/** * Returns an SQL query string to update a single template * * @param string Title of template * @param string Un-parsed template HTML * @param integer Style ID for template * @param array (ref) array('template' => array($title => true)) * @param string The name of the product this template is associated with * * @return string */ function fetch_template_update_sql($title, $template, $dostyleid, &$delete, $product = 'vbulletin') { global $vbulletin, $_query_special_templates, $template_cache; $oldtemplate = $template_cache['template']["{$title}"]; if (is_array($template)) { array_walk($template, 'array_trim'); $template = "background: {$template['background']}; color: {$template['color']}; padding: {$template['padding']}; border: {$template['border']};"; } // check if template should be deleted if ($delete['template']["{$title}"]) { return "### DELETE TEMPLATE {$title} ###\n\t\t\tDELETE FROM " . TABLE_PREFIX . "template\n\t\t\tWHERE templateid = {$oldtemplate['templateid']}\n\t\t"; } if ($template == $oldtemplate['template_un']) { return false; } else { // check for copyright removal if ($title == 'footer' and strpos($template, '$vbphrase[powered_by_vbulletin]') === false and strpos($oldtemplate['template_un'], '$vbphrase[powered_by_vbulletin]') !== false) { print_stop_message('you_can_not_remove_vbulletin_copyright'); } // parse template conditionals if (!in_array($title, $_query_special_templates)) { $parsedtemplate = compile_template($template); $errors = check_template_errors($parsedtemplate); // halt if errors in conditionals if (!empty($errors)) { print_stop_message('error_in_template_x_y', $title, "<i>{$errors}</i>"); } } else { $parsedtemplate =& $template; } $full_product_info = fetch_product_list(true); return "\n\t\t\t### REPLACE TEMPLATE: {$title} ###\n\t\t\tREPLACE INTO " . TABLE_PREFIX . "template\n\t\t\t\t(styleid, title, template, template_un, templatetype, dateline, username, version, product)\n\t\t\tVALUES\n\t\t\t\t(" . intval($dostyleid) . ",\n\t\t\t\t'" . $vbulletin->db->escape_string($title) . "',\n\t\t\t\t'" . $vbulletin->db->escape_string($parsedtemplate) . "',\n\t\t\t\t'" . $vbulletin->db->escape_string($template) . "',\n\t\t\t\t'template',\n\t\t\t\t" . TIMENOW . ",\n\t\t\t\t'" . $vbulletin->db->escape_string($vbulletin->userinfo['username']) . "',\n\t\t\t\t'" . $vbulletin->db->escape_string($full_product_info["{$product}"]['version']) . "',\n\t\t\t\t'" . $vbulletin->db->escape_string($product) . "')\n\t\t"; } }
//--> </script> <?php } // ############################################################################# // simple update query for an existing template if ($_POST['do'] == 'updatetemplate') { $vbulletin->input->clean_array_gpc('p', array('title' => TYPE_STR, 'oldtitle' => TYPE_STR, 'template' => TYPE_NOTRIM, 'group' => TYPE_STR, 'product' => TYPE_STR, 'savehistory' => TYPE_BOOL, 'histcomment' => TYPE_STR, 'string' => TYPE_STR, 'searchstring' => TYPE_STR, 'expandset' => TYPE_NOHTML, 'searchset' => TYPE_NOHTML, 'return' => TYPE_STR, 'confirmerrors' => TYPE_BOOL, 'lastedit' => TYPE_UINT)); // remove escaped CDATA (just in case user is pasting template direct from an XML editor // where the CDATA tags will have been escaped by our escaper... // $template = xml_unescape_cdata($template); $template_un = $vbulletin->GPC['template']; $vbulletin->GPC['template'] = compile_template($vbulletin->GPC['template']); // error checking on conditionals if (empty($vbulletin->GPC['confirmerrors'])) { $errors = check_template_errors($vbulletin->GPC['template']); if (!empty($errors)) { print_form_header('template', 'updatetemplate', 0, 1, '', '75%'); construct_hidden_code('confirmerrors', 1); construct_hidden_code('title', $vbulletin->GPC['title']); construct_hidden_code('template', $template_un); construct_hidden_code('templateid', $vbulletin->GPC['templateid']); construct_hidden_code('group', $vbulletin->GPC['group']); construct_hidden_code('searchstring', $vbulletin->GPC['searchstring']); construct_hidden_code('dostyleid', $vbulletin->GPC['dostyleid']); construct_hidden_code('product', $vbulletin->GPC['product']); construct_hidden_code('savehistory', intval($vbulletin->GPC['savehistory'])); construct_hidden_code('histcomment', $vbulletin->GPC['histcomment']); print_table_header($vbphrase['vbulletin_message']); print_description_row(construct_phrase($vbphrase['template_eval_error'], $errors)); print_submit_row($vbphrase['continue'], 0, 2, $vbphrase['go_back']);
$template_un = $template; require_once DIR . '/includes/adminfunctions_template.php'; $template = compile_template($template); // rebuild previous template if ad has moved locations $ad_location_orig = $vbulletin->GPC['ad_location_orig']; if ($ad['adlocation'] != $ad_location_orig) { $template_orig = wrap_ad_template(build_ad_template($ad_location_orig), $ad_location_orig); $template_orig_un = $template_orig; $template_orig = compile_template($template_orig); replace_ad_template(0, $ad_location_orig, $template_orig, $template_orig_un, $vbulletin->userinfo['username'], $vbulletin->options['templateversion']); replace_ad_template(-1, $ad_location_orig, $template_orig, $template_orig_un, $vbulletin->userinfo['username'], $vbulletin->options['templateversion']); } // note: this error check will ALWAYS be triggered if another ad on the same location have an error. // would be a good idea to add a new description row to detail this problem for end users. if (empty($vbulletin->GPC['confirmerrors'])) { $errors = check_template_errors($template); if (!empty($errors)) { print_form_header('ad', 'update', 0, 1, '', '75%'); construct_hidden_code('confirmerrors', 1); construct_hidden_code('adid', intval($vbulletin->GPC['adid'])); construct_hidden_code('title', $vbulletin->GPC['title']); construct_hidden_code('ad_location', $vbulletin->GPC['ad_location']); construct_hidden_code('ad_html', $vbulletin->GPC['ad_html']); construct_hidden_code('displayorder', intval($vbulletin->GPC['displayorder'])); construct_hidden_code('active', $vbulletin->GPC['active']); construct_hidden_code('criteria_serialized', $criterion); print_table_header($vbphrase['vbulletin_message']); print_description_row(construct_phrase($vbphrase['template_eval_error'], $errors)); print_description_row(construct_phrase($template_un, $errors)); print_submit_row($vbphrase['continue'], 0, 2, $vbphrase['go_back']); print_cp_footer();
/** * Returns an SQL query string to update a single template * * @param string Title of template * @param string Un-parsed template HTML * @param integer Style ID for template * @param array (ref) array('template' => array($title => true)) * @param string The name of the product this template is associated with * * @return string */ function fetch_template_update_sql($title, $template, $dostyleid, &$delete, $product = 'vbulletin') { global $vbulletin, $_query_special_templates, $template_cache; $oldtemplate = $template_cache['template']["$title"]; if (is_array($template)) { array_walk($template, 'array_trim'); $template = "background: $template[background]; color: $template[color]; padding: $template[padding]; border: $template[border];"; } // check if template should be deleted if ($delete['template']["$title"]) { return "### DELETE TEMPLATE $title ### DELETE FROM " . TABLE_PREFIX . "template WHERE templateid = $oldtemplate[templateid] "; } if ($template == $oldtemplate['template_un']) { return false; } else { // check for copyright removal if ($title == 'footer' // only check footer template AND strpos($template, '$vbphrase[powered_by_vbulletin]') === false // template to be saved has no copyright AND strpos($oldtemplate['template_un'], '$vbphrase[powered_by_vbulletin]') !== false // pre-saved template includes copyright - therefore a removal attempt is being made ) { print_stop_message('you_can_not_remove_vbulletin_copyright'); } // parse template conditionals if (!in_array($title, $_query_special_templates)) { $parsedtemplate = compile_template($template); $errors = check_template_errors($parsedtemplate); // halt if errors in conditionals if (!empty($errors)) { print_stop_message('error_in_template_x_y', $title, "<i>$errors</i>"); } } else { $parsedtemplate =& $template; } $full_product_info = fetch_product_list(true); return " ### REPLACE TEMPLATE: $title ### REPLACE INTO " . TABLE_PREFIX . "template (styleid, title, template, template_un, templatetype, dateline, username, version, product) VALUES (" . intval($dostyleid) . ", '" . $vbulletin->db->escape_string($title) . "', '" . $vbulletin->db->escape_string($parsedtemplate) . "', '" . $vbulletin->db->escape_string($template) . "', 'template', " . TIMENOW . ", '" . $vbulletin->db->escape_string($vbulletin->userinfo['username']) . "', '" . $vbulletin->db->escape_string($full_product_info["$product"]['version']) . "', '" . $vbulletin->db->escape_string($product) . "') "; } }
print_stop_message('invalid_x_specified', 'gridid'); } if ($db->query_first(" SELECT * FROM " . TABLE_PREFIX . "cms_grid WHERE title = '" . $db->escape_string($vbulletin->GPC['title']) . "' AND gridid <> $gridinfo[gridid] ")) { print_stop_message('grid_title_already_in_use'); } require_once(DIR . '/includes/adminfunctions_template.php'); if ($errors = check_template_errors(compile_template($vbulletin->GPC['template']))) { print_cp_message(construct_phrase($vbphrase['grid_eval_error'], $errors)); } preg_match_all('#<ul[^>]+id="widgetlist_column(\d+)"[^>]*>\$column\[\\1\]</ul>#si', $vbulletin->GPC['gridhtml'], $matches1); if ($matches1[1]) { $prev = 0; sort($matches1[1], SORT_NUMERIC); foreach ($matches1[1] AS $index) { if ($index - 1 != $prev) { print_stop_message('grid_layout_ui_html_incorrect'); }
/** * Compile a template. * * @param string $template_un The uncompiled content of a template. */ public function compile($template, $forcesaveonerror) { // @todo // Incorrect hack warning!!! // The legacy code in class_template_parser.php needs this to be set // but it apparrently does not actually need to be an instance of the // legacy db class for purposes of compiling a template. if (empty($GLOBALS['vbulletin']->db)) { $GLOBALS['vbulletin']->db = false; } require_once DIR . '/includes/class_template_parser.php'; require_once DIR . '/includes/adminfunctions_template.php'; // Required for check_template_errors() $parser = new vB_TemplateParser($template); try { $parser->validate($errors); } catch (vB_Exception_TemplateFatalError $e) { throw new vB_Exception_Api($e->getMessage()); } $template = $parser->compile(); // This is a comment from vB4 moved here. Need to figure out what replace_template_variables // is supposed to do. // TODO: Reimplement these - if done, $session[], $bbuserinfo[], $vboptions // will parse in the template without using {vb:raw, which isn't what we // necessarily want to happen /* if (!function_exists('replace_template_variables')) { require_once(DIR . '/includes/functions_misc.php'); } $template = replace_template_variables($template, false); */ if (function_exists('verify_demo_template')) { verify_demo_template($template); } // Legacy Hook 'template_compile' Removed // if (!$forcesaveonerror and !empty($errors)) { throw new vB_Exception_Api('template_compile_error', array($errors)); } //extra set of error checking. This can be skipped in many situations. if (!$forcesaveonerror) { $errors = check_template_errors($template); if (!empty($errors)) { $vb5_config =& vB::getConfig(); if (!is_array($errors) and $vb5_config['Misc']['debug']) { // show compiled template code with line numbers to debug the problem $errors .= '<h4>Compiled Template Code:</h4><div style="height:200px; overflow:auto; border:1px solid silver; font-style:normal; font-family:Courier New;"><ol><li>' . implode('</li><li>', explode("\n", htmlspecialchars($template))) . '</li></ol></div>'; } throw new vB_Exception_Api('template_eval_error', array($errors)); } } return $template; }
/** * Refactor for fetch_template_update_sql() to fit the assertor syntax. * Returns the sql query name to be executed with the params * * @param string Title of template * @param string Un-parsed template HTML * @param integer Style ID for template * @param array (ref) array('template' => array($title => true)) * @param string The name of the product this template is associated with * * @return array Containing the queryname and the params needed for the query. * It will return a 'name' key in the params array used if we are using a stored query or query method. */ function fetchTemplateUpdateSql($title, $template, $dostyleid, &$delete, $product = 'vbulletin') { global $template_cache; $oldtemplate = $template_cache['template']["{$title}"]; if (is_array($template)) { array_walk($template, 'array_trim'); $template = "background: {$template['background']}; color: {$template['color']}; padding: {$template['padding']}; border: {$template['border']};"; } // check if template should be deleted if ($delete['template']["{$title}"]) { return array('queryname' => 'vBForum:template', 'params' => array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_DELETE, 'templateid' => $oldtemplate['templateid'])); } if ($template == $oldtemplate['template_un']) { return false; } else { // check for copyright removal if ($title == 'footer' and strpos($template, '$vbphrase[powered_by_vbulletin]') === false and strpos($oldtemplate['template_un'], '$vbphrase[powered_by_vbulletin]') !== false) { print_stop_message2('you_can_not_remove_vbulletin_copyright'); } // parse template conditionals, bypass special templates if (!in_array($title, vB_Api::instanceInternal('template')->fetchSpecialTemplates())) { $parsedtemplate = compile_template($template); $errors = check_template_errors($parsedtemplate); // halt if errors in conditionals if (!empty($errors)) { print_stop_message('error_in_template_x_y', $title, "<i>{$errors}</i>"); } } else { $parsedtemplate =& $template; } $full_product_info = fetch_product_list(true); $userInfo = vB::getCurrentSession()->fetch_userinfo(); $queryBits = array('styleid' => intval($dostyleid), 'title' => $title, 'template' => $parsedtemplate, 'template_un' => $template, 'templatetype' => 'template', 'dateline' => vB::getRequest()->getTimeNow(), 'username' => $userInfo['username'], 'version' => $full_product_info["{$product}"]['version'], 'product' => $product); return array('queryname' => 'replaceTemplates', 'params' => array('name' => 'querybits', 'value' => array($queryBits))); } }