Xml.php 7.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293
  1. <?php
  2. /**
  3. * Maintains all XML-based interaction (mainly XMLhttp)
  4. *
  5. * Simple Machines Forum (SMF)
  6. *
  7. * @package SMF
  8. * @author Simple Machines http://www.simplemachines.org
  9. * @copyright 2014 Simple Machines and individual contributors
  10. * @license http://www.simplemachines.org/about/smf/license.php BSD
  11. *
  12. * @version 2.1 Alpha 1
  13. */
  14. if (!defined('SMF'))
  15. die('No direct access...');
  16. function XMLhttpMain()
  17. {
  18. loadTemplate('Xml');
  19. $sub_actions = array(
  20. 'jumpto' => array(
  21. 'function' => 'GetJumpTo',
  22. ),
  23. 'messageicons' => array(
  24. 'function' => 'ListMessageIcons',
  25. ),
  26. 'previews' => array(
  27. 'function' => 'RetrievePreview',
  28. ),
  29. );
  30. // Easy adding of sub actions
  31. call_integration_hook('integrate_xmlhttp', array(&$sub_actions));
  32. if (!isset($_REQUEST['sa'], $sub_actions[$_REQUEST['sa']]))
  33. fatal_lang_error('no_access', false);
  34. $sub_actions[$_REQUEST['sa']]['function']();
  35. }
  36. /**
  37. * Get a list of boards and categories used for the jumpto dropdown.
  38. */
  39. function GetJumpTo()
  40. {
  41. global $context, $sourcedir;
  42. // Find the boards/cateogories they can see.
  43. require_once($sourcedir . '/Subs-MessageIndex.php');
  44. $boardListOptions = array(
  45. 'use_permissions' => true,
  46. 'selected_board' => isset($context['current_board']) ? $context['current_board'] : 0,
  47. );
  48. $context['jump_to'] = getBoardList($boardListOptions);
  49. // Make the board safe for display.
  50. foreach ($context['jump_to'] as $id_cat => $cat)
  51. {
  52. $context['jump_to'][$id_cat]['name'] = un_htmlspecialchars(strip_tags($cat['name']));
  53. foreach ($cat['boards'] as $id_board => $board)
  54. $context['jump_to'][$id_cat]['boards'][$id_board]['name'] = un_htmlspecialchars(strip_tags($board['name']));
  55. }
  56. $context['sub_template'] = 'jump_to';
  57. }
  58. function ListMessageIcons()
  59. {
  60. global $context, $sourcedir, $board;
  61. require_once($sourcedir . '/Subs-Editor.php');
  62. $context['icons'] = getMessageIcons($board);
  63. $context['sub_template'] = 'message_icons';
  64. }
  65. function RetrievePreview()
  66. {
  67. global $context;
  68. $items = array(
  69. 'newspreview',
  70. 'newsletterpreview',
  71. 'sig_preview',
  72. 'warning_preview',
  73. );
  74. $context['sub_template'] = 'generic_xml';
  75. if (!isset($_POST['item']) || !in_array($_POST['item'], $items))
  76. return false;
  77. $_POST['item']();
  78. }
  79. function newspreview()
  80. {
  81. global $context, $sourcedir, $smcFunc;
  82. require_once($sourcedir . '/Subs-Post.php');
  83. $errors = array();
  84. $news = !isset($_POST['news'])? '' : $smcFunc['htmlspecialchars']($_POST['news'], ENT_QUOTES);
  85. if (empty($news))
  86. $errors[] = array('value' => 'no_news');
  87. else
  88. preparsecode($news);
  89. $context['xml_data'] = array(
  90. 'news' => array(
  91. 'identifier' => 'parsedNews',
  92. 'children' => array(
  93. array(
  94. 'value' => parse_bbc($news),
  95. ),
  96. ),
  97. ),
  98. 'errors' => array(
  99. 'identifier' => 'error',
  100. 'children' => $errors
  101. ),
  102. );
  103. }
  104. function newsletterpreview()
  105. {
  106. global $context, $sourcedir, $txt;
  107. require_once($sourcedir . '/Subs-Post.php');
  108. require_once($sourcedir . '/ManageNews.php');
  109. loadLanguage('Errors');
  110. $context['post_error']['messages'] = array();
  111. $context['send_pm'] = !empty($_POST['send_pm']) ? 1 : 0;
  112. $context['send_html'] = !empty($_POST['send_html']) ? 1 : 0;
  113. if (empty($_POST['subject']))
  114. $context['post_error']['messages'][] = $txt['error_no_subject'];
  115. if (empty($_POST['message']))
  116. $context['post_error']['messages'][] = $txt['error_no_message'];
  117. prepareMailingForPreview();
  118. $context['sub_template'] = 'pm';
  119. }
  120. function sig_preview()
  121. {
  122. global $context, $sourcedir, $smcFunc, $txt, $user_info;
  123. require_once($sourcedir . '/Profile-Modify.php');
  124. loadLanguage('Profile');
  125. loadLanguage('Errors');
  126. $user = isset($_POST['user']) ? (int) $_POST['user'] : 0;
  127. $is_owner = $user == $user_info['id'];
  128. // @todo Temporary
  129. // Borrowed from loadAttachmentContext in Display.php
  130. $can_change = $is_owner ? allowedTo(array('profile_extra_any', 'profile_extra_own')) : allowedTo('profile_extra_any');
  131. $errors = array();
  132. if (!empty($user) && $can_change)
  133. {
  134. $request = $smcFunc['db_query']('', '
  135. SELECT signature
  136. FROM {db_prefix}members
  137. WHERE id_member = {int:id_member}
  138. LIMIT 1',
  139. array(
  140. 'id_member' => $user,
  141. )
  142. );
  143. list($current_signature) = $smcFunc['db_fetch_row']($request);
  144. $smcFunc['db_free_result']($request);
  145. censorText($current_signature);
  146. $current_signature = !empty($current_signature) ? parse_bbc($current_signature, true, 'sig' . $user) : $txt['no_signature_set'];
  147. $preview_signature = !empty($_POST['signature']) ? $_POST['signature'] : $txt['no_signature_set'];
  148. $validation = profileValidateSignature($preview_signature);
  149. if ($validation !== true && $validation !== false)
  150. $errors[] = array('value' => $txt['profile_error_' . $validation], 'attributes' => array('type' => 'error'));
  151. censorText($preview_signature);
  152. $preview_signature = parse_bbc($preview_signature, true, 'sig' . $user);
  153. }
  154. elseif (!$can_change)
  155. {
  156. if ($is_owner)
  157. $errors[] = array('value' => $txt['cannot_profile_extra_own'], 'attributes' => array('type' => 'error'));
  158. else
  159. $errors[] = array('value' => $txt['cannot_profile_extra_any'], 'attributes' => array('type' => 'error'));
  160. }
  161. else
  162. $errors[] = array('value' => $txt['no_user_selected'], 'attributes' => array('type' => 'error'));
  163. $context['xml_data']['signatures'] = array(
  164. 'identifier' => 'signature',
  165. 'children' => array()
  166. );
  167. if (isset($current_signature))
  168. $context['xml_data']['signatures']['children'][] = array(
  169. 'value' => $current_signature,
  170. 'attributes' => array('type' => 'current'),
  171. );
  172. if (isset($preview_signature))
  173. $context['xml_data']['signatures']['children'][] = array(
  174. 'value' => $preview_signature,
  175. 'attributes' => array('type' => 'preview'),
  176. );
  177. if (!empty($errors))
  178. $context['xml_data']['errors'] = array(
  179. 'identifier' => 'error',
  180. 'children' => array_merge(
  181. array(
  182. array(
  183. 'value' => $txt['profile_errors_occurred'],
  184. 'attributes' => array('type' => 'errors_occurred'),
  185. ),
  186. ),
  187. $errors
  188. ),
  189. );
  190. }
  191. function warning_preview()
  192. {
  193. global $context, $sourcedir, $smcFunc, $txt, $user_info, $scripturl, $mbname;
  194. require_once($sourcedir . '/Subs-Post.php');
  195. loadLanguage('Errors');
  196. loadLanguage('ModerationCenter');
  197. $user = isset($_POST['user']) ? (int) $_POST['user'] : 0;
  198. $context['post_error']['messages'] = array();
  199. if (allowedTo('issue_warning'))
  200. {
  201. $warning_body = !empty($_POST['body']) ? trim(censorText($_POST['body'])) : '';
  202. $context['preview_subject'] = !empty($_POST['title']) ? trim($smcFunc['htmlspecialchars']($_POST['title'])) : '';
  203. if (isset($_POST['issuing']))
  204. {
  205. if (empty($_POST['title']) || empty($_POST['body']))
  206. $context['post_error']['messages'][] = $txt['warning_notify_blank'];
  207. }
  208. else
  209. {
  210. if (empty($_POST['title']))
  211. $context['post_error']['messages'][] = $txt['mc_warning_template_error_no_title'];
  212. if (empty($_POST['body']))
  213. $context['post_error']['messages'][] = $txt['mc_warning_template_error_no_body'];
  214. // Add in few replacements.
  215. /**
  216. * These are the defaults:
  217. * - {MEMBER} - Member Name. => current user for review
  218. * - {MESSAGE} - Link to Offending Post. (If Applicable) => not applicable here, so not replaced
  219. * - {FORUMNAME} - Forum Name.
  220. * - {SCRIPTURL} - Web address of forum.
  221. * - {REGARDS} - Standard email sign-off.
  222. */
  223. $find = array(
  224. '{MEMBER}',
  225. '{FORUMNAME}',
  226. '{SCRIPTURL}',
  227. '{REGARDS}',
  228. );
  229. $replace = array(
  230. $user_info['name'],
  231. $mbname,
  232. $scripturl,
  233. $txt['regards_team'],
  234. );
  235. $warning_body = str_replace($find, $replace, $warning_body);
  236. }
  237. if (!empty($_POST['body']))
  238. {
  239. preparsecode($warning_body);
  240. $warning_body = parse_bbc($warning_body, true);
  241. }
  242. $context['preview_message'] = $warning_body;
  243. }
  244. else
  245. $context['post_error']['messages'][] = array('value' => $txt['cannot_issue_warning'], 'attributes' => array('type' => 'error'));
  246. $context['sub_template'] = 'pm';
  247. }
  248. ?>