Xml.php 9.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380
  1. <?php
  2. /**
  3. * Maintains all XML-based interaction (mainly XMLhttp)
  4. *
  5. * Simple Machines Forum (SMF)
  6. *
  7. * @package SMF
  8. * @author Simple Machines http://www.simplemachines.org
  9. * @copyright 2011 Simple Machines
  10. * @license http://www.simplemachines.org/about/smf/license.php BSD
  11. *
  12. * @version 2.1 Alpha 1
  13. */
  14. if (!defined('SMF'))
  15. die('Hacking attempt...');
  16. function XMLhttpMain()
  17. {
  18. loadTemplate('Xml');
  19. $sub_actions = array(
  20. 'jumpto' => array(
  21. 'function' => 'GetJumpTo',
  22. ),
  23. 'messageicons' => array(
  24. 'function' => 'ListMessageIcons',
  25. ),
  26. 'corefeatures' => array(
  27. 'function' => 'EnableCoreFeatures',
  28. ),
  29. 'previews' => array(
  30. 'function' => 'RetrievePreview',
  31. ),
  32. );
  33. if (!isset($_REQUEST['sa'], $sub_actions[$_REQUEST['sa']]))
  34. fatal_lang_error('no_access', false);
  35. $sub_actions[$_REQUEST['sa']]['function']();
  36. }
  37. /**
  38. * Get a list of boards and categories used for the jumpto dropdown.
  39. */
  40. function GetJumpTo()
  41. {
  42. global $user_info, $context, $smcFunc, $sourcedir;
  43. // Find the boards/cateogories they can see.
  44. require_once($sourcedir . '/Subs-MessageIndex.php');
  45. $boardListOptions = array(
  46. 'use_permissions' => true,
  47. 'selected_board' => isset($context['current_board']) ? $context['current_board'] : 0,
  48. );
  49. $context['jump_to'] = getBoardList($boardListOptions);
  50. // Make the board safe for display.
  51. foreach ($context['jump_to'] as $id_cat => $cat)
  52. {
  53. $context['jump_to'][$id_cat]['name'] = un_htmlspecialchars(strip_tags($cat['name']));
  54. foreach ($cat['boards'] as $id_board => $board)
  55. $context['jump_to'][$id_cat]['boards'][$id_board]['name'] = un_htmlspecialchars(strip_tags($board['name']));
  56. }
  57. $context['sub_template'] = 'jump_to';
  58. }
  59. function ListMessageIcons()
  60. {
  61. global $context, $sourcedir, $board;
  62. require_once($sourcedir . '/Subs-Editor.php');
  63. $context['icons'] = getMessageIcons($board);
  64. $context['sub_template'] = 'message_icons';
  65. }
  66. function EnableCoreFeatures()
  67. {
  68. global $context, $smcFunc, $sourcedir, $modSettings, $txt;
  69. $context['xml_data'] = array();
  70. // Just in case, maybe we don't need it
  71. loadLanguage('Errors');
  72. $errors = array();
  73. $returns = array();
  74. $tokens = array();
  75. if (allowedTo('admin_forum'))
  76. {
  77. $validation = validateSession();
  78. if (empty($validation))
  79. {
  80. require_once($sourcedir . '/ManageSettings.php');
  81. $result = ModifyCoreFeatures();
  82. if (empty($result))
  83. {
  84. $id = isset($_POST['feature_id']) ? $_POST['feature_id'] : '';
  85. if (!empty($id) && isset($context['features'][$id]))
  86. {
  87. $feature = $context['features'][$id];
  88. $returns[] = array(
  89. 'value' => (!empty($_POST['feature_' . $id]) && $feature['url'] ? '<a href="' . $feature['url'] . '">' . $feature['title'] . '</a>' : $feature['title']),
  90. );
  91. createToken('admin-core', 'post');
  92. $tokens = array(
  93. array(
  94. 'value' => $context['admin-core_token'],
  95. 'attributes' => array('type' => 'token_var'),
  96. ),
  97. array(
  98. 'value' => $context['admin-core_token_var'],
  99. 'attributes' => array('type' => 'token'),
  100. ),
  101. );
  102. }
  103. else
  104. {
  105. $errors[] = array(
  106. 'value' => $txt['feature_no_exists'],
  107. );
  108. }
  109. }
  110. else
  111. {
  112. $errors[] = array(
  113. 'value' => $txt[$result],
  114. );
  115. }
  116. }
  117. else
  118. {
  119. $errors[] = array(
  120. 'value' => $txt[$validation],
  121. );
  122. }
  123. }
  124. else
  125. {
  126. $errors[] = array(
  127. 'value' => $txt['cannot_admin_forum']
  128. );
  129. }
  130. $context['sub_template'] = 'generic_xml';
  131. $context['xml_data'] = array (
  132. 'corefeatures' => array (
  133. 'identifier' => 'corefeature',
  134. 'children' => $returns,
  135. ),
  136. 'tokens' => array (
  137. 'identifier' => 'token',
  138. 'children' => $tokens,
  139. ),
  140. 'errors' => array (
  141. 'identifier' => 'error',
  142. 'children' => $errors,
  143. ),
  144. );
  145. }
  146. function RetrievePreview()
  147. {
  148. global $context;
  149. $items = array(
  150. 'newspreview',
  151. 'newsletterpreview',
  152. 'sig_preview',
  153. 'warning_preview',
  154. );
  155. $context['sub_template'] = 'generic_xml';
  156. if (!isset($_POST['item']) || !in_array($_POST['item'], $items))
  157. return false;
  158. $_POST['item']();
  159. }
  160. function newspreview()
  161. {
  162. global $context, $sourcedir, $smcFunc;
  163. require_once($sourcedir . '/Subs-Post.php');
  164. $errors = array();
  165. $news = !isset($_POST['news'])? '' : $smcFunc['htmlspecialchars']($_POST['news'], ENT_QUOTES);
  166. if (empty($news))
  167. $errors[] = array('value' => 'no_news');
  168. else
  169. preparsecode($news);
  170. $context['xml_data'] = array(
  171. 'news' => array(
  172. 'identifier' => 'parsedNews',
  173. 'children' => array(
  174. array(
  175. 'value' => parse_bbc($news),
  176. ),
  177. ),
  178. ),
  179. 'errors' => array(
  180. 'identifier' => 'error',
  181. 'children' => $errors
  182. ),
  183. );
  184. }
  185. function newsletterpreview()
  186. {
  187. global $context, $sourcedir, $smcFunc, $txt;
  188. require_once($sourcedir . '/Subs-Post.php');
  189. require_once($sourcedir . '/ManageNews.php');
  190. loadLanguage('Errors');
  191. $context['post_error']['messages'] = array();
  192. $context['send_pm'] = !empty($_POST['send_pm']) ? 1 : 0;
  193. $context['send_html'] = !empty($_POST['send_html']) ? 1 : 0;
  194. if (empty($_POST['subject']))
  195. $context['post_error']['messages'][] = $txt['error_no_subject'];
  196. if (empty($_POST['message']))
  197. $context['post_error']['messages'][] = $txt['error_no_message'];
  198. prepareMailingForPreview();
  199. $context['sub_template'] = 'pm';
  200. }
  201. function sig_preview()
  202. {
  203. global $context, $sourcedir, $smcFunc, $txt, $user_info;
  204. require_once($sourcedir . '/Profile-Modify.php');
  205. loadLanguage('Profile');
  206. loadLanguage('Errors');
  207. $user = isset($_POST['user']) ? (int) $_POST['user'] : 0;
  208. $is_owner = $user == $user_info['id'];
  209. // @todo Temporary
  210. // Borrowed from loadAttachmentContext in Display.php
  211. $can_change = $is_owner ? allowedTo(array('profile_extra_any', 'profile_extra_own')) : allowedTo('profile_extra_any');
  212. $errors = array();
  213. if (!empty($user) && $can_change)
  214. {
  215. $request = $smcFunc['db_query']('', '
  216. SELECT signature
  217. FROM {db_prefix}members
  218. WHERE id_member = {int:id_member}
  219. LIMIT 1',
  220. array(
  221. 'id_member' => $user,
  222. )
  223. );
  224. list($current_signature) = $smcFunc['db_fetch_row']($request);
  225. $smcFunc['db_free_result']($request);
  226. censorText($current_signature);
  227. $current_signature = parse_bbc($current_signature, true, 'sig' . $user);
  228. $preview_signature = !empty($_POST['signature']) ? $_POST['signature'] : '';
  229. $validation = profileValidateSignature($preview_signature);
  230. if ($validation !== true && $validation !== false)
  231. $errors[] = array('value' => $txt['profile_error_' . $validation], 'attributes' => array('type' => 'error'));
  232. censorText($preview_signature);
  233. $preview_signature = parse_bbc($preview_signature, true, 'sig' . $user);
  234. }
  235. elseif (!$can_change)
  236. {
  237. if ($is_owner)
  238. $errors[] = array('value' => $txt['cannot_profile_extra_own'], 'attributes' => array('type' => 'error'));
  239. else
  240. $errors[] = array('value' => $txt['cannot_profile_extra_any'], 'attributes' => array('type' => 'error'));
  241. }
  242. else
  243. $errors[] = array('value' => $txt['no_user_selected'], 'attributes' => array('type' => 'error'));
  244. $context['xml_data']['signatures'] = array(
  245. 'identifier' => 'signature',
  246. 'children' => array()
  247. );
  248. if (isset($current_signature))
  249. $context['xml_data']['signatures']['children'][] = array(
  250. 'value' => $current_signature,
  251. 'attributes' => array('type' => 'current'),
  252. );
  253. if (isset($preview_signature))
  254. $context['xml_data']['signatures']['children'][] = array(
  255. 'value' => $preview_signature,
  256. 'attributes' => array('type' => 'preview'),
  257. );
  258. if (!empty($errors))
  259. $context['xml_data']['errors'] = array(
  260. 'identifier' => 'error',
  261. 'children' => array_merge(
  262. array(
  263. array(
  264. 'value' => $txt['profile_errors_occurred'],
  265. 'attributes' => array('type' => 'errors_occurred'),
  266. ),
  267. ),
  268. $errors
  269. ),
  270. );
  271. }
  272. function warning_preview()
  273. {
  274. global $context, $sourcedir, $smcFunc, $txt, $user_info, $scripturl, $mbname;
  275. require_once($sourcedir . '/Subs-Post.php');
  276. loadLanguage('Errors');
  277. loadLanguage('ModerationCenter');
  278. $user = isset($_POST['user']) ? (int) $_POST['user'] : 0;
  279. $context['post_error']['messages'] = array();
  280. if (allowedTo('issue_warning'))
  281. {
  282. $warning_body = !empty($_POST['body']) ? trim(censorText($_POST['body'])) : '';
  283. $context['preview_subject'] = !empty($_POST['title']) ? trim($smcFunc['htmlspecialchars']($_POST['title'])) : '';
  284. if (isset($_POST['issuing']))
  285. {
  286. if (empty($_POST['title']) || empty($_POST['body']))
  287. $context['post_error']['messages'][] = $txt['warning_notify_blank'];
  288. }
  289. else
  290. {
  291. if (empty($_POST['title']))
  292. $context['post_error']['messages'][] = $txt['mc_warning_template_error_no_title'];
  293. if (empty($_POST['body']))
  294. $context['post_error']['messages'][] = $txt['mc_warning_template_error_no_body'];
  295. // Add in few replacements.
  296. /**
  297. * These are the defaults:
  298. * - {MEMBER} - Member Name. => current user for review
  299. * - {MESSAGE} - Link to Offending Post. (If Applicable) => not applicable here, so not replaced
  300. * - {FORUMNAME} - Forum Name.
  301. * - {SCRIPTURL} - Web address of forum.
  302. * - {REGARDS} - Standard email sign-off.
  303. */
  304. $find = array(
  305. '{MEMBER}',
  306. '{FORUMNAME}',
  307. '{SCRIPTURL}',
  308. '{REGARDS}',
  309. );
  310. $replace = array(
  311. $user_info['name'],
  312. $mbname,
  313. $scripturl,
  314. $txt['regards_team'],
  315. );
  316. $warning_body = str_replace($find, $replace, $warning_body);
  317. }
  318. if (!empty($_POST['body']))
  319. {
  320. preparsecode($warning_body);
  321. $warning_body = parse_bbc($warning_body, true);
  322. }
  323. $context['preview_message'] = $warning_body;
  324. }
  325. else
  326. $context['post_error']['messages'][] = array('value' => $txt['cannot_issue_warning'], 'attributes' => array('type' => 'error'));
  327. $context['sub_template'] = 'pm';
  328. }
  329. ?>