public function __construct($from_id = 0, $from_ip = "0.0.0.0", $to_id = 0, $subject = "A Message", $message = "Some Text", $read = False)
{
# PHP: the P stands for "really", the H stands for "awful" and the other P stands for "language"
if (is_array($from_id)) {
$a = $from_id;
$this->id = $a["id"];
$this->from_id = $a["from_id"];
$this->from_ip = $a["from_ip"];
$this->to_id = $a["to_id"];
$this->sent_date = $a["sent_date"];
$this->subject = $a["subject"];
$this->message = $a["message"];
$this->is_read = bool_escape($a["is_read"]);
} else {
$this->id = -1;
$this->from_id = $from_id;
$this->from_ip = $from_ip;
$this->to_id = $to_id;
$this->subject = $subject;
$this->message = $message;
$this->is_read = $read;
}
}
/**
* Handle an transload.
*
* @param string $url
* @param mixed $tags
* @param string $source
* @param string $replace
* @return bool Returns TRUE on transload successful.
*/
private function try_transload($url, $tags, $source, $replace = '')
{
global $page, $config, $user;
$ok = true;
// Checks if user is admin > check if you want locked.
if ($user->can("edit_image_lock") && !empty($_GET['locked'])) {
$locked = bool_escape($_GET['locked']);
}
// Checks if url contains rating, also checks if the rating extension is enabled.
if ($config->get_string("transload_engine", "none") != "none" && class_exists("Ratings") && !empty($_GET['rating'])) {
// Rating event will validate that this is s/q/e/u
$rating = strtolower($_GET['rating']);
$rating = $rating[0];
} else {
$rating = "";
}
$tmp_filename = tempnam(ini_get('upload_tmp_dir'), "shimmie_transload");
// transload() returns Array or Bool, depending on the transload_engine.
$headers = transload($url, $tmp_filename);
$s_filename = is_array($headers) ? findHeader($headers, 'Content-Disposition') : null;
$h_filename = $s_filename ? preg_replace('/^.*filename="([^ ]+)"/i', '$1', $s_filename) : null;
$filename = $h_filename ?: basename($url);
if (!$headers) {
$this->theme->display_upload_error($page, "Error with " . html_escape($filename), "Error reading from " . html_escape($url));
return false;
}
if (filesize($tmp_filename) == 0) {
$this->theme->display_upload_error($page, "Error with " . html_escape($filename), "No data found -- perhaps the site has hotlink protection?");
$ok = false;
} else {
$pathinfo = pathinfo($url);
$metadata = array();
$metadata['filename'] = $filename;
$metadata['extension'] = getExtension(findHeader($headers, 'Content-Type')) ?: $pathinfo['extension'];
$metadata['tags'] = $tags;
$metadata['source'] = $url == $source && !$config->get_bool('upload_tlsource') ? "" : $source;
/* check for locked > adds to metadata if it has */
if (!empty($locked)) {
$metadata['locked'] = $locked ? "on" : "";
}
/* check for rating > adds to metadata if it has */
if (!empty($rating)) {
$metadata['rating'] = $rating;
}
/* check if we have been given an image ID to replace */
if (!empty($replace)) {
$metadata['replace'] = $replace;
}
$event = new DataUploadEvent($tmp_filename, $metadata);
try {
send_event($event);
} catch (UploadException $ex) {
$this->theme->display_upload_error($page, "Error with " . html_escape($url), $ex->getMessage());
$ok = false;
}
}
unlink($tmp_filename);
return $ok;
}
/**
* @param bool $tf
* @throws SCoreException
*/
public function set_locked($tf)
{
global $database;
$ln = $tf ? "Y" : "N";
$sln = $database->scoreql_to_sql('SCORE_BOOL_' . $ln);
$sln = str_replace("'", "", $sln);
$sln = str_replace('"', "", $sln);
if (bool_escape($sln) !== $this->locked) {
$database->execute("UPDATE images SET locked=:yn WHERE id=:id", array("yn" => $sln, "id" => $this->id));
log_info("core_image", "Setting Image #{$this->id} lock to: {$ln}", false, array("image_id" => $this->id));
}
}
private function try_transload($url, $tags, $source, $replace = '')
{
global $page;
global $config;
global $user;
$ok = true;
//Allows external source to be set.
if (!empty($_GET['source'])) {
$source = $_GET['source'];
} else {
$source = $url;
}
if (!preg_match("#^(https?|ftp)://#", $source)) {
$source = $url;
}
// Checks if user is admin > check if you want locked.
if ($user->is_admin()) {
$locked = bool_escape($_GET['locked']);
}
// Checks if url contains rating, also checks if the rating extension is enabled.
if ($config->get_string("transload_engine", "none") != "none" && file_exists("ext/rating") && !empty($_GET['rating'])) {
// Rating event will validate that this is s/q/e/u
$rating = strtolower($_GET['rating']);
$rating = $rating[0];
} else {
$rating = "";
}
// PHP falls back to system default if /tmp fails, can't we just
// use the system default to start with? :-/
$tmp_filename = tempnam("/tmp", "shimmie_transload");
$filename = basename($url);
if ($config->get_string("transload_engine") == "fopen") {
$fp = @fopen($url, "r");
if (!$fp) {
$this->theme->display_upload_error($page, "Error with " . html_escape($filename), "Error reading from " . html_escape($url));
return false;
}
$data = "";
$length = 0;
while (!feof($fp) && $length <= $config->get_int('upload_size')) {
$data .= fread($fp, 8192);
$length = strlen($data);
}
fclose($fp);
$fp = fopen($tmp_filename, "w");
fwrite($fp, $data);
fclose($fp);
}
if ($config->get_string("transload_engine") == "curl" && function_exists("curl_init")) {
$ch = curl_init($url);
$fp = fopen($tmp_filename, "w");
curl_setopt($ch, CURLOPT_FILE, $fp);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_REFERER, $url);
curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER["HTTP_USER_AGENT"]);
curl_exec($ch);
curl_close($ch);
fclose($fp);
}
if ($config->get_string("transload_engine") == "wget") {
$ua = "Shimmie-" . VERSION;
$s_url = escapeshellarg($url);
$s_tmp = escapeshellarg($tmp_filename);
system("wget {$s_url} --output-document={$s_tmp} --user-agent={$ua} --referer={$s_url}");
}
if (filesize($tmp_filename) == 0) {
$this->theme->display_upload_error($page, "Error with " . html_escape($filename), "No data found -- perhaps the site has hotlink protection?");
$ok = false;
} else {
global $user;
$pathinfo = pathinfo($url);
$metadata['filename'] = $pathinfo['basename'];
$metadata['extension'] = $pathinfo['extension'];
$metadata['tags'] = $tags;
$metadata['source'] = $source;
/* check for locked > adds to metadata if it has */
if (!empty($locked)) {
$metadata['locked'] = $locked ? "on" : "";
}
/* check for rating > adds to metadata if it has */
if (!empty($rating)) {
$metadata['rating'] = $rating;
}
/* check if we have been given an image ID to replace */
if (!empty($replace)) {
$metadata['replace'] = $replace;
}
$event = new DataUploadEvent($user, $tmp_filename, $metadata);
try {
send_event($event);
} catch (UploadException $ex) {
$this->theme->display_upload_error($page, "Error with " . html_escape($url), $ex->getMessage());
$ok = false;
}
}
unlink($tmp_filename);
return $ok;
}
function __construct($file)
{
$xml_parser = xml_parser_create();
xml_set_element_handler($xml_parser, array($this, "startElement"), array($this, "endElement"));
$this->valid = bool_escape(xml_parse($xml_parser, file_get_contents($file), true));
xml_parser_free($xml_parser);
}
/**
* @param int $tipID
*/
private function setStatus($tipID)
{
global $database;
$tip = $database->get_row("SELECT * FROM tips WHERE id = ? ", array(int_escape($tipID)));
if (bool_escape($tip['enable'])) {
$enable = "N";
} else {
$enable = "Y";
}
$database->execute("UPDATE tips SET enable = ? WHERE id = ?", array($enable, int_escape($tipID)));
}
function validate_input($inputs)
{
$outputs = array();
foreach ($inputs as $key => $validations) {
$flags = explode(',', $validations);
if (in_array('bool', $flags) && !isset($_POST[$key])) {
$_POST[$key] = 'off';
}
if (in_array('optional', $flags)) {
if (!isset($_POST[$key]) || trim($_POST[$key]) == "") {
$outputs[$key] = null;
continue;
}
}
if (!isset($_POST[$key]) || trim($_POST[$key]) == "") {
throw new InvalidInput("Input '{$key}' not set");
}
$value = trim($_POST[$key]);
if (in_array('user_id', $flags)) {
$id = int_escape($value);
if (in_array('exists', $flags)) {
if (is_null(User::by_id($id))) {
throw new InvalidInput("User #{$id} does not exist");
}
}
$outputs[$key] = $id;
} else {
if (in_array('user_name', $flags)) {
if (strlen($value) < 1) {
throw new InvalidInput("Username must be at least 1 character");
} else {
if (!preg_match('/^[a-zA-Z0-9-_]+$/', $value)) {
throw new InvalidInput("Username contains invalid characters. Allowed characters are " . "letters, numbers, dash, and underscore");
}
}
$outputs[$key] = $value;
} else {
if (in_array('user_class', $flags)) {
global $_shm_user_classes;
if (!array_key_exists($value, $_shm_user_classes)) {
throw new InvalidInput("Invalid user class: " . html_escape($value));
}
$outputs[$key] = $value;
} else {
if (in_array('email', $flags)) {
$outputs[$key] = trim($value);
} else {
if (in_array('password', $flags)) {
$outputs[$key] = $value;
} else {
if (in_array('int', $flags)) {
$value = trim($value);
if (empty($value) || !is_numeric($value)) {
throw new InvalidInput("Invalid int: " . html_escape($value));
}
$outputs[$key] = (int) $value;
} else {
if (in_array('bool', $flags)) {
$outputs[$key] = bool_escape($value);
} else {
if (in_array('string', $flags)) {
if (in_array('trim', $flags)) {
$value = trim($value);
}
if (in_array('lower', $flags)) {
$value = strtolower($value);
}
if (in_array('not-empty', $flags)) {
throw new InvalidInput("{$key} must not be blank");
}
if (in_array('nullify', $flags)) {
if (empty($value)) {
$value = null;
}
}
$outputs[$key] = $value;
} else {
throw new InvalidInput("Unknown validation '{$validations}'");
}
}
}
}
}
}
}
}
}
return $outputs;
}
/**
* @param string $name
* @param null|bool|string $default
* @return bool
*/
public function get_bool($name, $default = null)
{
return bool_escape($this->get($name, $default));
}