Vergleich xmlhttp.php - 1.2.6 - 1.2.13

  Keine Änderungen   Hinzugefügt   Modifiziert   Entfernt
Zeile 3Zeile 3
 * MyBB 1.2
* Copyright © 2006 MyBB Group, All Rights Reserved
*

 * MyBB 1.2
* Copyright © 2006 MyBB Group, All Rights Reserved
*

 * Website: http://www.mybboard.com
* License: http://www.mybboard.com/eula.html

 * Website: http://www.mybboard.net
* License: http://www.mybboard.net/eula.html

 *

 *

 * $Id: xmlhttp.php 2477 2006-12-02 13:12:03Z CraKteR $

 * $Id: xmlhttp.php 3600 2008-01-21 00:08:28Z Tikitiki $

 */

/**

 */

/**

Zeile 74Zeile 74
	$loadstyle = "def=1";
}


	$loadstyle = "def=1";
}


 
// Load basic theme information that we could be needing.

$query = $db->simple_select(TABLE_PREFIX."themes", "name, tid, themebits", $loadstyle);
$theme = $db->fetch_array($query);
$theme = @array_merge($theme, unserialize($theme['themebits']));

$query = $db->simple_select(TABLE_PREFIX."themes", "name, tid, themebits", $loadstyle);
$theme = $db->fetch_array($query);
$theme = @array_merge($theme, unserialize($theme['themebits']));

Zeile 99Zeile 100

$lang->load("global");
$lang->load("xmlhttp");


$lang->load("global");
$lang->load("xmlhttp");


// Load basic theme information that we could be needing.

 

$plugins->run_hooks("xmlhttp");



$plugins->run_hooks("xmlhttp");


Zeile 112Zeile 111
	{
exit;
}

	{
exit;
}

	

	

	// Send our headers.

	// Send our headers.

	header("Content-type: text/html; charset={$charset}");

	header("Content-type: text/plain; charset={$charset}");


// Sanitize the input.
$mybb->input['query'] = str_replace(array("%", "_"), array("\\%", "\\_"), $mybb->input['query']);


// Sanitize the input.
$mybb->input['query'] = str_replace(array("%", "_"), array("\\%", "\\_"), $mybb->input['query']);

Zeile 125Zeile 124
		"order_dir" => "asc",
"limit_start" => 0,
"limit" => 15

		"order_dir" => "asc",
"limit_start" => 0,
"limit" => 15

	);

	);

	$query = $db->simple_select(TABLE_PREFIX."users", "uid, username", "username LIKE '".$db->escape_string($mybb->input['query'])."%'", $query_options);
while($user = $db->fetch_array($query))
{

	$query = $db->simple_select(TABLE_PREFIX."users", "uid, username", "username LIKE '".$db->escape_string($mybb->input['query'])."%'", $query_options);
while($user = $db->fetch_array($query))
{

Zeile 139Zeile 138
// This action provides editing of thread/post subjects from within their respective list pages.
else if($mybb->input['action'] == "edit_subject" && $mybb->request_method == "post")
{

// This action provides editing of thread/post subjects from within their respective list pages.
else if($mybb->input['action'] == "edit_subject" && $mybb->request_method == "post")
{

 
	// Verify POST request
if(!verify_post_check($mybb->input['my_post_key'], true))
{
xmlhttp_error($lang->invalid_post_code);
}


	// Editing a post subject.
if($mybb->input['pid'])
{
// Fetch the post from the database.
$post = get_post($mybb->input['pid']);

	// Editing a post subject.
if($mybb->input['pid'])
{
// Fetch the post from the database.
$post = get_post($mybb->input['pid']);

		

		

		// No result, die.
if(!$post['pid'])
{
xmlhttp_error($lang->post_doesnt_exist);
}

		// No result, die.
if(!$post['pid'])
{
xmlhttp_error($lang->post_doesnt_exist);
}

		

		

		// Fetch the thread associated with this post.
$thread = get_thread($post['tid']);
}

		// Fetch the thread associated with this post.
$thread = get_thread($post['tid']);
}

Zeile 169Zeile 174
		$query = $db->simple_select(TABLE_PREFIX."posts", "pid,uid,dateline", "tid='".$thread['tid']."'", $query_options);
$post = $db->fetch_array($query);
}

		$query = $db->simple_select(TABLE_PREFIX."posts", "pid,uid,dateline", "tid='".$thread['tid']."'", $query_options);
$post = $db->fetch_array($query);
}

	// Fetch the specific forum this thread/post is in.
$forum = get_forum($thread['fid']);

// Missing thread, invalid forum? Error.
if(!$thread['tid'] || !$forum['fid'] || $forum['type'] != "f")
{
xmlhttp_error($lang->thread_doesnt_exist);
}


	// Fetch the specific forum this thread/post is in.
$forum = get_forum($thread['fid']);

// Missing thread, invalid forum? Error.
if(!$thread['tid'] || !$forum['fid'] || $forum['type'] != "f")
{
xmlhttp_error($lang->thread_doesnt_exist);
}


	// Fetch forum permissions.
$forumpermissions = forum_permissions($forum['fid']);

// If this user is not a moderator with "caneditposts" permissions.
if(is_moderator($forum['fid'], "caneditposts") != "yes")

	// Fetch forum permissions.
$forumpermissions = forum_permissions($forum['fid']);

// If this user is not a moderator with "caneditposts" permissions.
if(is_moderator($forum['fid'], "caneditposts") != "yes")

	{

	{

		// Thread is closed - no editing allowed.
if($thread['closed'] == "yes")
{

		// Thread is closed - no editing allowed.
if($thread['closed'] == "yes")
{

Zeile 201Zeile 206
			xmlhttp_error($lang->edit_time_limit);
}
$ismod = false;

			xmlhttp_error($lang->edit_time_limit);
}
$ismod = false;

	}

	}

	else
{
$ismod = true;

	else
{
$ismod = true;

Zeile 214Zeile 219
			$subject = iconv("UTF-8", $charset, $subject);
}
else if(function_exists("mb_convert_encoding"))

			$subject = iconv("UTF-8", $charset, $subject);
}
else if(function_exists("mb_convert_encoding"))

		{
$subject = mb_convert_encoding($subject, $charset, "UTF-8");

		{
$subject = @mb_convert_encoding($subject, $charset, "UTF-8");

		}
else if(strtolower($charset) == "iso-8859-1")
{

		}
else if(strtolower($charset) == "iso-8859-1")
{

Zeile 227Zeile 232
	require_once MYBB_ROOT."inc/datahandlers/post.php";
$posthandler = new PostDataHandler("update");
$posthandler->action = "post";

	require_once MYBB_ROOT."inc/datahandlers/post.php";
$posthandler = new PostDataHandler("update");
$posthandler->action = "post";





	// Set the post data that came from the input to the $post array.
$updatepost = array(
"pid" => $post['pid'],

	// Set the post data that came from the input to the $post array.
$updatepost = array(
"pid" => $post['pid'],

Zeile 260Zeile 265
	}

// Send our headers.

	}

// Send our headers.

	header("Content-type: text/html; charset={$charset}");

	header("Content-type: text/plain; charset={$charset}"); 

	
// Spit the subject back to the browser.
echo $mybb->input['value'];

	
// Spit the subject back to the browser.
echo $mybb->input['value'];

Zeile 269Zeile 274
	exit;
}
else if($mybb->input['action'] == "edit_post")

	exit;
}
else if($mybb->input['action'] == "edit_post")

{

{	

	// Fetch the post from the database.
$post = get_post($mybb->input['pid']);


	// Fetch the post from the database.
$post = get_post($mybb->input['pid']);


Zeile 277Zeile 282
	if(!$post['pid'])
{
xmlhttp_error($lang->post_doesnt_exist);

	if(!$post['pid'])
{
xmlhttp_error($lang->post_doesnt_exist);

	}


	}


	// Fetch the thread associated with this post.
$thread = get_thread($post['tid']);


	// Fetch the thread associated with this post.
$thread = get_thread($post['tid']);


Zeile 309Zeile 314
		}
// If we're past the edit time limit - don't allow editing.
else if($mybb->settings['edittimelimit'] != 0 && $post['dateline'] < (time()-($mybb->settings['edittimelimit']*60)))

		}
// If we're past the edit time limit - don't allow editing.
else if($mybb->settings['edittimelimit'] != 0 && $post['dateline'] < (time()-($mybb->settings['edittimelimit']*60)))

		{

		{

			$lang->edit_time_limit = sprintf($lang->edit_time_limit, $mybb->settings['edittimelimit']);
xmlhttp_error($lang->edit_time_limit);
}
}
if($mybb->input['do'] == "get_post")

			$lang->edit_time_limit = sprintf($lang->edit_time_limit, $mybb->settings['edittimelimit']);
xmlhttp_error($lang->edit_time_limit);
}
}
if($mybb->input['do'] == "get_post")

	{

	{

		// Send our headers.

		// Send our headers.

		header("Content-type: text/html; charset={$charset}");

		header("Content-type: text/xml; charset={$charset}");

		
$post['message'] = htmlspecialchars_uni($post['message']);


		
$post['message'] = htmlspecialchars_uni($post['message']);


Zeile 329Zeile 334
	}
else if($mybb->input['do'] == "update_post")
{

	}
else if($mybb->input['do'] == "update_post")
{

 
		// Verify POST request
if(!verify_post_check($mybb->input['my_post_key'], true))
{
xmlhttp_error($lang->invalid_post_code);
}


		$message = strval($_POST['value']);
if(strtolower($charset) != "utf-8")
{

		$message = strval($_POST['value']);
if(strtolower($charset) != "utf-8")
{

Zeile 338Zeile 349
			}
else if(function_exists("mb_convert_encoding"))
{

			}
else if(function_exists("mb_convert_encoding"))
{

				$message = mb_convert_encoding($message, $charset, "UTF-8");

				$message = @mb_convert_encoding($message, $charset, "UTF-8");

			}
else if(strtolower($charset) == "iso-8859-1")
{

			}
else if(strtolower($charset) == "iso-8859-1")
{

Zeile 456Zeile 467
	{
$from_tid = '';
}

	{
$from_tid = '';
}

 

require_once MYBB_ROOT."inc/class_parser.php";
$parser = new postParser;


// Query for any posts in the list which are not within the specified thread
$query = $db->query("


// Query for any posts in the list which are not within the specified thread
$query = $db->query("

Zeile 481Zeile 495
		$quoted_post['message'] = preg_replace('#(^|\r|\n)/me ([^\r\n<]*)#i', "\\1* {$quoted_post['username']} \\2", $quoted_post['message']);
$quoted_post['message'] = preg_replace('#(^|\r|\n)/slap ([^\r\n<]*)#i', "\\1* {$quoted_post['username']} {$lang->slaps} \\2 {$lang->with_trout}", $quoted_post['message']);
$quoted_post['message'] = preg_replace("#\[attachment=([0-9]+?)\]#i", '', $quoted_post['message']);

		$quoted_post['message'] = preg_replace('#(^|\r|\n)/me ([^\r\n<]*)#i', "\\1* {$quoted_post['username']} \\2", $quoted_post['message']);
$quoted_post['message'] = preg_replace('#(^|\r|\n)/slap ([^\r\n<]*)#i', "\\1* {$quoted_post['username']} {$lang->slaps} \\2 {$lang->with_trout}", $quoted_post['message']);
$quoted_post['message'] = preg_replace("#\[attachment=([0-9]+?)\]#i", '', $quoted_post['message']);

		


		$quoted_post['message'] = $parser->parse_badwords($quoted_post['message']);	


		// Tack on to list of messages
$message .= "[quote={$quoted_post['username']}]\n{$quoted_post['message']}\n[/quote]\n\n";
}

		// Tack on to list of messages
$message .= "[quote={$quoted_post['username']}]\n{$quoted_post['message']}\n[/quote]\n\n";
}

Zeile 501Zeile 516
	global $charset;

// Send our headers.

	global $charset;

// Send our headers.

	header("Content-type: text/html; charset={$charset}");

	header("Content-type: text/xml; charset={$charset}");

	
// Send the error message.
echo "<error>".$message."</error>";

	
// Send the error message.
echo "<error>".$message."</error>";