Vergleich private.php - 1.6.6 - 1.6.10

  Keine Änderungen   Hinzugefügt   Modifiziert   Entfernt
Zeile 6Zeile 6
 * Website: http://mybb.com
* License: http://mybb.com/about/license
*

 * Website: http://mybb.com
* License: http://mybb.com/about/license
*

 * $Id: private.php 5476 2011-06-24 14:49:59Z Tomm $

 * $Id$

 */

define("IN_MYBB", 1);

 */

define("IN_MYBB", 1);

Zeile 14Zeile 14
define('THIS_SCRIPT', 'private.php');

$templatelist = "private_send,private_send_buddyselect,private_read,private_tracking,private_tracking_readmessage,private_tracking_unreadmessage";

define('THIS_SCRIPT', 'private.php');

$templatelist = "private_send,private_send_buddyselect,private_read,private_tracking,private_tracking_readmessage,private_tracking_unreadmessage";

$templatelist .= ",private_folders,private_folders_folder,private_folders_folder_unremovable,private,usercp_nav_changename,usercp_nav,private_empty_folder,private_empty,posticons";
$templatelist .= "usercp_nav_messenger,usercp_nav_changename,usercp_nav_profile,usercp_nav_misc,usercp_nav_messenger,multipage_nextpage,multipage_page_current,multipage_page,multipage_start,multipage_end,multipage,usercp_nav_editsignature,private_read_action,postbit_away,postbit_avatar,postbit_warn,postbit_rep_button";
$templatelist .= ",private_messagebit,codebuttons,smilieinsert,posticons,private_send_autocomplete,private_messagebit_denyreceipt,private_read_to, postbit_online,postbit_find,postbit_pm, postbit_email,postbit_reputation,postbit_warninglevel,postbit_author_user,postbit_reply_pm,postbit_forward_pm,postbit_delete_pm,postbit,private_tracking_nomessage,private_nomessages";




$templatelist .= ",private_folders,private_folders_folder,private_folders_folder_unremovable,private,usercp_nav,private_empty_folder,private_empty,private_archive_txt,private_archive_csv,private_archive_html";
$templatelist .= ",usercp_nav_messenger,usercp_nav_changename,usercp_nav_profile,usercp_nav_misc,multipage_nextpage,multipage_page_current,multipage_page,multipage_start,multipage_end,multipage,usercp_nav_editsignature,private_read_action,postbit_away,postbit_avatar,postbit_warn,postbit_rep_button";
$templatelist .= ",private_messagebit,codebuttons,smilieinsert,smilieinsert_getmore,posticons,private_send_autocomplete,private_messagebit_denyreceipt,private_read_to,postbit_online,postbit_find,postbit_pm,postbit_email,postbit_reputation,postbit_warninglevel,postbit_author_user,postbit_reply_pm,postbit_forward_pm";
$templatelist .= ",postbit_delete_pm,postbit,private_tracking_nomessage,private_nomessages,postbit_author_guest,private_multiple_recipients_user,private_multiple_recipients_bcc,private_multiple_recipients";
$templatelist .= ",private_search_messagebit,private_search_results_nomessages,private_search_results,private_advanced_search,previewpost,private_send_tracking,private_send_signature,private_read_bcc";
$templatelist .= ",private_archive,private_pmspace,private_limitwarning,postbit_groupimage,postbit_offline,postbit_www,postbit_replyall_pm,postbit_signature,postbit_classic,postbit_gotopost,usercp_nav_messenger_tracking,multipage_prevpage";


require_once "./global.php";
require_once MYBB_ROOT."inc/functions_post.php";


require_once "./global.php";
require_once MYBB_ROOT."inc/functions_post.php";

Zeile 248Zeile 251
	$plugins->run_hooks("private_results_start");

// Decide on our sorting fields and sorting order.

	$plugins->run_hooks("private_results_start");

// Decide on our sorting fields and sorting order.

	$order = my_strtolower(htmlspecialchars($mybb->input['order']));
$sortby = my_strtolower(htmlspecialchars($mybb->input['sortby']));

	$order = my_strtolower(htmlspecialchars_uni($mybb->input['order']));
$sortby = my_strtolower(htmlspecialchars_uni($mybb->input['sortby']));


$sortby_accepted = array('subject', 'username', 'dateline');



$sortby_accepted = array('subject', 'username', 'dateline');


Zeile 469Zeile 472
			$senddate = $lang->not_sent;
}


			$senddate = $lang->not_sent;
}


		$foldername = htmlspecialchars_uni($foldernames[$message['folder']]);

		$foldername = $foldernames[$message['folder']];

		
// What we do here is parse the post using our post parser, then strip the tags from it
$parser_options = array(

		
// What we do here is parse the post using our post parser, then strip the tags from it
$parser_options = array(

Zeile 484Zeile 487
		{
$message['message'] = my_substr($message['message'], 0, 200)."...";
}

		{
$message['message'] = my_substr($message['message'], 0, 200)."...";
}

		
// For my sanity...
$message['message'] = htmlspecialchars_uni($message['message']);

 
		
eval("\$messagelist .= \"".$templates->get("private_search_messagebit")."\";");
}

		
eval("\$messagelist .= \"".$templates->get("private_search_messagebit")."\";");
}

Zeile 530Zeile 530
	if($mybb->input['ajax'])
{
echo 1;

	if($mybb->input['ajax'])
{
echo 1;

		exit;

		exit;

	}
else

	}
else

	{

	{

		header("Location: index.php");
exit;

		header("Location: index.php");
exit;

	}

	}

}

$send_errors = '';

}

$send_errors = '';

Zeile 547Zeile 547
	{
error_no_permission();
}

	{
error_no_permission();
}





	// Verify incoming POST request
verify_post_check($mybb->input['my_post_key']);

$plugins->run_hooks("private_send_do_send");

	// Verify incoming POST request
verify_post_check($mybb->input['my_post_key']);

$plugins->run_hooks("private_send_do_send");





	// Attempt to see if this PM is a duplicate or not
$time_cutoff = TIME_NOW - (5 * 60 * 60);
$query = $db->query("

	// Attempt to see if this PM is a duplicate or not
$time_cutoff = TIME_NOW - (5 * 60 * 60);
$query = $db->query("

Zeile 586Zeile 586
	{
$pm['bcc'] = explode(",", $mybb->input['bcc']);
$pm['bcc'] = array_map("trim", $pm['bcc']);

	{
$pm['bcc'] = explode(",", $mybb->input['bcc']);
$pm['bcc'] = array_map("trim", $pm['bcc']);

 
	}

if(!$mybb->usergroup['cantrackpms'])
{
$mybb->input['options']['readreceipt'] = false;

	}

$pm['options'] = array(

	}

$pm['options'] = array(

Zeile 596Zeile 601
	);

if($mybb->input['saveasdraft'])

	);

if($mybb->input['saveasdraft'])

	{

	{

		$pm['saveasdraft'] = 1;
}
$pmhandler->set_data($pm);

		$pm['saveasdraft'] = 1;
}
$pmhandler->set_data($pm);

Zeile 618Zeile 623
			redirect("private.php", $lang->redirect_pmsaved);
}
else

			redirect("private.php", $lang->redirect_pmsaved);
}
else

		{

		{

			redirect("private.php", $lang->redirect_pmsent);
}
}

			redirect("private.php", $lang->redirect_pmsent);
}
}

Zeile 643Zeile 648
			$smilieinserter = build_clickable_smilies();
}
}

			$smilieinserter = build_clickable_smilies();
}
}

 

$lang->post_icon = $lang->message_icon;


$posticons = get_post_icons();


$posticons = get_post_icons();

	$previewmessage = $mybb->input['message'];
$message = htmlspecialchars_uni($mybb->input['message']);
$subject = $previewsubject = htmlspecialchars_uni($mybb->input['subject']);

	$message = htmlspecialchars_uni($parser->parse_badwords($mybb->input['message']));
$subject = htmlspecialchars_uni($parser->parse_badwords($mybb->input['subject']));



if($mybb->input['preview'] || $send_errors)
{


if($mybb->input['preview'] || $send_errors)
{

Zeile 665Zeile 671
			$optionschecked['savecopy'] = 'checked="checked"';
}
if($options['readreceipt'] != 0)

			$optionschecked['savecopy'] = 'checked="checked"';
}
if($options['readreceipt'] != 0)

		{

		{

			$optionschecked['readreceipt'] = 'checked="checked"';
}
$to = htmlspecialchars_uni($mybb->input['to']);

			$optionschecked['readreceipt'] = 'checked="checked"';
}
$to = htmlspecialchars_uni($mybb->input['to']);

Zeile 681Zeile 687
			FROM ".TABLE_PREFIX."users u
LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid)
WHERE u.uid='".$mybb->user['uid']."'

			FROM ".TABLE_PREFIX."users u
LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid)
WHERE u.uid='".$mybb->user['uid']."'

		");


		");


		$post = $db->fetch_array($query);

$post['userusername'] = $mybb->user['username'];
$post['postusername'] = $mybb->user['username'];

		$post = $db->fetch_array($query);

$post['userusername'] = $mybb->user['username'];
$post['postusername'] = $mybb->user['username'];

		$post['message'] = $previewmessage;
$post['subject'] = $previewsubject;

		$post['message'] = $mybb->input['message'];
$post['subject'] = htmlspecialchars_uni($mybb->input['subject']);

		$post['icon'] = $mybb->input['icon'];
$post['smilieoff'] = $options['disablesmilies'];
$post['dateline'] = TIME_NOW;

		$post['icon'] = $mybb->input['icon'];
$post['smilieoff'] = $options['disablesmilies'];
$post['dateline'] = TIME_NOW;

Zeile 700Zeile 706
		else
{
$post['includesig'] = 1;

		else
{
$post['includesig'] = 1;

		}


		}


		// Merge usergroup data from the cache
$data_key = array(
'title' => 'grouptitle',

		// Merge usergroup data from the cache
$data_key = array(
'title' => 'grouptitle',

Zeile 742Zeile 748
			SELECT pm.*, u.username AS quotename
FROM ".TABLE_PREFIX."privatemessages pm
LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=pm.fromid)

			SELECT pm.*, u.username AS quotename
FROM ".TABLE_PREFIX."privatemessages pm
LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=pm.fromid)

			WHERE pm.pmid='".intval($mybb->input['pmid'])."' AND pm.uid='".$mybb->user['uid']."'

			WHERE pm.pmid='{$mybb->input['pmid']}' AND pm.uid='{$mybb->user['uid']}'

		");

		");

 


		$pm = $db->fetch_array($query);

		$pm = $db->fetch_array($query);


$message = htmlspecialchars_uni($pm['message']);
$subject = htmlspecialchars_uni($pm['subject']);

		$message = htmlspecialchars_uni($parser->parse_badwords($pm['message']));
$subject = htmlspecialchars_uni($parser->parse_badwords($pm['subject']));



if($pm['folder'] == "3")


if($pm['folder'] == "3")

		{ // message saved in drafts


		{
// message saved in drafts

			$mybb->input['uid'] = $pm['toid'];

if($pm['includesig'] == 1)

			$mybb->input['uid'] = $pm['toid'];

if($pm['includesig'] == 1)

Zeile 772Zeile 779
			if(isset($recipients['to']) && is_array($recipients['to']))
{
foreach($recipients['to'] as $recipient)

			if(isset($recipients['to']) && is_array($recipients['to']))
{
foreach($recipients['to'] as $recipient)

				{

				{

					$recipient_list['to'][] = $recipient;
$recipientids .= $comma.$recipient;
$comma = ',';

					$recipient_list['to'][] = $recipient;
$recipientids .= $comma.$recipient;
$comma = ',';

Zeile 806Zeile 813
			}
}
else

			}
}
else

		{ // forward/reply


		{
// forward/reply

			$subject = preg_replace("#(FW|RE):( *)#is", '', $subject);
$postdate = my_date($mybb->settings['dateformat'], $pm['dateline']);
$posttime = my_date($mybb->settings['timeformat'], $pm['dateline']);

			$subject = preg_replace("#(FW|RE):( *)#is", '', $subject);
$postdate = my_date($mybb->settings['dateformat'], $pm['dateline']);
$posttime = my_date($mybb->settings['timeformat'], $pm['dateline']);

Zeile 854Zeile 862
				$query = $db->simple_select('users', 'uid, username', "uid IN ({$recipientids})");
while($user = $db->fetch_array($query))
{

				$query = $db->simple_select('users', 'uid, username', "uid IN ({$recipientids})");
while($user = $db->fetch_array($query))
{

					$to .= $comma.htmlspecialchars($user['username']);

					$to .= $comma.htmlspecialchars_uni($user['username']);

					$comma = $lang->comma;
}
}

					$comma = $lang->comma;
}
}

Zeile 898Zeile 906
		$buddy_select = 'bcc';
eval("\$buddy_select_bcc = \"".$templates->get("private_send_buddyselect")."\";");
}

		$buddy_select = 'bcc';
eval("\$buddy_select_bcc = \"".$templates->get("private_send_buddyselect")."\";");
}

 

// Hide tracking option if no permission
$private_send = $templates->get("private_send");
$tracking = '';
if($mybb->usergroup['cantrackpms'])
{
$tracking = $templates->get("private_send_tracking");
}
eval("\$private_send_tracking = \"".$tracking."\";");

// Hide signature option if no permission
$option_signature = '';
if($mybb->usergroup['canusesig'] && !$mybb->user['suspendsignature'])
{
$option_signature = $templates->get('private_send_signature');
}
eval("\$private_send_signature = \"".$option_signature."\";");

	
$plugins->run_hooks("private_send_end");


	
$plugins->run_hooks("private_send_end");


	eval("\$send = \"".$templates->get("private_send")."\";");

	eval("\$send = \"".$private_send."\";");

	output_page($send);
}

	output_page($send);
}



 

if($mybb->input['action'] == "read")
{


if($mybb->input['action'] == "read")
{

Zeile 929Zeile 953
	if(!$pm['pmid'])
{
error($lang->error_invalidpm);

	if(!$pm['pmid'])
{
error($lang->error_invalidpm);

	}


	}


	// If we've gotten a PM, attach the group info
$data_key = array(
'title' => 'grouptitle',

	// If we've gotten a PM, attach the group info
$data_key = array(
'title' => 'grouptitle',

Zeile 1008Zeile 1032
		$forward_date = my_date($mybb->settings['dateformat'], $pm['statustime']);

if(strpos($forward_date, $lang->today) !== false || strpos($forward_date, $lang->yesterday) !== false)

		$forward_date = my_date($mybb->settings['dateformat'], $pm['statustime']);

if(strpos($forward_date, $lang->today) !== false || strpos($forward_date, $lang->yesterday) !== false)

		{
$forward_date .= $lang->comma.my_date($mybb->settings['timeformat'], $pm['statustime']);

		{
$forward_date .= $lang->comma.my_date($mybb->settings['timeformat'], $pm['statustime']);

			$actioned_on = $lang->sprintf($lang->you_forwarded, $forward_date);

			$actioned_on = $lang->sprintf($lang->you_forwarded, $forward_date);

		}

		}

		else
{
$forward_date .= $lang->comma.my_date($mybb->settings['timeformat'], $pm['statustime']);

		else
{
$forward_date .= $lang->comma.my_date($mybb->settings['timeformat'], $pm['statustime']);

Zeile 1023Zeile 1047

$pm['userusername'] = $pm['username'];
$pm['subject'] = htmlspecialchars_uni($parser->parse_badwords($pm['subject']));


$pm['userusername'] = $pm['username'];
$pm['subject'] = htmlspecialchars_uni($parser->parse_badwords($pm['subject']));

 


	if($pm['fromid'] == 0)

	if($pm['fromid'] == 0)

	{

	{

		$pm['username'] = $lang->mybb_engine;

		$pm['username'] = $lang->mybb_engine;

	}

	}

	
if(!$pm['username'])
{

	
if(!$pm['username'])
{

Zeile 1035Zeile 1060

// Fetch the recipients for this message
$pm['recipients'] = @unserialize($pm['recipients']);


// Fetch the recipients for this message
$pm['recipients'] = @unserialize($pm['recipients']);





	if(is_array($pm['recipients']['to']))

	if(is_array($pm['recipients']['to']))

	{

	{

		$uid_sql = implode(',', $pm['recipients']['to']);

		$uid_sql = implode(',', $pm['recipients']['to']);

	}

	}

	else
{
$uid_sql = $pm['toid'];
$pm['recipients']['to'] = array($pm['toid']);

	else
{
$uid_sql = $pm['toid'];
$pm['recipients']['to'] = array($pm['toid']);

	}


	}


	$show_bcc = 0;

// If we have any BCC recipients and this user is an Administrator, add them on to the query

	$show_bcc = 0;

// If we have any BCC recipients and this user is an Administrator, add them on to the query

Zeile 1085Zeile 1110
	}

if(count($to_recipients) > 0)

	}

if(count($to_recipients) > 0)

	{

	{

		$to_recipients = implode(", ", $to_recipients);
}
else

		$to_recipients = implode(", ", $to_recipients);
}
else

Zeile 1106Zeile 1131

if($mybb->input['action'] == "tracking")
{


if($mybb->input['action'] == "tracking")
{

 
	if(!$mybb->usergroup['cantrackpms'])
{
error_no_permission();
}


	$plugins->run_hooks("private_tracking_start");
$readmessages = '';
$unreadmessages = '';

	$plugins->run_hooks("private_tracking_start");
$readmessages = '';
$unreadmessages = '';

Zeile 1241Zeile 1271
			}
}
$plugins->run_hooks("private_do_tracking_end");

			}
}
$plugins->run_hooks("private_do_tracking_end");

		redirect("private.php", $lang->redirect_pmstrackingstopped);

		redirect("private.php?action=tracking", $lang->redirect_pmstrackingstopped);

	}
elseif($mybb->input['stoptrackingunread'])
{

	}
elseif($mybb->input['stoptrackingunread'])
{

Zeile 1256Zeile 1286
			}
}
$plugins->run_hooks("private_do_tracking_end");

			}
}
$plugins->run_hooks("private_do_tracking_end");

		redirect("private.php", $lang->redirect_pmstrackingstopped);

		redirect("private.php?action=tracking", $lang->redirect_pmstrackingstopped);

	}
elseif($mybb->input['cancel'])
{

	}
elseif($mybb->input['cancel'])
{

Zeile 1282Zeile 1312
			}
}
$plugins->run_hooks("private_do_tracking_end");

			}
}
$plugins->run_hooks("private_do_tracking_end");

		redirect("private.php", $lang->redirect_pmstrackingcanceled);

		redirect("private.php?action=tracking", $lang->redirect_pmstrackingcanceled);

	}
}


	}
}


Zeile 1851Zeile 1881
		eval("\$pmsdownload .= \"".$templates->get("private_archive_".$mybb->input['exporttype']."_message", 1, 0)."\";");
$ids .= ",'{$message['pmid']}'";
}

		eval("\$pmsdownload .= \"".$templates->get("private_archive_".$mybb->input['exporttype']."_message", 1, 0)."\";");
$ids .= ",'{$message['pmid']}'";
}

	
$query = $db->simple_select("themestylesheets", "stylesheet", "sid=1", array('limit' => 1));
$css = $db->fetch_field($query, "stylesheet");







if($mybb->input['exporttype'] == "html")
{
// Gather global stylesheet for HTML
$query = $db->simple_select("themestylesheets", "stylesheet", "sid = '1'", array('limit' => 1));
$css = $db->fetch_field($query, "stylesheet");
}


	$plugins->run_hooks("private_do_export_end");

eval("\$archived = \"".$templates->get("private_archive_".$mybb->input['exporttype'], 1, 0)."\";");

	$plugins->run_hooks("private_do_export_end");

eval("\$archived = \"".$templates->get("private_archive_".$mybb->input['exporttype'], 1, 0)."\";");

Zeile 1863Zeile 1897
		$db->delete_query("privatemessages", "pmid IN ('0'$ids)");
// Update PM count
update_pm_count();

		$db->delete_query("privatemessages", "pmid IN ('0'$ids)");
// Update PM count
update_pm_count();

	}

if($mybb->input['exporttype'] == "html")
{

	}

if($mybb->input['exporttype'] == "html")
{

		$filename = "pm-archive.html";
$contenttype = "text/html";
}

		$filename = "pm-archive.html";
$contenttype = "text/html";
}

Zeile 1879Zeile 1913
	{
$filename = "pm-archive.txt";
$contenttype = "text/plain";

	{
$filename = "pm-archive.txt";
$contenttype = "text/plain";

	}


	}


	$archived = str_replace("\\\'","'",$archived);
header("Content-disposition: filename=$filename");
header("Content-type: ".$contenttype);

if($mybb->input['exporttype'] == "html")

	$archived = str_replace("\\\'","'",$archived);
header("Content-disposition: filename=$filename");
header("Content-type: ".$contenttype);

if($mybb->input['exporttype'] == "html")

	{

	{

		output_page($archived);
}
else
{
echo $archived;

		output_page($archived);
}
else
{
echo $archived;

	}

	}

}

if(!$mybb->input['action'])

}

if(!$mybb->input['action'])

Zeile 1905Zeile 1939
	}

$folder = $mybb->input['fid'];

	}

$folder = $mybb->input['fid'];

	
$foldername = htmlspecialchars_uni($foldernames[$folder]);

	$foldername = $foldernames[$folder];



$lang->pms_in_folder = $lang->sprintf($lang->pms_in_folder, $foldername);
if($folder == 2 || $folder == 3)


$lang->pms_in_folder = $lang->sprintf($lang->pms_in_folder, $foldername);
if($folder == 2 || $folder == 3)