Xml.php 10 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396
  1. <?php
  2. /**
  3. * Maintains all XML-based interaction (mainly XMLhttp)
  4. *
  5. * Simple Machines Forum (SMF)
  6. *
  7. * @package SMF
  8. * @author Simple Machines http://www.simplemachines.org
  9. * @copyright 2012 Simple Machines Forum contributors
  10. * @license http://www.simplemachines.org/about/smf/license.php BSD
  11. *
  12. * @version 2.1 Alpha 1
  13. */
  14. if (!defined('SMF'))
  15. die('Hacking attempt...');
  16. function XMLhttpMain()
  17. {
  18. loadTemplate('Xml');
  19. $sub_actions = array(
  20. 'jumpto' => array(
  21. 'function' => 'GetJumpTo',
  22. ),
  23. 'messageicons' => array(
  24. 'function' => 'ListMessageIcons',
  25. ),
  26. 'corefeatures' => array(
  27. 'function' => 'EnableCoreFeatures',
  28. ),
  29. 'previews' => array(
  30. 'function' => 'RetrievePreview',
  31. ),
  32. );
  33. // Easy adding of sub actions
  34. call_integration_hook('integrate_xmlhttp', array(&$sub_actions));
  35. if (!isset($_REQUEST['sa'], $sub_actions[$_REQUEST['sa']]))
  36. fatal_lang_error('no_access', false);
  37. $sub_actions[$_REQUEST['sa']]['function']();
  38. }
  39. /**
  40. * Get a list of boards and categories used for the jumpto dropdown.
  41. */
  42. function GetJumpTo()
  43. {
  44. global $user_info, $context, $smcFunc, $sourcedir;
  45. // Find the boards/cateogories they can see.
  46. require_once($sourcedir . '/Subs-MessageIndex.php');
  47. $boardListOptions = array(
  48. 'use_permissions' => true,
  49. 'selected_board' => isset($context['current_board']) ? $context['current_board'] : 0,
  50. );
  51. $context['jump_to'] = getBoardList($boardListOptions);
  52. // Make the board safe for display.
  53. foreach ($context['jump_to'] as $id_cat => $cat)
  54. {
  55. $context['jump_to'][$id_cat]['name'] = un_htmlspecialchars(strip_tags($cat['name']));
  56. foreach ($cat['boards'] as $id_board => $board)
  57. $context['jump_to'][$id_cat]['boards'][$id_board]['name'] = un_htmlspecialchars(strip_tags($board['name']));
  58. }
  59. $context['sub_template'] = 'jump_to';
  60. }
  61. function ListMessageIcons()
  62. {
  63. global $context, $sourcedir, $board;
  64. require_once($sourcedir . '/Subs-Editor.php');
  65. $context['icons'] = getMessageIcons($board);
  66. $context['sub_template'] = 'message_icons';
  67. }
  68. function EnableCoreFeatures()
  69. {
  70. global $context, $smcFunc, $sourcedir, $modSettings, $txt;
  71. $context['xml_data'] = array();
  72. // Just in case, maybe we don't need it
  73. loadLanguage('Errors');
  74. // We need (at least) this to ensure that mod files are included
  75. if (!empty($modSettings['integrate_admin_include']))
  76. {
  77. $admin_includes = explode(',', $modSettings['integrate_admin_include']);
  78. foreach ($admin_includes as $include)
  79. {
  80. $include = strtr(trim($include), array('$boarddir' => $boarddir, '$sourcedir' => $sourcedir, '$themedir' => $settings['theme_dir']));
  81. if (file_exists($include))
  82. require_once($include);
  83. }
  84. }
  85. $errors = array();
  86. $returns = array();
  87. $tokens = array();
  88. if (allowedTo('admin_forum'))
  89. {
  90. $validation = validateSession();
  91. if (empty($validation))
  92. {
  93. require_once($sourcedir . '/ManageSettings.php');
  94. $result = ModifyCoreFeatures();
  95. if (empty($result))
  96. {
  97. $id = isset($_POST['feature_id']) ? $_POST['feature_id'] : '';
  98. if (!empty($id) && isset($context['features'][$id]))
  99. {
  100. $feature = $context['features'][$id];
  101. $returns[] = array(
  102. 'value' => (!empty($_POST['feature_' . $id]) && $feature['url'] ? '<a href="' . $feature['url'] . '">' . $feature['title'] . '</a>' : $feature['title']),
  103. );
  104. createToken('admin-core', 'post');
  105. $tokens = array(
  106. array(
  107. 'value' => $context['admin-core_token'],
  108. 'attributes' => array('type' => 'token_var'),
  109. ),
  110. array(
  111. 'value' => $context['admin-core_token_var'],
  112. 'attributes' => array('type' => 'token'),
  113. ),
  114. );
  115. }
  116. else
  117. {
  118. $errors[] = array(
  119. 'value' => $txt['feature_no_exists'],
  120. );
  121. }
  122. }
  123. else
  124. {
  125. $errors[] = array(
  126. 'value' => $txt[$result],
  127. );
  128. }
  129. }
  130. else
  131. {
  132. $errors[] = array(
  133. 'value' => $txt[$validation],
  134. );
  135. }
  136. }
  137. else
  138. {
  139. $errors[] = array(
  140. 'value' => $txt['cannot_admin_forum']
  141. );
  142. }
  143. $context['sub_template'] = 'generic_xml';
  144. $context['xml_data'] = array (
  145. 'corefeatures' => array (
  146. 'identifier' => 'corefeature',
  147. 'children' => $returns,
  148. ),
  149. 'tokens' => array (
  150. 'identifier' => 'token',
  151. 'children' => $tokens,
  152. ),
  153. 'errors' => array (
  154. 'identifier' => 'error',
  155. 'children' => $errors,
  156. ),
  157. );
  158. }
  159. function RetrievePreview()
  160. {
  161. global $context;
  162. $items = array(
  163. 'newspreview',
  164. 'newsletterpreview',
  165. 'sig_preview',
  166. 'warning_preview',
  167. );
  168. $context['sub_template'] = 'generic_xml';
  169. if (!isset($_POST['item']) || !in_array($_POST['item'], $items))
  170. return false;
  171. $_POST['item']();
  172. }
  173. function newspreview()
  174. {
  175. global $context, $sourcedir, $smcFunc;
  176. require_once($sourcedir . '/Subs-Post.php');
  177. $errors = array();
  178. $news = !isset($_POST['news'])? '' : $smcFunc['htmlspecialchars']($_POST['news'], ENT_QUOTES);
  179. if (empty($news))
  180. $errors[] = array('value' => 'no_news');
  181. else
  182. preparsecode($news);
  183. $context['xml_data'] = array(
  184. 'news' => array(
  185. 'identifier' => 'parsedNews',
  186. 'children' => array(
  187. array(
  188. 'value' => parse_bbc($news),
  189. ),
  190. ),
  191. ),
  192. 'errors' => array(
  193. 'identifier' => 'error',
  194. 'children' => $errors
  195. ),
  196. );
  197. }
  198. function newsletterpreview()
  199. {
  200. global $context, $sourcedir, $smcFunc, $txt;
  201. require_once($sourcedir . '/Subs-Post.php');
  202. require_once($sourcedir . '/ManageNews.php');
  203. loadLanguage('Errors');
  204. $context['post_error']['messages'] = array();
  205. $context['send_pm'] = !empty($_POST['send_pm']) ? 1 : 0;
  206. $context['send_html'] = !empty($_POST['send_html']) ? 1 : 0;
  207. if (empty($_POST['subject']))
  208. $context['post_error']['messages'][] = $txt['error_no_subject'];
  209. if (empty($_POST['message']))
  210. $context['post_error']['messages'][] = $txt['error_no_message'];
  211. prepareMailingForPreview();
  212. $context['sub_template'] = 'pm';
  213. }
  214. function sig_preview()
  215. {
  216. global $context, $sourcedir, $smcFunc, $txt, $user_info;
  217. require_once($sourcedir . '/Profile-Modify.php');
  218. loadLanguage('Profile');
  219. loadLanguage('Errors');
  220. $user = isset($_POST['user']) ? (int) $_POST['user'] : 0;
  221. $is_owner = $user == $user_info['id'];
  222. // @todo Temporary
  223. // Borrowed from loadAttachmentContext in Display.php
  224. $can_change = $is_owner ? allowedTo(array('profile_extra_any', 'profile_extra_own')) : allowedTo('profile_extra_any');
  225. $errors = array();
  226. if (!empty($user) && $can_change)
  227. {
  228. $request = $smcFunc['db_query']('', '
  229. SELECT signature
  230. FROM {db_prefix}members
  231. WHERE id_member = {int:id_member}
  232. LIMIT 1',
  233. array(
  234. 'id_member' => $user,
  235. )
  236. );
  237. list($current_signature) = $smcFunc['db_fetch_row']($request);
  238. $smcFunc['db_free_result']($request);
  239. censorText($current_signature);
  240. $current_signature = parse_bbc($current_signature, true, 'sig' . $user);
  241. $preview_signature = !empty($_POST['signature']) ? $_POST['signature'] : '';
  242. $validation = profileValidateSignature($preview_signature);
  243. if ($validation !== true && $validation !== false)
  244. $errors[] = array('value' => $txt['profile_error_' . $validation], 'attributes' => array('type' => 'error'));
  245. censorText($preview_signature);
  246. $preview_signature = parse_bbc($preview_signature, true, 'sig' . $user);
  247. }
  248. elseif (!$can_change)
  249. {
  250. if ($is_owner)
  251. $errors[] = array('value' => $txt['cannot_profile_extra_own'], 'attributes' => array('type' => 'error'));
  252. else
  253. $errors[] = array('value' => $txt['cannot_profile_extra_any'], 'attributes' => array('type' => 'error'));
  254. }
  255. else
  256. $errors[] = array('value' => $txt['no_user_selected'], 'attributes' => array('type' => 'error'));
  257. $context['xml_data']['signatures'] = array(
  258. 'identifier' => 'signature',
  259. 'children' => array()
  260. );
  261. if (isset($current_signature))
  262. $context['xml_data']['signatures']['children'][] = array(
  263. 'value' => $current_signature,
  264. 'attributes' => array('type' => 'current'),
  265. );
  266. if (isset($preview_signature))
  267. $context['xml_data']['signatures']['children'][] = array(
  268. 'value' => $preview_signature,
  269. 'attributes' => array('type' => 'preview'),
  270. );
  271. if (!empty($errors))
  272. $context['xml_data']['errors'] = array(
  273. 'identifier' => 'error',
  274. 'children' => array_merge(
  275. array(
  276. array(
  277. 'value' => $txt['profile_errors_occurred'],
  278. 'attributes' => array('type' => 'errors_occurred'),
  279. ),
  280. ),
  281. $errors
  282. ),
  283. );
  284. }
  285. function warning_preview()
  286. {
  287. global $context, $sourcedir, $smcFunc, $txt, $user_info, $scripturl, $mbname;
  288. require_once($sourcedir . '/Subs-Post.php');
  289. loadLanguage('Errors');
  290. loadLanguage('ModerationCenter');
  291. $user = isset($_POST['user']) ? (int) $_POST['user'] : 0;
  292. $context['post_error']['messages'] = array();
  293. if (allowedTo('issue_warning'))
  294. {
  295. $warning_body = !empty($_POST['body']) ? trim(censorText($_POST['body'])) : '';
  296. $context['preview_subject'] = !empty($_POST['title']) ? trim($smcFunc['htmlspecialchars']($_POST['title'])) : '';
  297. if (isset($_POST['issuing']))
  298. {
  299. if (empty($_POST['title']) || empty($_POST['body']))
  300. $context['post_error']['messages'][] = $txt['warning_notify_blank'];
  301. }
  302. else
  303. {
  304. if (empty($_POST['title']))
  305. $context['post_error']['messages'][] = $txt['mc_warning_template_error_no_title'];
  306. if (empty($_POST['body']))
  307. $context['post_error']['messages'][] = $txt['mc_warning_template_error_no_body'];
  308. // Add in few replacements.
  309. /**
  310. * These are the defaults:
  311. * - {MEMBER} - Member Name. => current user for review
  312. * - {MESSAGE} - Link to Offending Post. (If Applicable) => not applicable here, so not replaced
  313. * - {FORUMNAME} - Forum Name.
  314. * - {SCRIPTURL} - Web address of forum.
  315. * - {REGARDS} - Standard email sign-off.
  316. */
  317. $find = array(
  318. '{MEMBER}',
  319. '{FORUMNAME}',
  320. '{SCRIPTURL}',
  321. '{REGARDS}',
  322. );
  323. $replace = array(
  324. $user_info['name'],
  325. $mbname,
  326. $scripturl,
  327. $txt['regards_team'],
  328. );
  329. $warning_body = str_replace($find, $replace, $warning_body);
  330. }
  331. if (!empty($_POST['body']))
  332. {
  333. preparsecode($warning_body);
  334. $warning_body = parse_bbc($warning_body, true);
  335. }
  336. $context['preview_message'] = $warning_body;
  337. }
  338. else
  339. $context['post_error']['messages'][] = array('value' => $txt['cannot_issue_warning'], 'attributes' => array('type' => 'error'));
  340. $context['sub_template'] = 'pm';
  341. }
  342. ?>