function xthreads_phptpl_eval_text($s) { require_once MYBB_ROOT . 'inc/xthreads/xt_phptpl_lib.php'; xthreads_sanitize_eval($s); return eval_str($s); }
function xthreads_check_condstr($s) { require_once MYBB_ROOT . 'inc/xthreads/xt_phptpl_lib.php'; xthreads_sanitize_eval($s); return xthreads_check_evalstr($s); }
function xthreads_moderation_custom_do(&$tids, $editstr) { if (!$editstr) { return; } $edits = array(); // caching stuff static $threadfields = null; if (!isset($threadfields)) { $threadfields = xthreads_gettfcache(); } // grab all threadfields require_once MYBB_ROOT . 'inc/xthreads/xt_phptpl_lib.php'; foreach (explode("\n", str_replace("{\n}", "\r", str_replace("\r", '', $editstr))) as $editline) { $editline = trim(str_replace("\r", "\n", $editline)); list($n, $v) = explode('=', $editline, 2); if (!isset($v)) { continue; } // don't allow editing of file fields if (!isset($threadfields[$n]) || $threadfields[$n]['inputtype'] == XTHREADS_INPUT_FILE) { continue; } // we don't do much validation here as we trust admins, right? // this is just a prelim check (speed optimisation) - we'll need to check this again after evaluating conditionals $upperv = strtoupper($v); if (($upperv === '' || $upperv == 'NULL' || $upperv == 'NUL') && $threadfields[$n]['datatype'] != XTHREADS_DATATYPE_TEXT) { $edits[$n] = null; } else { $edits[$n] = $v; xthreads_sanitize_eval($edits[$n], array('VALUE' => null, 'TID' => null)); } } if (empty($edits)) { return; } $modfields = array_keys($edits); global $db; $query = $db->query(' SELECT t.tid, tfd.`' . implode('`, tfd.`', $modfields) . '` FROM ' . TABLE_PREFIX . 'threads t LEFT JOIN ' . TABLE_PREFIX . 'threadfields_data tfd ON t.tid=tfd.tid WHERE t.tid IN (' . implode(',', $tids) . ') '); //$query = $db->simple_select('threadfields_data', 'tid,`'.implode('`,`', $modfields).'`', 'tid IN ('.implode(',', $tids).')'); while ($thread = $db->fetch_array($query)) { $updates = array(); foreach ($edits as $n => $v) { if ($v !== null) { // TODO: allowing conditionals direct access to multivals? $v = trim(eval_str($v, array('VALUE' => $thread[$n], 'TID' => $thread['tid']))); if ($threadfields[$n]['datatype'] != XTHREADS_DATATYPE_TEXT) { $upperv = strtoupper($v); if ($upperv == '' || $upperv == 'NULL' || $upperv == 'NUL') { $v = null; } // TODO: intval/floatval here? } } if ($v !== $thread[$n]) { // we'll do some basic validation for multival fields if (!xthreads_empty($threadfields[$n]['multival'])) { $d = "\n"; if ($threadfields[$n]['inputtype'] == XTHREADS_INPUT_TEXT) { $d = ','; } $v = array_unique(array_map('trim', explode($d, str_replace("\r", '', $v)))); foreach ($v as $key => &$val) { if (xthreads_empty($val)) { unset($v[$key]); } } $v = implode($d, $v); } $updates[$n] = $v; } } if (!empty($updates)) { xthreads_db_update_replace('threadfields_data', $updates, 'tid', $thread['tid']); } } $db->free_result($query); }