Xml.php 9.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384
  1. <?php
  2. /**
  3. * Maintains all XML-based interaction (mainly XMLhttp)
  4. *
  5. * Simple Machines Forum (SMF)
  6. *
  7. * @package SMF
  8. * @author Simple Machines http://www.simplemachines.org
  9. * @copyright 2012 Simple Machines
  10. * @license http://www.simplemachines.org/about/smf/license.php BSD
  11. *
  12. * @version 2.1 Alpha 1
  13. */
  14. if (!defined('SMF'))
  15. die('Hacking attempt...');
  16. function XMLhttpMain()
  17. {
  18. loadTemplate('Xml');
  19. $sub_actions = array(
  20. 'jumpto' => array(
  21. 'function' => 'GetJumpTo',
  22. ),
  23. 'messageicons' => array(
  24. 'function' => 'ListMessageIcons',
  25. ),
  26. 'corefeatures' => array(
  27. 'function' => 'EnableCoreFeatures',
  28. ),
  29. 'previews' => array(
  30. 'function' => 'RetrievePreview',
  31. ),
  32. );
  33. // Easy adding of sub actions
  34. call_integration_hook('integrate_xmlhttp', array(&$sub_actions));
  35. if (!isset($_REQUEST['sa'], $sub_actions[$_REQUEST['sa']]))
  36. fatal_lang_error('no_access', false);
  37. $sub_actions[$_REQUEST['sa']]['function']();
  38. }
  39. /**
  40. * Get a list of boards and categories used for the jumpto dropdown.
  41. */
  42. function GetJumpTo()
  43. {
  44. global $user_info, $context, $smcFunc, $sourcedir;
  45. // Find the boards/cateogories they can see.
  46. require_once($sourcedir . '/Subs-MessageIndex.php');
  47. $boardListOptions = array(
  48. 'use_permissions' => true,
  49. 'selected_board' => isset($context['current_board']) ? $context['current_board'] : 0,
  50. );
  51. $context['jump_to'] = getBoardList($boardListOptions);
  52. // Make the board safe for display.
  53. foreach ($context['jump_to'] as $id_cat => $cat)
  54. {
  55. $context['jump_to'][$id_cat]['name'] = un_htmlspecialchars(strip_tags($cat['name']));
  56. foreach ($cat['boards'] as $id_board => $board)
  57. $context['jump_to'][$id_cat]['boards'][$id_board]['name'] = un_htmlspecialchars(strip_tags($board['name']));
  58. }
  59. $context['sub_template'] = 'jump_to';
  60. }
  61. function ListMessageIcons()
  62. {
  63. global $context, $sourcedir, $board;
  64. require_once($sourcedir . '/Subs-Editor.php');
  65. $context['icons'] = getMessageIcons($board);
  66. $context['sub_template'] = 'message_icons';
  67. }
  68. function EnableCoreFeatures()
  69. {
  70. global $context, $smcFunc, $sourcedir, $modSettings, $txt;
  71. $context['xml_data'] = array();
  72. // Just in case, maybe we don't need it
  73. loadLanguage('Errors');
  74. $errors = array();
  75. $returns = array();
  76. $tokens = array();
  77. if (allowedTo('admin_forum'))
  78. {
  79. $validation = validateSession();
  80. if (empty($validation))
  81. {
  82. require_once($sourcedir . '/ManageSettings.php');
  83. $result = ModifyCoreFeatures();
  84. if (empty($result))
  85. {
  86. $id = isset($_POST['feature_id']) ? $_POST['feature_id'] : '';
  87. if (!empty($id) && isset($context['features'][$id]))
  88. {
  89. $feature = $context['features'][$id];
  90. $returns[] = array(
  91. 'value' => (!empty($_POST['feature_' . $id]) && $feature['url'] ? '<a href="' . $feature['url'] . '">' . $feature['title'] . '</a>' : $feature['title']),
  92. );
  93. createToken('admin-core', 'post');
  94. $tokens = array(
  95. array(
  96. 'value' => $context['admin-core_token'],
  97. 'attributes' => array('type' => 'token_var'),
  98. ),
  99. array(
  100. 'value' => $context['admin-core_token_var'],
  101. 'attributes' => array('type' => 'token'),
  102. ),
  103. );
  104. }
  105. else
  106. {
  107. $errors[] = array(
  108. 'value' => $txt['feature_no_exists'],
  109. );
  110. }
  111. }
  112. else
  113. {
  114. $errors[] = array(
  115. 'value' => $txt[$result],
  116. );
  117. }
  118. }
  119. else
  120. {
  121. $errors[] = array(
  122. 'value' => $txt[$validation],
  123. );
  124. }
  125. }
  126. else
  127. {
  128. $errors[] = array(
  129. 'value' => $txt['cannot_admin_forum']
  130. );
  131. }
  132. $context['sub_template'] = 'generic_xml';
  133. $context['xml_data'] = array (
  134. 'corefeatures' => array (
  135. 'identifier' => 'corefeature',
  136. 'children' => $returns,
  137. ),
  138. 'tokens' => array (
  139. 'identifier' => 'token',
  140. 'children' => $tokens,
  141. ),
  142. 'errors' => array (
  143. 'identifier' => 'error',
  144. 'children' => $errors,
  145. ),
  146. );
  147. }
  148. function RetrievePreview()
  149. {
  150. global $context;
  151. $items = array(
  152. 'newspreview',
  153. 'newsletterpreview',
  154. 'sig_preview',
  155. 'warning_preview',
  156. );
  157. $context['sub_template'] = 'generic_xml';
  158. if (!isset($_POST['item']) || !in_array($_POST['item'], $items))
  159. return false;
  160. $_POST['item']();
  161. }
  162. function newspreview()
  163. {
  164. global $context, $sourcedir, $smcFunc;
  165. require_once($sourcedir . '/Subs-Post.php');
  166. $errors = array();
  167. $news = !isset($_POST['news'])? '' : $smcFunc['htmlspecialchars']($_POST['news'], ENT_QUOTES);
  168. if (empty($news))
  169. $errors[] = array('value' => 'no_news');
  170. else
  171. preparsecode($news);
  172. $context['xml_data'] = array(
  173. 'news' => array(
  174. 'identifier' => 'parsedNews',
  175. 'children' => array(
  176. array(
  177. 'value' => parse_bbc($news),
  178. ),
  179. ),
  180. ),
  181. 'errors' => array(
  182. 'identifier' => 'error',
  183. 'children' => $errors
  184. ),
  185. );
  186. }
  187. function newsletterpreview()
  188. {
  189. global $context, $sourcedir, $smcFunc, $txt;
  190. require_once($sourcedir . '/Subs-Post.php');
  191. require_once($sourcedir . '/ManageNews.php');
  192. loadLanguage('Errors');
  193. $context['post_error']['messages'] = array();
  194. $context['send_pm'] = !empty($_POST['send_pm']) ? 1 : 0;
  195. $context['send_html'] = !empty($_POST['send_html']) ? 1 : 0;
  196. if (empty($_POST['subject']))
  197. $context['post_error']['messages'][] = $txt['error_no_subject'];
  198. if (empty($_POST['message']))
  199. $context['post_error']['messages'][] = $txt['error_no_message'];
  200. prepareMailingForPreview();
  201. $context['sub_template'] = 'pm';
  202. }
  203. function sig_preview()
  204. {
  205. global $context, $sourcedir, $smcFunc, $txt, $user_info;
  206. require_once($sourcedir . '/Profile-Modify.php');
  207. loadLanguage('Profile');
  208. loadLanguage('Errors');
  209. $user = isset($_POST['user']) ? (int) $_POST['user'] : 0;
  210. $is_owner = $user == $user_info['id'];
  211. // @todo Temporary
  212. // Borrowed from loadAttachmentContext in Display.php
  213. $can_change = $is_owner ? allowedTo(array('profile_extra_any', 'profile_extra_own')) : allowedTo('profile_extra_any');
  214. $errors = array();
  215. if (!empty($user) && $can_change)
  216. {
  217. $request = $smcFunc['db_query']('', '
  218. SELECT signature
  219. FROM {db_prefix}members
  220. WHERE id_member = {int:id_member}
  221. LIMIT 1',
  222. array(
  223. 'id_member' => $user,
  224. )
  225. );
  226. list($current_signature) = $smcFunc['db_fetch_row']($request);
  227. $smcFunc['db_free_result']($request);
  228. censorText($current_signature);
  229. $current_signature = parse_bbc($current_signature, true, 'sig' . $user);
  230. $preview_signature = !empty($_POST['signature']) ? $_POST['signature'] : '';
  231. $validation = profileValidateSignature($preview_signature);
  232. if ($validation !== true && $validation !== false)
  233. $errors[] = array('value' => $txt['profile_error_' . $validation], 'attributes' => array('type' => 'error'));
  234. censorText($preview_signature);
  235. $preview_signature = parse_bbc($preview_signature, true, 'sig' . $user);
  236. }
  237. elseif (!$can_change)
  238. {
  239. if ($is_owner)
  240. $errors[] = array('value' => $txt['cannot_profile_extra_own'], 'attributes' => array('type' => 'error'));
  241. else
  242. $errors[] = array('value' => $txt['cannot_profile_extra_any'], 'attributes' => array('type' => 'error'));
  243. }
  244. else
  245. $errors[] = array('value' => $txt['no_user_selected'], 'attributes' => array('type' => 'error'));
  246. $context['xml_data']['signatures'] = array(
  247. 'identifier' => 'signature',
  248. 'children' => array()
  249. );
  250. if (isset($current_signature))
  251. $context['xml_data']['signatures']['children'][] = array(
  252. 'value' => $current_signature,
  253. 'attributes' => array('type' => 'current'),
  254. );
  255. if (isset($preview_signature))
  256. $context['xml_data']['signatures']['children'][] = array(
  257. 'value' => $preview_signature,
  258. 'attributes' => array('type' => 'preview'),
  259. );
  260. if (!empty($errors))
  261. $context['xml_data']['errors'] = array(
  262. 'identifier' => 'error',
  263. 'children' => array_merge(
  264. array(
  265. array(
  266. 'value' => $txt['profile_errors_occurred'],
  267. 'attributes' => array('type' => 'errors_occurred'),
  268. ),
  269. ),
  270. $errors
  271. ),
  272. );
  273. }
  274. function warning_preview()
  275. {
  276. global $context, $sourcedir, $smcFunc, $txt, $user_info, $scripturl, $mbname;
  277. require_once($sourcedir . '/Subs-Post.php');
  278. loadLanguage('Errors');
  279. loadLanguage('ModerationCenter');
  280. $user = isset($_POST['user']) ? (int) $_POST['user'] : 0;
  281. $context['post_error']['messages'] = array();
  282. if (allowedTo('issue_warning'))
  283. {
  284. $warning_body = !empty($_POST['body']) ? trim(censorText($_POST['body'])) : '';
  285. $context['preview_subject'] = !empty($_POST['title']) ? trim($smcFunc['htmlspecialchars']($_POST['title'])) : '';
  286. if (isset($_POST['issuing']))
  287. {
  288. if (empty($_POST['title']) || empty($_POST['body']))
  289. $context['post_error']['messages'][] = $txt['warning_notify_blank'];
  290. }
  291. else
  292. {
  293. if (empty($_POST['title']))
  294. $context['post_error']['messages'][] = $txt['mc_warning_template_error_no_title'];
  295. if (empty($_POST['body']))
  296. $context['post_error']['messages'][] = $txt['mc_warning_template_error_no_body'];
  297. // Add in few replacements.
  298. /**
  299. * These are the defaults:
  300. * - {MEMBER} - Member Name. => current user for review
  301. * - {MESSAGE} - Link to Offending Post. (If Applicable) => not applicable here, so not replaced
  302. * - {FORUMNAME} - Forum Name.
  303. * - {SCRIPTURL} - Web address of forum.
  304. * - {REGARDS} - Standard email sign-off.
  305. */
  306. $find = array(
  307. '{MEMBER}',
  308. '{FORUMNAME}',
  309. '{SCRIPTURL}',
  310. '{REGARDS}',
  311. );
  312. $replace = array(
  313. $user_info['name'],
  314. $mbname,
  315. $scripturl,
  316. $txt['regards_team'],
  317. );
  318. $warning_body = str_replace($find, $replace, $warning_body);
  319. }
  320. if (!empty($_POST['body']))
  321. {
  322. preparsecode($warning_body);
  323. $warning_body = parse_bbc($warning_body, true);
  324. }
  325. $context['preview_message'] = $warning_body;
  326. }
  327. else
  328. $context['post_error']['messages'][] = array('value' => $txt['cannot_issue_warning'], 'attributes' => array('type' => 'error'));
  329. $context['sub_template'] = 'pm';
  330. }
  331. ?>