/** * Run some validation tests, rules vs valid and invalid data */ public function testValidation() { // These should all fail $validation = new Data_Validator(); $validation->validation_rules($this->rules); $validation->sanitation_rules(array('min_len_csv' => 'trim')); $validation->input_processing(array('min_len_csv' => 'csv', 'min_len_array' => 'array')); $validation->validate($this->invalid_data); foreach ($this->invalid_data as $key => $value) { $test = $validation->validation_errors($key); $value = is_array($value) ? implode(' | ', $value) : $value; $this->assertNotNull($validation->validation_errors($key), 'Test: ' . $test[0] . ' passed data: ' . $value . ' but it should have failed'); } // These should all pass $validation = new Data_Validator(); $validation->validation_rules($this->rules); $validation->input_processing(array('min_len_csv' => 'csv', 'min_len_array' => 'array')); $validation->validate($this->valid_data); foreach ($this->valid_data as $key => $value) { $test = $validation->validation_errors($key); $value = is_array($value) ? implode(' | ', $value) : $value; $this->assertNull($validation->validation_errors($key), 'Test: ' . $test[0] . ' failed data: ' . $value . ' but it should have passed'); } }
/** * Shows the contact form for the user to fill out * Needs to be enabled to be used */ public function action_contact() { global $context, $txt, $user_info, $modSettings; // Already inside, no need to use this, just send a PM // Disabled, you cannot enter. if (!$user_info['is_guest'] || empty($modSettings['enable_contactform']) || $modSettings['enable_contactform'] == 'disabled') { redirectexit(); } loadLanguage('Login'); loadTemplate('Register'); if (isset($_REQUEST['send'])) { checkSession('post'); validateToken('contact'); spamProtection('contact'); // No errors, yet. $context['errors'] = array(); loadLanguage('Errors'); // Could they get the right send topic verification code? require_once SUBSDIR . '/VerificationControls.class.php'; require_once SUBSDIR . '/Members.subs.php'; // form validation require_once SUBSDIR . '/DataValidator.class.php'; $validator = new Data_Validator(); $validator->sanitation_rules(array('emailaddress' => 'trim', 'contactmessage' => 'trim|Util::htmlspecialchars')); $validator->validation_rules(array('emailaddress' => 'required|valid_email', 'contactmessage' => 'required')); $validator->text_replacements(array('emailaddress' => $txt['error_email'], 'contactmessage' => $txt['error_message'])); // Any form errors if (!$validator->validate($_POST)) { $context['errors'] = $validator->validation_errors(); } // How about any verification errors $verificationOptions = array('id' => 'contactform'); $context['require_verification'] = create_control_verification($verificationOptions, true); if (is_array($context['require_verification'])) { foreach ($context['require_verification'] as $error) { $context['errors'][] = $txt['error_' . $error]; } } // No errors, then send the PM to the admins if (empty($context['errors'])) { $admins = admins(); if (!empty($admins)) { require_once SUBSDIR . '/PersonalMessage.subs.php'; sendpm(array('to' => array_keys($admins), 'bcc' => array()), $txt['contact_subject'], $_REQUEST['contactmessage'], false, array('id' => 0, 'name' => $validator->emailaddress, 'username' => $validator->emailaddress)); } // Send the PM redirectexit('action=contact;sa=done'); } else { $context['emailaddress'] = $validator->emailaddress; $context['contactmessage'] = $validator->contactmessage; } } if (isset($_GET['sa']) && $_GET['sa'] == 'done') { $context['sub_template'] = 'contact_form_done'; } else { $context['sub_template'] = 'contact_form'; $context['page_title'] = $txt['admin_contact_form']; require_once SUBSDIR . '/VerificationControls.class.php'; $verificationOptions = array('id' => 'contactform'); $context['require_verification'] = create_control_verification($verificationOptions); $context['visual_verification_id'] = $verificationOptions['id']; } createToken('contact'); }
/** * Used when a field contains csv or array of data * * -Will convert field to individual elements and run a separate validation on that group * using the rules defined to the parent node * * @param mixed[] $input * @param string $field * @param string $rules */ private function _validate_recursive($input, $field, $rules) { if (!isset($input[$field])) { return; } // Start a new instance of the validtor to work on this sub data (csv/array) $sub_validator = new Data_Validator(); $fields = array(); $validation_rules = array(); if ($this->_datatype[$field] === 'array') { // Convert the array to individual values, they all use the same rules foreach ($input[$field] as $key => $value) { $validation_rules[$key] = $rules; $fields[$key] = $value; } } elseif ($this->_datatype[$field] === 'csv') { // Blow it up! $temp = explode(',', $input[$field]); foreach ($temp as $key => $value) { $validation_rules[$key] = $rules; $fields[$key] = $value; } } // Validate each "new" field $sub_validator->validation_rules($validation_rules); $result = $sub_validator->validate($fields); // If its not valid, then just take the first error and use it for the original field if (!$result) { $errors = $sub_validator->validation_errors(true); $this->_validation_errors[] = array('field' => $field, 'input' => $errors[0]['input'], 'function' => $errors[0]['function'], 'param' => $errors[0]['param']); } return $result; }
/** * Allow a user to send an email. * * - Send an email to the user - allow the sender to write the message. * - Can either be passed a user ID as uid or a message id as msg. * - Does not check permissions for a message ID as there is no information disclosed. * - accessed by ?action=emailuser;sa=email */ public function action_email() { global $context, $user_info, $txt, $scripturl; // Can the user even see this information? if ($user_info['is_guest']) { fatal_lang_error('no_access', false); } isAllowedTo('send_email_to_members'); // Are we sending to a user? $context['form_hidden_vars'] = array(); if (isset($_REQUEST['uid'])) { require_once SUBSDIR . '/Members.subs.php'; // Get the latest activated member's display name. $row = getBasicMemberData((int) $_REQUEST['uid']); $context['form_hidden_vars']['uid'] = (int) $_REQUEST['uid']; } elseif (isset($_REQUEST['msg'])) { require_once SUBSDIR . '/Messages.subs.php'; $row = mailFromMessage((int) $_REQUEST['msg']); $context['form_hidden_vars']['msg'] = (int) $_REQUEST['msg']; } // Are you sure you got the address or any data? if (empty($row['email_address']) || empty($row)) { fatal_lang_error('cant_find_user_email'); } // Can they actually do this? $context['show_email_address'] = showEmailAddress(!empty($row['hide_email']), $row['id_member']); if ($context['show_email_address'] === 'no') { fatal_lang_error('no_access', false); } // Does the user want to be contacted at all by you? require_once SUBSDIR . '/Members.subs.php'; if (!canContact($row['id_member'])) { fatal_lang_error('no_access', false); } // Setup the context! $context['recipient'] = array('id' => $row['id_member'], 'name' => $row['real_name'], 'email' => $row['email_address'], 'email_link' => ($context['show_email_address'] == 'yes_permission_override' ? '<em>' : '') . '<a href="mailto:' . $row['email_address'] . '">' . $row['email_address'] . '</a>' . ($context['show_email_address'] == 'yes_permission_override' ? '</em>' : ''), 'link' => $row['id_member'] ? '<a href="' . $scripturl . '?action=profile;u=' . $row['id_member'] . '">' . $row['real_name'] . '</a>' : $row['real_name']); // Can we see this person's email address? $context['can_view_recipient_email'] = $context['show_email_address'] == 'yes' || $context['show_email_address'] == 'yes_permission_override'; // Template $context['sub_template'] = 'custom_email'; $context['page_title'] = $txt['send_email']; // Are we actually sending it? if (isset($_POST['send']) && isset($_POST['email_body'])) { checkSession(); // Don't let them send too many! spamProtection('sendmail'); require_once SUBSDIR . '/Mail.subs.php'; require_once SUBSDIR . '/DataValidator.class.php'; // We will need to do some data checking $validator = new Data_Validator(); $validator->sanitation_rules(array('y_name' => 'trim', 'email_body' => 'trim', 'email_subject' => 'trim')); $validator->validation_rules(array('y_name' => 'required|notequal[_]', 'y_email' => 'required|valid_email', 'email_body' => 'required', 'email_subject' => 'required')); $validator->text_replacements(array('y_name' => $txt['sendtopic_sender_name'], 'y_email' => $txt['sendtopic_sender_email'], 'email_body' => $txt['message'], 'email_subject' => $txt['send_email_subject'])); $validator->validate($_POST); // If it's a guest sort out their names. if ($user_info['is_guest']) { $errors = $validator->validation_errors(array('y_name', 'y_email')); if ($errors) { $context['sendemail_error'] = array('errors' => $errors, 'type' => 'minor', 'title' => $txt['validation_failure']); return; } $from_name = $validator->y_name; $from_email = $validator->y_email; } else { $from_name = $user_info['name']; $from_email = $user_info['email']; } // Check we have a body (etc). $errors = $validator->validation_errors(array('email_body', 'email_subject')); if (!empty($errors)) { $context['sendemail_error'] = array('errors' => $errors, 'type' => 'minor', 'title' => $txt['validation_failure']); return; } // We use a template in case they want to customise! $replacements = array('EMAILSUBJECT' => $validator->email_subject, 'EMAILBODY' => $validator->email_body, 'SENDERNAME' => $from_name, 'RECPNAME' => $context['recipient']['name']); // Get the template and get out! $emaildata = loadEmailTemplate('send_email', $replacements); sendmail($context['recipient']['email'], $emaildata['subject'], $emaildata['body'], $from_email, null, false, 1, null, true); // Now work out where to go! if (isset($_REQUEST['uid'])) { redirectexit('action=profile;u=' . (int) $_REQUEST['uid']); } elseif (isset($_REQUEST['msg'])) { redirectexit('msg=' . (int) $_REQUEST['msg']); } else { redirectexit(); } } }
/** * Set any setting related to paid subscriptions, * * - i.e. modify which payment methods are to be used. * - It requires the moderate_forum permission * - Accessed from ?action=admin;area=paidsubscribe;sa=settings. */ public function action_paidSettings_display() { global $context, $txt, $scripturl; require_once SUBSDIR . '/PaidSubscriptions.subs.php'; // Initialize the form $this->_init_paidSettingsForm(); $config_vars = $this->_paidSettings->settings(); // Now load all the other gateway settings. $gateways = loadPaymentGateways(); foreach ($gateways as $gateway) { $gatewayClass = new $gateway['display_class'](); $setting_data = $gatewayClass->getGatewaySettings(); if (!empty($setting_data)) { $config_vars[] = array('title', $gatewayClass->title, 'text_label' => isset($txt['paidsubs_gateway_title_' . $gatewayClass->title]) ? $txt['paidsubs_gateway_title_' . $gatewayClass->title] : $gatewayClass->title); $config_vars = array_merge($config_vars, $setting_data); } } // Some important context stuff $context['page_title'] = $txt['settings']; $context['sub_template'] = 'show_settings'; $context['settings_message'] = replaceBasicActionUrl($txt['paid_note']); $context[$context['admin_menu_name']]['current_subsection'] = 'settings'; // Get the final touches in place. $context['post_url'] = $scripturl . '?action=admin;area=paidsubscribe;save;sa=settings'; $context['settings_title'] = $txt['settings']; // We want javascript for our currency options. addInlineJavascript(' toggleCurrencyOther();', true); // Saving the settings? if (isset($_GET['save'])) { checkSession(); call_integration_hook('integrate_save_subscription_settings'); // Check that the entered email addresses are valid if (!empty($_POST['paid_email_to'])) { require_once SUBSDIR . '/DataValidator.class.php'; $validator = new Data_Validator(); // Some cleaning and some rules $validator->sanitation_rules(array('paid_email_to' => 'trim')); $validator->validation_rules(array('paid_email_to' => 'valid_email')); $validator->input_processing(array('paid_email_to' => 'csv')); $validator->text_replacements(array('paid_email_to' => $txt['paid_email_to'])); if ($validator->validate($_POST)) { $_POST['paid_email_to'] = $validator->paid_email_to; } else { // Thats not an email, lets set it back in the form to be fixed and let them know its wrong $config_vars[1]['value'] = $_POST['paid_email_to']; $context['error_type'] = 'minor'; $context['settings_message'] = array(); foreach ($validator->validation_errors() as $id => $error) { $context['settings_message'][] = $error; } } } // No errors, then save away if (empty($context['error_type'])) { // Sort out the currency stuff. if ($_POST['paid_currency'] != 'other') { $_POST['paid_currency_code'] = $_POST['paid_currency']; $_POST['paid_currency_symbol'] = $txt[$_POST['paid_currency'] . '_symbol']; } $_POST['paid_currency_code'] = trim($_POST['paid_currency_code']); unset($config_vars['dummy_currency']); Settings_Form::save_db($config_vars); redirectexit('action=admin;area=paidsubscribe;sa=settings'); } } // Prepare the settings... Settings_Form::prepare_db($config_vars); }
/** * This function handles submission of a template file. * It checks the file for syntax errors, and if it passes, it saves it. * * This function is forwarded to, from * ?action=admin;area=theme;sa=edit */ private function _action_edit_submit() { global $context, $settings; $selectedTheme = isset($_GET['th']) ? (int) $_GET['th'] : (isset($_GET['id']) ? (int) $_GET['id'] : 0); if (empty($selectedTheme)) { // This should never be happening. Never I say. But... in case it does :P fatal_lang_error('theme_edit_missing'); } $theme_dir = themeDirectory($context['theme_id']); $file = isset($_POST['entire_file']) ? $_POST['entire_file'] : ''; // You did submit *something*, didn't you? if (empty($file)) { // @todo a better error message fatal_lang_error('theme_edit_missing'); } // Checking PHP syntax on css files is not a most constructive use of processing power :P // We need to know what kind of file we have $is_php = substr($_REQUEST['filename'], -4) == '.php'; $is_template = substr($_REQUEST['filename'], -13) == '.template.php'; $is_css = substr($_REQUEST['filename'], -4) == '.css'; // Check you up if (checkSession('post', '', false) == '' && validateToken('admin-te-' . md5($selectedTheme . '-' . $_REQUEST['filename']), 'post', false) == true) { // Consolidate the format in which we received the file contents if (is_array($file)) { $entire_file = implode("\n", $file); } else { $entire_file = $file; } // Convert our tabs back to tabs! $entire_file = rtrim(strtr($entire_file, array("\r" => '', ' ' => "\t"))); // Errors? No errors! $errors = array(); // For PHP files, we check the syntax. if ($is_php) { require_once SUBSDIR . '/DataValidator.class.php'; $validator = new Data_Validator(); $validator->validation_rules(array('entire_file' => 'php_syntax')); $validator->validate(array('entire_file' => $entire_file)); // Retrieve the errors $errors = $validator->validation_errors(); } // If successful so far, we'll take the plunge and save this piece of art. if (empty($errors)) { // Try to save the new file contents $fp = fopen($theme_dir . '/' . $_REQUEST['filename'], 'w'); fwrite($fp, $entire_file); fclose($fp); // We're done here. redirectexit('action=admin;area=theme;th=' . $selectedTheme . ';' . $context['session_var'] . '=' . $context['session_id'] . ';sa=browse;directory=' . dirname($_REQUEST['filename'])); } else { // Pick the right sub-template for the next try if ($is_template) { $context['sub_template'] = 'edit_template'; } else { $context['sub_template'] = 'edit_file'; } // Fill contextual data for the template, the errors to show foreach ($errors as $error) { $context['parse_error'][] = $error; } // The format of the data depends on template/non-template file. if (!is_array($file)) { $file = array($file); } // Send back the file contents $context['entire_file'] = htmlspecialchars(strtr(implode('', $file), array("\t" => ' ')), ENT_COMPAT, 'UTF-8'); foreach ($file as $i => $file_part) { $context['file_parts'][$i]['lines'] = strlen($file_part); $context['file_parts'][$i]['data'] = $file_part; } // Re-create token for another try createToken('admin-te-' . md5($selectedTheme . '-' . $_REQUEST['filename'])); return; } } else { loadLanguage('Errors'); // Notify the template of trouble $context['session_error'] = true; // Recycle the submitted data. if (is_array($file)) { $context['entire_file'] = htmlspecialchars(implode("\n", $file), ENT_COMPAT, 'UTF-8'); } else { $context['entire_file'] = htmlspecialchars($file, ENT_COMPAT, 'UTF-8'); } $context['edit_filename'] = htmlspecialchars($_POST['filename'], ENT_COMPAT, 'UTF-8'); // Choose sub-template if ($is_template) { $context['sub_template'] = 'edit_template'; } elseif ($is_css) { addJavascriptVar(array('previewData' => '\'\'', 'previewTimeout' => '\'\'', 'refreshPreviewCache' => '\'\'', 'editFilename' => JavaScriptEscape($context['edit_filename']), 'theme_id' => $settings['theme_id'])); $context['sub_template'] = 'edit_style'; } else { $context['sub_template'] = 'edit_file'; } // Re-create the token so that it can be used createToken('admin-te-' . md5($selectedTheme . '-' . $_REQUEST['filename'])); return; } }
/** * Does the actual saving of the article data * * - validates the data is safe to save * - updates existing articles or creates new ones */ private function _sportal_admin_article_edit_save() { global $context, $txt, $modSettings; // No errors, yet. $article_errors = Error_Context::context('article', 0); // Use our standard validation functions in a few spots require_once SUBSDIR . '/DataValidator.class.php'; $validator = new Data_Validator(); // If its not new, lets load the current data if (!$this->_is_new) { $_REQUEST['article_id'] = (int) $_REQUEST['article_id']; $context['article'] = sportal_get_articles($_REQUEST['article_id']); } // Clean and Review the post data for compliance $validator->sanitation_rules(array('title' => 'trim|Util::htmlspecialchars', 'namespace' => 'trim|Util::htmlspecialchars', 'article_id' => 'intval', 'category_id' => 'intval', 'permissions' => 'intval', 'type' => 'trim', 'content' => 'trim')); $validator->validation_rules(array('title' => 'required', 'namespace' => 'alpha_numeric|required', 'type' => 'required', 'content' => 'required')); $validator->text_replacements(array('title' => $txt['sp_admin_articles_col_title'], 'namespace' => $txt['sp_admin_articles_col_namespace'], 'content' => $txt['sp_admin_articles_col_body'])); // If you messed this up, back you go if (!$validator->validate($_POST)) { foreach ($validator->validation_errors() as $id => $error) { $article_errors->addError($error); } $this->action_sportal_admin_article_edit(); } // Lets make sure this namespace (article id) is unique $has_duplicate = sp_duplicate_articles($validator->article_id, $validator->namespace); if (!empty($has_duplicate)) { $article_errors->addError('sp_error_article_namespace_duplicate'); } // And we can't have just a numeric namespace (article id) if (preg_replace('~[0-9]+~', '', $validator->namespace) === '') { $article_errors->addError('sp_error_article_namespace_numeric'); } // Posting some PHP code, and allowed? Then we need to validate it will run if ($_POST['type'] === 'php' && !empty($_POST['content']) && empty($modSettings['sp_disable_php_validation'])) { $validator_php = new Data_Validator(); $validator_php->validation_rules(array('content' => 'php_syntax')); // Bad PHP code if (!$validator_php->validate(array('content' => $_POST['content']))) { $article_errors->addError($validator_php->validation_errors()); } } // None shall pass ... with errors if ($article_errors->hasErrors()) { $this->action_sportal_admin_article_edit(); } // No errors then, prepare the data for saving $article_info = array('id' => $validator->article_id, 'id_category' => $validator->category_id, 'namespace' => $validator->namespace, 'title' => $validator->title, 'body' => Util::htmlspecialchars($_POST['content'], ENT_QUOTES), 'type' => in_array($validator->type, array('bbc', 'html', 'php')) ? $_POST['type'] : 'bbc', 'permissions' => $validator->permissions, 'status' => !empty($_POST['status']) ? 1 : 0); if ($article_info['type'] === 'bbc') { preparsecode($article_info['body']); } // Save away checkSession(); sp_save_article($article_info, $this->_is_new); redirectexit('action=admin;area=portalarticles'); return true; }
/** * Does the actual saving of the page data * * - validates the data is safe to save * - updates existing pages or creates new ones */ private function _sportal_admin_page_edit_save() { global $txt, $context, $modSettings; // No errors, yet. $pages_errors = Error_Context::context('pages', 0); // Use our standard validation functions in a few spots require_once SUBSDIR . '/DataValidator.class.php'; $validator = new Data_Validator(); // Clean and Review the post data for compliance $validator->sanitation_rules(array('title' => 'trim|Util::htmlspecialchars', 'namespace' => 'trim|Util::htmlspecialchars', 'permissions' => 'intval', 'type' => 'trim', 'content' => 'trim')); $validator->validation_rules(array('title' => 'required', 'namespace' => 'alpha_numeric|required', 'type' => 'required', 'content' => 'required')); $validator->text_replacements(array('title' => $txt['sp_error_page_name_empty'], 'namespace' => $txt['sp_error_page_namespace_empty'], 'content' => $txt['sp_admin_pages_col_body'])); // If you messed this up, back you go if (!$validator->validate($_POST)) { foreach ($validator->validation_errors() as $id => $error) { $pages_errors->addError($error); } $this->action_sportal_admin_page_edit(); } // Can't have the same name in the same space twice $has_duplicate = sp_check_duplicate_pages($_POST['namespace'], $_POST['page_id']); if (!empty($has_duplicate)) { $pages_errors->addError('sp_error_page_namespace_duplicate'); } // Can't have a simple numeric namespace if (preg_replace('~[0-9]+~', '', $_POST['namespace']) === '') { $pages_errors->addError('sp_error_page_namespace_numeric'); } if ($_POST['type'] === 'php' && !allowedTo('admin_forum')) { fatal_lang_error('cannot_admin_forum', false); } // Running some php code, then we need to validate its legit code if ($_POST['type'] === 'php' && !empty($_POST['content']) && empty($modSettings['sp_disable_php_validation'])) { $validator_php = new Data_Validator(); $validator_php->validation_rules(array('content' => 'php_syntax')); // Bad PHP code if (!$validator_php->validate(array('content' => $_POST['content']))) { $pages_errors->addError($validator_php->validation_errors()); } } // None shall pass ... with errors if ($pages_errors->hasErrors()) { $this->action_sportal_admin_page_edit(); } // If you made it this far, we are going to save the work if (!empty($_POST['blocks']) && is_array($_POST['blocks'])) { foreach ($_POST['blocks'] as $id => $block) { $_POST['blocks'][$id] = (int) $block; } } else { $_POST['blocks'] = array(); } // The data for the fields $page_info = array('id' => (int) $_POST['page_id'], 'namespace' => Util::htmlspecialchars($_POST['namespace'], ENT_QUOTES), 'title' => Util::htmlspecialchars($_POST['title'], ENT_QUOTES), 'body' => Util::htmlspecialchars($_POST['content'], ENT_QUOTES), 'type' => in_array($_POST['type'], array('bbc', 'html', 'php')) ? $_POST['type'] : 'bbc', 'permissions' => (int) $_POST['permissions'], 'style' => sportal_parse_style('implode'), 'status' => !empty($_POST['status']) ? 1 : 0); if ($page_info['type'] === 'bbc') { preparsecode($page_info['body']); } // Save away sp_save_page($page_info, $context['SPortal']['is_new']); $to_show = array(); $not_to_show = array(); $changes = array(); foreach ($context['page_blocks'] as $page_blocks) { foreach ($page_blocks as $block) { if ($block['shown'] && !in_array($block['id'], $_POST['blocks'])) { $not_to_show[] = $block['id']; } elseif (!$block['shown'] && in_array($block['id'], $_POST['blocks'])) { $to_show[] = $block['id']; } } } foreach ($to_show as $id) { if (empty($this->blocks[$id]['display']) && empty($this->blocks[$id]['display_custom']) || $this->blocks[$id]['display'] == 'sportal') { $changes[$id] = array('display' => 'portal,p' . $page_info['id'], 'display_custom' => ''); } elseif (in_array($this->blocks[$id]['display'], array('allaction', 'allboard'))) { $changes[$id] = array('display' => '', 'display_custom' => $this->blocks[$id]['display'] . ',p' . $page_info['id']); } elseif (in_array('-p' . $page_info['id'], explode(',', $this->blocks[$id]['display_custom']))) { $changes[$id] = array('display' => $this->blocks[$id]['display'], 'display_custom' => implode(',', array_diff(explode(',', $this->blocks[$id]['display_custom']), array('-p' . $page_info['id'])))); } elseif (empty($this->blocks[$id]['display_custom'])) { $changes[$id] = array('display' => implode(',', array_merge(explode(',', $this->blocks[$id]['display']), array('p' . $page_info['id']))), 'display_custom' => ''); } else { $changes[$id] = array('display' => $this->blocks[$id]['display'], 'display_custom' => implode(',', array_merge(explode(',', $this->blocks[$id]['display_custom']), array('p' . $page_info['id'])))); } } foreach ($not_to_show as $id) { if (count(array_intersect(array($this->blocks[$id]['display'], $this->blocks[$id]['display_custom']), array('sforum', 'allpages', 'all'))) > 0) { $changes[$id] = array('display' => '', 'display_custom' => $this->blocks[$id]['display'] . $this->blocks[$id]['display_custom'] . ',-p' . $page_info['id']); } elseif (empty($this->blocks[$id]['display_custom'])) { $changes[$id] = array('display' => implode(',', array_diff(explode(',', $this->blocks[$id]['display']), array('p' . $page_info['id']))), 'display_custom' => ''); } else { $changes[$id] = array('display' => implode(',', array_diff(explode(',', $this->blocks[$id]['display']), array('p' . $page_info['id']))), 'display_custom' => implode(',', array_diff(explode(',', $this->blocks[$id]['display_custom']), array('p' . $page_info['id'])))); } } // Update the blocks as needed foreach ($changes as $id => $data) { sp_update_block_visibility($id, $data); } redirectexit('action=admin;area=portalpages'); return true; }
/** * Removing old and inactive members. */ public function action_purgeinactive_display() { global $context, $txt; checkSession(); validateToken('admin-maint'); require_once SUBSDIR . '/DataValidator.class.php'; // Start with checking and cleaning what was sent $validator = new Data_Validator(); $validator->sanitation_rules(array('maxdays' => 'intval')); $validator->validation_rules(array('maxdays' => 'required', 'groups' => 'isarray', 'del_type' => 'required')); // Validator says, you can pass or not if ($validator->validate($_POST)) { require_once SUBSDIR . '/Maintenance.subs.php'; require_once SUBSDIR . '/Members.subs.php'; $groups = array(); foreach ($validator->groups as $id => $dummy) { $groups[] = (int) $id; } $time_limit = time() - $validator->maxdays * 24 * 3600; $members = purgeMembers($validator->type, $groups, $time_limit); deleteMembers($members); $context['maintenance_finished'] = array('errors' => array(sprintf($txt['maintain_done'], $txt['maintain_members']))); } else { $context['maintenance_finished'] = array('errors' => $validator->validation_errors(), 'type' => 'minor'); } }
/** * Adding or editing a block. */ public function action_sportal_admin_block_edit() { global $txt, $context, $modSettings, $boards; // Just in case, the admin could be doing something silly like editing a SP block while SP is disabled. ;) require_once SUBSDIR . '/PortalBlocks.subs.php'; $context['SPortal']['is_new'] = empty($_REQUEST['block_id']); // BBC Fix move the parameter to the correct position. if (!empty($_POST['bbc_name'])) { $_POST['parameters'][$_POST['bbc_name']] = !empty($_POST[$_POST['bbc_parameter']]) ? $_POST[$_POST['bbc_parameter']] : ''; // If we came from WYSIWYG then turn it back into BBC regardless. if (!empty($_REQUEST['bbc_' . $_POST['bbc_name'] . '_mode']) && isset($_POST['parameters'][$_POST['bbc_name']])) { require_once SUBSDIR . 'Html2BBC.class.php'; $bbc_converter = new Convert_BBC($_POST['parameters'][$_POST['bbc_name']]); $_POST['parameters'][$_POST['bbc_name']] = $bbc_converter->get_bbc(); // We need to unhtml it now as it gets done shortly. $_POST['parameters'][$_POST['bbc_name']] = un_htmlspecialchars($_POST['parameters'][$_POST['bbc_name']]); } } // Passing the selected type via $_GET instead of $_POST? $start_parameters = array(); if (!empty($_GET['selected_type']) && empty($_POST['selected_type'])) { $_POST['selected_type'] = array($_GET['selected_type']); if (!empty($_GET['parameters'])) { foreach ($_GET['parameters'] as $param) { if (isset($_GET[$param])) { $start_parameters[$param] = $_GET[$param]; } } } } // Want use a block on the portal? if ($context['SPortal']['is_new'] && empty($_POST['selected_type']) && empty($_POST['add_block'])) { // Gather the blocks we have available $context['SPortal']['block_types'] = getFunctionInfo(); // Create a list of the blocks in use $in_use = getBlockInfo(); foreach ($in_use as $block) { $context['SPortal']['block_inuse'][$block['type']] = array('state' => $block['state'], 'column' => $block['column']); } $context['location'] = array(1 => $txt['sp-positionLeft'], $txt['sp-positionTop'], $txt['sp-positionBottom'], $txt['sp-positionRight'], $txt['sp-positionHeader'], $txt['sp-positionFooter']); if (!empty($_REQUEST['col'])) { $context['SPortal']['block']['column'] = $_REQUEST['col']; } $context['sub_template'] = 'block_select_type'; $context['page_title'] = $txt['sp-blocksAdd']; } elseif ($context['SPortal']['is_new'] && !empty($_POST['selected_type'])) { $context['SPortal']['block'] = array('id' => 0, 'label' => $txt['sp-blocksDefaultLabel'], 'type' => $_POST['selected_type'][0], 'type_text' => !empty($txt['sp_function_' . $_POST['selected_type'][0] . '_label']) ? $txt['sp_function_' . $_POST['selected_type'][0] . '_label'] : $txt['sp_function_unknown_label'], 'column' => !empty($_POST['block_column']) ? $_POST['block_column'] : 0, 'row' => 0, 'permissions' => 3, 'state' => 1, 'force_view' => 0, 'mobile_view' => 0, 'display' => '', 'display_custom' => '', 'style' => '', 'parameters' => !empty($start_parameters) ? $start_parameters : array(), 'options' => $_POST['selected_type'][0](array(), false, true), 'list_blocks' => !empty($_POST['block_column']) ? getBlockInfo($_POST['block_column']) : array()); } elseif (!$context['SPortal']['is_new'] && empty($_POST['add_block'])) { $_REQUEST['block_id'] = (int) $_REQUEST['block_id']; $context['SPortal']['block'] = current(getBlockInfo(null, $_REQUEST['block_id'])); $context['SPortal']['block'] += array('options' => $context['SPortal']['block']['type'](array(), false, true), 'list_blocks' => getBlockInfo($context['SPortal']['block']['column'])); } // Want to take a look at how this block will appear, well we try our best if (!empty($_POST['preview_block']) || isset($_SESSION['sp_error'])) { // An error was generated on save, lets set things up like a preview and return to the preview if (isset($_SESSION['sp_error'])) { $context['SPortal']['error'] = $_SESSION['sp_error']; $_POST = $_SESSION['sp_error_post']; $_POST['preview_block'] = true; // Clean up unset($_SESSION['sp_error'], $_SESSION['sp_error_post'], $_POST['add_block']); } // Just in case, the admin could be doing something silly like editing a SP block while SP is disabled. ;) require_once BOARDDIR . '/SSI.php'; sportal_init_headers(); loadTemplate('Portal'); $type_parameters = $_POST['block_type'](array(), 0, true); if (!empty($_POST['parameters']) && is_array($_POST['parameters']) && !empty($type_parameters)) { foreach ($type_parameters as $name => $type) { if (isset($_POST['parameters'][$name])) { $this->_prepare_parameters($type, $name); } } } else { $_POST['parameters'] = array(); } // Simple is clean if (empty($_POST['display_advanced'])) { if (!empty($_POST['display_simple']) && in_array($_POST['display_simple'], array('all', 'sportal', 'sforum', 'allaction', 'allboard', 'allpages'))) { $display = $_POST['display_simple']; } else { $display = ''; } $custom = ''; } else { $display = array(); $custom = array(); if (!empty($_POST['display_actions'])) { foreach ($_POST['display_actions'] as $action) { $display[] = Util::htmlspecialchars($action, ENT_QUOTES); } } if (!empty($_POST['display_boards'])) { foreach ($_POST['display_boards'] as $board) { $display[] = 'b' . (int) substr($board, 1); } } if (!empty($_POST['display_pages'])) { foreach ($_POST['display_pages'] as $page) { $display[] = 'p' . (int) substr($page, 1); } } if (!empty($_POST['display_custom'])) { $temp = explode(',', $_POST['display_custom']); foreach ($temp as $action) { $custom[] = Util::htmlspecialchars(Util::htmltrim($action), ENT_QUOTES); } } $display = empty($display) ? '' : implode(',', $display); $custom = empty($custom) ? '' : implode(',', $custom); } // Create all the information we know about this block $context['SPortal']['block'] = array('id' => $_POST['block_id'], 'label' => Util::htmlspecialchars($_POST['block_name'], ENT_QUOTES), 'type' => $_POST['block_type'], 'type_text' => !empty($txt['sp_function_' . $_POST['block_type'] . '_label']) ? $txt['sp_function_' . $_POST['block_type'] . '_label'] : $txt['sp_function_unknown_label'], 'column' => $_POST['block_column'], 'row' => !empty($_POST['block_row']) ? $_POST['block_row'] : 0, 'placement' => !empty($_POST['placement']) && in_array($_POST['placement'], array('before', 'after')) ? $_POST['placement'] : '', 'permissions' => $_POST['permissions'], 'state' => !empty($_POST['block_active']), 'force_view' => !empty($_POST['block_force']), 'mobile_view' => !empty($_POST['block_mobile']), 'display' => $display, 'display_custom' => $custom, 'style' => sportal_parse_style('implode'), 'parameters' => !empty($_POST['parameters']) ? $_POST['parameters'] : array(), 'options' => $_POST['block_type'](array(), false, true), 'list_blocks' => getBlockInfo($_POST['block_column']), 'collapsed' => false); if (strpos($modSettings['leftwidth'], '%') !== false || strpos($modSettings['leftwidth'], 'px') !== false) { $context['widths'][1] = $modSettings['leftwidth']; } else { $context['widths'][1] = $modSettings['leftwidth'] . 'px'; } if (strpos($modSettings['rightwidth'], '%') !== false || strpos($modSettings['rightwidth'], 'px') !== false) { $context['widths'][4] = $modSettings['rightwidth']; } else { $context['widths'][4] = $modSettings['rightwidth'] . 'px'; } if (strpos($context['widths'][1], '%') !== false) { $context['widths'][2] = $context['widths'][3] = 100 - ($context['widths'][1] + $context['widths'][4]) . '%'; $context['widths'][5] = $context['widths'][6] = '100%'; } elseif (strpos($context['widths'][1], 'px') !== false) { $context['widths'][2] = $context['widths'][3] = 960 - ($context['widths'][1] + $context['widths'][4]) . 'px'; $context['widths'][5] = $context['widths'][6] = '960px'; } $context['SPortal']['preview'] = true; } if (!empty($_POST['selected_type']) || !empty($_POST['preview_block']) || !$context['SPortal']['is_new'] && empty($_POST['add_block'])) { // Only the admin can use PHP blocks if ($context['SPortal']['block']['type'] == 'sp_php' && !allowedTo('admin_forum')) { fatal_lang_error('cannot_admin_forum', false); } loadLanguage('SPortalHelp', sp_languageSelect('SPortalHelp')); // Load up the permissions $context['SPortal']['block']['permission_profiles'] = sportal_get_profiles(null, 1, 'name'); if (empty($context['SPortal']['block']['permission_profiles'])) { fatal_lang_error('error_sp_no_permission_profiles', false); } $context['simple_actions'] = array('sportal' => $txt['sp-portal'], 'sforum' => $txt['sp-forum'], 'allaction' => $txt['sp-blocksOptionAllActions'], 'allboard' => $txt['sp-blocksOptionAllBoards'], 'allpages' => $txt['sp-blocksOptionAllPages'], 'all' => $txt['sp-blocksOptionEverywhere']); $context['display_actions'] = array('portal' => $txt['sp-portal'], 'forum' => $txt['sp-forum'], 'recent' => $txt['recent_posts'], 'unread' => $txt['unread_topics_visit'], 'unreadreplies' => $txt['unread_replies'], 'profile' => $txt['profile'], 'pm' => $txt['pm_short'], 'calendar' => $txt['calendar'], 'admin' => $txt['admin'], 'login' => $txt['login'], 'register' => $txt['register'], 'post' => $txt['post'], 'stats' => $txt['forum_stats'], 'search' => $txt['search'], 'mlist' => $txt['members_list'], 'moderate' => $txt['moderate'], 'help' => $txt['help'], 'who' => $txt['who_title']); // Load up boards and pages for selection in the template sp_block_template_helpers(); if (empty($context['SPortal']['block']['display'])) { $context['SPortal']['block']['display'] = array('0'); } else { $context['SPortal']['block']['display'] = explode(',', $context['SPortal']['block']['display']); } if (in_array($context['SPortal']['block']['display'][0], array('all', 'sportal', 'sforum', 'allaction', 'allboard', 'allpages')) || $context['SPortal']['is_new'] || empty($context['SPortal']['block']['display'][0]) && empty($context['SPortal']['block']['display_custom'])) { $context['SPortal']['block']['display_type'] = 0; } else { $context['SPortal']['block']['display_type'] = 1; } $context['SPortal']['block']['style'] = sportal_parse_style('explode', $context['SPortal']['block']['style'], !empty($context['SPortal']['preview'])); // Prepare the Textcontent for BBC, only the first bbc will be detected correctly! $firstBBCFound = false; foreach ($context['SPortal']['block']['options'] as $name => $type) { // Selectable Boards :D if ($type == 'board_select' || $type == 'boards') { if (empty($boards)) { require_once SUBSDIR . '/Boards.subs.php'; getBoardTree(); } // Merge the array ;) if (!isset($context['SPortal']['block']['parameters'][$name])) { $context['SPortal']['block']['parameters'][$name] = array(); } elseif (!empty($context['SPortal']['block']['parameters'][$name]) && is_array($context['SPortal']['block']['parameters'][$name])) { $context['SPortal']['block']['parameters'][$name] = implode('|', $context['SPortal']['block']['parameters'][$name]); } $context['SPortal']['block']['board_options'][$name] = array(); $config_variable = !empty($context['SPortal']['block']['parameters'][$name]) ? $context['SPortal']['block']['parameters'][$name] : array(); $config_variable = !is_array($config_variable) ? explode('|', $config_variable) : $config_variable; $context['SPortal']['block']['board_options'][$name] = array(); // Create the list for this Item foreach ($boards as $board) { // Ignore the redirected boards :) if (!empty($board['redirect'])) { continue; } $context['SPortal']['block']['board_options'][$name][$board['id']] = array('value' => $board['id'], 'text' => $board['name'], 'selected' => in_array($board['id'], $config_variable)); } } elseif ($type === 'bbc') { // ELK support only one bbc correct, multiple bbc do not work at the moment if (!$firstBBCFound) { $firstBBCFound = true; // Start Elk BBC System :) require_once SUBSDIR . '/Editor.subs.php'; // Prepare the output :D $form_message = !empty($context['SPortal']['block']['parameters'][$name]) ? $context['SPortal']['block']['parameters'][$name] : ''; // But if it's in HTML world, turn them into htmlspecialchar's so they can be edited! if (strpos($form_message, '[html]') !== false) { $parts = preg_split('~(\\[/code\\]|\\[code(?:=[^\\]]+)?\\])~i', $form_message, -1, PREG_SPLIT_DELIM_CAPTURE); for ($i = 0, $n = count($parts); $i < $n; $i++) { // It goes 0 = outside, 1 = begin tag, 2 = inside, 3 = close tag, repeat. if ($i % 4 == 0) { $parts[$i] = preg_replace_callback('~\\[html\\](.+?)\\[/html\\]~is', create_function('$m', 'return "[html]" . preg_replace(\'~<br\\s?/?>~i\', \'<br /><br />\', "$m[1]") . "[/html]";'), $parts[$i]); } } $form_message = implode('', $parts); } $form_message = preg_replace('~<br(?: /)?' . '>~i', "\n", $form_message); // Prepare the data before i want them inside the textarea $form_message = str_replace(array('"', '<', '>', ' '), array('"', '<', '>', ' '), $form_message); $context['SPortal']['bbc'] = 'bbc_' . $name; $message_data = array('id' => $context['SPortal']['bbc'], 'width' => '95%', 'height' => '200px', 'value' => $form_message, 'form' => 'sp_block'); // Run the ELK bbc editor routine create_control_richedit($message_data); // Store the updated data on the parameters $context['SPortal']['block']['parameters'][$name] = $form_message; } else { $context['SPortal']['block']['options'][$name] = 'textarea'; } } } loadJavascriptFile('portal.js?sp24'); $context['sub_template'] = 'block_edit'; $context['page_title'] = $context['SPortal']['is_new'] ? $txt['sp-blocksAdd'] : $txt['sp-blocksEdit']; } // Want to add / edit a block oo the portal if (!empty($_POST['add_block'])) { checkSession(); // Only the admin can do php here if ($_POST['block_type'] == 'sp_php' && !allowedTo('admin_forum')) { fatal_lang_error('cannot_admin_forum', false); } // Make sure the block name is something safe if (!isset($_POST['block_name']) || Util::htmltrim(Util::htmlspecialchars($_POST['block_name']), ENT_QUOTES) === '') { fatal_lang_error('error_sp_name_empty', false); } if ($_POST['block_type'] == 'sp_php' && !empty($_POST['parameters']['content']) && empty($modSettings['sp_disable_php_validation'])) { require_once SUBSDIR . '/DataValidator.class.php'; $validator = new Data_Validator(); $validator->validation_rules(array('content' => 'php_syntax')); $validator->validate(array('content' => $_POST['parameters']['content'])); $error = $validator->validation_errors(); if ($error) { $_SESSION['sp_error'] = $error[0]; $_SESSION['sp_error_post'] = $_POST; redirectexit('action=admin;area=portalblocks;sa=' . $_REQUEST['sa'] . (!empty($_REQUEST['block_id']) ? ';block_id=' . $_REQUEST['block_id'] : '')); } } // If we have a block ID passed, we must be editing, so the the blocks current data if (!empty($_REQUEST['block_id'])) { $current_data = current(getBlockInfo(null, $_REQUEST['block_id'])); } // Where are we going to place this new block, before, after, no change if (!empty($_POST['placement']) && ($_POST['placement'] === 'before' || $_POST['placement'] === 'after')) { if (!empty($current_data)) { $current_row = $current_data['row']; } else { $current_row = null; } // Before or after the chosen block if ($_POST['placement'] === 'before') { $row = (int) $_POST['block_row']; } else { $row = (int) $_POST['block_row'] + 1; } if (!empty($current_row) && $row > $current_row) { sp_update_block_row($current_row, $row - 1, $_POST['block_column'], true); } else { sp_update_block_row($current_row, $row, $_POST['block_column'], false); } } elseif (!empty($_POST['placement']) && $_POST['placement'] == 'nochange') { $row = 0; } else { $block_id = !empty($_REQUEST['block_id']) ? (int) $_REQUEST['block_id'] : 0; $row = sp_block_nextrow($_POST['block_column'], $block_id); } $type_parameters = $_POST['block_type'](array(), 0, true); if (!empty($_POST['parameters']) && is_array($_POST['parameters']) && !empty($type_parameters)) { foreach ($type_parameters as $name => $type) { // Prepare BBC Content for ELK if (isset($_POST['parameters'][$name])) { $this->_prepare_parameters($type, $name); } } } else { $_POST['parameters'] = array(); } // Standard options if (empty($_POST['display_advanced'])) { if (!empty($_POST['display_simple']) && in_array($_POST['display_simple'], array('all', 'sportal', 'sforum', 'allaction', 'allboard', 'allpages'))) { $display = $_POST['display_simple']; } else { $display = ''; } $custom = ''; } else { $display = array(); if (!empty($_POST['display_actions'])) { foreach ($_POST['display_actions'] as $action) { $display[] = Util::htmlspecialchars($action, ENT_QUOTES); } } if (!empty($_POST['display_boards'])) { foreach ($_POST['display_boards'] as $board) { $display[] = 'b' . (int) substr($board, 1); } } if (!empty($_POST['display_pages'])) { foreach ($_POST['display_pages'] as $page) { $display[] = 'p' . (int) substr($page, 1); } } if (!empty($_POST['display_custom'])) { $custom = array(); $temp = explode(',', $_POST['display_custom']); foreach ($temp as $action) { $custom[] = Util::htmlspecialchars(Util::htmltrim($action), ENT_QUOTES); } } $display = empty($display) ? '' : implode(',', $display); if (!allowedTo('admin_forum') && isset($current_data['display_custom']) && substr($current_data['display_custom'], 0, 4) === '$php') { $custom = $current_data['display_custom']; } elseif (!empty($_POST['display_custom'])) { if (allowedTo('admin_forum') && substr($_POST['display_custom'], 0, 4) === '$php') { $custom = Util::htmlspecialchars($_POST['display_custom'], ENT_QUOTES); } else { $custom = array(); $temp = explode(',', $_POST['display_custom']); foreach ($temp as $action) { $custom[] = Util::htmlspecialchars($action, ENT_QUOTES); } $custom = empty($custom) ? '' : implode(',', $custom); } } else { $custom = ''; } } $blockInfo = array('id' => (int) $_POST['block_id'], 'label' => Util::htmlspecialchars($_POST['block_name'], ENT_QUOTES), 'type' => $_POST['block_type'], 'col' => $_POST['block_column'], 'row' => $row, 'permissions' => (int) $_POST['permissions'], 'state' => !empty($_POST['block_active']) ? 1 : 0, 'force_view' => !empty($_POST['block_force']) ? 1 : 0, 'mobile_view' => !empty($_POST['block_mobile']) ? 1 : 0, 'display' => $display, 'display_custom' => $custom, 'style' => sportal_parse_style('implode')); // Insert a new block in to the portal if ($context['SPortal']['is_new']) { unset($blockInfo['id']); $blockInfo['id'] = sp_block_insert($blockInfo); } else { sp_block_update($blockInfo); } // Save any parameters for the block if (!empty($_POST['parameters'])) { sp_block_insert_parameters($_POST['parameters'], $blockInfo['id']); } redirectexit('action=admin;area=portalblocks'); } }