Zeile 3 | Zeile 3 |
---|
* MyBB 1.2 * Copyright © 2006 MyBB Group, All Rights Reserved *
|
* MyBB 1.2 * Copyright © 2006 MyBB Group, All Rights Reserved *
|
* Website: http://www.mybboard.com * License: http://www.mybboard.com/eula.html
| * Website: http://www.mybboard.net * License: http://www.mybboard.net/eula.html
|
*
|
*
|
* $Id: xmlhttp.php 2477 2006-12-02 13:12:03Z CraKteR $
| * $Id: xmlhttp.php 3600 2008-01-21 00:08:28Z Tikitiki $
|
*/
/**
| */
/**
|
Zeile 74 | Zeile 74 |
---|
$loadstyle = "def=1"; }
|
$loadstyle = "def=1"; }
|
| // Load basic theme information that we could be needing.
|
$query = $db->simple_select(TABLE_PREFIX."themes", "name, tid, themebits", $loadstyle); $theme = $db->fetch_array($query); $theme = @array_merge($theme, unserialize($theme['themebits']));
| $query = $db->simple_select(TABLE_PREFIX."themes", "name, tid, themebits", $loadstyle); $theme = $db->fetch_array($query); $theme = @array_merge($theme, unserialize($theme['themebits']));
|
Zeile 99 | Zeile 100 |
---|
$lang->load("global"); $lang->load("xmlhttp");
|
$lang->load("global"); $lang->load("xmlhttp");
|
// Load basic theme information that we could be needing.
| |
$plugins->run_hooks("xmlhttp");
| $plugins->run_hooks("xmlhttp");
|
Zeile 112 | Zeile 111 |
---|
{ exit; }
|
{ exit; }
|
|
|
// Send our headers.
|
// Send our headers.
|
header("Content-type: text/html; charset={$charset}");
| header("Content-type: text/plain; charset={$charset}");
|
// Sanitize the input. $mybb->input['query'] = str_replace(array("%", "_"), array("\\%", "\\_"), $mybb->input['query']);
| // Sanitize the input. $mybb->input['query'] = str_replace(array("%", "_"), array("\\%", "\\_"), $mybb->input['query']);
|
Zeile 125 | Zeile 124 |
---|
"order_dir" => "asc", "limit_start" => 0, "limit" => 15
|
"order_dir" => "asc", "limit_start" => 0, "limit" => 15
|
);
| );
|
$query = $db->simple_select(TABLE_PREFIX."users", "uid, username", "username LIKE '".$db->escape_string($mybb->input['query'])."%'", $query_options); while($user = $db->fetch_array($query)) {
| $query = $db->simple_select(TABLE_PREFIX."users", "uid, username", "username LIKE '".$db->escape_string($mybb->input['query'])."%'", $query_options); while($user = $db->fetch_array($query)) {
|
Zeile 139 | Zeile 138 |
---|
// This action provides editing of thread/post subjects from within their respective list pages. else if($mybb->input['action'] == "edit_subject" && $mybb->request_method == "post") {
|
// This action provides editing of thread/post subjects from within their respective list pages. else if($mybb->input['action'] == "edit_subject" && $mybb->request_method == "post") {
|
| // Verify POST request if(!verify_post_check($mybb->input['my_post_key'], true)) { xmlhttp_error($lang->invalid_post_code); }
|
// Editing a post subject. if($mybb->input['pid']) { // Fetch the post from the database. $post = get_post($mybb->input['pid']);
|
// Editing a post subject. if($mybb->input['pid']) { // Fetch the post from the database. $post = get_post($mybb->input['pid']);
|
|
|
// No result, die. if(!$post['pid']) { xmlhttp_error($lang->post_doesnt_exist); }
|
// No result, die. if(!$post['pid']) { xmlhttp_error($lang->post_doesnt_exist); }
|
|
|
// Fetch the thread associated with this post. $thread = get_thread($post['tid']); }
| // Fetch the thread associated with this post. $thread = get_thread($post['tid']); }
|
Zeile 169 | Zeile 174 |
---|
$query = $db->simple_select(TABLE_PREFIX."posts", "pid,uid,dateline", "tid='".$thread['tid']."'", $query_options); $post = $db->fetch_array($query); }
|
$query = $db->simple_select(TABLE_PREFIX."posts", "pid,uid,dateline", "tid='".$thread['tid']."'", $query_options); $post = $db->fetch_array($query); }
|
// Fetch the specific forum this thread/post is in. $forum = get_forum($thread['fid']);
// Missing thread, invalid forum? Error. if(!$thread['tid'] || !$forum['fid'] || $forum['type'] != "f") { xmlhttp_error($lang->thread_doesnt_exist); }
| // Fetch the specific forum this thread/post is in. $forum = get_forum($thread['fid']);
// Missing thread, invalid forum? Error. if(!$thread['tid'] || !$forum['fid'] || $forum['type'] != "f") { xmlhttp_error($lang->thread_doesnt_exist); }
|
// Fetch forum permissions. $forumpermissions = forum_permissions($forum['fid']); // If this user is not a moderator with "caneditposts" permissions. if(is_moderator($forum['fid'], "caneditposts") != "yes")
|
// Fetch forum permissions. $forumpermissions = forum_permissions($forum['fid']); // If this user is not a moderator with "caneditposts" permissions. if(is_moderator($forum['fid'], "caneditposts") != "yes")
|
{
| {
|
// Thread is closed - no editing allowed. if($thread['closed'] == "yes") {
| // Thread is closed - no editing allowed. if($thread['closed'] == "yes") {
|
Zeile 201 | Zeile 206 |
---|
xmlhttp_error($lang->edit_time_limit); } $ismod = false;
|
xmlhttp_error($lang->edit_time_limit); } $ismod = false;
|
}
| }
|
else { $ismod = true;
| else { $ismod = true;
|
Zeile 214 | Zeile 219 |
---|
$subject = iconv("UTF-8", $charset, $subject); } else if(function_exists("mb_convert_encoding"))
|
$subject = iconv("UTF-8", $charset, $subject); } else if(function_exists("mb_convert_encoding"))
|
{ $subject = mb_convert_encoding($subject, $charset, "UTF-8");
| { $subject = @mb_convert_encoding($subject, $charset, "UTF-8");
|
} else if(strtolower($charset) == "iso-8859-1") {
| } else if(strtolower($charset) == "iso-8859-1") {
|
Zeile 227 | Zeile 232 |
---|
require_once MYBB_ROOT."inc/datahandlers/post.php"; $posthandler = new PostDataHandler("update"); $posthandler->action = "post";
|
require_once MYBB_ROOT."inc/datahandlers/post.php"; $posthandler = new PostDataHandler("update"); $posthandler->action = "post";
|
|
|
// Set the post data that came from the input to the $post array. $updatepost = array( "pid" => $post['pid'],
| // Set the post data that came from the input to the $post array. $updatepost = array( "pid" => $post['pid'],
|
Zeile 260 | Zeile 265 |
---|
}
// Send our headers.
|
}
// Send our headers.
|
header("Content-type: text/html; charset={$charset}");
| header("Content-type: text/plain; charset={$charset}");
|
// Spit the subject back to the browser. echo $mybb->input['value'];
| // Spit the subject back to the browser. echo $mybb->input['value'];
|
Zeile 269 | Zeile 274 |
---|
exit; } else if($mybb->input['action'] == "edit_post")
|
exit; } else if($mybb->input['action'] == "edit_post")
|
{
| {
|
// Fetch the post from the database. $post = get_post($mybb->input['pid']);
| // Fetch the post from the database. $post = get_post($mybb->input['pid']);
|
Zeile 277 | Zeile 282 |
---|
if(!$post['pid']) { xmlhttp_error($lang->post_doesnt_exist);
|
if(!$post['pid']) { xmlhttp_error($lang->post_doesnt_exist);
|
}
| }
|
// Fetch the thread associated with this post. $thread = get_thread($post['tid']);
| // Fetch the thread associated with this post. $thread = get_thread($post['tid']);
|
Zeile 309 | Zeile 314 |
---|
} // If we're past the edit time limit - don't allow editing. else if($mybb->settings['edittimelimit'] != 0 && $post['dateline'] < (time()-($mybb->settings['edittimelimit']*60)))
|
} // If we're past the edit time limit - don't allow editing. else if($mybb->settings['edittimelimit'] != 0 && $post['dateline'] < (time()-($mybb->settings['edittimelimit']*60)))
|
{
| {
|
$lang->edit_time_limit = sprintf($lang->edit_time_limit, $mybb->settings['edittimelimit']); xmlhttp_error($lang->edit_time_limit); } } if($mybb->input['do'] == "get_post")
|
$lang->edit_time_limit = sprintf($lang->edit_time_limit, $mybb->settings['edittimelimit']); xmlhttp_error($lang->edit_time_limit); } } if($mybb->input['do'] == "get_post")
|
{
| {
|
// Send our headers.
|
// Send our headers.
|
header("Content-type: text/html; charset={$charset}");
| header("Content-type: text/xml; charset={$charset}");
|
$post['message'] = htmlspecialchars_uni($post['message']);
| $post['message'] = htmlspecialchars_uni($post['message']);
|
Zeile 329 | Zeile 334 |
---|
} else if($mybb->input['do'] == "update_post") {
|
} else if($mybb->input['do'] == "update_post") {
|
| // Verify POST request if(!verify_post_check($mybb->input['my_post_key'], true)) { xmlhttp_error($lang->invalid_post_code); }
|
$message = strval($_POST['value']); if(strtolower($charset) != "utf-8") {
| $message = strval($_POST['value']); if(strtolower($charset) != "utf-8") {
|
Zeile 338 | Zeile 349 |
---|
} else if(function_exists("mb_convert_encoding")) {
|
} else if(function_exists("mb_convert_encoding")) {
|
$message = mb_convert_encoding($message, $charset, "UTF-8");
| $message = @mb_convert_encoding($message, $charset, "UTF-8");
|
} else if(strtolower($charset) == "iso-8859-1") {
| } else if(strtolower($charset) == "iso-8859-1") {
|
Zeile 456 | Zeile 467 |
---|
{ $from_tid = ''; }
|
{ $from_tid = ''; }
|
| require_once MYBB_ROOT."inc/class_parser.php"; $parser = new postParser;
|
// Query for any posts in the list which are not within the specified thread $query = $db->query("
| // Query for any posts in the list which are not within the specified thread $query = $db->query("
|
Zeile 481 | Zeile 495 |
---|
$quoted_post['message'] = preg_replace('#(^|\r|\n)/me ([^\r\n<]*)#i', "\\1* {$quoted_post['username']} \\2", $quoted_post['message']); $quoted_post['message'] = preg_replace('#(^|\r|\n)/slap ([^\r\n<]*)#i', "\\1* {$quoted_post['username']} {$lang->slaps} \\2 {$lang->with_trout}", $quoted_post['message']); $quoted_post['message'] = preg_replace("#\[attachment=([0-9]+?)\]#i", '', $quoted_post['message']);
|
$quoted_post['message'] = preg_replace('#(^|\r|\n)/me ([^\r\n<]*)#i', "\\1* {$quoted_post['username']} \\2", $quoted_post['message']); $quoted_post['message'] = preg_replace('#(^|\r|\n)/slap ([^\r\n<]*)#i', "\\1* {$quoted_post['username']} {$lang->slaps} \\2 {$lang->with_trout}", $quoted_post['message']); $quoted_post['message'] = preg_replace("#\[attachment=([0-9]+?)\]#i", '', $quoted_post['message']);
|
| $quoted_post['message'] = $parser->parse_badwords($quoted_post['message']);
|
// Tack on to list of messages $message .= "[quote={$quoted_post['username']}]\n{$quoted_post['message']}\n[/quote]\n\n"; }
| // Tack on to list of messages $message .= "[quote={$quoted_post['username']}]\n{$quoted_post['message']}\n[/quote]\n\n"; }
|
Zeile 501 | Zeile 516 |
---|
global $charset; // Send our headers.
|
global $charset; // Send our headers.
|
header("Content-type: text/html; charset={$charset}");
| header("Content-type: text/xml; charset={$charset}");
|
// Send the error message. echo "<error>".$message."</error>";
| // Send the error message. echo "<error>".$message."</error>";
|