public function actionGetPost() { // Whole function is an ugly hack. Revisit later. global $dependencies, $zresponse; $postid = $this->_input->filterSingle('postid', XenForo_Input::UINT); $type = $this->_input->filterSingle('type', XenForo_Input::STRING); $signature = $this->_input->filterSingle('signature', XenForo_Input::UINT); if (!$type || $type == '') { $type = 'html'; } $user_model = $this->getModelFromCache('XenForo_Model_User'); $session_model = $this->getModelFromCache('XenForo_Model_Session'); $thread_model = $this->getModelFromCache('XenForo_Model_Thread'); $forum_model = $this->getModelFromCache('XenForo_Model_Forum'); $attachment_model = $this->getModelFromCache('XenForo_Model_Attachment'); $helper = $this->getHelper('ForumThreadPost'); try { list($post, $thread, $forum) = $helper->assertPostValidAndViewable($postid); } catch (Exception $e) { json_error($e->getControllerResponse()->errorText->render()); } $post_model = $this->_getPostModel(); $post = $post_model->getPostById($postid, array('join' => XenForo_Model_Post::FETCH_THREAD | XenForo_Model_Post::FETCH_FORUM | XenForo_Model_Post::FETCH_USER | XenForo_Model_Post::FETCH_USER_PROFILE)); $user = $user_model->getUserById($post['user_id']); $online_info = $session_model->getSessionActivityRecords(array('user_id' => $post['user_id'], 'cutOff' => array('>', $session_model->getOnlineStatusTimeout()))); $is_online = false; if (count($online_info) == 1) { $is_online = true; } $avatarurl = ''; if ($user !== false) { $avatarurl = process_avatarurl(XenForo_Template_Helper_Core::getAvatarUrl($user, 'm')); if (strpos($avatarurl, '/xenforo/avatars/avatar_') !== false) { $avatarurl = ''; } } $attachments = $attachment_model->getAttachmentsByContentId('post', $postid); $message = fr_strip_smilies($this, $post['message']); list($text, $nuked_quotes, $images) = parse_post($message, true, array()); $image = ''; if ($type == 'html') { $css = <<<EOF <style type="text/css"> body { margin: 0; padding: 3; font: 13px Arial, Helvetica, sans-serif; } .alt2 { background-color: #e6edf5; font: 13px Arial, Helvetica, sans-serif; } html { -webkit-text-size-adjust: none; } </style> EOF; $formatter = XenForo_BbCode_Formatter_Base::create('ForumRunner_BbCode_Formatter_BbCode_Post', array('smilies' => XenForo_Application::get('smilies'))); $parser = new XenForo_BbCode_Parser($formatter); $html = $css . $parser->render($message); if ($signature && $post['signature']) { $html .= '<div style="border-top: 1px dashed grey; font-size: 9pt; margin-top: 5px; padding: 5px 0 0;">' . $parser->render(fr_strip_smilies($this, $post['signature'])) . '</div>'; } } else { if ($type == 'facebook') { $html = XenForo_Helper_String::censorString(XenForo_Helper_String::bbCodeStrip($message, true)); if (count($attachments)) { $attachments = array_values($attachments); $link = XenForo_Link::buildPublicLink('attachments', $attachments[0]); $image = fr_get_xenforo_bburl() . '/' . $link; } } } $post_page = floor($post['position'] / XenForo_Application::get('options')->messagesPerPage) + 1; $out = array('post_id' => $post['post_id'], 'thread_id' => $post['thread_id'], 'forum_id' => $post['node_id'], 'forum_title' => prepare_utf8_string(strip_tags($post['node_title'])), 'username' => prepare_utf8_string(strip_tags($post['username'])), 'joindate' => prepare_utf8_string(XenForo_Locale::date($post['register_date'], 'absolute')), 'usertitle' => XenForo_Template_Helper_Core::helperUserTitle($user), 'numposts' => $user ? $user['message_count'] : 0, 'userid' => $post['user_id'], 'title' => prepare_utf8_string($post['title']), 'online' => $is_online, 'post_timestamp' => prepare_utf8_string(XenForo_Locale::dateTime($post['post_date'], 'absolute')), 'html' => prepare_utf8_string($html), 'quotable' => $nuked_quotes, 'canpost' => $thread_model->canReplyToThread($thread, $forum), 'canattach' => $forum_model->canUploadAndManageAttachment($forum), 'post_link' => fr_get_xenforo_bburl() . '/' . XenForo_Link::buildPublicLink('threads', $thread, array('page' => $post_page)) . '#post-' . $post['post_id']); if ($image != '') { $out['image'] = $image; } if ($avatarurl != '') { $out['avatarurl'] = $avatarurl; } return $out; }
function fb_verify_asset_with_token($verifications_json, $token) { $uidx = get_uid($verifications_json); $pidx = get_pid($verifications_json); if (!$pidx || !$uidx) { return false; } $postx = get_post_with_token($uidx, $pidx, $token); $post_contentx = parse_post($postx); $expected_contentx = get_expected_text($verifications_json); $check = $post_contentx == $expected_contentx ? TRUE : FALSE; // Eyal, I think we should log the following msg if (!$check) { $msg = $check ? 'Asset is verified' : 'Asset verification failed. Expected [' . $expected_contentx . '] but got [' . $post_contentx . ']'; echo "<br/>msg: [" . $msg . "]"; } return $check; }
function do_get_post() { global $vbulletin, $db, $foruminfo, $threadinfo, $postid, $postinfo; $vbulletin->input->clean_array_gpc('r', array('type' => TYPE_STR)); $type = 'html'; if ($vbulletin->GPC['type']) { $type = $vbulletin->GPC['type']; } if (!$postinfo['postid']) { standard_error(fetch_error('invalidid', $vbphrase['post'], $vbulletin->options['contactuslink'])); } if ((!$postinfo['visible'] or $postinfo['isdeleted']) and !can_moderate($threadinfo['forumid'])) { standard_error(fetch_error('invalidid', $vbphrase['post'], $vbulletin->options['contactuslink'])); } if ((!$threadinfo['visible'] or $threadinfo['isdeleted']) and !can_moderate($threadinfo['forumid'])) { standard_error(fetch_error('invalidid', $vbphrase['thread'], $vbulletin->options['contactuslink'])); } $forumperms = fetch_permissions($threadinfo['forumid']); if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canview']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewthreads'])) { json_error(ERR_NO_PERMISSION); } if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewothers']) and ($threadinfo['postuserid'] != $vbulletin->userinfo['userid'] or $vbulletin->userinfo['userid'] == 0)) { json_error(ERR_NO_PERMISSION); } // check if there is a forum password and if so, ensure the user has it set verify_forum_password($foruminfo['forumid'], $foruminfo['password']); $postbit_factory = new vB_Postbit_Factory(); $postbit_factory->registry =& $vbulletin; $postbit_factory->forum =& $foruminfo; $postbit_factory->cache = array(); $postbit_factory->bbcode_parser = new vB_BbCodeParser($vbulletin, fetch_tag_list()); $post = $db->query_first_slave("\n\tSELECT\n\tpost.*, post.username AS postusername, post.ipaddress AS ip, IF(post.visible = 2, 1, 0) AS isdeleted,\n\t user.*, userfield.*, usertextfield.*,\n\t " . iif($foruminfo['allowicons'], 'icon.title as icontitle, icon.iconpath,') . "\n\t IF(user.displaygroupid=0, user.usergroupid, user.displaygroupid) AS displaygroupid, infractiongroupid,\n\t\t" . iif($vbulletin->options['avatarenabled'], 'avatar.avatarpath, NOT ISNULL(customavatar.userid) AS hascustomavatar, customavatar.dateline AS avatardateline,customavatar.width AS avwidth,customavatar.height AS avheight,') . "\n\t\t" . ((can_moderate($threadinfo['forumid'], 'canmoderateposts') or can_moderate($threadinfo['forumid'], 'candeleteposts')) ? 'spamlog.postid AS spamlog_postid,' : '') . "\n\t\teditlog.userid AS edit_userid, editlog.username AS edit_username, editlog.dateline AS edit_dateline, editlog.reason AS edit_reason, editlog.hashistory,\n\t\tpostparsed.pagetext_html, postparsed.hasimages,\n\t\tsigparsed.signatureparsed, sigparsed.hasimages AS sighasimages,\n\t\tsigpic.userid AS sigpic, sigpic.dateline AS sigpicdateline, sigpic.width AS sigpicwidth, sigpic.height AS sigpicheight\n\t\t" . iif(!($permissions['genericpermissions'] & $vbulletin->bf_ugp_genericpermissions['canseehiddencustomfields']), $vbulletin->profilefield['hidden']) . "\n\t\t{$hook_query_fields}\n\t\tFROM " . TABLE_PREFIX . "post AS post\n\t\tLEFT JOIN " . TABLE_PREFIX . "user AS user ON(user.userid = post.userid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "userfield AS userfield ON(userfield.userid = user.userid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "usertextfield AS usertextfield ON(usertextfield.userid = user.userid)\n\t\t" . iif($foruminfo['allowicons'], "LEFT JOIN " . TABLE_PREFIX . "icon AS icon ON(icon.iconid = post.iconid)") . "\n\t\t" . iif($vbulletin->options['avatarenabled'], "LEFT JOIN " . TABLE_PREFIX . "avatar AS avatar ON(avatar.avatarid = user.avatarid) LEFT JOIN " . TABLE_PREFIX . "customavatar AS customavatar ON(customavatar.userid = user.userid)") . "\n\t\t" . ((can_moderate($threadinfo['forumid'], 'canmoderateposts') or can_moderate($threadinfo['forumid'], 'candeleteposts')) ? "LEFT JOIN " . TABLE_PREFIX . "spamlog AS spamlog ON(spamlog.postid = post.postid)" : '') . "\n\t\tLEFT JOIN " . TABLE_PREFIX . "editlog AS editlog ON(editlog.postid = post.postid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "postparsed AS postparsed ON(postparsed.postid = post.postid AND postparsed.styleid = " . intval(STYLEID) . " AND postparsed.languageid = " . intval(LANGUAGEID) . ")\n\t\tLEFT JOIN " . TABLE_PREFIX . "sigparsed AS sigparsed ON(sigparsed.userid = user.userid AND sigparsed.styleid = " . intval(STYLEID) . " AND sigparsed.languageid = " . intval(LANGUAGEID) . ")\n\t\tLEFT JOIN " . TABLE_PREFIX . "sigpic AS sigpic ON(sigpic.userid = post.userid)\n\t\t{$hook_query_joins}\n\t\tWHERE post.postid = {$postid}\n "); $types = vB_Types::instance(); $contenttypeid = $types->getContentTypeID('vBForum_Post'); $attachments = $db->query_read_slave("\n\t\tSELECT\n\t\t\tfd.thumbnail_dateline, fd.filesize, IF(fd.thumbnail_filesize > 0, 1, 0) AS hasthumbnail, fd.thumbnail_filesize,\n\t\t\ta.dateline, a.state, a.attachmentid, a.counter, a.contentid AS postid, a.filename,\n\t\t\ttype.contenttypes\n\t\tFROM " . TABLE_PREFIX . "attachment AS a\n\t\tINNER JOIN " . TABLE_PREFIX . "filedata AS fd ON (a.filedataid = fd.filedataid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "attachmenttype AS type ON (fd.extension = type.extension)\n\t\tWHERE\n\t\t\ta.contentid = {$postid}\n\t\t\t\tAND\n\t\t\ta.contenttypeid = {$contenttypeid}\n\t\tORDER BY a.attachmentid\n\t"); $fr_images = array(); while ($attachment = $db->fetch_array($attachments)) { $lfilename = strtolower($attachment['filename']); if (strpos($lfilename, '.jpe') !== false || strpos($lfilename, '.png') !== false || strpos($lfilename, '.gif') !== false || strpos($lfilename, '.jpg') !== false || strpos($lfilename, '.jpeg') !== false) { $tmp = array('img' => $vbulletin->options['bburl'] . '/attachment.php?attachmentid=' . $attachment['attachmentid']); if ($vbulletin->options['attachthumbs']) { $tmp['tmb'] = $vbulletin->options['bburl'] . '/attachment.php?attachmentid=' . $attachment['attachmentid'] . '&stc=1&thumb=1'; } $fr_images[] = $tmp; } } $postbits = ''; $postbit_obj =& $postbit_factory->fetch_postbit('post'); $postbit_obj->cachable = $post_cachable; $postbits .= $postbit_obj->construct_postbit($post); if ($type == 'html') { $bbcode_parser = new vB_BbCodeParser($vbulletin, fetch_tag_list()); $vbulletin->templatecache['bbcode_quote'] = ' <div style=\\"margin:0px; margin-top:0px;\\"> <table cellpadding=\\"$stylevar[cellpadding]\\" cellspacing=\\"0\\" border=\\"0\\" width=\\"100%\\"> <tr> <td class=\\"alt2\\" style=\\"border:1px solid #777777;\\"> ".(($show[\'username\']) ? (" <div> " . construct_phrase("$vbphrase[originally_posted_by_x]", "$username") . " </div> <div style=\\"font-style:italic\\">$message</div> ") : (" $message "))." </td> </tr> </table> </div> '; $css = <<<EOF <style type="text/css"> body { margin: 0; padding: 3; font: 13px Arial, Helvetica, sans-serif; } .alt2 { background-color: #e6edf5; font: 13px Arial, Helvetica, sans-serif; } html { -webkit-text-size-adjust: none; } </style> EOF; $html = $css . $bbcode_parser->parse($post['pagetext']); $image = ''; } else { if ($type == 'facebook') { $html = fetch_censored_text(strip_bbcode(strip_quotes($post['pagetext']), false, true)); if (count($fr_images)) { $image = $fr_images[0]['img']; } } } // Figure out if we can post $canpost = true; if ($threadinfo['isdeleted'] or !$threadinfo['visible'] and !can_moderate($threadinfo['forumid'], 'canmoderateposts')) { $canpost = false; } if (!$foruminfo['allowposting'] or $foruminfo['link'] or !$foruminfo['cancontainthreads']) { $canpost = false; } if (!$threadinfo['open']) { if (!can_moderate($threadinfo['forumid'], 'canopenclose')) { $canpost = false; } } if (($vbulletin->userinfo['userid'] != $threadinfo['postuserid'] or !$vbulletin->userinfo['userid']) and (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewothers']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canreplyothers']))) { $canpost = false; } if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canview']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewthreads']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canreplyown']) and $vbulletin->userinfo['userid'] == $threadinfo['postuserid']) { $canpost = false; } // Avatar work $avatarurl = ''; if ($post['avatarurl']) { $avatarurl = process_avatarurl($post['avatarurl']); } // Get post date/time $postdate = vbdate($vbulletin->options['dateformat'], $post['dateline'], 1); $posttime = vbdate($vbulletin->options['timeformat'], $post['dateline']); // Parse the post for quotes and inline images list($text, $nuked_quotes, $images) = parse_post($post['pagetext'], $post['allowsmilie'] && $usesmilies); $out = array('html' => prepare_utf8_string($html), 'post_id' => $post['postid'], 'thread_id' => $post['threadid'], 'forum_id' => $foruminfo['forumid'], 'forum_title' => prepare_utf8_string($foruminfo['title_clean']), 'username' => prepare_utf8_string(strip_tags($post['username'])), 'joindate' => prepare_utf8_string($post['joindate']), 'usertitle' => prepare_utf8_string(strip_tags($post['usertitle'])), 'numposts' => $post['posts'] ? (string) $post['posts'] : '0', 'userid' => $post['userid'], 'title' => prepare_utf8_string($post['title']), 'post_timestamp' => prepare_utf8_string(date_trunc($postdate) . ' ' . $posttime), 'canpost' => $canpost, 'quotable' => $nuked_quotes, 'canattach' => $forumperms & $vbulletin->bf_ugp_forumpermissions['canpostattachment'] and $vbulletin->userinfo['userid'], 'edittext' => prepare_utf8_string($post['pagetext'])); if ($avatarurl != '') { $out['avatarurl'] = $avatarurl; } if ($post['editlink']) { $out['canedit'] = true; } if ($image != '') { $out['image'] = $image; } return $out; }
function fr_parse_conversation_reply($message, $conversation_id) { $userinfo = vB_Api::instance('user')->fetchUserinfo($message['userid']); list($parsed_text, , ) = parse_post($message['rawtext']); $out = array('post_id' => $message['nodeid'], 'thread_id' => $conversation_id, 'title' => $message['title'] ? $message['title'] : remove_bbcode($message['pagetext']), 'userid' => $message['userid'], 'username' => $message['authorname'], 'usertitle' => $userinfo['usertitle'], 'numposts' => $userinfo['posts'], 'joindate' => fr_date($userinfo['joindate']), 'online' => fr_get_user_online($userinfo['lastactivity']), 'text' => $parsed_text, 'quotable' => $message['rawtext']); return $out; }
function get_article_comments($article, $associated_thread_id, $userinfo, &$pageno, &$perpage, &$total) { require_once DIR . '/includes/functions_misc.php'; require_once DIR . '/includes/functions.php'; require_once DIR . '/includes/functions_databuild.php'; require_once DIR . '/includes/functions_bigthree.php'; $posts_out = array(); fetch_phrase_group('posting'); $threadinfo = verify_id('thread', $associated_thread_id, 0, 1); $foruminfo = verify_id('forum', $threadinfo['forumid'], 0, 1); //First let's see if we have forum/thread view permissions. If not, // we're done if (!($permissions = can_view_thread($article->getNodeId(), $userinfo))) { return array(); } $forumperms = fetch_permissions($threadinfo['forumid']); //Normally this thread will be wide open, so let's get the list first // without checking. We'll verify each post anyway. //get our results $results = get_comments($permissions, $associated_thread_id); $record_count = count($results); if (!$results or !count($results)) { return array(); } //we accept the parameter "last" for pageno. if ($pageno == FR_LAST_POST) { $pageno = intval(($record_count + $perpage - 1) / $perpage); $first = ($pageno - 1) * $perpage; } else { $pageno = max(1, intval($pageno)); $first = $perpage * ($pageno - 1); } //Let's trim off the results we need. //This also tells us if we should show the "next" button. $post_array = array_slice($results, $first, $perpage, true); if (!$post_array) { return array(); } $firstpostid = false; $displayed_dateline = 0; if (vB::$vbulletin->options['threadmarking'] and vB::$vbulletin->userinfo['userid']) { $threadview = max($threadinfo['threadread'], $threadinfo['forumread'], TIMENOW - vB::$vbulletin->options['markinglimit'] * 86400); } else { $threadview = intval(fetch_bbarray_cookie('thread_lastview', $thread['threadid'])); if (!$threadview) { $threadview = vB::$vbulletin->userinfo['lastvisit']; } } require_once DIR . '/includes/functions_user.php'; $show['inlinemod'] = false; $postids = array(); $postids = ' post.postid in (' . implode(', ', $post_array) . ')'; $posts = vB::$vbulletin->db->query_read($sql = "\n\tSELECT\n\tpost.*, post.username AS postusername, post.ipaddress AS ip, IF(post.visible = 2, 1, 0) AS isdeleted,\n\t user.*, userfield.*, usertextfield.*,\n\t " . iif($forum['allowicons'], 'icon.title as icontitle, icon.iconpath,') . "\n\t " . iif(vB::$vbulletin->options['avatarenabled'], 'avatar.avatarpath, NOT ISNULL(customavatar.userid) AS hascustomavatar, customavatar.dateline AS avatardateline,customavatar.width AS avwidth,customavatar.height AS avheight,') . "\n\t " . ((can_moderate($thread['forumid'], 'canmoderateposts') or can_moderate($thread['forumid'], 'candeleteposts')) ? 'spamlog.postid AS spamlog_postid,' : '') . "\n\t " . iif($deljoin, 'deletionlog.userid AS del_userid, deletionlog.username AS del_username, deletionlog.reason AS del_reason,') . "\n\t editlog.userid AS edit_userid, editlog.username AS edit_username, editlog.dateline AS edit_dateline,\n\t editlog.reason AS edit_reason, editlog.hashistory,\n\t postparsed.pagetext_html, postparsed.hasimages,\n\t sigparsed.signatureparsed, sigparsed.hasimages AS sighasimages,\n\t sigpic.userid AS sigpic, sigpic.dateline AS sigpicdateline, sigpic.width AS sigpicwidth, sigpic.height AS sigpicheight,\n\t IF(displaygroupid=0, user.usergroupid, displaygroupid) AS displaygroupid, infractiongroupid,\n\t customprofilepic.userid AS profilepic, customprofilepic.dateline AS profilepicdateline, customprofilepic.width AS ppwidth, customprofilepic.height AS ppheight\n\t " . iif(!($permissions['genericpermissions'] & vB::$vbulletin->bf_ugp_genericpermissions['canseehiddencustomfields']), vB::$vbulletin->profilefield['hidden']) . "\n\t {$hook_query_fields}\n\t FROM " . TABLE_PREFIX . "post AS post\n\t LEFT JOIN " . TABLE_PREFIX . "user AS user ON(user.userid = post.userid)\n\t LEFT JOIN " . TABLE_PREFIX . "userfield AS userfield ON(userfield.userid = user.userid)\n\t LEFT JOIN " . TABLE_PREFIX . "usertextfield AS usertextfield ON(usertextfield.userid = user.userid)\n\t " . iif($forum['allowicons'], "LEFT JOIN " . TABLE_PREFIX . "icon AS icon ON(icon.iconid = post.iconid)") . "\n\t " . iif(vB::$vbulletin->options['avatarenabled'], "LEFT JOIN " . TABLE_PREFIX . "avatar AS avatar ON(avatar.avatarid = user.avatarid) LEFT JOIN " . TABLE_PREFIX . "customavatar AS customavatar ON(customavatar.userid = user.userid)") . "\n\t " . ((can_moderate($thread['forumid'], 'canmoderateposts') or can_moderate($thread['forumid'], 'candeleteposts')) ? "LEFT JOIN " . TABLE_PREFIX . "spamlog AS spamlog ON(spamlog.postid = post.postid)" : '') . "\n\t {$deljoin}\n\t LEFT JOIN " . TABLE_PREFIX . "editlog AS editlog ON(editlog.postid = post.postid)\n\t LEFT JOIN " . TABLE_PREFIX . "postparsed AS postparsed ON(postparsed.postid = post.postid AND postparsed.styleid = " . intval(STYLEID) . " AND postparsed.languageid = " . intval(LANGUAGEID) . ")\n\t LEFT JOIN " . TABLE_PREFIX . "sigparsed AS sigparsed ON(sigparsed.userid = user.userid AND sigparsed.styleid = " . intval(STYLEID) . " AND sigparsed.languageid = " . intval(LANGUAGEID) . ")\n\t LEFT JOIN " . TABLE_PREFIX . "sigpic AS sigpic ON(sigpic.userid = post.userid)\n\t LEFT JOIN " . TABLE_PREFIX . "customprofilepic AS customprofilepic ON (user.userid = customprofilepic.userid)\n\t {$hook_query_joins}\n\t WHERE {$postids}\n\t ORDER BY post.dateline\n\t "); if (!($forumperms & vB::$vbulletin->bf_ugp_forumpermissions['canseethumbnails']) and !($forumperms & vB::$vbulletin->bf_ugp_forumpermissions['cangetattachment'])) { vB::$vbulletin->options['attachthumbs'] = 0; } if (!($forumperms & vB::$vbulletin->bf_ugp_forumpermissions['cangetattachment'])) { vB::$vbulletin->options['viewattachedimages'] = 0; } $postcount = count($postid_array); $counter = 0; $postbits = ''; vB::$vbulletin->noheader = true; while ($post = vB::$vbulletin->db->fetch_array($posts)) { if (!$privileges['can_moderate_forums']) { if ($privileges['is_coventry'] or $post['visible'] == 2) { continue; } } // post/thread is deleted by moderator and we don't have permission to see it if (!($post['visible'] or $privileges['can_moderate_posts'])) { continue; } if (!intval($post['userid'])) { $post['avatarid'] = false; } else { if (!$post['hascustomavatar']) { if ($post['profilepic']) { $post['hascustomavatar'] = 1; $post['avatarid'] = true; $post['avatarpath'] = "./image.php?u=" . $post['userid'] . "&dateline=" . $post['profilepicdateline'] . "&type=profile"; $post['avwidth'] = $post['ppwidth']; $post['avheight'] = $post['ppheight']; } else { $post['hascustomavatar'] = 1; $post['avatarid'] = true; // explicity setting avatarurl to allow guests comments to show unknown avatar $post['avatarurl'] = $post['avatarpath'] = vB_Template_Runtime::fetchStyleVar('imgdir_misc') . '/unknown.gif'; $post['avwidth'] = 60; $post['avheight'] = 60; } } } if ($tachyuser = in_coventry($post['userid']) and !can_moderate($thread['forumid'])) { continue; } if ($post['visible'] == 1 and !$tachyuser) { ++$counter; if ($postorder) { $post['postcount'] = --$postcount; } else { $post['postcount'] = ++$postcount; } } if ($tachyuser) { $fetchtype = 'post_global_ignore'; } else { if ($ignore["{$post['userid']}"]) { $fetchtype = 'post_ignore'; } else { if ($post['visible'] == 2) { $fetchtype = 'post_deleted'; } else { $fetchtype = 'post'; } } } if (vB::$vbulletin->GPC['viewfull'] and $post['postid'] == $postinfo['postid'] and $fetchtype != 'post' and (can_moderate($threadinfo['forumid']) or !$post['isdeleted'])) { $fetchtype = 'post'; } if (!$firstpostid) { $firstpostid = $post['postid']; } $post['islastshown'] = $post['postid'] == $lastpostid; $post['isfirstshown'] = ($counter == 1 and $fetchtype == 'post' and $post['visible'] == 1); $post['islastshown'] = $post['postid'] == $lastpostid; $post['attachments'] = $postattach["{$post['postid']}"]; $canedit = false; if (!$threadinfo['isdeleted'] and !$post['isdeleted'] and (can_moderate($threadinfo['forumid'], 'caneditposts') or $threadinfo['open'] and $post['userid'] == vB::$vbulletin->userinfo['userid'] and $forumperms & vB::$vbulletin->bf_ugp_forumpermissions['caneditpost'] and ($post['dateline'] >= TIMENOW - vB::$vbulletin->options['edittimelimit'] * 60 or vB::$vbulletin->options['edittimelimit'] == 0))) { $canedit = true; } // Get post date/time $postdate = vbdate(vB::$vbulletin->options['dateformat'], $post['dateline'], 1); $posttime = vbdate(vB::$vbulletin->options['timeformat'], $post['dateline']); $attachments = array(); $fr_images = array(); // Attachments (images). if (count($post['attachments']) > 0) { foreach ($post['attachments'] as $attachment) { $lfilename = strtolower($attachment['filename']); if (strpos($lfilename, '.jpe') !== false || strpos($lfilename, '.png') !== false || strpos($lfilename, '.gif') !== false || strpos($lfilename, '.jpg') !== false || strpos($lfilename, '.jpeg') !== false) { $fr_images[] = array('img' => vB::$vbulletin->options['bburl'] . '/attachment.php?attachmentid=' . $attachment['attachmentid'], 'tmb' => vB::$vbulletin->options['bburl'] . '/attachment.php?attachmentid=' . $attachment['attachmentid'] . '&stc=1&thumb=1'); } } } // Parse the post for quotes and inline images list($text, $nuked_quotes, $images) = parse_post($post['pagetext'], false); if (count($fr_images) > 0) { $text .= "<br/>"; foreach ($fr_images as $attachment) { $text .= "<img src=\"{$attachment['img']}\"/>"; } } foreach ($images as $image) { $fr_images[] = array('img' => $image); } $avatarurl = ''; // Avatar work if (vB::$vbulletin->options['avatarenabled']) { require_once DIR . '/includes/functions_user.php'; $userinfo = fetch_userinfo($post['userid'], FETCH_USERINFO_AVATAR); fetch_avatar_from_userinfo($userinfo); if ($userinfo['avatarurl']) { $avatarurl = process_avatarurl($userinfo['avatarurl']); } } $tmp = array('post_id' => $post['postid'], 'thread_id' => $post['threadid'], 'forum_id' => $foruminfo['forumid'], 'username' => prepare_utf8_string(strip_tags($post['username'])), 'joindate' => prepare_utf8_string($post['joindate']), 'usertitle' => prepare_utf8_string(strip_tags($post['usertitle'])), 'numposts' => $post['posts'], 'userid' => $post['userid'], 'title' => prepare_utf8_string($post['title']), 'post_timestamp' => prepare_utf8_string(date_trunc($postdate) . ' ' . $posttime), 'fr_images' => $fr_images, 'image_thumbs' => array()); // Soft Deleted if ($post['visible'] == 2) { $tmp['deleted'] = true; $tmp['del_username'] = prepare_utf8_string($post['del_username']); if ($post['del_reason']) { $tmp['del_reason'] = prepare_utf8_string($post['del_reason']); } } else { $tmp['text'] = $text; $tmp['quotable'] = $nuked_quotes; if ($canedit) { $tmp['canedit'] = true; $tmp['edittext'] = prepare_utf8_string($post['pagetext']); } } if ($avatarurl != '') { $tmp['avatarurl'] = $avatarurl; } $posts_out[] = $tmp; } if ($LASTPOST['dateline'] > $displayed_dateline) { $displayed_dateline = $LASTPOST['dateline']; if ($displayed_dateline <= $threadview) { $updatethreadcookie = true; } } // Set thread last view if ($displayed_dateline and $displayed_dateline > $threadview) { mark_thread_read($threadinfo, $foruminfo, vB::$vbulletin->userinfo['userid'], $displayed_dateline); } vB::$vbulletin->db->free_result($posts); unset($post); $total = $record_count; return $posts_out; }
$er = json_decode($post, TRUE)['error']['message']; // $user_post = get_post('100010281887017','486051034905643'); // TESTS // $var_test = ()? PASS:FAIL; $verified_test = fb_verify_asset($verified_json) == 1 ? PASS : FAIL; $unverified_test = fb_verify_asset($unverified_json) != 1 ? PASS : FAIL; $fake_networks_test = fb_verify_asset($fake_networks_json) != 1 ? PASS : FAIL; $another_user_test = fb_verify_asset($user2_json) == 1 ? PASS : FAIL; $third_user_test = fb_verify_asset($user3_json) == 1 ? PASS : FAIL; $another_token_test = fb_verify_asset_with_token($verified_json, FB_APP_TOKEN_2) == 1 ? PASS : FAIL; $pid_test = $pid == 486035954907151.0 ? PASS : FAIL; $uid_test = $uid == 1232952150 ? PASS : FAIL; $expected_text = preg_match("/LJEC6Q2h9JKNvZqEC87TbEXvxm4br1uivb2QX/", get_expected_text($verified_json)) ? PASS : FAIL; // 2015-10-06T08:28:06+0000 $getpost_test = strlen($ct) == 24 ? PASS : FAIL; $content_test = preg_match("/LJEC6Q2h9JKNvZqEC87TbEXvxm4br1uivb2QX/", parse_post($post)) ? PASS : FAIL; $error_test = preg_match("/Error validating access token/", $er) ? FAIL : PASS; // OUTPUT echo "<br/>verified_test: [" . $verified_test . "]"; echo "<br/>unverified_test: [" . $unverified_test . "]"; echo "<br/>fake_networks_test: [" . $fake_networks_test . "]"; echo "<br/>another_user_test: [" . $another_user_test . "]"; echo "<br/>third_user_test: [" . $third_user_test . "]"; echo "<br/>another_token_test: [" . $another_token_test . "]"; echo "<hr/>"; echo "<br/>post id from json: [" . $pid_test . "]"; echo "<br/>user id from json: [" . $uid_test . "]"; // echo "<br/>access token from file: [".$accesstoken_test."]"; echo "<br/>expected txt [" . $expected_text . "]"; echo "<br/>getpost: [" . $getpost_test . "]"; echo "<br/>post content: [" . $content_test . "]";
function do_showresults($searchid, $pagenumber = 1, $perpage = 25) { global $vbulletin, $db, $show, $vbphrase, $current_user, $show; $vbulletin->options['threadpreview'] = FR_PREVIEW_LEN; $vbulletin->input->clean_array_gpc('r', array('previewtype' => TYPE_INT)); $previewtype = $vbulletin->GPC['previewtype']; if (!$previewtype) { $previewtype = 1; } $bbcode_parser = new vB_BbCodeParser($vbulletin, fetch_tag_list()); // Get exclude IDs $exclude_ids = @explode(',', $vbulletin->options['forumrunner_exclude']); if (in_array('-1', $exclude_ids)) { $exclude_ids = array(); } if ($results = vB_Search_Results::create_from_searchid($current_user, $searchid)) { $pages = $results->get_page($pagenumber, $perpage, 10000); } else { $pages = array(); } if (count($pages) == 0) { $threads[]['error'] = strip_tags(fetch_error('searchnoresults', '')); return array('threads' => $threads, 'total_threads' => count($threads)); } $thread_data = array(); $skipped = 0; foreach ($pages as $item) { switch (get_class($item)) { case 'vBForum_Search_Result_Thread': $thread = $item->get_thread(); $foruminfo = fetch_foruminfo($thread->get_field('forumid')); $parentlist = explode(',', substr($foruminfo['parentlist'], 0, -3)); $skip = false; foreach ($parentlist as $parent_id) { if (in_array($parent_id, $exclude_ids)) { $skip = true; } } if ($thread->get_field('visible') == 2) { $skip = true; } if ($skip) { $skipped++; continue; } $lastread = $thread->get_forum()->get_last_read_by_current_user($current_user); $legacy_thread = process_thread_array($thread->get_record(), $lastread); $date = vbdate($vbulletin->options['dateformat'], $thread->get_field('lastpost')); $time = vbdate($vbulletin->options['timeformat'], $thread->get_field('lastpost')); $previewinfo = $db->query_first_slave("\n\t\tSELECT *\n\t\tFROM " . TABLE_PREFIX . "post\n\t\tWHERE postid = " . $thread->get_field($previewtype == 1 ? 'firstpostid' : 'lastpostid') . "\n\t "); $preview = ''; if (method_exists($bbcode_parser, 'get_preview')) { $preview = $bbcode_parser->get_preview(fetch_censored_text($previewinfo['pagetext']), 200); } else { // vB4 prior to vB4.0.4 did not have get_preview() list($text, $nuked_quotes, $images) = parse_post($previewinfo['pagetext'], true, array()); $preview = preview_chop(fetch_censored_text($nuked_quotes), 200); } $avatarurl = ''; if ($previewinfo['userid'] > 0) { $userinfoavatar = fetch_userinfo($previewinfo['userid'], FETCH_USERINFO_AVATAR); fetch_avatar_from_userinfo($userinfoavatar, true, false); if ($userinfoavatar['avatarurl'] != '') { $avatarurl = process_avatarurl($userinfoavatar['avatarurl']); } unset($userinfoavatar); } $tmp = array('thread_id' => $thread->get_field('threadid'), 'new_posts' => $show['gotonewpost'], 'forum_id' => $thread->get_field('forumid'), 'total_posts' => $thread->get_field('replycount'), 'forum_title' => prepare_utf8_string(strip_tags($foruminfo['title'])), 'thread_title' => prepare_utf8_string(strip_tags($thread->get_field('title'))), 'thread_preview' => prepare_utf8_string(preview_chop(strip_tags(strip_bbcode(html_entity_decode($preview))), FR_PREVIEW_LEN)), 'post_userid' => $previewinfo['userid'], 'post_lastposttime' => prepare_utf8_string(date_trunc($date) . ' ' . $time), 'post_username' => prepare_utf8_string(strip_tags($previewinfo['username']))); if ($avatarurl != '') { $tmp['avatarurl'] = $avatarurl; } if ($thread->get_field('prefixid')) { $prefixid = $thread->get_field('prefixid'); $tmp['prefix'] = prepare_utf8_string(strip_tags($vbphrase["prefix_{$prefixid}_title_plain"])); } if ($thread->get_field('attach')) { $tmp['attach'] = true; } if ($thread->get_field('pollid')) { $tmp['poll'] = true; } $thread_data[] = $tmp; break; case 'vBForum_Search_Result_Post': $post = $item->get_post(); $thread = $post->get_thread(); $foruminfo = fetch_foruminfo($thread->get_field('forumid')); $parentlist = explode(',', substr($foruminfo['parentlist'], 0, -3)); $skip = false; foreach ($parentlist as $parent_id) { if (in_array($parent_id, $exclude_ids)) { $skip = true; } } if ($post->get_field('visible') == 2) { $skip = true; } if ($skip) { $skipped++; continue; } $date = vbdate($vbulletin->options['dateformat'], $post->get_field('dateline')); $time = vbdate($vbulletin->options['timeformat'], $post->get_field('dateline')); $avatarurl = ''; if ($post->get_field('userid') > 0) { $userinfoavatar = fetch_userinfo($post->get_field('userid'), FETCH_USERINFO_AVATAR); fetch_avatar_from_userinfo($userinfoavatar, true, false); if ($userinfoavatar['avatarurl'] != '') { $avatarurl = process_avatarurl($userinfoavatar['avatarurl']); } unset($userinfoavatar); } $tmp = array('thread_id' => $post->get_field('threadid'), 'post_id' => $post->get_field('postid'), 'jump_to_post' => 1, 'forum_id' => $thread->get_field('forumid'), 'forum_title' => prepare_utf8_string(strip_tags($foruminfo['title'])), 'thread_title' => prepare_utf8_string(strip_tags($thread->get_field('title'))), 'thread_preview' => prepare_utf8_string(preview_chop(htmlspecialchars_uni(fetch_censored_text(strip_bbcode(strip_quotes(html_entity_decode($post->get_field('pagetext'))), false, true))), FR_PREVIEW_LEN)), 'post_userid' => $post->get_field('userid'), 'post_lastposttime' => prepare_utf8_string(date_trunc($date) . ' ' . $time), 'post_username' => prepare_utf8_string(strip_tags($post->get_field('username')))); if ($avatarurl != '') { $tmp['avatarurl'] = $avatarurl; } if ($thread->get_field('prefixid')) { $prefixid = $thread->get_field('prefixid'); $tmp['prefix'] = prepare_utf8_string(strip_tags($vbphrase["prefix_{$prefixid}_title_plain"])); } if ($post->get_field('attach')) { $tmp['attach'] = true; } $thread_data[] = $tmp; break; } } $out = array(); if (is_array($thread_data) && count($thread_data) > 0) { $out['threads'] = $thread_data; $out['total_threads'] = max($results->get_confirmed_count() - $skipped, 0); } else { $out['threads'] = array(); $out['total_threads'] = 0; } $out['searchid'] = $searchid; return $out; }
public function actionGetConversation() { $conversationid = $this->_input->filterSingle('conversationid', XenForo_Input::UINT); $signature = $this->_input->filterSingle('signature', XenForo_Input::UINT); $page = max($this->_input->filterSingle('page', XenForo_Input::UINT), 1); $perpage = $this->_input->filterSingle('perpage', XenForo_Input::UINT); if (!$perpage) { $perpage = XenForo_Application::get('options')->messagesPerPage; } $conversation_model = $this->_getConversationModel(); $session_model = $this->getModelFromCache('XenForo_Model_Session'); try { $conversation_info = $this->_getConversationOrError($conversationid); } catch (Exception $e) { json_error($e->getControllerResponse()->errorText->render()); } $gotomessageid = 0; if ($page == FR_LAST_POST) { if (!$conversation_info['last_read_date']) { $page = 1; } else { if ($conversation_info['last_read_date'] >= $conversation_info['last_message_date']) { $first_unread = false; } else { $first_unread = $conversation_model->getNextMessageInConversation($conversationid, $conversation_info['last_read_date']); } if (!$first_unread || $first_unread['message_id'] == $conversation_info['last_message_id']) { $page = floor($conversation_info['reply_count'] / $perpage) + 1; $gotomessageid = $conversation_info['last_message_id']; } else { $before = $conversation_model->countMessagesBeforeDateInConversation($conversationid, $first_unread['message_date']); $page = floor($before / $perpage) + 1; $gotomessageid = $first_unread['message_id']; } } } $recipients = $conversation_model->getConversationRecipients($conversationid); $messages = $conversation_model->getConversationMessages($conversationid, array('page' => $page, 'perPage' => $perpage)); $max = $conversation_model->getMaximumMessageDate($messages); if ($max > $conversation_info['last_read_date']) { $conversation_model->markConversationAsRead($conversationid, XenForo_Visitor::getUserId(), $max, $conversation_info['last_message_date']); } $messages = $conversation_model->prepareMessages($messages, $conversation_info); $user_model = $this->getModelFromCache('XenForo_Model_User'); foreach ($messages as &$message) { $user = $user_model->getUserById($message['user_id']); $online_info = $session_model->getSessionActivityRecords(array('user_id' => $message['user_id'], 'cutOff' => array('>', $session_model->getOnlineStatusTimeout()))); $is_online = false; if (count($online_info) == 1) { $is_online = true; } list($text, $nuked_quotes, $images) = parse_post(fr_strip_smilies($this, XenForo_Helper_String::censorString($message['message'])), true); $fr_images = array(); foreach ($images as $image) { $fr_images[] = array('img' => $image); } $avatarurl = ''; if ($user !== false) { $avatarurl = process_avatarurl(XenForo_Template_Helper_Core::getAvatarUrl($user, 'm')); if (strpos($avatarurl, '/xenforo/avatars/avatar_') !== false) { $avatarurl = ''; } } $out = array('post_id' => $message['message_id'], 'thread_id' => $message['conversation_id'], 'username' => prepare_utf8_string(strip_tags($message['username'])), 'joindate' => prepare_utf8_string(XenForo_Locale::date($message['register_date'], 'absolute')), 'usertitle' => XenForo_Template_Helper_Core::helperUserTitle($user), 'numposts' => $user ? $user['message_count'] : 0, 'userid' => $message['user_id'], 'online' => $is_online, 'post_timestamp' => prepare_utf8_string(XenForo_Locale::dateTime($message['message_date'], 'absolute')), 'fr_images' => $fr_images, 'text' => $text, 'quotable' => $nuked_quotes); if ($avatarurl != '') { $out['avatarurl'] = $avatarurl; } if ($signature) { $sig = trim(strip_tags(remove_bbcode($message['signature'], true, true), '<a>')); $sig = str_replace(array("\t", "\r"), array('', ''), $sig); $sig = str_replace("\n\n", "\n", $sig); $out['sig'] = prepare_utf8_string($sig); } $message_data[] = $out; } $out = array('posts' => $message_data, 'total_posts' => $conversation_info['reply_count'] + 1, 'page' => $page, 'canattach' => false, 'canpost' => true, 'title' => prepare_utf8_string(XenForo_Helper_String::censorString($conversation_info['title'])), 'thread_link' => process_avatarurl(XenForo_Link::buildPublicLink('conversations', $conversation_info))); if ($gotomessageid) { $out['gotopostid'] = $gotomessageid; } $r = array_values($conversation_model->getConversationRecipients($conversationid)); $recipients = ''; for ($i = 0; $i < count($r); $i++) { if ($i != 0) { $recipients .= ', '; } $recipients .= prepare_utf8_string(strip_tags($r[$i]['username'])); } $out['recipients'] = $recipients; return $out; }
function fr_post_to_bbcode($node) { require_once DIR . '/includes/class_core.php'; require_once DIR . '/includes/class_bbcode.php'; $post = array(); $bbcode_parser = new vB_BbCodeParser(vB::get_registry(), fetch_tag_list()); $post['signature'] = ''; if (!empty($node['content']['signature']['raw'])) { $bbcode_parser->set_parse_userinfo($node['content']['userinfo']); $post['signature'] = $bbcode_parser->parse($node['content']['signature']['raw'], 'signature', true, false, '', $node['content']['signaturepic'], true); $sig = trim(remove_bbcode(strip_tags($post['signature']), true, true), '<a>'); $sig = str_replace(array("\t", "\r"), array('', ''), $sig); $sig = str_replace("\n\n", "\n", $sig); $post['signature'] = $sig; } list($text, , $images) = parse_post($node['content']['rawtext']); $post['html'] = $text; $post['images'] = $images; return $post; }
function do_get_announcement() { global $vbulletin, $db, $foruminfo; if (empty($foruminfo['forumid'])) { json_error(ERR_INVALID_FORUM); } $usesmilies = false; // begin vbulletin $forumlist = ''; if ($announcementinfo['forumid'] > -1 or $vbulletin->GPC['forumid']) { $foruminfo = verify_id('forum', $vbulletin->GPC['forumid'], 1, 1); $curforumid = $foruminfo['forumid']; $forumperms = fetch_permissions($foruminfo['forumid']); if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canview']) or !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewthreads'])) { json_error(ERR_NO_PERMISSION); } // check if there is a forum password and if so, ensure the user has it set verify_forum_password($foruminfo['forumid'], $foruminfo['password']); $forumlist = fetch_forum_clause_sql($foruminfo['forumid'], 'announcement.forumid'); } else { if (!$announcementinfo['announcementid']) { json_error(ERR_INVALID_ANNOUNCEMENT); } } $hook_query_fields = $hook_query_joins = $hook_query_where = ''; $announcements = $db->query_read_slave("\n\t\tSELECT announcement.announcementid, announcement.announcementid AS postid, startdate, enddate, announcement.title, pagetext, announcementoptions, views, announcement.pagetext,\n\t\t\tuser.*, userfield.*, usertextfield.*,\n\t\t\tsigpic.userid AS sigpic, sigpic.dateline AS sigpicdateline, sigpic.width AS sigpicwidth, sigpic.height AS sigpicheight,\n\t\t\tIF(displaygroupid=0, user.usergroupid, displaygroupid) AS displaygroupid, infractiongroupid\n\t\t\t" . ($vbulletin->options['avatarenabled'] ? ",avatar.avatarpath, NOT ISNULL(customavatar.userid) AS hascustomavatar, customavatar.dateline AS avatardateline,customavatar.width AS avwidth,customavatar.height AS avheight" : "") . "\n\t\t\t" . ($vbulletin->userinfo['userid'] ? ", NOT ISNULL(announcementread.announcementid) AS readannouncement" : "") . "\n\t\t\t{$hook_query_fields}\n\t\tFROM " . TABLE_PREFIX . "announcement AS announcement\n\t\t" . ($vbulletin->userinfo['userid'] ? "LEFT JOIN " . TABLE_PREFIX . "announcementread AS announcementread ON(announcementread.announcementid = announcement.announcementid AND announcementread.userid = " . $vbulletin->userinfo['userid'] . ")" : "") . "\n\t\tLEFT JOIN " . TABLE_PREFIX . "user AS user ON(user.userid=announcement.userid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "userfield AS userfield ON(userfield.userid=announcement.userid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "usertextfield AS usertextfield ON(usertextfield.userid=announcement.userid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "sigpic AS sigpic ON(sigpic.userid = announcement.userid)\n\t\t" . ($vbulletin->options['avatarenabled'] ? "LEFT JOIN " . TABLE_PREFIX . "avatar AS avatar ON(avatar.avatarid=user.avatarid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "customavatar AS customavatar ON(customavatar.userid=announcement.userid)" : "") . "\n\t\t{$hook_query_joins}\n\t\tWHERE\n\t\t\t" . ($vbulletin->GPC['announcementid'] ? "announcement.announcementid = " . $vbulletin->GPC['announcementid'] : "startdate <= " . TIMENOW . " AND enddate >= " . TIMENOW . " " . (!empty($forumlist) ? "AND {$forumlist}" : "")) . "\n\t\t\t{$hook_query_where}\n\t\tORDER BY startdate DESC, announcementid DESC\n\t"); if ($db->num_rows($announcements) == 0) { // no announcements json_error(ERR_INVALID_ANNOUNCEMENT); } if (!$vbulletin->options['oneannounce'] and $vbulletin->GPC['announcementid'] and !empty($forumlist)) { $anncount = $db->query_first_slave("\n\t\t\tSELECT COUNT(*) AS total\n\t\t\tFROM " . TABLE_PREFIX . "announcement AS announcement\n\t\t\tWHERE startdate <= " . TIMENOW . "\n\t\t\t\tAND enddate >= " . TIMENOW . "\n\t\t\t\tAND {$forumlist}\n\t\t"); $anncount['total'] = intval($anncount['total']); $show['viewall'] = $anncount['total'] > 1 ? true : false; } else { $show['viewall'] = false; } require_once DIR . '/includes/class_postbit.php'; $show['announcement'] = true; $counter = 0; $anncids = array(); $announcebits = ''; $announceread = array(); $postbit_factory = new vB_Postbit_Factory(); $postbit_factory->registry =& $vbulletin; $postbit_factory->forum =& $foruminfo; $postbit_factory->cache = array(); $postbit_factory->bbcode_parser = new vB_BbCodeParser($vbulletin, fetch_tag_list()); while ($post = $db->fetch_array($announcements)) { $postbit_obj =& $postbit_factory->fetch_postbit('announcement'); $post['counter'] = ++$counter; $postbit_obj->construct_postbit($post); $anncids[] = $post['announcementid']; $announceread[] = "({$post['announcementid']}, " . $vbulletin->userinfo['userid'] . ")"; // FRNR start $fr_images = array(); $docattach = array(); // Attachments (images). if (is_array($post['attachments']) && count($post['attachments']) > 0) { foreach ($post['attachments'] as $attachment) { $lfilename = strtolower($attachment['filename']); if (strpos($lfilename, '.jpe') !== false || strpos($lfilename, '.png') !== false || strpos($lfilename, '.gif') !== false || strpos($lfilename, '.jpg') !== false || strpos($lfilename, '.jpeg') !== false) { $tmp = array('img' => $vbulletin->options['bburl'] . '/attachment.php?attachmentid=' . $attachment['attachmentid']); if ($vbulletin->options['attachthumbs']) { $tmp['tmb'] = $vbulletin->options['bburl'] . '/attachment.php?attachmentid=' . $attachment['attachmentid'] . '&stc=1&thumb=1'; } $fr_images[] = $tmp; } if (strpos($lfilename, '.pdf') !== false) { $docattach[] = $vbulletin->options['bburl'] . '/attachment.php?attachmentid=' . $attachment['attachmentid']; } } } // Parse the post for quotes and inline images list($text, $nuked_quotes, $images) = parse_post($post['pagetext'], $usesmilies, $attachments); if (count($fr_images) > 0) { $text .= "<br/>"; foreach ($fr_images as $attachment) { $text .= "<img src=\"{$attachment['img']}\"/>"; } } foreach ($images as $image) { $fr_images[] = array('img' => $image); } // Avatar work $avatarurl = ''; if ($post['avatarurl']) { $avatarurl = process_avatarurl($post['avatarurl']); } $tmp = array('username' => prepare_utf8_string(strip_tags($post['username'])), 'userid' => $post['userid'], 'title' => prepare_utf8_string($post['title']), 'text' => $text, 'post_timestamp' => prepare_utf8_string(date_trunc($post['startdate'])), 'fr_images' => $fr_images); if ($avatarurl != '') { $tmp['avatarurl'] = $avatarurl; } $posts_out[] = $tmp; } if (!empty($anncids)) { $db->shutdown_query("\n\t\t\tUPDATE " . TABLE_PREFIX . "announcement\n\t\t\tSET views = views + 1\n\t\t\tWHERE announcementid IN (" . implode(', ', $anncids) . ")\n\t\t"); if ($vbulletin->userinfo['userid']) { $db->shutdown_query("\n\t\t\t\tREPLACE INTO " . TABLE_PREFIX . "announcementread\n\t\t\t\t\t(announcementid, userid)\n\t\t\t\tVALUES\n\t\t\t\t\t" . implode(', ', $announceread) . "\n\t\t\t"); } } if (!is_array($posts_out)) { $posts_out = array(); } return array('posts' => $posts_out, 'total_posts' => count($posts_out)); }
public function actionGetThread() { $threadid = $this->_input->filterSingle('threadid', XenForo_Input::UINT); $postid = $this->_input->filterSingle('postid', XenForo_Input::UINT); $signature = $this->_input->filterSingle('signature', XenForo_Input::UINT); $page = max($this->_input->filterSingle('page', XenForo_Input::UINT), 1); $perpage = $this->_input->filterSingle('perpage', XenForo_Input::UINT); if (!$perpage) { $perpage = XenForo_Application::get('options')->messagesPerPage; } $visitor = XenForo_Visitor::getInstance(); $user_model = $this->getModelFromCache('XenForo_Model_User'); $thread_model = $this->_getThreadModel(); $post_model = $this->_getPostModel(); $forum_model = $this->_getForumModel(); $session_model = $this->getModelFromCache('XenForo_Model_Session'); $helper = $this->getHelper('ForumThreadPost'); $post_helper = new ForumRunner_ControllerHelper_Post($this); try { list($thread_info, $forum_info) = $helper->assertThreadValidAndViewable($threadid, array('readUserId' => $visitor['user_id'], 'watchUserId' => $visitor['user_id']), array('readUserId' => $visitor['user_id'])); } catch (Exception $e) { json_error($e->getControllerResponse()->errorText->render()); } $gotopostid = 0; if ($page == FR_LAST_POST) { // Figure out our last post page and post id $options = $post_model->getPermissionBasedPostFetchOptions($thread_info, $forum_info); $read_date = $thread_model->getMaxThreadReadDate($thread_info, $forum_info); $first_unread = $post_model->getNextPostInThread($threadid, $read_date, $options); if (!$first_unread) { $first_unread = $post_model->getLastPostInThread($threadid, $options); } if ($first_unread) { $page = floor($first_unread['position'] / $perpage) + 1; $gotopostid = $first_unread['post_id']; } else { $page = 1; } } else { if ($postid) { try { list($tpost, $tthread, $tforum) = $helper->assertPostValidAndViewable($postid); } catch (Exception $e) { json_error($e->getControllerResponse()->errorText->render()); } $page = floor($tpost['position'] / $perpage) + 1; $gotopostid = $postid; } } if ($thread_model->isRedirect($thread_info)) { // Redirect thread! XXX RKJ } $this->canonicalizePageNumber($page, $perpage, $thread_info['reply_count'] + 1, 'threads', $thread_info); $post_options = array_merge($post_model->getPermissionBasedPostFetchOptions($thread_info, $forum_info), array('perPage' => $perpage, 'page' => $page, 'join' => XenForo_Model_Post::FETCH_USER | XenForo_Model_Post::FETCH_USER_PROFILE | XenForo_Model_Post::FETCH_FORUM, 'likeUserId' => $visitor['user_id'])); if (!empty($post_options['deleted'])) { $post_options['join'] |= XenForo_Model_Post::FETCH_DELETION_LOG; } $posts = $post_model->getPostsInThread($threadid, $post_options); $posts = $post_model->getAndMergeAttachmentsIntoPosts($posts); $mod = array(); $perms = $visitor->getNodePermissions($thread_info['node_id']); $thread_mod = $thread_model->addInlineModOptionToThread($thread_info, $forum_info, $perms); $max_post_date = $first_unread = $deleted = $moderated = 0; foreach ($posts as &$post) { $post_mod = $post_model->addInlineModOptionToPost($post, $thread_info, $forum_info, $perms); $mod = array_merge($mod, $post_mod); $post = $post_model->preparePost($post, $thread_info, $forum_info, $perms); if ($post['post_date'] > $max_post_date) { $max_post_date = $post['post_date']; } if ($post['isDeleted']) { $deleted++; } if ($post['isModerated']) { $moderated++; } if (!$first_unread && $post['isNew']) { $first_unread = $post['post_id']; } } $thread_model->markThreadRead($thread_info, $forum_info, $max_post_date, $visitor['user_id']); fr_update_subsent($thread_info['thread_id'], $max_post_date); $thread_model->logThreadView($threadid); $post_data = array(); foreach ($posts as &$post) { $user = $user_model->getUserById($post['user_id']); $online_info = $session_model->getSessionActivityRecords(array('user_id' => $post['user_id'], 'cutOff' => array('>', $session_model->getOnlineStatusTimeout()))); $is_online = false; if (count($online_info) == 1) { $is_online = true; } $fr_images = $docattach = array(); if (isset($post['attachments']) && is_array($post['attachments'])) { foreach ($post['attachments'] as $attachment) { $ext = strtolower($attachment['extension']); $link = XenForo_Link::buildPublicLink('attachments', $attachment); if ($ext == 'jpe' || $ext == 'jpeg' || $ext == 'png' || $ext == 'gif' || $ext == 'jpg') { $data = array('img' => fr_get_xenforo_bburl() . '/' . $link); if ($attachment['thumbnailUrl']) { $data['tmb'] = fr_get_xenforo_bburl() . '/' . $attachment['thumbnailUrl']; } $fr_images[] = $data; } else { if ($ext == 'pdf') { $docattach[] = fr_get_xenforo_bburl() . '/' . $link; } } } } list($text, $nuked_quotes, $images) = parse_post(fr_strip_smilies($this, XenForo_Helper_String::censorString($post['message'])), true); if (count($fr_images) > 0) { $text .= "<br/>"; foreach ($fr_images as $attachment) { $text .= "<img src=\"{$attachment['img']}\"/>"; } } foreach ($images as $image) { $fr_images[] = array('img' => $image); } $avatarurl = ''; if ($user !== false) { $avatarurl = process_avatarurl(XenForo_Template_Helper_Core::getAvatarUrl($user, 'm')); if (strpos($avatarurl, '/xenforo/avatars/avatar_') !== false) { $avatarurl = ''; } } $post_page = floor($post['position'] / XenForo_Application::get('options')->messagesPerPage) + 1; $out = array('post_id' => $post['post_id'], 'thread_id' => $post['thread_id'], 'forum_id' => $post['node_id'], 'forum_title' => prepare_utf8_string(strip_tags($post['node_title'])), 'username' => prepare_utf8_string(strip_tags($post['username'])), 'joindate' => prepare_utf8_string(XenForo_Locale::date($post['register_date'], 'absolute')), 'usertitle' => strip_tags(XenForo_Template_Helper_Core::helperUserTitle($user)), 'numposts' => $user ? $user['message_count'] : 0, 'userid' => $post['user_id'], 'canlike' => $post['canLike'] ? true : false, 'likes' => $post['like_date'] > 0 ? true : false, 'title' => prepare_utf8_string(XenForo_Helper_String::censorString($post['title'])), 'online' => $is_online, 'post_timestamp' => prepare_utf8_string(XenForo_Locale::dateTime($post['post_date'], 'absolute')), 'post_link' => fr_get_xenforo_bburl() . '/' . XenForo_Link::buildPublicLink('threads', $thread_info, array('page' => $post_page)) . '#post-' . $post['post_id'], 'fr_images' => $fr_images); if ($post['canDelete']) { $out['candelete'] = true; } if ($post['likes']) { $out['likestext'] = prepare_utf8_string($post_helper->likesHtml($post['post_id'], $post['likes'], $post['like_date'], $post['likeUsers'])); $like_users = ''; for ($i = 0; $i < count($post['likeUsers']); $i++) { if ($i != 0) { $like_users .= ', '; } $like_users .= $post['likeUsers'][$i]['username']; } $out['likesusers'] = prepare_utf8_string($like_users); } if ($avatarurl != '') { $out['avatarurl'] = $avatarurl; } if ($post['message_state'] == 'deleted') { $out += array('deleted' => true, 'del_username' => prepare_utf8_string(strip_tags($post['delete_username']))); if ($post['delete_reason']) { $out['del_reason'] = prepare_utf8_string($post['delete_reason']); } } else { if ($post['canEdit']) { $out += array('canedit' => $post['canEdit']); } $out += array('text' => $text, 'quotable' => $nuked_quotes, 'edittext' => prepare_utf8_string($post['message'])); } if (count($docattach)) { $out['docattach'] = $docattach; } if ($signature) { $sig = trim(strip_tags(remove_bbcode($post['signature'], true, true), '<a>')); $sig = str_replace(array("\t", "\r"), array('', ''), $sig); $sig = str_replace("\n\n", "\n", $sig); $out['sig'] = prepare_utf8_string($sig); } $post_data[] = $out; } $out = array('posts' => $post_data, 'total_posts' => $thread_info['reply_count'] + 1, 'page' => $page, 'canpost' => $thread_model->canReplyToThread($thread_info, $forum_info), 'canattach' => $forum_model->canUploadAndManageAttachment($forum_info), 'title' => prepare_utf8_string(XenForo_Helper_String::censorString($thread_info['title'])), 'thread_link' => process_avatarurl(XenForo_Link::buildPublicLink('threads', $thread_info, array('page' => $page))), 'subscribed' => $thread_info['thread_is_watched'] ? 1 : 0); if ($gotopostid) { $out['gotopostid'] = $gotopostid; } if ($thread_info['discussion_type'] == 'poll') { $poll_model = $this->_getPollModel(); $poll = $poll_model->getPollByContent('thread', $threadid); if ($poll) { $out['pollid'] = $poll['poll_id']; } } $modbit = 0; if (isset($mod['delete']) && $mod['delete']) { $modbit |= MOD_DELETEPOST; } if ($thread_info['sticky'] && isset($thread_mod['unstick']) && $thread_mod['unstick']) { $modbit |= MOD_UNSTICK; } if (!$thread_info['sticky'] && isset($thread_mod['stick']) && $thread_mod['stick']) { $modbit |= MOD_STICK; } if (isset($thread_mod['delete']) && $thread_mod['delete']) { $modbit |= MOD_DELETETHREAD; } XenForo_Application::setDebugMode(true); if ($thread_info['discussion_open'] && isset($thread_mod['lock']) && $thread_mod['lock']) { $modbit |= MOD_CLOSE; } if (!$thread_info['discussion_open'] && isset($thread_mod['unlock']) && $thread_mod['unlock']) { $modbit |= MOD_OPEN; } if (isset($thread_mod['move']) && $thread_mod['move']) { $modbit |= MOD_MOVETHREAD; } if (XenForo_Permission::hasPermission($visitor['permissions'], 'general', 'cleanSpam')) { $modbit |= MOD_SPAM_CONTROLS; } $out['mod'] = $modbit; return $out; }
function do_get_pm() { global $vbulletin, $db; require_once DIR . '/includes/class_postbit.php'; require_once DIR . '/includes/functions_bigthree.php'; $vbulletin->input->clean_array_gpc('r', array('pmid' => TYPE_UINT, 'showhistory' => TYPE_BOOL)); ($hook = vBulletinHook::fetch_hook('private_showpm_start')) ? eval($hook) : false; $pm = $db->query_first_slave("\n\t\tSELECT\n\t\t\tpm.*, pmtext.*,\n\t\t\t" . iif($vbulletin->options['privallowicons'], "icon.title AS icontitle, icon.iconpath,") . "\n\t\t\tIF(ISNULL(pmreceipt.pmid), 0, 1) AS receipt, pmreceipt.readtime, pmreceipt.denied,\n\t\t\tsigpic.userid AS sigpic, sigpic.dateline AS sigpicdateline, sigpic.width AS sigpicwidth, sigpic.height AS sigpicheight\n\t\tFROM " . TABLE_PREFIX . "pm AS pm\n\t\tLEFT JOIN " . TABLE_PREFIX . "pmtext AS pmtext ON(pmtext.pmtextid = pm.pmtextid)\n\t\t" . iif($vbulletin->options['privallowicons'], "LEFT JOIN " . TABLE_PREFIX . "icon AS icon ON(icon.iconid = pmtext.iconid)") . "\n\t\tLEFT JOIN " . TABLE_PREFIX . "pmreceipt AS pmreceipt ON(pmreceipt.pmid = pm.pmid)\n\t\tLEFT JOIN " . TABLE_PREFIX . "sigpic AS sigpic ON(sigpic.userid = pmtext.fromuserid)\n\t\tWHERE pm.userid=" . $vbulletin->userinfo['userid'] . " AND pm.pmid=" . $vbulletin->GPC['pmid'] . "\n\t"); if (!$pm) { json_error(strip_tags(fetch_error('invalidid', $vbphrase['private_message'], $vbulletin->options['contactuslink']))); } $folderjump = construct_folder_jump(0, $pm['folderid']); // do read receipt $show['receiptprompt'] = $show['receiptpopup'] = false; if ($pm['receipt'] == 1 and $pm['readtime'] == 0 and $pm['denied'] == 0) { if ($permissions['pmpermissions'] & $vbulletin->bf_ugp_pmpermissions['candenypmreceipts']) { // set it to denied just now as some people might have ad blocking that stops the popup appearing $show['receiptprompt'] = $show['receiptpopup'] = true; $receipt_question_js = addslashes_js(construct_phrase($vbphrase['x_has_requested_a_read_receipt'], unhtmlspecialchars($pm['fromusername'])), '"'); $db->shutdown_query("UPDATE " . TABLE_PREFIX . "pmreceipt SET denied = 1 WHERE pmid = {$pm['pmid']}"); } else { // they can't deny pm receipts so do not show a popup or prompt $db->shutdown_query("UPDATE " . TABLE_PREFIX . "pmreceipt SET readtime = " . TIMENOW . " WHERE pmid = {$pm['pmid']}"); } } else { if ($pm['receipt'] == 1 and $pm['denied'] == 1) { $show['receiptprompt'] = true; } } $postbit_factory = new vB_Postbit_Factory(); $postbit_factory->registry =& $vbulletin; $postbit_factory->cache = array(); $postbit_factory->bbcode_parser = new vB_BbCodeParser($vbulletin, fetch_tag_list()); $postbit_obj =& $postbit_factory->fetch_postbit('pm'); $pm_postbit = $pm; $postbit = $postbit_obj->construct_postbit($pm_postbit); // update message to show read if ($pm['messageread'] == 0) { $db->shutdown_query("UPDATE " . TABLE_PREFIX . "pm SET messageread=1 WHERE userid=" . $vbulletin->userinfo['userid'] . " AND pmid={$pm['pmid']}"); if ($pm['folderid'] >= 0) { $userdm =& datamanager_init('User', $vbulletin, ERRTYPE_SILENT); $userdm->set_existing($vbulletin->userinfo); $userdm->set('pmunread', 'IF(pmunread >= 1, pmunread - 1, 0)', false); $userdm->save(true, true); unset($userdm); } } $cclist = array(); $bcclist = array(); $ccrecipients = ''; $bccrecipients = ''; $touser = unserialize($pm['touserarray']); if (!is_array($touser)) { $touser = array(); } foreach ($touser as $key => $item) { if (is_array($item)) { foreach ($item as $subkey => $subitem) { $userinfo = array('userid' => $subkey, 'username' => $subitem); $templater = vB_Template::create('pm_messagelistbit_user'); $templater->register('userinfo', $userinfo); ${$key . 'list'}[] = $templater->render(); } } else { $userinfo = array('username' => $item, 'userid' => $key); $templater = vB_Template::create('pm_messagelistbit_user'); $templater->register('userinfo', $userinfo); $bcclist[] = $templater->render(); } } if (count($cclist) > 1 or is_array($touser['cc']) and !in_array($vbulletin->userinfo['username'], $touser['cc']) or $vbulletin->userinfo['userid'] == $pm['fromuserid'] and $pm['folderid'] == -1) { if (!empty($cclist)) { $ccrecipients = implode("\r\n", $cclist); } if (!empty($bcclist) and $vbulletin->userinfo['userid'] == $pm['fromuserid'] and $pm['folderid'] == -1) { if (empty($cclist) and count($bcclist == 1)) { $ccrecipients = implode("\r\n", $bcclist); } else { $bccrecipients = implode("\r\n", $bcclist); } } $show['recipients'] = true; } $pm['senddate'] = vbdate($vbulletin->options['dateformat'], $pm['dateline']); $pm['sendtime'] = vbdate($vbulletin->options['timeformat'], $pm['dateline']); list($text, $nuked_quotes, $images) = parse_post($pm['message'], $vbulletin->options['privallowsmilies'] && $usesmiles); $fr_images = array(); foreach ($images as $image) { $fr_images[] = array('img' => $image); } // Avatar work $avatarurl = ''; if ($pm_postbit['avatarurl']) { $avatarurl = process_avatarurl($pm_postbit['avatarurl']); } $to_users = unserialize($pm['touserarray']); $users = array(); if ($to_users !== false) { if ($to_users['cc']) { $users = $to_users['cc']; } else { $users = $to_users; } } $out = array('id' => $pm['pmid'], 'pm_unread' => $pm['messageread'] == 0, 'username' => prepare_utf8_string(strip_tags($pm['fromusername'])), 'to_usernames' => prepare_utf8_string(implode('; ', $users)), 'userid' => $pm['fromuserid'], 'title' => prepare_utf8_string($pm['title']), 'online' => fetch_online_status(fetch_userinfo($pm['fromuserid']), false), 'message' => $text, 'quotable' => $nuked_quotes, 'fr_images' => $fr_images, 'pm_timestamp' => prepare_utf8_string(date_trunc($pm['senddate'] . ' ' . $pm['sendtime']))); if ($avatarurl != '') { $out['avatarurl'] = $avatarurl; } return $out; }