Vergleich xmlhttp.php - 1.2.1 - 1.2.14

  Keine Änderungen   Hinzugefügt   Modifiziert   Entfernt
Zeile 3Zeile 3
 * MyBB 1.2
* Copyright © 2006 MyBB Group, All Rights Reserved
*

 * MyBB 1.2
* Copyright © 2006 MyBB Group, All Rights Reserved
*

 * Website: http://www.mybboard.com
* License: http://www.mybboard.com/eula.html

 * Website: http://www.mybboard.net
* License: http://www.mybboard.net/eula.html

 *

 *

 * $Id: xmlhttp.php 2222 2006-09-13 14:22:27Z chris $

 * $Id: xmlhttp.php 3600 2008-01-21 00:08:28Z Tikitiki $

 */

/**

 */

/**

Zeile 74Zeile 74
	$loadstyle = "def=1";
}


	$loadstyle = "def=1";
}


 
// Load basic theme information that we could be needing.

$query = $db->simple_select(TABLE_PREFIX."themes", "name, tid, themebits", $loadstyle);
$theme = $db->fetch_array($query);
$theme = @array_merge($theme, unserialize($theme['themebits']));

$query = $db->simple_select(TABLE_PREFIX."themes", "name, tid, themebits", $loadstyle);
$theme = $db->fetch_array($query);
$theme = @array_merge($theme, unserialize($theme['themebits']));

Zeile 88Zeile 89
	if(is_dir($theme['imgdir'].'/'.$mybb->settings['bblanguage']))
{
$theme['imglangdir'] = $theme['imgdir'].'/'.$mybb->settings['bblanguage'];

	if(is_dir($theme['imgdir'].'/'.$mybb->settings['bblanguage']))
{
$theme['imglangdir'] = $theme['imgdir'].'/'.$mybb->settings['bblanguage'];

	}

	}

	else
{
$theme['imglangdir'] = $theme['imgdir'];

	else
{
$theme['imglangdir'] = $theme['imgdir'];

Zeile 99Zeile 100

$lang->load("global");
$lang->load("xmlhttp");


$lang->load("global");
$lang->load("xmlhttp");


// Load basic theme information that we could be needing.

 

$plugins->run_hooks("xmlhttp");



$plugins->run_hooks("xmlhttp");


Zeile 114Zeile 113
	}

// Send our headers.

	}

// Send our headers.

	header("Content-type: text/html; charset={$charset}");

	header("Content-type: text/plain; charset={$charset}");


// Sanitize the input.
$mybb->input['query'] = str_replace(array("%", "_"), array("\\%", "\\_"), $mybb->input['query']);


// Sanitize the input.
$mybb->input['query'] = str_replace(array("%", "_"), array("\\%", "\\_"), $mybb->input['query']);

Zeile 139Zeile 138
// This action provides editing of thread/post subjects from within their respective list pages.
else if($mybb->input['action'] == "edit_subject" && $mybb->request_method == "post")
{

// This action provides editing of thread/post subjects from within their respective list pages.
else if($mybb->input['action'] == "edit_subject" && $mybb->request_method == "post")
{

 
	// Verify POST request
if(!verify_post_check($mybb->input['my_post_key'], true))
{
xmlhttp_error($lang->invalid_post_code);
}


	// Editing a post subject.
if($mybb->input['pid'])
{

	// Editing a post subject.
if($mybb->input['pid'])
{

Zeile 168Zeile 173
		);
$query = $db->simple_select(TABLE_PREFIX."posts", "pid,uid,dateline", "tid='".$thread['tid']."'", $query_options);
$post = $db->fetch_array($query);

		);
$query = $db->simple_select(TABLE_PREFIX."posts", "pid,uid,dateline", "tid='".$thread['tid']."'", $query_options);
$post = $db->fetch_array($query);

	}
// Fetch the specific forum this thread/post is in.
$forum = get_forum($thread['fid']);

// Missing thread, invalid forum? Error.
if(!$thread['tid'] || !$forum['fid'] || $forum['type'] != "f")

	}
// Fetch the specific forum this thread/post is in.
$forum = get_forum($thread['fid']);

// Missing thread, invalid forum? Error.
if(!$thread['tid'] || !$forum['fid'] || $forum['type'] != "f")

	{
xmlhttp_error($lang->thread_doesnt_exist);
}

	{
xmlhttp_error($lang->thread_doesnt_exist);
}

Zeile 215Zeile 220
		}
else if(function_exists("mb_convert_encoding"))
{

		}
else if(function_exists("mb_convert_encoding"))
{

			$subject = mb_convert_encoding($subject, $charset, "UTF-8");

			$subject = @mb_convert_encoding($subject, $charset, "UTF-8");

		}
else if(strtolower($charset) == "iso-8859-1")
{

		}
else if(strtolower($charset) == "iso-8859-1")
{

Zeile 260Zeile 265
	}

// Send our headers.

	}

// Send our headers.

	header("Content-type: text/html; charset={$charset}");

	header("Content-type: text/plain; charset={$charset}"); 

	
// Spit the subject back to the browser.
echo $mybb->input['value'];

	
// Spit the subject back to the browser.
echo $mybb->input['value'];

Zeile 269Zeile 274
	exit;
}
else if($mybb->input['action'] == "edit_post")

	exit;
}
else if($mybb->input['action'] == "edit_post")

{

{	

	// Fetch the post from the database.
$post = get_post($mybb->input['pid']);


	// Fetch the post from the database.
$post = get_post($mybb->input['pid']);


Zeile 317Zeile 322
	if($mybb->input['do'] == "get_post")
{
// Send our headers.

	if($mybb->input['do'] == "get_post")
{
// Send our headers.

		header("Content-type: text/html; charset={$charset}");

		header("Content-type: text/xml; charset={$charset}");

		
$post['message'] = htmlspecialchars_uni($post['message']);


		
$post['message'] = htmlspecialchars_uni($post['message']);


Zeile 329Zeile 334
	}
else if($mybb->input['do'] == "update_post")
{

	}
else if($mybb->input['do'] == "update_post")
{

 
		// Verify POST request
if(!verify_post_check($mybb->input['my_post_key'], true))
{
xmlhttp_error($lang->invalid_post_code);
}


		$message = strval($_POST['value']);
if(strtolower($charset) != "utf-8")
{

		$message = strval($_POST['value']);
if(strtolower($charset) != "utf-8")
{

Zeile 338Zeile 349
			}
else if(function_exists("mb_convert_encoding"))
{

			}
else if(function_exists("mb_convert_encoding"))
{

				$message = mb_convert_encoding($message, $charset, "UTF-8");

				$message = @mb_convert_encoding($message, $charset, "UTF-8");

			}
else if(strtolower($charset) == "iso-8859-1")
{

			}
else if(strtolower($charset) == "iso-8859-1")
{

Zeile 348Zeile 359
		//die(str_replace("&", "&", $message));
if($debug_this == 1)
{

		//die(str_replace("&", "&", $message));
if($debug_this == 1)
{

			$fp = fopen(MYBB_ROOT."/uploads/test.log", "a");

			$fp = fopen(MYBB_ROOT."uploads/test.log", "a");

			fwrite($fp, $message."\n\n\n");
fclose($fp);
}

			fwrite($fp, $message."\n\n\n");
fclose($fp);
}

Zeile 374Zeile 385
		}
// No errors were found, we can call the update method.
else

		}
// No errors were found, we can call the update method.
else

		{

		{

			$posthandler->update_post();
}


			$posthandler->update_post();
}


Zeile 402Zeile 413
			$attachcache[$attachment['pid']][$attachment['aid']] = $attachment;
}


			$attachcache[$attachment['pid']][$attachment['aid']] = $attachment;
}


		require_once MYBB_ROOT."/inc/functions_post.php";

		require_once MYBB_ROOT."inc/functions_post.php";

		
get_post_attachments($post['pid'], $post);


		
get_post_attachments($post['pid'], $post);


Zeile 455Zeile 466
	else
{
$from_tid = '';

	else
{
$from_tid = '';

	}	





	}

require_once MYBB_ROOT."inc/class_parser.php";
$parser = new postParser;


	// Query for any posts in the list which are not within the specified thread
$query = $db->query("

	// Query for any posts in the list which are not within the specified thread
$query = $db->query("

		SELECT p.subject, p.message, p.pid, p.tid, p.username, u.username AS userusername

		SELECT p.subject, p.message, p.pid, p.tid, p.username, t.fid, p.visible, u.username AS userusername

		FROM ".TABLE_PREFIX."posts p
LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid)

		FROM ".TABLE_PREFIX."posts p
LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=p.tid)
LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid)

		WHERE {$from_tid}p.pid IN ($quoted_posts) {$unviewable_forums} AND p.visible='1'

		WHERE {$from_tid}p.pid IN ($quoted_posts) {$unviewable_forums}

	");
while($quoted_post = $db->fetch_array($query))

	");
while($quoted_post = $db->fetch_array($query))

	{






	{	
if(is_moderator($quoted_post['fid']) != 'yes' && $quoted_post['visible'] == 0)
{
continue;
}


		// Swap username over if we have a registered user
if($quoted_post['userusername'])
{

		// Swap username over if we have a registered user
if($quoted_post['userusername'])
{

Zeile 475Zeile 495
		$quoted_post['message'] = preg_replace('#(^|\r|\n)/me ([^\r\n<]*)#i', "\\1* {$quoted_post['username']} \\2", $quoted_post['message']);
$quoted_post['message'] = preg_replace('#(^|\r|\n)/slap ([^\r\n<]*)#i', "\\1* {$quoted_post['username']} {$lang->slaps} \\2 {$lang->with_trout}", $quoted_post['message']);
$quoted_post['message'] = preg_replace("#\[attachment=([0-9]+?)\]#i", '', $quoted_post['message']);

		$quoted_post['message'] = preg_replace('#(^|\r|\n)/me ([^\r\n<]*)#i', "\\1* {$quoted_post['username']} \\2", $quoted_post['message']);
$quoted_post['message'] = preg_replace('#(^|\r|\n)/slap ([^\r\n<]*)#i', "\\1* {$quoted_post['username']} {$lang->slaps} \\2 {$lang->with_trout}", $quoted_post['message']);
$quoted_post['message'] = preg_replace("#\[attachment=([0-9]+?)\]#i", '', $quoted_post['message']);

		


		$quoted_post['message'] = $parser->parse_badwords($quoted_post['message']);	


		// Tack on to list of messages
$message .= "[quote={$quoted_post['username']}]\n{$quoted_post['message']}\n[/quote]\n\n";
}

		// Tack on to list of messages
$message .= "[quote={$quoted_post['username']}]\n{$quoted_post['message']}\n[/quote]\n\n";
}

Zeile 495Zeile 516
	global $charset;

// Send our headers.

	global $charset;

// Send our headers.

	header("Content-type: text/html; charset={$charset}");

	header("Content-type: text/xml; charset={$charset}");

	
// Send the error message.
echo "<error>".$message."</error>";

	
// Send the error message.
echo "<error>".$message."</error>";