Vergleich private.php - 1.6.5 - 1.6.10

Keine Änderungen Hinzugefügt Modifiziert Entfernt
Zeile 6	Zeile 6
* Website: http://mybb.com * License: http://mybb.com/about/license *	* Website: http://mybb.com * License: http://mybb.com/about/license *
* $Id: private.php 5476 2011-06-24 14:49:59Z Tomm $	* $Id$
*/ define("IN_MYBB", 1);	*/ define("IN_MYBB", 1);
Zeile 14	Zeile 14
define('THIS_SCRIPT', 'private.php'); $templatelist = "private_send,private_send_buddyselect,private_read,private_tracking,private_tracking_readmessage,private_tracking_unreadmessage";	define('THIS_SCRIPT', 'private.php'); $templatelist = "private_send,private_send_buddyselect,private_read,private_tracking,private_tracking_readmessage,private_tracking_unreadmessage";
$templatelist .= ",private_folders,private_folders_folder,private_folders_folder_unremovable,private,usercp_nav_changename,usercp_nav,private_empty_folder,private_empty,posticons"; $templatelist .= "usercp_nav_messenger,usercp_nav_changename,usercp_nav_profile,usercp_nav_misc,usercp_nav_messenger,multipage_nextpage,multipage_page_current,multipage_page,multipage_start,multipage_end,multipage,usercp_nav_editsignature,private_read_action,postbit_away,postbit_avatar,postbit_warn,postbit_rep_button"; $templatelist .= ",private_messagebit,codebuttons,smilieinsert,posticons,private_send_autocomplete,private_messagebit_denyreceipt,private_read_to, postbit_online,postbit_find,postbit_pm, postbit_email,postbit_reputation,postbit_warninglevel,postbit_author_user,postbit_reply_pm,postbit_forward_pm,postbit_delete_pm,postbit,private_tracking_nomessage,private_nomessages";	$templatelist .= ",private_folders,private_folders_folder,private_folders_folder_unremovable,private,usercp_nav,private_empty_folder,private_empty,private_archive_txt,private_archive_csv,private_archive_html"; $templatelist .= ",usercp_nav_messenger,usercp_nav_changename,usercp_nav_profile,usercp_nav_misc,multipage_nextpage,multipage_page_current,multipage_page,multipage_start,multipage_end,multipage,usercp_nav_editsignature,private_read_action,postbit_away,postbit_avatar,postbit_warn,postbit_rep_button"; $templatelist .= ",private_messagebit,codebuttons,smilieinsert,smilieinsert_getmore,posticons,private_send_autocomplete,private_messagebit_denyreceipt,private_read_to,postbit_online,postbit_find,postbit_pm,postbit_email,postbit_reputation,postbit_warninglevel,postbit_author_user,postbit_reply_pm,postbit_forward_pm"; $templatelist .= ",postbit_delete_pm,postbit,private_tracking_nomessage,private_nomessages,postbit_author_guest,private_multiple_recipients_user,private_multiple_recipients_bcc,private_multiple_recipients"; $templatelist .= ",private_search_messagebit,private_search_results_nomessages,private_search_results,private_advanced_search,previewpost,private_send_tracking,private_send_signature,private_read_bcc"; $templatelist .= ",private_archive,private_pmspace,private_limitwarning,postbit_groupimage,postbit_offline,postbit_www,postbit_replyall_pm,postbit_signature,postbit_classic,postbit_gotopost,usercp_nav_messenger_tracking,multipage_prevpage";
require_once "./global.php"; require_once MYBB_ROOT."inc/functions_post.php";	require_once "./global.php"; require_once MYBB_ROOT."inc/functions_post.php";
Zeile 248	Zeile 251
$plugins->run_hooks("private_results_start"); // Decide on our sorting fields and sorting order.	$plugins->run_hooks("private_results_start"); // Decide on our sorting fields and sorting order.
$order = my_strtolower(htmlspecialchars($mybb->input['order'])); $sortby = my_strtolower(htmlspecialchars($mybb->input['sortby']));	$order = my_strtolower(htmlspecialchars_uni($mybb->input['order'])); $sortby = my_strtolower(htmlspecialchars_uni($mybb->input['sortby']));
$sortby_accepted = array('subject', 'username', 'dateline');	$sortby_accepted = array('subject', 'username', 'dateline');
Zeile 469	Zeile 472
$senddate = $lang->not_sent; }	$senddate = $lang->not_sent; }
$foldername = htmlspecialchars_uni($foldernames[$message['folder']]);	$foldername = $foldernames[$message['folder']];
// What we do here is parse the post using our post parser, then strip the tags from it $parser_options = array(	// What we do here is parse the post using our post parser, then strip the tags from it $parser_options = array(
Zeile 484	Zeile 487
{ $message['message'] = my_substr($message['message'], 0, 200)."..."; }	{ $message['message'] = my_substr($message['message'], 0, 200)."..."; }
// For my sanity... $message['message'] = htmlspecialchars_uni($message['message']);
eval("\$messagelist .= \"".$templates->get("private_search_messagebit")."\";"); }	eval("\$messagelist .= \"".$templates->get("private_search_messagebit")."\";"); }
Zeile 530	Zeile 530
if($mybb->input['ajax']) { echo 1;	if($mybb->input['ajax']) { echo 1;
exit;	exit;
} else	} else
{	{
header("Location: index.php"); exit;	header("Location: index.php"); exit;
}	}
} $send_errors = '';	} $send_errors = '';
Zeile 547	Zeile 547
{ error_no_permission(); }	{ error_no_permission(); }

// Verify incoming POST request verify_post_check($mybb->input['my_post_key']); $plugins->run_hooks("private_send_do_send");	// Verify incoming POST request verify_post_check($mybb->input['my_post_key']); $plugins->run_hooks("private_send_do_send");

// Attempt to see if this PM is a duplicate or not $time_cutoff = TIME_NOW - (5 * 60 * 60); $query = $db->query("	// Attempt to see if this PM is a duplicate or not $time_cutoff = TIME_NOW - (5 * 60 * 60); $query = $db->query("
Zeile 586	Zeile 586
{ $pm['bcc'] = explode(",", $mybb->input['bcc']); $pm['bcc'] = array_map("trim", $pm['bcc']);	{ $pm['bcc'] = explode(",", $mybb->input['bcc']); $pm['bcc'] = array_map("trim", $pm['bcc']);
	} if(!$mybb->usergroup['cantrackpms']) { $mybb->input['options']['readreceipt'] = false;
} $pm['options'] = array(	} $pm['options'] = array(
Zeile 596	Zeile 601
); if($mybb->input['saveasdraft'])	); if($mybb->input['saveasdraft'])
{	{
$pm['saveasdraft'] = 1; } $pmhandler->set_data($pm);	$pm['saveasdraft'] = 1; } $pmhandler->set_data($pm);
Zeile 618	Zeile 623
redirect("private.php", $lang->redirect_pmsaved); } else	redirect("private.php", $lang->redirect_pmsaved); } else
{	{
redirect("private.php", $lang->redirect_pmsent); } }	redirect("private.php", $lang->redirect_pmsent); } }
Zeile 643	Zeile 648
$smilieinserter = build_clickable_smilies(); } }	$smilieinserter = build_clickable_smilies(); } }
	$lang->post_icon = $lang->message_icon;
$posticons = get_post_icons();	$posticons = get_post_icons();
$previewmessage = $mybb->input['message']; $message = htmlspecialchars_uni($mybb->input['message']); $subject = $previewsubject = htmlspecialchars_uni($mybb->input['subject']);	$message = htmlspecialchars_uni($parser->parse_badwords($mybb->input['message'])); $subject = htmlspecialchars_uni($parser->parse_badwords($mybb->input['subject']));
if($mybb->input['preview'] \|\| $send_errors) {	if($mybb->input['preview'] \|\| $send_errors) {
Zeile 665	Zeile 671
$optionschecked['savecopy'] = 'checked="checked"'; } if($options['readreceipt'] != 0)	$optionschecked['savecopy'] = 'checked="checked"'; } if($options['readreceipt'] != 0)
{	{
$optionschecked['readreceipt'] = 'checked="checked"'; } $to = htmlspecialchars_uni($mybb->input['to']);	$optionschecked['readreceipt'] = 'checked="checked"'; } $to = htmlspecialchars_uni($mybb->input['to']);
Zeile 681	Zeile 687
FROM ".TABLE_PREFIX."users u LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid) WHERE u.uid='".$mybb->user['uid']."'	FROM ".TABLE_PREFIX."users u LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid) WHERE u.uid='".$mybb->user['uid']."'
");	");
$post = $db->fetch_array($query); $post['userusername'] = $mybb->user['username']; $post['postusername'] = $mybb->user['username'];	$post = $db->fetch_array($query); $post['userusername'] = $mybb->user['username']; $post['postusername'] = $mybb->user['username'];
$post['message'] = $previewmessage; $post['subject'] = $previewsubject;	$post['message'] = $mybb->input['message']; $post['subject'] = htmlspecialchars_uni($mybb->input['subject']);
$post['icon'] = $mybb->input['icon']; $post['smilieoff'] = $options['disablesmilies']; $post['dateline'] = TIME_NOW;	$post['icon'] = $mybb->input['icon']; $post['smilieoff'] = $options['disablesmilies']; $post['dateline'] = TIME_NOW;
Zeile 700	Zeile 706
else { $post['includesig'] = 1;	else { $post['includesig'] = 1;
}	}
// Merge usergroup data from the cache $data_key = array( 'title' => 'grouptitle',	// Merge usergroup data from the cache $data_key = array( 'title' => 'grouptitle',
Zeile 742	Zeile 748
SELECT pm.*, u.username AS quotename FROM ".TABLE_PREFIX."privatemessages pm LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=pm.fromid)	SELECT pm.*, u.username AS quotename FROM ".TABLE_PREFIX."privatemessages pm LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=pm.fromid)
WHERE pm.pmid='".intval($mybb->input['pmid'])."' AND pm.uid='".$mybb->user['uid']."'	WHERE pm.pmid='{$mybb->input['pmid']}' AND pm.uid='{$mybb->user['uid']}'
");	");

$pm = $db->fetch_array($query);	$pm = $db->fetch_array($query);
$message = htmlspecialchars_uni($pm['message']); $subject = htmlspecialchars_uni($pm['subject']);	$message = htmlspecialchars_uni($parser->parse_badwords($pm['message'])); $subject = htmlspecialchars_uni($parser->parse_badwords($pm['subject']));
if($pm['folder'] == "3")	if($pm['folder'] == "3")
{ // message saved in drafts	{ // message saved in drafts
$mybb->input['uid'] = $pm['toid']; if($pm['includesig'] == 1)	$mybb->input['uid'] = $pm['toid']; if($pm['includesig'] == 1)
Zeile 772	Zeile 779
if(isset($recipients['to']) && is_array($recipients['to'])) { foreach($recipients['to'] as $recipient)	if(isset($recipients['to']) && is_array($recipients['to'])) { foreach($recipients['to'] as $recipient)
{	{
$recipient_list['to'][] = $recipient; $recipientids .= $comma.$recipient; $comma = ',';	$recipient_list['to'][] = $recipient; $recipientids .= $comma.$recipient; $comma = ',';
Zeile 806	Zeile 813
} } else	} } else
{ // forward/reply	{ // forward/reply
$subject = preg_replace("#(FW\|RE):( *)#is", '', $subject); $postdate = my_date($mybb->settings['dateformat'], $pm['dateline']); $posttime = my_date($mybb->settings['timeformat'], $pm['dateline']);	$subject = preg_replace("#(FW\|RE):( *)#is", '', $subject); $postdate = my_date($mybb->settings['dateformat'], $pm['dateline']); $posttime = my_date($mybb->settings['timeformat'], $pm['dateline']);
Zeile 854	Zeile 862
$query = $db->simple_select('users', 'uid, username', "uid IN ({$recipientids})"); while($user = $db->fetch_array($query)) {	$query = $db->simple_select('users', 'uid, username', "uid IN ({$recipientids})"); while($user = $db->fetch_array($query)) {
$to .= $comma.htmlspecialchars($user['username']);	$to .= $comma.htmlspecialchars_uni($user['username']);
$comma = $lang->comma; } }	$comma = $lang->comma; } }
Zeile 898	Zeile 906
$buddy_select = 'bcc'; eval("\$buddy_select_bcc = \"".$templates->get("private_send_buddyselect")."\";"); }	$buddy_select = 'bcc'; eval("\$buddy_select_bcc = \"".$templates->get("private_send_buddyselect")."\";"); }
	// Hide tracking option if no permission $private_send = $templates->get("private_send"); $tracking = ''; if($mybb->usergroup['cantrackpms']) { $tracking = $templates->get("private_send_tracking"); } eval("\$private_send_tracking = \"".$tracking."\";"); // Hide signature option if no permission $option_signature = ''; if($mybb->usergroup['canusesig'] && !$mybb->user['suspendsignature']) { $option_signature = $templates->get('private_send_signature'); } eval("\$private_send_signature = \"".$option_signature."\";");
$plugins->run_hooks("private_send_end");	$plugins->run_hooks("private_send_end");
eval("\$send = \"".$templates->get("private_send")."\";");	eval("\$send = \"".$private_send."\";");
output_page($send); }	output_page($send); }

if($mybb->input['action'] == "read") {	if($mybb->input['action'] == "read") {
Zeile 929	Zeile 953
if(!$pm['pmid']) { error($lang->error_invalidpm);	if(!$pm['pmid']) { error($lang->error_invalidpm);
}	}
// If we've gotten a PM, attach the group info $data_key = array( 'title' => 'grouptitle',	// If we've gotten a PM, attach the group info $data_key = array( 'title' => 'grouptitle',
Zeile 1008	Zeile 1032
$forward_date = my_date($mybb->settings['dateformat'], $pm['statustime']); if(strpos($forward_date, $lang->today) !== false \|\| strpos($forward_date, $lang->yesterday) !== false)	$forward_date = my_date($mybb->settings['dateformat'], $pm['statustime']); if(strpos($forward_date, $lang->today) !== false \|\| strpos($forward_date, $lang->yesterday) !== false)
{ $forward_date .= $lang->comma.my_date($mybb->settings['timeformat'], $pm['statustime']);	{ $forward_date .= $lang->comma.my_date($mybb->settings['timeformat'], $pm['statustime']);
$actioned_on = $lang->sprintf($lang->you_forwarded, $forward_date);	$actioned_on = $lang->sprintf($lang->you_forwarded, $forward_date);
}	}
else { $forward_date .= $lang->comma.my_date($mybb->settings['timeformat'], $pm['statustime']);	else { $forward_date .= $lang->comma.my_date($mybb->settings['timeformat'], $pm['statustime']);
Zeile 1023	Zeile 1047
$pm['userusername'] = $pm['username']; $pm['subject'] = htmlspecialchars_uni($parser->parse_badwords($pm['subject']));	$pm['userusername'] = $pm['username']; $pm['subject'] = htmlspecialchars_uni($parser->parse_badwords($pm['subject']));

if($pm['fromid'] == 0)	if($pm['fromid'] == 0)
{	{
$pm['username'] = $lang->mybb_engine;	$pm['username'] = $lang->mybb_engine;
}	}
if(!$pm['username']) {	if(!$pm['username']) {
Zeile 1035	Zeile 1060
// Fetch the recipients for this message $pm['recipients'] = @unserialize($pm['recipients']);	// Fetch the recipients for this message $pm['recipients'] = @unserialize($pm['recipients']);

if(is_array($pm['recipients']['to']))	if(is_array($pm['recipients']['to']))
{	{
$uid_sql = implode(',', $pm['recipients']['to']);	$uid_sql = implode(',', $pm['recipients']['to']);
}	}
else { $uid_sql = $pm['toid']; $pm['recipients']['to'] = array($pm['toid']);	else { $uid_sql = $pm['toid']; $pm['recipients']['to'] = array($pm['toid']);
}	}
$show_bcc = 0; // If we have any BCC recipients and this user is an Administrator, add them on to the query	$show_bcc = 0; // If we have any BCC recipients and this user is an Administrator, add them on to the query
Zeile 1085	Zeile 1110
} if(count($to_recipients) > 0)	} if(count($to_recipients) > 0)
{	{
$to_recipients = implode(", ", $to_recipients); } else	$to_recipients = implode(", ", $to_recipients); } else
Zeile 1106	Zeile 1131
if($mybb->input['action'] == "tracking") {	if($mybb->input['action'] == "tracking") {
	if(!$mybb->usergroup['cantrackpms']) { error_no_permission(); }
$plugins->run_hooks("private_tracking_start"); $readmessages = ''; $unreadmessages = '';	$plugins->run_hooks("private_tracking_start"); $readmessages = ''; $unreadmessages = '';
Zeile 1241	Zeile 1271
} } $plugins->run_hooks("private_do_tracking_end");	} } $plugins->run_hooks("private_do_tracking_end");
redirect("private.php", $lang->redirect_pmstrackingstopped);	redirect("private.php?action=tracking", $lang->redirect_pmstrackingstopped);
} elseif($mybb->input['stoptrackingunread']) {	} elseif($mybb->input['stoptrackingunread']) {
Zeile 1256	Zeile 1286
} } $plugins->run_hooks("private_do_tracking_end");	} } $plugins->run_hooks("private_do_tracking_end");
redirect("private.php", $lang->redirect_pmstrackingstopped);	redirect("private.php?action=tracking", $lang->redirect_pmstrackingstopped);
} elseif($mybb->input['cancel']) {	} elseif($mybb->input['cancel']) {
Zeile 1282	Zeile 1312
} } $plugins->run_hooks("private_do_tracking_end");	} } $plugins->run_hooks("private_do_tracking_end");
redirect("private.php", $lang->redirect_pmstrackingcanceled);	redirect("private.php?action=tracking", $lang->redirect_pmstrackingcanceled);
} }	} }
Zeile 1851	Zeile 1881
eval("\$pmsdownload .= \"".$templates->get("private_archive_".$mybb->input['exporttype']."_message", 1, 0)."\";"); $ids .= ",'{$message['pmid']}'"; }	eval("\$pmsdownload .= \"".$templates->get("private_archive_".$mybb->input['exporttype']."_message", 1, 0)."\";"); $ids .= ",'{$message['pmid']}'"; }
$query = $db->simple_select("themestylesheets", "stylesheet", "sid=1", array('limit' => 1)); $css = $db->fetch_field($query, "stylesheet");	if($mybb->input['exporttype'] == "html") { // Gather global stylesheet for HTML $query = $db->simple_select("themestylesheets", "stylesheet", "sid = '1'", array('limit' => 1)); $css = $db->fetch_field($query, "stylesheet"); }
$plugins->run_hooks("private_do_export_end"); eval("\$archived = \"".$templates->get("private_archive_".$mybb->input['exporttype'], 1, 0)."\";");	$plugins->run_hooks("private_do_export_end"); eval("\$archived = \"".$templates->get("private_archive_".$mybb->input['exporttype'], 1, 0)."\";");
Zeile 1863	Zeile 1897
$db->delete_query("privatemessages", "pmid IN ('0'$ids)"); // Update PM count update_pm_count();	$db->delete_query("privatemessages", "pmid IN ('0'$ids)"); // Update PM count update_pm_count();
} if($mybb->input['exporttype'] == "html") {	} if($mybb->input['exporttype'] == "html") {
$filename = "pm-archive.html"; $contenttype = "text/html"; }	$filename = "pm-archive.html"; $contenttype = "text/html"; }
Zeile 1879	Zeile 1913
{ $filename = "pm-archive.txt"; $contenttype = "text/plain";	{ $filename = "pm-archive.txt"; $contenttype = "text/plain";
}	}
$archived = str_replace("\\\'","'",$archived); header("Content-disposition: filename=$filename"); header("Content-type: ".$contenttype); if($mybb->input['exporttype'] == "html")	$archived = str_replace("\\\'","'",$archived); header("Content-disposition: filename=$filename"); header("Content-type: ".$contenttype); if($mybb->input['exporttype'] == "html")
{	{
output_page($archived); } else { echo $archived;	output_page($archived); } else { echo $archived;
}	}
} if(!$mybb->input['action'])	} if(!$mybb->input['action'])
Zeile 1905	Zeile 1939
} $folder = $mybb->input['fid'];	} $folder = $mybb->input['fid'];
$foldername = htmlspecialchars_uni($foldernames[$folder]);	$foldername = $foldernames[$folder];
$lang->pms_in_folder = $lang->sprintf($lang->pms_in_folder, $foldername); if($folder == 2 \|\| $folder == 3)	$lang->pms_in_folder = $lang->sprintf($lang->pms_in_folder, $foldername); if($folder == 2 \|\| $folder == 3)