo', $memberinfo);
$templater->register('pageinfo', $pageinfo);
$templater->register('threadinfo', $threadinfo);
$infractionbits .= $templater->render();
}
unset($bbcode_parser);
$pageinfo_pagenav = array('tab' => $id);
if ($options['perpage']) {
$pageinfo_pagenav['pp'] = $options['perpage'];
}
$this->block_data['pagenav'] = construct_page_nav($pagenumber, $perpage, $totalinfractions['count'], '', '', $id, 'member', $this->profile->userinfo, $pageinfo_pagenav);
$this->block_data['infractionbits'] = $infractionbits;
}
$show['giveinfraction'] = ($this->registry->userinfo['permissions']['genericpermissions'] & $this->registry->bf_ugp_genericpermissions['cangiveinfraction'] and $this->profile->userinfo['userid'] != $this->registry->userinfo['userid'] and !($this->profile->userinfo['permissions']['adminpermissions'] & $this->registry->bf_ugp_adminpermissions['cancontrolpanel']) and (!($this->profile->userinfo['permissions']['adminpermissions'] & $this->registry->bf_ugp_adminpermissions['ismoderator']) or $this->registry->userinfo['permissions']['adminpermissions'] & $this->registry->bf_ugp_adminpermissions['cancontrolpanel']));
($hook = vBulletinHook::fetch_hook('member_infraction_complete')) ? eval($hook) : false;
}
/**
* Verifies the page text is valid and sets it up for saving.
*
* @param string Page text
*
* @param bool Whether the text is valid
*/
function verify_pagetext(&$pagetext)
{
if (vbstrlen(strip_bbcode($pagetext, $this->registry->options['ignorequotechars'])) < 1) {
$this->error('tooshort', 1);
return false;
}
return parent::verify_pagetext($pagetext);
}
/**
* Verifies that the message field is valid
*
* @param string Message text
*
* @return boolean
*/
function verify_message(&$message)
{
if ($message == '') {
$this->error('nosubject');
return false;
}
// check message length
if (empty($this->info['is_automated']) and $this->registry->options['pmmaxchars'] > 0) {
$messagelength = vbstrlen($message);
if ($messagelength > $this->registry->options['pmmaxchars']) {
$this->error('toolong', $messagelength, $this->registry->options['pmmaxchars']);
return false;
}
}
$message = fetch_censored_text($message);
require_once DIR . '/includes/functions_video.php';
$message = parse_video_bbcode($message);
return true;
}
function is_index_word($word)
{
global $vbulletin, $badwords, $goodwords;
static $compiledlist;
if (!$compiledlist)
{
require(DIR . '/includes/searchwords.php'); // get the stop word list; allow multiple requires
$badwords = array_merge($badwords, preg_split('/\s+/s', $vbulletin->options['badwords'], -1, PREG_SPLIT_NO_EMPTY));
$compiledlist = true;
}
// is the word in the goodwords array?
if (in_array(strtolower($word), $goodwords))
{
return 1;
}
else
{
// is the word outside the min/max char lengths for indexing?
$wordlength = vbstrlen($word);
if ($wordlength < $vbulletin->options['minsearchlength'] OR $wordlength > $vbulletin->options['maxsearchlength'])
{
return 0;
}
// is the word a common/bad word?
else if (in_array(strtolower($word), $badwords))
{
return false;
}
// word is good
else
{
return 1;
}
}
}
/**
* Verifies the page text is valid and sets it up for saving.
*
* @param string Page text
*
* @param bool Whether the text is valid
*/
function verify_event(&$pagetext)
{
if ($this->registry->options['postmaxchars'] != 0 and ($postlength = vbstrlen($pagetext)) > $this->registry->options['postmaxchars']) {
$this->error('toolong', $postlength, $this->registry->options['postmaxchars']);
return false;
}
return $this->verify_pagetext($pagetext);
}
/**
* Validates the URL segment
*
* @param mixed $value - The value to validate
* @param mixed $error - The var to assign an error to
* @return mixed | bool - The filtered value or boolean false
*/
protected function validateURL($value, &$error)
{
if (!isset($this->set_fields['url']))
{
return $value;
}
$nodeid = $this->set_fields['nodeid'];
if (($length = vbstrlen($value)) > 256)
{
// too long
$error = new vB_Phrase('error', 'validation_toolong_x_y', $length, 256);
return false;
}
//First thing- let's make sure this URL is not already in use.
if ( $record = vB::$vbulletin->db->query_first($sql = "SELECT nodeid FROM " . TABLE_PREFIX .
"cms_node WHERE new != 1 AND lower(url) = '" . vB::$vbulletin->db->escape_string(strtolower($this->set_fields['url'])) .
(isset($this->set_fields['nodeid']) ? "' AND nodeid <> $nodeid;" : "' ") ))
{
//throw (new vB_Exception_Model($vbphrase['url_in_use'] ));
standard_error(fetch_error('url_in_use'));
return false;
}
return $value;
}
}
if ($vbulletin->GPC['parseurl'] and $foruminfo['allowbbcode']) {
require_once DIR . '/includes/functions_newpost.php';
$counter = 0;
while ($counter++ < $polloptions) {
// 0..Pollnum-1 we want, as arrays start with 0
$vbulletin->GPC['options']["{$counter}"] = convert_url_to_bbcode($vbulletin->GPC['options']["{$counter}"]);
}
}
// check question and if 2 options or more were given
$counter = 0;
$optioncount = 0;
$badoption = '';
while ($counter++ < $polloptions) {
// 0..Pollnum-1 we want, as arrays start with 0
if ($vbulletin->options['maxpolllength'] and vbstrlen($vbulletin->GPC['options']["{$counter}"]) > $vbulletin->options['maxpolllength']) {
$badoption .= iif($badoption, ', ') . $counter;
}
if (!empty($vbulletin->GPC['options']["{$counter}"])) {
$optioncount++;
}
}
if ($badoption) {
eval(standard_error(fetch_error('polloptionlength', $vbulletin->options['maxpolllength'], $badoption)));
}
$bbcode_parser =& new vB_BbCodeParser($vbulletin, fetch_tag_list());
if ($vbulletin->GPC['preview'] != '' or $vbulletin->GPC['updatenumber'] != '') {
if ($vbulletin->GPC['preview'] != '') {
$previewpost = 1;
$counter = 0;
$pollpreview = '';
/**
* Handles the parsing of a signature picture. Most of this is handled
* based on the $parse_userinfo member.
*
* @param string Description for the sig pic
*
* @return string HTML representation of the sig pic
*/
function handle_bbcode_sigpic($description)
{
// remove unnecessary line breaks and escaped quotes
$description = str_replace(array('<br>', '<br />', '\\"'), array('', '', '"'), $description);
if (empty($this->parse_userinfo['userid']) or empty($this->parse_userinfo['sigpic']) or is_array($this->parse_userinfo['permissions']) and !($this->parse_userinfo['permissions']['signaturepermissions'] & $this->registry->bf_ugp_signaturepermissions['cansigpic'])) {
// unknown user or no sigpic
return '';
}
if ($this->registry->options['usefileavatar']) {
$sigpic_url = $this->registry->options['sigpicurl'] . '/sigpic' . $this->parse_userinfo['userid'] . '_' . $this->parse_userinfo['sigpicrevision'] . '.gif';
} else {
$sigpic_url = 'image.php?' . $this->registry->session->vars['sessionurl'] . 'u=' . $this->parse_userinfo['userid'] . "&type=sigpic&dateline=" . $this->parse_userinfo['sigpicdateline'];
}
if (defined('VB_AREA') and VB_AREA != 'Forum') {
// in a sub directory, may need to move up a level
if ($sigpic_url[0] != '/' and !preg_match('#^[a-z0-9]+:#i', $sigpic_url)) {
$sigpic_url = '../' . $sigpic_url;
}
}
$description = str_replace(array('\\"', '"'), '', trim($description));
if ($this->registry->userinfo['userid'] == 0 or $this->registry->userinfo['showimages']) {
return "<img src=\"{$sigpic_url}\" alt=\"{$description}\" border=\"0\" />";
} else {
if (!$description) {
$description = $sigpic_url;
if (vbstrlen($description) > 55 and $this->is_wysiwyg() == false) {
$description = substr($description, 0, 36) . '...' . substr($description, -14);
}
}
return "<a href=\"{$sigpic_url}\">{$description}</a>";
}
}
/**
* Trims a string to the specified length while keeping whole words
*
* @param string String to be trimmed
* @param integer Number of characters to aim for in the trimmed string
* @param boolean Append "..." to shortened text
*
* @return string
*/
function fetch_trimmed_title($title, $chars = -1, $append = true)
{
global $vbulletin;
if ($chars == -1)
{
$chars = $vbulletin->options['lastthreadchars'];
}
if ($chars)
{
// limit to 10 lines (\n{240}1234567890 does weird things to the thread preview)
$titlearr = preg_split('#(\r\n|\n|\r)#', $title);
$title = '';
$i = 0;
foreach ($titlearr AS $key)
{
$title .= "$key \n";
$i++;
if ($i >= 10)
{
break;
}
}
$title = trim($title);
unset($titlearr);
if (vbstrlen($title) > $chars)
{
$title = vbchop($title, $chars);
if (($pos = strrpos($title, ' ')) !== false)
{
$title = substr($title, 0, $pos);
}
if ($append)
{
$title .= '...';
}
}
//$title = fetch_soft_break_string($title);
}
return $title;
}
/**
* Verifies the page text is valid and sets it up for saving.
*
* @param string Page text
*
* @param bool Whether the text is valid
*/
function verify_pagetext(&$pagetext)
{
if (empty($this->info['skip_charcount']))
{
$maxchars = $this->table == 'blog' ? $this->registry->options['vbblog_entrymaxchars'] : $this->registry->options['vbblog_commentmaxchars'];
if ($maxchars != 0 AND ($postlength = vbstrlen($pagetext)) > $maxchars)
{
$this->error('toolong', $postlength, $maxchars);
return false;
}
$this->registry->options['postminchars'] = intval($this->registry->options['postminchars']);
if ($this->registry->options['postminchars'] <= 0)
{
$this->registry->options['postminchars'] = 1;
}
if (vbstrlen(strip_bbcode($pagetext)) < $this->registry->options['postminchars'])
{
$this->error('tooshort', $this->registry->options['postminchars']);
return false;
}
}
return parent::verify_pagetext($pagetext, false);
}
$infraction['expires_timeline'] = vbdate($vbulletin->options['timeformat'], $infraction['expires']);
$infraction['expires_dateline'] = vbdate($vbulletin->options['dateformat'], $infraction['expires']);
$show['neverexpires'] = false;
} else {
$show['neverexpires'] = true;
}
break;
case 1:
$show['expired'] = true;
break;
case 2:
$show['reversed'] = true;
break;
}
$threadinfo = array('threadid' => $infraction['threadid'], 'title' => $infraction['title']);
if (vbstrlen($infraction['title']) > 25) {
$infraction['title'] = fetch_trimmed_title($infraction['title'], 24);
}
$infraction['reason'] = !empty($vbphrase['infractionlevel' . $infraction['infractionlevelid'] . '_title']) ? $vbphrase['infractionlevel' . $infraction['infractionlevelid'] . '_title'] : ($infraction['customreason'] ? $infraction['customreason'] : $vbphrase['n_a']);
($hook = vBulletinHook::fetch_hook('usercp_infractioninfobit')) ? eval($hook) : false;
$pageinfo = array('p' => $infraction['postid']);
$templater = vB_Template::create('userinfraction_infobit');
$templater->register('card', $card);
$templater->register('infraction', $infraction);
$templater->register('pageinfo', $pageinfo);
$templater->register('threadinfo', $threadinfo);
$infractionbits .= $templater->render();
$show['infractions'] = true;
}
unset($bbcode_parser);
require_once DIR . '/includes/functions_misc.php';
/**
* Prints a dialog box asking if the user is sure they want to delete the specified item from the database
*
* @param string Name of table from which item will be deleted
* @param mixed ID of item to be deleted
* @param string PHP script to which the form will submit
* @param string 'do' action for target script
* @param string Word describing item to be deleted - eg: 'forum' or 'user' or 'post' etc.
* @param mixed If not empty, an array containing name=>value pairs to be used as hidden input fields
* @param string Extra text to be printed in the dialog box
* @param string Name of 'title' field in the table in the database
*/
function print_delete_confirmation($table, $itemid, $phpscript, $do, $itemname = '', $hiddenfields = 0, $extra = '', $titlename = 'title')
{
global $vbulletin, $vbphrase;
$idfield = $table . 'id';
$itemname = iif($itemname, $itemname, $table);
$deleteword = 'delete';
$encodehtml = true;
switch ($table) {
case 'infraction':
$item = $vbulletin->db->query_first("\n\t\t\t\tSELECT infractionid, infractionid AS title\n\t\t\t\tFROM " . TABLE_PREFIX . "infraction\n\t\t\t\tWHERE infractionid = {$itemid}\n\t\t\t");
break;
case 'reputation':
$item = $vbulletin->db->query_first("\n\t\t\t\tSELECT reputationid, reputationid AS title\n\t\t\t\tFROM " . TABLE_PREFIX . "reputation\n\t\t\t\tWHERE reputationid = {$itemid}\n\t\t\t");
break;
case 'user':
$item = $vbulletin->db->query_first("\n\t\t\t\tSELECT userid, username AS title\n\t\t\t\tFROM " . TABLE_PREFIX . "user\n\t\t\t\tWHERE userid = {$itemid}\n\t\t\t");
break;
case 'moderator':
$item = $vbulletin->db->query_first("\n\t\t\t\tSELECT moderatorid, username, title\n\t\t\t\tFROM " . TABLE_PREFIX . "moderator AS moderator,\n\t\t\t\t" . TABLE_PREFIX . "user AS user,\n\t\t\t\t" . TABLE_PREFIX . "forum AS forum\n\t\t\t\tWHERE user.userid = moderator.userid AND\n\t\t\t\tforum.forumid = moderator.forumid AND\n\t\t\t\tmoderatorid = {$itemid}\n\t\t\t");
$item['title'] = construct_phrase($vbphrase['x_from_the_forum_y'], $item['username'], $item['title']);
$encodehtml = false;
break;
case 'calendarmoderator':
$item = $vbulletin->db->query_first("\n\t\t\t\tSELECT calendarmoderatorid, username, title\n\t\t\t\tFROM " . TABLE_PREFIX . "calendarmoderator AS calendarmoderator,\n\t\t\t\t" . TABLE_PREFIX . "user AS user,\n\t\t\t\t" . TABLE_PREFIX . "calendar AS calendar\n\t\t\t\tWHERE user.userid = calendarmoderator.userid AND\n\t\t\t\tcalendar.calendarid = calendarmoderator.calendarid AND\n\t\t\t\tcalendarmoderatorid = {$itemid}\n\t\t\t");
$item['title'] = construct_phrase($vbphrase['x_from_the_calendar_y'], $item['username'], $item['title']);
$encodehtml = false;
break;
case 'phrase':
$item = $vbulletin->db->query_first("\n\t\t\t\tSELECT phraseid, varname AS title\n\t\t\t\tFROM " . TABLE_PREFIX . "phrase\n\t\t\t\tWHERE phraseid = {$itemid}\n\t\t\t");
break;
case 'userpromotion':
$item = $vbulletin->db->query_first("\n\t\t\t\tSELECT userpromotionid, usergroup.title\n\t\t\t\tFROM " . TABLE_PREFIX . "userpromotion AS userpromotion,\n\t\t\t\t" . TABLE_PREFIX . "usergroup AS usergroup\n\t\t\t\tWHERE userpromotionid = {$itemid} AND\n\t\t\t\tuserpromotion.usergroupid = usergroup.usergroupid\n\t\t\t");
break;
case 'usergroupleader':
$item = $vbulletin->db->query_first("\n\t\t\t\tSELECT usergroupleaderid, username AS title\n\t\t\t\tFROM " . TABLE_PREFIX . "usergroupleader AS usergroupleader\n\t\t\t\tINNER JOIN " . TABLE_PREFIX . "user AS user USING (userid)\n\t\t\t\tWHERE usergroupleaderid = {$itemid}\n\t\t\t");
break;
case 'setting':
$item = $vbulletin->db->query_first("\n\t\t\t\tSELECT varname AS title\n\t\t\t\tFROM " . TABLE_PREFIX . "setting\n\t\t\t\tWHERE varname = '" . $vbulletin->db->escape_string($itemid) . "'\n\t\t\t");
$idfield = 'title';
break;
case 'settinggroup':
$item = $vbulletin->db->query_first("\n\t\t\t\tSELECT grouptitle AS title\n\t\t\t\tFROM " . TABLE_PREFIX . "settinggroup\n\t\t\t\tWHERE grouptitle = '" . $vbulletin->db->escape_string($itemid) . "'\n\t\t\t");
$idfield = 'title';
break;
case 'adminhelp':
$item = $vbulletin->db->query_first("\n\t\t\t\tSELECT adminhelpid, phrase.text AS title\n\t\t\t\tFROM " . TABLE_PREFIX . "adminhelp AS adminhelp\n\t\t\t\tLEFT JOIN " . TABLE_PREFIX . "phrase AS phrase ON (phrase.varname = CONCAT(adminhelp.script, IF(adminhelp.action != '', CONCAT('_', REPLACE(adminhelp.action, ',', '_')), ''), IF(adminhelp.optionname != '', CONCAT('_', adminhelp.optionname), ''), '_title') AND phrase.fieldname = 'cphelptext' AND phrase.languageid IN (-1, 0))\n\t\t\t\tWHERE adminhelpid = {$itemid}\n\t\t\t");
break;
case 'faq':
$item = $vbulletin->db->query_first("\n\t\t\t\tSELECT faqname, IF(phrase.text IS NOT NULL, phrase.text, faq.faqname) AS title\n\t\t\t\tFROM " . TABLE_PREFIX . "faq AS faq\n\t\t\t\tLEFT JOIN " . TABLE_PREFIX . "phrase AS phrase ON (phrase.varname = faq.faqname AND phrase.fieldname = 'faqtitle' AND phrase.languageid IN(-1, 0))\n\t\t\t\tWHERE faqname = '" . $vbulletin->db->escape_string($itemid) . "'\n\t\t\t");
$idfield = 'faqname';
break;
case 'product':
$item = $vbulletin->db->query_first("\n\t\t\t\tSELECT productid, title\n\t\t\t\tFROM " . TABLE_PREFIX . "product\n\t\t\t\tWHERE productid = '" . $vbulletin->db->escape_string($itemid) . "'\n\t\t\t");
break;
case 'prefix':
$item = $vbulletin->db->query_first("\n\t\t\t\tSELECT prefixid\n\t\t\t\tFROM " . TABLE_PREFIX . "prefix\n\t\t\t\tWHERE prefixid = '" . $vbulletin->db->escape_string($itemid) . "'\n\t\t\t");
$item['title'] = $vbphrase["prefix_{$item['prefixid']}_title_plain"];
break;
case 'prefixset':
$item = $vbulletin->db->query_first("\n\t\t\t\tSELECT prefixsetid\n\t\t\t\tFROM " . TABLE_PREFIX . "prefixset\n\t\t\t\tWHERE prefixsetid = '" . $vbulletin->db->escape_string($itemid) . "'\n\t\t\t");
$item['title'] = $vbphrase["prefixset_{$item['prefixsetid']}_title"];
break;
default:
$handled = false;
($hook = vBulletinHook::fetch_hook('admin_delete_confirmation')) ? eval($hook) : false;
if (!$handled) {
$item = $vbulletin->db->query_first("\n\t\t\t\t\tSELECT {$idfield}, {$titlename} AS title\n\t\t\t\t\tFROM " . TABLE_PREFIX . "{$table}\n\t\t\t\t\tWHERE {$idfield} = {$itemid}\n\t\t\t\t");
}
break;
}
switch ($table) {
case 'template':
if ($itemname == 'replacement_variable') {
$deleteword = 'delete';
} else {
$deleteword = 'revert';
}
break;
case 'adminreminder':
if (vbstrlen($item['title']) > 30) {
$item['title'] = substr($item['title'], 0, 30) . '...';
}
break;
case 'subscription':
$item['title'] = $vbphrase['sub' . $item['subscriptionid'] . '_title'];
break;
}
if ($encodehtml and (strcspn($item['title'], '<>"') < strlen($item['title']) or strpos($item['title'], '&') !== false and !preg_match('/&(#[0-9]+|amp|lt|gt|quot);/si', $item['title']))) {
// title contains html entities that should be encoded
$item['title'] = htmlspecialchars_uni($item['title']);
}
if ($item["{$idfield}"] == $itemid and !empty($itemid)) {
echo "<p> </p><p> </p>";
print_form_header($phpscript, $do, 0, 1, '', '75%');
construct_hidden_code(($idfield == 'styleid' or $idfield == 'languageid') ? 'do' . $idfield : $idfield, $itemid);
if (is_array($hiddenfields)) {
foreach ($hiddenfields as $varname => $value) {
construct_hidden_code($varname, $value);
}
}
print_table_header(construct_phrase($vbphrase['confirm_deletion_x'], $item['title']));
print_description_row("\n\t\t\t<blockquote><br />\n\t\t\t" . construct_phrase($vbphrase["are_you_sure_want_to_{$deleteword}_{$itemname}_x"], $item['title'], $idfield, $item["{$idfield}"], iif($extra, "{$extra}<br /><br />")) . "\n\t\t\t<br /></blockquote>\n\t");
print_submit_row($vbphrase['yes'], 0, 2, $vbphrase['no']);
} else {
print_stop_message('could_not_find', '<b>' . $itemname . '</b>', $idfield, $itemid);
}
}
/**
* Checks a string for words banned in custom user titles and replaces them with the censor character
*
* @param string Custom user title
*
* @return string The censored string
*/
function censor_custom_title($usertitle)
{
static $ctcensorwords;
if (empty($ctcensorwords)) {
$ctcensorwords = preg_split('#[ \\r\\n\\t]+#', preg_quote($this->registry->options['ctCensorWords'], '#'), -1, PREG_SPLIT_NO_EMPTY);
}
foreach ($ctcensorwords as $censorword) {
if (substr($censorword, 0, 2) == '\\{') {
$censorword = substr($censorword, 2, -2);
$usertitle = preg_replace('#(?<=[^A-Za-z]|^)' . $censorword . '(?=[^A-Za-z]|$)#si', str_repeat($this->registry->options['censorchar'], vbstrlen($censorword)), $usertitle);
} else {
$usertitle = preg_replace("#{$censorword}#si", str_repeat($this->registry->options['censorchar'], vbstrlen($censorword)), $usertitle);
}
}
return $usertitle;
}
/**
* Verifies that the provided username is valid, and attempts to correct it if it is not valid
*
* @param string Username
*
* @return boolean Returns true if the username is valid, or has been corrected to be valid
*/
function verify_username(&$username)
{
// this is duplicated from the user manager
// fix extra whitespace and invisible ascii stuff
$username = trim(preg_replace('#[ \\r\\n\\t]+#si', ' ', strip_blank_ascii($username, ' ')));
$username_raw = $username;
global $stylevar;
$username = preg_replace('/&#([0-9]+);/ie', "convert_unicode_char_to_charset('\\1', \$stylevar['charset'])", $username);
$username = preg_replace('/�*([0-9]{1,2}|1[01][0-9]|12[0-7]);/ie', "convert_int_to_utf8('\\1')", $username);
$username = str_replace(chr(0), '', $username);
$username = trim($username);
$length = vbstrlen($username);
if ($length < $this->registry->options['minuserlength']) {
// name too short
$this->error('usernametooshort', $this->registry->options['minuserlength']);
return false;
} else {
if ($length > $this->registry->options['maxuserlength']) {
// name too long
$this->error('usernametoolong', $this->registry->options['maxuserlength']);
return false;
} else {
if (preg_match('/(?<!&#[0-9]{3}|&#[0-9]{4}|&#[0-9]{5});/', $username)) {
// name contains semicolons
$this->error('username_contains_semi_colons');
return false;
} else {
if ($username != fetch_censored_text($username)) {
// name contains censored words
$this->error('censorfield', $this->registry->options['contactuslink']);
return false;
} else {
if ($this->dbobject->query_first("\n\t\t\tSELECT userid, username FROM " . TABLE_PREFIX . "user\n\t\t\tWHERE userid != " . intval($this->existing['userid']) . "\n\t\t\tAND\n\t\t\t(\n\t\t\t\tusername = '******'\n\t\t\t\tOR\n\t\t\t\tusername = '******'\n\t\t\t)\n\t\t")) {
// name is already in use
$this->error('usernametaken', htmlspecialchars_uni($username), $this->registry->session->vars['sessionurl']);
return false;
} else {
if (!empty($this->registry->options['illegalusernames'])) {
// check for illegal username
$usernames = preg_split('/[ \\r\\n\\t]+/', $this->registry->options['illegalusernames'], -1, PREG_SPLIT_NO_EMPTY);
foreach ($usernames as $val) {
if (strpos(strtolower($username), strtolower($val)) !== false) {
// wierd error to show, but hey...
$this->error('usernametaken', htmlspecialchars_uni($username), $this->registry->session->vars['sessionurl']);
return false;
}
}
}
}
}
}
}
}
// if we got here, everything is okay
$username = htmlspecialchars_uni($username);
return true;
}
/**
* Verifies that the message field is valid
*
* @param string Message text
*
* @return boolean
*/
function verify_message(&$message)
{
if ($message == '') {
$this->error('nosubject');
return false;
}
// check message length
if (empty($this->info['is_automated']) and $this->registry->options['pmmaxchars'] > 0) {
$messagelength = vbstrlen($message);
if ($messagelength > $this->registry->options['pmmaxchars']) {
$this->error('toolong', $messagelength, $this->registry->options['pmmaxchars']);
return false;
}
}
$message = fetch_censored_text($message);
return true;
}
protected static function is_tag_valid($tagtext, &$errors)
{
global $vbulletin;
static $taggoodwords = null;
static $tagbadwords = null;
// construct stop words and exception lists (if not previously constructed)
if (is_null($taggoodwords) or is_null($tagbadwords)) {
// filter the stop words by adding custom stop words (tagbadwords) and allowing through exceptions (taggoodwords)
if (!is_array($tagbadwords)) {
$tagbadwords = preg_split('/\\s+/s', vbstrtolower($vbulletin->options['tagbadwords']), -1, PREG_SPLIT_NO_EMPTY);
}
if (!is_array($taggoodwords)) {
$taggoodwords = preg_split('/\\s+/s', vbstrtolower($vbulletin->options['taggoodwords']), -1, PREG_SPLIT_NO_EMPTY);
}
// get the stop word list; allow multiple requires
require DIR . '/includes/searchwords.php';
// merge hard-coded badwords and tag-specific badwords
$tagbadwords = array_merge($badwords, $tagbadwords);
}
if ($tagtext === '') {
return false;
}
if (in_array(vbstrtolower($tagtext), $taggoodwords)) {
return true;
}
$char_strlen = vbstrlen($tagtext, true);
if ($vbulletin->options['tagminlen'] and $char_strlen < $vbulletin->options['tagminlen']) {
$errors['min_length'] = array('tag_too_short_min_x', $vbulletin->options['tagminlen']);
return false;
}
// Correct potentially odd value.
$vbulletin->options['tagmaxlen'] = $vbulletin->options['tagmaxlen'] > 100 ? 100 : $vbulletin->options['tagmaxlen'];
if ($char_strlen > $vbulletin->options['tagmaxlen']) {
$errors['max_length'] = array('tag_too_long_max_x', $vbulletin->options['tagmaxlen']);
return false;
}
if (strlen($tagtext) > 100) {
// only have 100 bytes to store a tag
$errors['max_length'] = array('tag_too_long_max_x', $vbulletin->options['tagmaxlen']);
return false;
}
$censored = fetch_censored_text($tagtext);
if ($censored != $tagtext) {
// can't have tags with censored text
$errors['censor'] = 'tag_no_censored';
return false;
}
if (count(self::split_tag_list($tagtext)) > 1) {
// contains a delimiter character
$errors['comma'] = $evalerrors ? fetch_error('tag_no_comma') : 'tag_no_comma';
return false;
}
if (in_array(strtolower($tagtext), $tagbadwords)) {
$errors['common'] = array('tag_x_not_be_common_words', $tagtext);
return false;
}
return true;
}
if ($vbulletin->options['wordwrap'] != 0) {
$vbulletin->GPC['title'] = fetch_word_wrapped_string($vbulletin->GPC['title']);
}
// remove all caps subjects
$vbulletin->GPC['title'] = fetch_no_shouting_text($vbulletin->GPC['title']);
$vbulletin->GPC['message'] = fetch_censored_text($vbulletin->GPC['message']);
if ($vbulletin->GPC['parseurl'] and $vbulletin->options['unallowvbcode']) {
$vbulletin->GPC['message'] = convert_url_to_bbcode($vbulletin->GPC['message']);
}
// remove sessionhash from urls:
$vbulletin->GPC['message'] = preg_replace('/(s|sessionhash)=[a-z0-9]{32}&{0,1}/', '', $vbulletin->GPC['message']);
$vbulletin->GPC['message'] = fetch_no_shouting_text($vbulletin->GPC['message']);
if (vbstrlen($vbulletin->GPC['message']) > $vbulletin->options['postmaxchars'] and $vbulletin->options['postmaxchars'] != 0) {
eval(standard_error(fetch_error('toolong', $postlength, $vbulletin->options['postmaxchars'])));
}
if (vbstrlen($vbulletin->GPC['message']) < $vbulletin->options['postminchars'] or $vbulletin->GPC['message'] == '') {
eval(standard_error(fetch_error('tooshort', $vbulletin->options['postminchars'])));
}
($hook = vBulletinHook::fetch_hook('usernote_donote')) ? eval($hook) : false;
if ($vbulletin->GPC['usernoteid']) {
// Edited note.
$db->query_write("\r\n\t\t\tUPDATE " . TABLE_PREFIX . "usernote\r\n\t\t\tSET message = '" . $db->escape_string($vbulletin->GPC['message']) . "',\r\n\t\t\t\ttitle = '" . $db->escape_string($vbulletin->GPC['title']) . "',\r\n\t\t\t\tallowsmilies = {$allowsmilies}\r\n\t\t\tWHERE usernoteid = " . $vbulletin->GPC['usernoteid'] . "\r\n\t\t");
} else {
/*insert query*/
$db->query_write("\r\n\t\t\tINSERT INTO " . TABLE_PREFIX . "usernote (message, dateline, userid, posterid, title, allowsmilies)\r\n\t\t\tVALUES ('" . $db->escape_string($vbulletin->GPC['message']) . "', " . TIMENOW . ", {$userinfo['userid']}, " . $vbulletin->userinfo['userid'] . ", '" . $db->escape_string($vbulletin->GPC['title']) . "', {$allowsmilies})\r\n\t\t");
}
if (!$canview) {
$vbulletin->url = fetch_seo_url('member', $userinfo);
} else {
$vbulletin->url = 'usernote.php?' . $vbulletin->session->vars['sessionurl'] . "do=viewuser&u={$userinfo['userid']}";
}
$bbcode_parser =& new vB_BbCodeParser_ImgCheck($vbulletin, fetch_tag_list());
$bbcode_parser->set_parse_userinfo($userinfo_sigpic, $vbulletin->userinfo['permissions']);
$parsedsig = $bbcode_parser->parse($signature, 'signature');
$imagecount = fetch_character_count($parsedsig, '<img');
// Count the images
if ($imagecount > $vbulletin->userinfo['permissions']['sigmaximages']) {
$vbulletin->GPC['preview'] = true;
$errors[] = fetch_error('toomanyimages', $imagecount, $vbulletin->userinfo['permissions']['sigmaximages']);
}
}
// Count the raw characters in the signature
if ($vbulletin->userinfo['permissions']['sigmaxrawchars'] and vbstrlen($signature) > $vbulletin->userinfo['permissions']['sigmaxrawchars']) {
$vbulletin->GPC['preview'] = true;
$errors[] = fetch_error('sigtoolong_includingbbcode', $vbulletin->userinfo['permissions']['sigmaxrawchars']);
} else {
if ($vbulletin->userinfo['permissions']['sigmaxchars'] and vbstrlen(strip_bbcode($signature, false, false, false)) > $vbulletin->userinfo['permissions']['sigmaxchars']) {
$vbulletin->GPC['preview'] = true;
$errors[] = fetch_error('sigtoolong_excludingbbcode', $vbulletin->userinfo['permissions']['sigmaxchars']);
}
}
if ($vbulletin->userinfo['permissions']['sigmaxlines'] > 0) {
require_once DIR . '/includes/class_sigparser_char.php';
$char_counter =& new vB_SignatureParser_CharCount($vbulletin, fetch_tag_list(), $vbulletin->userinfo['permissions'], $vbulletin->userinfo['userid']);
$line_count_text = $char_counter->parse(trim($signature));
if ($vbulletin->options['softlinebreakchars'] > 0) {
// implicitly wrap after X characters without a break
$line_count_text = preg_replace('#([^\\r\\n]{' . $vbulletin->options['softlinebreakchars'] . '})#', "\\1\n", $line_count_text);
}
// + 1, since 0 linebreaks still means 1 line
$line_count = substr_count($line_count_text, "\n") + 1;
if ($line_count > $vbulletin->userinfo['permissions']['sigmaxlines']) {
/**
* Check the Tag
*
* Checks the tag to make sure it's within the allowed
* character/word length, and strips out any stopwords
* that are contained in it
*
* Sets $this->error if an error was encountered
*
* @param string $tag A tag
* @return string The tag minus any stopwords contained (may be empty)
*/
function checktag($tag)
{
if (!is_array($this->stopwords)) {
$this->stopwords = array();
}
$words = preg_split("#[\\s]+#", $tag, -1, PREG_SPLIT_NO_EMPTY);
if (count($this->stopwords)) {
$changed = false;
foreach ($words as $k => $word) {
if (in_array($word, $this->stopwords)) {
unset($words[$k]);
$changed = true;
}
}
$tag = implode(' ', $words);
}
$error = false;
if (count($words) > 3) {
# too many words per tag
$error = true;
}
foreach ($words as $word) {
if (vbstrlen($word) > 20) {
# word in tag too long
$error = true;
}
}
if ($error) {
$this->error = 1;
if ($this->postings) {
return '';
}
}
return $tag;
}