Vergleich xmlhttp.php - 1.2.3 - 1.2.12

Keine Änderungen Hinzugefügt Modifiziert Entfernt
Zeile 3	Zeile 3
* MyBB 1.2 * Copyright © 2006 MyBB Group, All Rights Reserved *	* MyBB 1.2 * Copyright © 2006 MyBB Group, All Rights Reserved *
* Website: http://www.mybboard.com * License: http://www.mybboard.com/eula.html	* Website: http://www.mybboard.net * License: http://www.mybboard.net/eula.html
*	*
* $Id: xmlhttp.php 2477 2006-12-02 13:12:03Z CraKteR $	* $Id: xmlhttp.php 3600 2008-01-21 00:08:28Z Tikitiki $
/ /*	/ /*
Zeile 74	Zeile 74
$loadstyle = "def=1"; }	$loadstyle = "def=1"; }
	// Load basic theme information that we could be needing.
$query = $db->simple_select(TABLE_PREFIX."themes", "name, tid, themebits", $loadstyle); $theme = $db->fetch_array($query); $theme = @array_merge($theme, unserialize($theme['themebits']));	$query = $db->simple_select(TABLE_PREFIX."themes", "name, tid, themebits", $loadstyle); $theme = $db->fetch_array($query); $theme = @array_merge($theme, unserialize($theme['themebits']));
Zeile 99	Zeile 100
$lang->load("global"); $lang->load("xmlhttp");	$lang->load("global"); $lang->load("xmlhttp");
// Load basic theme information that we could be needing.
$plugins->run_hooks("xmlhttp");	$plugins->run_hooks("xmlhttp");
Zeile 112	Zeile 111
{ exit; }	{ exit; }

// Send our headers.	// Send our headers.
header("Content-type: text/html; charset={$charset}");	header("Content-type: text/plain; charset={$charset}");
// Sanitize the input. $mybb->input['query'] = str_replace(array("%", "_"), array("\\%", "\\_"), $mybb->input['query']);	// Sanitize the input. $mybb->input['query'] = str_replace(array("%", "_"), array("\\%", "\\_"), $mybb->input['query']);
Zeile 125	Zeile 124
"order_dir" => "asc", "limit_start" => 0, "limit" => 15	"order_dir" => "asc", "limit_start" => 0, "limit" => 15
);	);
$query = $db->simple_select(TABLE_PREFIX."users", "uid, username", "username LIKE '".$db->escape_string($mybb->input['query'])."%'", $query_options); while($user = $db->fetch_array($query)) {	$query = $db->simple_select(TABLE_PREFIX."users", "uid, username", "username LIKE '".$db->escape_string($mybb->input['query'])."%'", $query_options); while($user = $db->fetch_array($query)) {
Zeile 139	Zeile 138
// This action provides editing of thread/post subjects from within their respective list pages. else if($mybb->input['action'] == "edit_subject" && $mybb->request_method == "post") {	// This action provides editing of thread/post subjects from within their respective list pages. else if($mybb->input['action'] == "edit_subject" && $mybb->request_method == "post") {
	// Verify POST request if(!verify_post_check($mybb->input['my_post_key'], true)) { xmlhttp_error($lang->invalid_post_code); }
// Editing a post subject. if($mybb->input['pid']) { // Fetch the post from the database. $post = get_post($mybb->input['pid']);	// Editing a post subject. if($mybb->input['pid']) { // Fetch the post from the database. $post = get_post($mybb->input['pid']);

// No result, die. if(!$post['pid']) { xmlhttp_error($lang->post_doesnt_exist); }	// No result, die. if(!$post['pid']) { xmlhttp_error($lang->post_doesnt_exist); }

// Fetch the thread associated with this post. $thread = get_thread($post['tid']); }	// Fetch the thread associated with this post. $thread = get_thread($post['tid']); }
Zeile 169	Zeile 174
$query = $db->simple_select(TABLE_PREFIX."posts", "pid,uid,dateline", "tid='".$thread['tid']."'", $query_options); $post = $db->fetch_array($query); }	$query = $db->simple_select(TABLE_PREFIX."posts", "pid,uid,dateline", "tid='".$thread['tid']."'", $query_options); $post = $db->fetch_array($query); }
// Fetch the specific forum this thread/post is in. $forum = get_forum($thread['fid']); // Missing thread, invalid forum? Error. if(!$thread['tid'] \|\| !$forum['fid'] \|\| $forum['type'] != "f") { xmlhttp_error($lang->thread_doesnt_exist); }	// Fetch the specific forum this thread/post is in. $forum = get_forum($thread['fid']); // Missing thread, invalid forum? Error. if(!$thread['tid'] \|\| !$forum['fid'] \|\| $forum['type'] != "f") { xmlhttp_error($lang->thread_doesnt_exist); }
// Fetch forum permissions. $forumpermissions = forum_permissions($forum['fid']); // If this user is not a moderator with "caneditposts" permissions. if(is_moderator($forum['fid'], "caneditposts") != "yes")	// Fetch forum permissions. $forumpermissions = forum_permissions($forum['fid']); // If this user is not a moderator with "caneditposts" permissions. if(is_moderator($forum['fid'], "caneditposts") != "yes")
{	{
// Thread is closed - no editing allowed. if($thread['closed'] == "yes") {	// Thread is closed - no editing allowed. if($thread['closed'] == "yes") {
Zeile 201	Zeile 206
xmlhttp_error($lang->edit_time_limit); } $ismod = false;	xmlhttp_error($lang->edit_time_limit); } $ismod = false;
}	}
else { $ismod = true;	else { $ismod = true;
Zeile 214	Zeile 219
$subject = iconv("UTF-8", $charset, $subject); } else if(function_exists("mb_convert_encoding"))	$subject = iconv("UTF-8", $charset, $subject); } else if(function_exists("mb_convert_encoding"))
{ $subject = mb_convert_encoding($subject, $charset, "UTF-8");	{ $subject = @mb_convert_encoding($subject, $charset, "UTF-8");
} else if(strtolower($charset) == "iso-8859-1") {	} else if(strtolower($charset) == "iso-8859-1") {
Zeile 227	Zeile 232
require_once MYBB_ROOT."inc/datahandlers/post.php"; $posthandler = new PostDataHandler("update"); $posthandler->action = "post";	require_once MYBB_ROOT."inc/datahandlers/post.php"; $posthandler = new PostDataHandler("update"); $posthandler->action = "post";

// Set the post data that came from the input to the $post array. $updatepost = array( "pid" => $post['pid'],	// Set the post data that came from the input to the $post array. $updatepost = array( "pid" => $post['pid'],
Zeile 260	Zeile 265
} // Send our headers.	} // Send our headers.
header("Content-type: text/html; charset={$charset}");	header("Content-type: text/plain; charset={$charset}");
// Spit the subject back to the browser. echo $mybb->input['value'];	// Spit the subject back to the browser. echo $mybb->input['value'];
Zeile 269	Zeile 274
exit; } else if($mybb->input['action'] == "edit_post")	exit; } else if($mybb->input['action'] == "edit_post")
{	{
// Fetch the post from the database. $post = get_post($mybb->input['pid']);	// Fetch the post from the database. $post = get_post($mybb->input['pid']);
Zeile 277	Zeile 282
if(!$post['pid']) { xmlhttp_error($lang->post_doesnt_exist);	if(!$post['pid']) { xmlhttp_error($lang->post_doesnt_exist);
}	}
// Fetch the thread associated with this post. $thread = get_thread($post['tid']);	// Fetch the thread associated with this post. $thread = get_thread($post['tid']);
Zeile 309	Zeile 314
} // If we're past the edit time limit - don't allow editing. else if($mybb->settings['edittimelimit'] != 0 && $post['dateline'] < (time()-($mybb->settings['edittimelimit']*60)))	} // If we're past the edit time limit - don't allow editing. else if($mybb->settings['edittimelimit'] != 0 && $post['dateline'] < (time()-($mybb->settings['edittimelimit']*60)))
{	{
$lang->edit_time_limit = sprintf($lang->edit_time_limit, $mybb->settings['edittimelimit']); xmlhttp_error($lang->edit_time_limit); } } if($mybb->input['do'] == "get_post")	$lang->edit_time_limit = sprintf($lang->edit_time_limit, $mybb->settings['edittimelimit']); xmlhttp_error($lang->edit_time_limit); } } if($mybb->input['do'] == "get_post")
{	{
// Send our headers.	// Send our headers.
header("Content-type: text/html; charset={$charset}");	header("Content-type: text/xml; charset={$charset}");
$post['message'] = htmlspecialchars_uni($post['message']);	$post['message'] = htmlspecialchars_uni($post['message']);
Zeile 329	Zeile 334
} else if($mybb->input['do'] == "update_post") {	} else if($mybb->input['do'] == "update_post") {
	// Verify POST request if(!verify_post_check($mybb->input['my_post_key'], true)) { xmlhttp_error($lang->invalid_post_code); }
$message = strval($_POST['value']); if(strtolower($charset) != "utf-8") {	$message = strval($_POST['value']); if(strtolower($charset) != "utf-8") {
Zeile 338	Zeile 349
} else if(function_exists("mb_convert_encoding")) {	} else if(function_exists("mb_convert_encoding")) {
$message = mb_convert_encoding($message, $charset, "UTF-8");	$message = @mb_convert_encoding($message, $charset, "UTF-8");
} else if(strtolower($charset) == "iso-8859-1") {	} else if(strtolower($charset) == "iso-8859-1") {
Zeile 456	Zeile 467
{ $from_tid = ''; }	{ $from_tid = ''; }
	require_once MYBB_ROOT."inc/class_parser.php"; $parser = new postParser;
// Query for any posts in the list which are not within the specified thread $query = $db->query("	// Query for any posts in the list which are not within the specified thread $query = $db->query("
Zeile 481	Zeile 495
$quoted_post['message'] = preg_replace('#(^\|\r\|\n)/me ([^\r\n<])#i', "\\1 {$quoted_post['username']} \\2", $quoted_post['message']); $quoted_post['message'] = preg_replace('#(^\|\r\|\n)/slap ([^\r\n<])#i', "\\1 {$quoted_post['username']} {$lang->slaps} \\2 {$lang->with_trout}", $quoted_post['message']); $quoted_post['message'] = preg_replace("#\[attachment=([0-9]+?)\]#i", '', $quoted_post['message']);	$quoted_post['message'] = preg_replace('#(^\|\r\|\n)/me ([^\r\n<])#i', "\\1 {$quoted_post['username']} \\2", $quoted_post['message']); $quoted_post['message'] = preg_replace('#(^\|\r\|\n)/slap ([^\r\n<])#i', "\\1 {$quoted_post['username']} {$lang->slaps} \\2 {$lang->with_trout}", $quoted_post['message']); $quoted_post['message'] = preg_replace("#\[attachment=([0-9]+?)\]#i", '', $quoted_post['message']);
	$quoted_post['message'] = $parser->parse_badwords($quoted_post['message']);
// Tack on to list of messages $message .= "[quote={$quoted_post['username']}]\n{$quoted_post['message']}\n[/quote]\n\n"; }	// Tack on to list of messages $message .= "[quote={$quoted_post['username']}]\n{$quoted_post['message']}\n[/quote]\n\n"; }
Zeile 501	Zeile 516
global $charset; // Send our headers.	global $charset; // Send our headers.
header("Content-type: text/html; charset={$charset}");	header("Content-type: text/xml; charset={$charset}");
// Send the error message. echo "<error>".$message."</error>";	// Send the error message. echo "<error>".$message."</error>";