Vergleich xmlhttp.php - 1.4.0 - 1.4.11

  Keine Änderungen   Hinzugefügt   Modifiziert   Entfernt
Zeile 6Zeile 6
 * Website: http://www.mybboard.net
* License: http://www.mybboard.net/about/license
*

 * Website: http://www.mybboard.net
* License: http://www.mybboard.net/about/license
*

 * $Id: xmlhttp.php 4039 2008-07-25 18:52:06Z Tikitiki $

 * $Id: xmlhttp.php 4446 2009-09-03 03:40:32Z RyanGordon $

 */

/**

 */

/**

Zeile 23Zeile 23

// We don't want visits here showing up on the Who's Online
define("NO_ONLINE", 1);


// We don't want visits here showing up on the Who's Online
define("NO_ONLINE", 1);

 
define('THIS_SCRIPT', 'xmlhttp.php');


// Load MyBB core files
require_once dirname(__FILE__)."/inc/init.php";


// Load MyBB core files
require_once dirname(__FILE__)."/inc/init.php";

Zeile 40Zeile 41

// Send no cache headers
header("Expires: Sat, 1 Jan 2000 01:00:00 GMT");


// Send no cache headers
header("Expires: Sat, 1 Jan 2000 01:00:00 GMT");

header("Last-Modified: " . gmdate("D, d M Y H:i:s") . "GMT");

header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");

header("Cache-Control: no-cache, must-revalidate");
header("Pragma: no-cache");


header("Cache-Control: no-cache, must-revalidate");
header("Pragma: no-cache");


Zeile 226Zeile 227
	{
if(function_exists("iconv"))
{

	{
if(function_exists("iconv"))
{

			$subject = iconv("UTF-8", $charset, $subject);

			$subject = iconv($charset, "UTF-8//IGNORE", $subject);

		}
else if(function_exists("mb_convert_encoding"))
{

		}
else if(function_exists("mb_convert_encoding"))
{

Zeile 323Zeile 324
			xmlhttp_error($lang->thread_closed_edit_message);
}
// Forum is not open, user doesn't have permission to edit, or author doesn't match this user - don't allow editing.

			xmlhttp_error($lang->thread_closed_edit_message);
}
// Forum is not open, user doesn't have permission to edit, or author doesn't match this user - don't allow editing.

		else if($forum['open'] == 0 || $forumpermissions['caneditposts'] == 0 || $mybb->user['uid'] != $post['uid'] || $mybb->user['uid'] == 0)
{

		else if($forum['open'] == 0 || $forumpermissions['caneditposts'] == 0 || $mybb->user['uid'] != $post['uid'] || $mybb->user['uid'] == 0 || $mybb->user['suspendposting'] == 1)
{

			xmlhttp_error($lang->no_permission_edit_post);
}
// If we're past the edit time limit - don't allow editing.

			xmlhttp_error($lang->no_permission_edit_post);
}
// If we're past the edit time limit - don't allow editing.

Zeile 334Zeile 335
			xmlhttp_error($lang->edit_time_limit);
}
}

			xmlhttp_error($lang->edit_time_limit);
}
}

 

// Forum is closed - no editing allowed (for anyone)
if($forum['open'] == 0)
{
xmlhttp_error($lang->no_permission_edit_post);
}


	if($mybb->input['do'] == "get_post")
{
// Send our headers.

	if($mybb->input['do'] == "get_post")
{
// Send our headers.

Zeile 360Zeile 368
		{
if(function_exists("iconv"))
{

		{
if(function_exists("iconv"))
{

				$message = iconv("UTF-8", $charset, $message);

				$message = iconv($charset, "UTF-8//IGNORE", $message);

			}
else if(function_exists("mb_convert_encoding"))
{

			}
else if(function_exists("mb_convert_encoding"))
{

Zeile 391Zeile 399
			$post_errors = $posthandler->get_friendly_errors();
$errors = implode("\n\n", $post_errors);
xmlhttp_error($errors);

			$post_errors = $posthandler->get_friendly_errors();
$errors = implode("\n\n", $post_errors);
xmlhttp_error($errors);

		}

		}

		// No errors were found, we can call the update method.
else
{

		// No errors were found, we can call the update method.
else
{

Zeile 404Zeile 412
				echo "</p>\n";
exit;
}

				echo "</p>\n";
exit;
}

		}

		}


require_once MYBB_ROOT."inc/class_parser.php";
$parser = new postParser;


require_once MYBB_ROOT."inc/class_parser.php";
$parser = new postParser;

		

		

		$parser_options = array(
"allow_html" => $forum['allowhtml'],
"allow_mycode" => $forum['allowmycode'],

		$parser_options = array(
"allow_html" => $forum['allowhtml'],
"allow_mycode" => $forum['allowmycode'],

Zeile 424Zeile 432
		}

$post['message'] = $parser->parse_message($message, $parser_options);

		}

$post['message'] = $parser->parse_message($message, $parser_options);

		

		

		// Now lets fetch all of the attachments for these posts.
$query = $db->simple_select("attachments", "*", "pid='{$post['pid']}'");
while($attachment = $db->fetch_array($query))

		// Now lets fetch all of the attachments for these posts.
$query = $db->simple_select("attachments", "*", "pid='{$post['pid']}'");
while($attachment = $db->fetch_array($query))

Zeile 559Zeile 567
	$db->insert_query("captcha", $regimagearray);
header("Content-type: text/plain; charset={$charset}");
echo $imagehash;

	$db->insert_query("captcha", $regimagearray);
header("Content-type: text/plain; charset={$charset}");
echo $imagehash;

}

}

else if($mybb->input['action'] == "validate_captcha")
{
header("Content-type: text/xml; charset={$charset}");

else if($mybb->input['action'] == "validate_captcha")
{
header("Content-type: text/xml; charset={$charset}");

Zeile 568Zeile 576
	if($db->num_rows($query) == 0)
{
echo "<fail>{$lang->captcha_valid_not_exists}</fail>";

	if($db->num_rows($query) == 0)
{
echo "<fail>{$lang->captcha_valid_not_exists}</fail>";

		exit;

		exit;

	}
$imagestring = $db->fetch_field($query, 'imagestring');

if(my_strtolower($imagestring) == my_strtolower($mybb->input['value']))
{
echo "<success>{$lang->captcha_matches}</success>";

	}
$imagestring = $db->fetch_field($query, 'imagestring');

if(my_strtolower($imagestring) == my_strtolower($mybb->input['value']))
{
echo "<success>{$lang->captcha_matches}</success>";

		exit;
}

		exit;
}

	else
{
echo "<fail>{$lang->captcha_does_not_match}</fail>";

	else
{
echo "<fail>{$lang->captcha_does_not_match}</fail>";

		exit;

		exit;

	}
}
else if($mybb->input['action'] == "username_availability")

	}
}
else if($mybb->input['action'] == "username_availability")

Zeile 590Zeile 598

// Fix bad characters
$username = trim($username);


// Fix bad characters
$username = trim($username);

	$username = str_replace(array(unicode_chr(160), unicode_chr(173), unicode_chr(0xCA), dec_to_utf8(8238), dec_to_utf8(8237)), array(" ", "-", "", "", ""), $username);

	$username = str_replace(array(unicode_chr(160), unicode_chr(173), unicode_chr(0xCA), dec_to_utf8(8238), dec_to_utf8(8237), dec_to_utf8(8203)), array(" ", "-", "", "", "", ""), $username);


// Remove multiple spaces from the username
$username = preg_replace("#\s{2,}#", " ", $username);


// Remove multiple spaces from the username
$username = preg_replace("#\s{2,}#", " ", $username);

 
	
if(empty($username))
{
echo "<fail>{$lang->banned_characters_username}</fail>";
exit;
}


header("Content-type: text/xml; charset={$charset}");



header("Content-type: text/xml; charset={$charset}");


Zeile 672Zeile 686
		);
$timecut = TIME_NOW - $mybb->settings['wolcutoff'];
$query = $db->simple_select("users", "uid, username, usergroup, displaygroup, lastactive, lastvisit, invisible", "uid IN ({$mybb->user['buddylist']})", $query_options);

		);
$timecut = TIME_NOW - $mybb->settings['wolcutoff'];
$query = $db->simple_select("users", "uid, username, usergroup, displaygroup, lastactive, lastvisit, invisible", "uid IN ({$mybb->user['buddylist']})", $query_options);

		$buddy_array = array();


		$online = array();
$offline = array();

		while($buddy = $db->fetch_array($query))
{
$buddy_name = format_name($buddy['username'], $buddy['usergroup'], $buddy['displaygroup']);

		while($buddy = $db->fetch_array($query))
{
$buddy_name = format_name($buddy['username'], $buddy['usergroup'], $buddy['displaygroup']);