Zeile 3 | Zeile 3 |
---|
* MyBB 1.2 * Copyright © 2006 MyBB Group, All Rights Reserved *
|
* MyBB 1.2 * Copyright © 2006 MyBB Group, All Rights Reserved *
|
* Website: http://www.mybboard.com * License: http://www.mybboard.com/eula.html
| * Website: http://www.mybboard.net * License: http://www.mybboard.net/eula.html
|
*
|
*
|
* $Id: xmlhttp.php 2184 2006-09-02 10:22:48Z chris $
| * $Id: xmlhttp.php 3600 2008-01-21 00:08:28Z Tikitiki $
|
*/
/**
| */
/**
|
Zeile 74 | Zeile 74 |
---|
$loadstyle = "def=1"; }
|
$loadstyle = "def=1"; }
|
| // Load basic theme information that we could be needing.
|
$query = $db->simple_select(TABLE_PREFIX."themes", "name, tid, themebits", $loadstyle); $theme = $db->fetch_array($query); $theme = @array_merge($theme, unserialize($theme['themebits']));
| $query = $db->simple_select(TABLE_PREFIX."themes", "name, tid, themebits", $loadstyle); $theme = $db->fetch_array($query); $theme = @array_merge($theme, unserialize($theme['themebits']));
|
Zeile 88 | Zeile 89 |
---|
if(is_dir($theme['imgdir'].'/'.$mybb->settings['bblanguage'])) { $theme['imglangdir'] = $theme['imgdir'].'/'.$mybb->settings['bblanguage'];
|
if(is_dir($theme['imgdir'].'/'.$mybb->settings['bblanguage'])) { $theme['imglangdir'] = $theme['imgdir'].'/'.$mybb->settings['bblanguage'];
|
}
| }
|
else { $theme['imglangdir'] = $theme['imgdir'];
| else { $theme['imglangdir'] = $theme['imgdir'];
|
Zeile 99 | Zeile 100 |
---|
$lang->load("global"); $lang->load("xmlhttp");
|
$lang->load("global"); $lang->load("xmlhttp");
|
// Load basic theme information that we could be needing.
| |
$plugins->run_hooks("xmlhttp");
| $plugins->run_hooks("xmlhttp");
|
Zeile 114 | Zeile 113 |
---|
} // Send our headers.
|
} // Send our headers.
|
header("Content-type: text/html; charset={$charset}");
| header("Content-type: text/plain; charset={$charset}");
|
// Sanitize the input. $mybb->input['query'] = str_replace(array("%", "_"), array("\\%", "\\_"), $mybb->input['query']);
| // Sanitize the input. $mybb->input['query'] = str_replace(array("%", "_"), array("\\%", "\\_"), $mybb->input['query']);
|
Zeile 139 | Zeile 138 |
---|
// This action provides editing of thread/post subjects from within their respective list pages. else if($mybb->input['action'] == "edit_subject" && $mybb->request_method == "post") {
|
// This action provides editing of thread/post subjects from within their respective list pages. else if($mybb->input['action'] == "edit_subject" && $mybb->request_method == "post") {
|
| // Verify POST request if(!verify_post_check($mybb->input['my_post_key'], true)) { xmlhttp_error($lang->invalid_post_code); }
|
// Editing a post subject. if($mybb->input['pid']) {
| // Editing a post subject. if($mybb->input['pid']) {
|
Zeile 168 | Zeile 173 |
---|
); $query = $db->simple_select(TABLE_PREFIX."posts", "pid,uid,dateline", "tid='".$thread['tid']."'", $query_options); $post = $db->fetch_array($query);
|
); $query = $db->simple_select(TABLE_PREFIX."posts", "pid,uid,dateline", "tid='".$thread['tid']."'", $query_options); $post = $db->fetch_array($query);
|
} // Fetch the specific forum this thread/post is in. $forum = get_forum($thread['fid']);
// Missing thread, invalid forum? Error. if(!$thread['tid'] || !$forum['fid'] || $forum['type'] != "f") { xmlhttp_error($lang->thread_doesnt_exist); }
| } // Fetch the specific forum this thread/post is in. $forum = get_forum($thread['fid']);
// Missing thread, invalid forum? Error. if(!$thread['tid'] || !$forum['fid'] || $forum['type'] != "f") { xmlhttp_error($lang->thread_doesnt_exist); }
|
// Fetch forum permissions. $forumpermissions = forum_permissions($forum['fid']);
| // Fetch forum permissions. $forumpermissions = forum_permissions($forum['fid']);
|
Zeile 215 | Zeile 220 |
---|
} else if(function_exists("mb_convert_encoding")) {
|
} else if(function_exists("mb_convert_encoding")) {
|
$subject = mb_convert_encoding($subject, $charset, "UTF-8");
| $subject = @mb_convert_encoding($subject, $charset, "UTF-8");
|
} else if(strtolower($charset) == "iso-8859-1") {
| } else if(strtolower($charset) == "iso-8859-1") {
|
Zeile 260 | Zeile 265 |
---|
}
// Send our headers.
|
}
// Send our headers.
|
header("Content-type: text/html; charset={$charset}");
| header("Content-type: text/plain; charset={$charset}");
|
// Spit the subject back to the browser. echo $mybb->input['value'];
| // Spit the subject back to the browser. echo $mybb->input['value'];
|
Zeile 269 | Zeile 274 |
---|
exit; } else if($mybb->input['action'] == "edit_post")
|
exit; } else if($mybb->input['action'] == "edit_post")
|
{
| {
|
// Fetch the post from the database. $post = get_post($mybb->input['pid']);
| // Fetch the post from the database. $post = get_post($mybb->input['pid']);
|
Zeile 281 | Zeile 286 |
---|
// Fetch the thread associated with this post. $thread = get_thread($post['tid']);
|
// Fetch the thread associated with this post. $thread = get_thread($post['tid']);
|
|
|
// Fetch the specific forum this thread/post is in. $forum = get_forum($thread['fid']);
| // Fetch the specific forum this thread/post is in. $forum = get_forum($thread['fid']);
|
Zeile 301 | Zeile 306 |
---|
if($thread['closed'] == "yes") { xmlhttp_error($lang->thread_closed_edit_message);
|
if($thread['closed'] == "yes") { xmlhttp_error($lang->thread_closed_edit_message);
|
}
| }
|
// Forum is not open, user doesn't have permission to edit, or author doesn't match this user - don't allow editing. else if($forum['open'] == "no" || $forumpermissions['caneditposts'] == "no" || $mybb->user['uid'] != $post['uid'] || $mybb->user['uid'] == 0) {
| // Forum is not open, user doesn't have permission to edit, or author doesn't match this user - don't allow editing. else if($forum['open'] == "no" || $forumpermissions['caneditposts'] == "no" || $mybb->user['uid'] != $post['uid'] || $mybb->user['uid'] == 0) {
|
Zeile 312 | Zeile 317 |
---|
{ $lang->edit_time_limit = sprintf($lang->edit_time_limit, $mybb->settings['edittimelimit']); xmlhttp_error($lang->edit_time_limit);
|
{ $lang->edit_time_limit = sprintf($lang->edit_time_limit, $mybb->settings['edittimelimit']); xmlhttp_error($lang->edit_time_limit);
|
} }
| } }
|
if($mybb->input['do'] == "get_post") { // Send our headers.
|
if($mybb->input['do'] == "get_post") { // Send our headers.
|
header("Content-type: text/html; charset={$charset}");
| header("Content-type: text/xml; charset={$charset}");
|
$post['message'] = htmlspecialchars_uni($post['message']);
| $post['message'] = htmlspecialchars_uni($post['message']);
|
Zeile 329 | Zeile 334 |
---|
} else if($mybb->input['do'] == "update_post") {
|
} else if($mybb->input['do'] == "update_post") {
|
| // Verify POST request if(!verify_post_check($mybb->input['my_post_key'], true)) { xmlhttp_error($lang->invalid_post_code); }
|
$message = strval($_POST['value']); if(strtolower($charset) != "utf-8") { if(function_exists("iconv"))
|
$message = strval($_POST['value']); if(strtolower($charset) != "utf-8") { if(function_exists("iconv"))
|
{
| {
|
$message = iconv("UTF-8", $charset, $message); } else if(function_exists("mb_convert_encoding")) {
|
$message = iconv("UTF-8", $charset, $message); } else if(function_exists("mb_convert_encoding")) {
|
$message = mb_convert_encoding($message, $charset, "UTF-8");
| $message = @mb_convert_encoding($message, $charset, "UTF-8");
|
} else if(strtolower($charset) == "iso-8859-1") {
| } else if(strtolower($charset) == "iso-8859-1") {
|
Zeile 348 | Zeile 359 |
---|
//die(str_replace("&", "&", $message)); if($debug_this == 1) {
|
//die(str_replace("&", "&", $message)); if($debug_this == 1) {
|
$fp = fopen(MYBB_ROOT."/uploads/test.log", "a");
| $fp = fopen(MYBB_ROOT."uploads/test.log", "a");
|
fwrite($fp, $message."\n\n\n"); fclose($fp); }
| fwrite($fp, $message."\n\n\n"); fclose($fp); }
|
Zeile 402 | Zeile 413 |
---|
$attachcache[$attachment['pid']][$attachment['aid']] = $attachment; }
|
$attachcache[$attachment['pid']][$attachment['aid']] = $attachment; }
|
require_once MYBB_ROOT."/inc/functions_post.php";
| require_once MYBB_ROOT."inc/functions_post.php";
|
get_post_attachments($post['pid'], $post);
| get_post_attachments($post['pid'], $post);
|
Zeile 438 | Zeile 449 |
---|
// Join the post IDs back together $quoted_posts = implode(",", $quoted_posts);
|
// Join the post IDs back together $quoted_posts = implode(",", $quoted_posts);
|
|
|
// Fetch unviewable forums $unviewable_forums = get_unviewable_forums(); if($unviewable_forums)
| // Fetch unviewable forums $unviewable_forums = get_unviewable_forums(); if($unviewable_forums)
|
Zeile 451 | Zeile 462 |
---|
if(!$mybb->input['load_all']) { $from_tid = "p.tid != '".intval($mybb->input['tid'])."' AND ";
|
if(!$mybb->input['load_all']) { $from_tid = "p.tid != '".intval($mybb->input['tid'])."' AND ";
|
}
| }
|
else { $from_tid = '';
|
else { $from_tid = '';
|
}
| }
require_once MYBB_ROOT."inc/class_parser.php"; $parser = new postParser;
|
// Query for any posts in the list which are not within the specified thread $query = $db->query("
|
// Query for any posts in the list which are not within the specified thread $query = $db->query("
|
SELECT p.subject, p.message, p.pid, p.tid, p.username, u.username AS userusername
| SELECT p.subject, p.message, p.pid, p.tid, p.username, t.fid, p.visible, u.username AS userusername
|
FROM ".TABLE_PREFIX."posts p LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid) LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid)
|
FROM ".TABLE_PREFIX."posts p LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid) LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid)
|
WHERE {$from_tid}p.pid IN ($quoted_posts) {$unviewable_forums} AND p.visible='1'
| WHERE {$from_tid}p.pid IN ($quoted_posts) {$unviewable_forums}
|
"); while($quoted_post = $db->fetch_array($query))
|
"); while($quoted_post = $db->fetch_array($query))
|
{
| { if(is_moderator($quoted_post['fid']) != 'yes' && $quoted_post['visible'] == 0) { continue; }
|
// Swap username over if we have a registered user if($quoted_post['userusername']) {
| // Swap username over if we have a registered user if($quoted_post['userusername']) {
|
Zeile 475 | Zeile 495 |
---|
$quoted_post['message'] = preg_replace('#(^|\r|\n)/me ([^\r\n<]*)#i', "\\1* {$quoted_post['username']} \\2", $quoted_post['message']); $quoted_post['message'] = preg_replace('#(^|\r|\n)/slap ([^\r\n<]*)#i', "\\1* {$quoted_post['username']} {$lang->slaps} \\2 {$lang->with_trout}", $quoted_post['message']); $quoted_post['message'] = preg_replace("#\[attachment=([0-9]+?)\]#i", '', $quoted_post['message']);
|
$quoted_post['message'] = preg_replace('#(^|\r|\n)/me ([^\r\n<]*)#i', "\\1* {$quoted_post['username']} \\2", $quoted_post['message']); $quoted_post['message'] = preg_replace('#(^|\r|\n)/slap ([^\r\n<]*)#i', "\\1* {$quoted_post['username']} {$lang->slaps} \\2 {$lang->with_trout}", $quoted_post['message']); $quoted_post['message'] = preg_replace("#\[attachment=([0-9]+?)\]#i", '', $quoted_post['message']);
|
| $quoted_post['message'] = $parser->parse_badwords($quoted_post['message']);
|
// Tack on to list of messages $message .= "[quote={$quoted_post['username']}]\n{$quoted_post['message']}\n[/quote]\n\n"; }
|
// Tack on to list of messages $message .= "[quote={$quoted_post['username']}]\n{$quoted_post['message']}\n[/quote]\n\n"; }
|
|
|
// Send our headers. header("Content-type: text/plain; charset={$charset}"); echo $message;
| // Send our headers. header("Content-type: text/plain; charset={$charset}"); echo $message;
|
Zeile 492 | Zeile 513 |
---|
*/ function xmlhttp_error($message) {
|
*/ function xmlhttp_error($message) {
|
| global $charset;
|
// Send our headers.
|
// Send our headers.
|
header("Content-type: text/html; charset={$charset}");
| header("Content-type: text/xml; charset={$charset}");
|
// Send the error message. echo "<error>".$message."</error>";
| // Send the error message. echo "<error>".$message."</error>";
|