search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
further updates
[phpbb.git] / phpBB / includes / message_parser.php
blobacc4547039ff8da818fd13714d71b0d0c0680f88
1 <?php
2 /**
3 *
4 * @package phpBB3
5 * @version $Id$
6 * @copyright (c) 2005 phpBB Group
7 * @license http://opensource.org/licenses/gpl-license.php GNU Public License
8 *
9 */
10
11 /**
12 * @ignore
13 */
14 if (!defined('IN_PHPBB'))
15 {
16 exit;
17 }
18
19 if (!class_exists('bbcode'))
20 {
21 include($phpbb_root_path . 'includes/bbcode.' . $phpEx);
22 }
23
24 /**
25 * BBCODE FIRSTPASS
26 * BBCODE first pass class (functions for parsing messages for db storage)
27 * @package phpBB3
28 */
29 class bbcode_firstpass extends bbcode
30 {
31 var $message = '';
32 var $warn_msg = array();
33 var $parsed_items = array();
34
35 /**
36 * Parse BBCode
37 */
38 function parse_bbcode()
39 {
40 if (!$this->bbcodes)
41 {
42 $this->bbcode_init();
43 }
44
45 global $user;
46
47 $this->bbcode_bitfield = '';
48 $bitfield = new bitfield();
49
50 foreach ($this->bbcodes as $bbcode_name => $bbcode_data)
51 {
52 if (isset($bbcode_data['disabled']) && $bbcode_data['disabled'])
53 {
54 foreach ($bbcode_data['regexp'] as $regexp => $replacement)
55 {
56 if (preg_match($regexp, $this->message))
57 {
58 $this->warn_msg[] = sprintf($user->lang['UNAUTHORISED_BBCODE'] , '[' . $bbcode_name . ']');
59 continue;
60 }
61 }
62 }
63 else
64 {
65 foreach ($bbcode_data['regexp'] as $regexp => $replacement)
66 {
67 // The pattern gets compiled and cached by the PCRE extension,
68 // it should not demand recompilation
69 if (preg_match($regexp, $this->message))
70 {
71 $this->message = preg_replace($regexp, $replacement, $this->message);
72 $bitfield->set($bbcode_data['bbcode_id']);
73 }
74 }
75 }
76 }
77
78 $this->bbcode_bitfield = $bitfield->get_base64();
79 }
80
81 /**
82 * Prepare some bbcodes for better parsing
83 */
84 function prepare_bbcodes()
85 {
86 // Ok, seems like users instead want the no-parsing of urls, smilies, etc. after and before and within quote tags being tagged as "not a bug".
87 // Fine by me ;) Will ease our live... but do not come back and cry at us, we won't hear you.
88
89 /* Add newline at the end and in front of each quote block to prevent parsing errors (urls, smilies, etc.)
90 if (strpos($this->message, '[quote') !== false && strpos($this->message, '[/quote]') !== false)
91 {
92 $this->message = str_replace("\r\n", "\n", $this->message);
93
94 // We strip newlines and spaces after and before quotes in quotes (trimming) and then add exactly one newline
95 $this->message = preg_replace('#\[quote(=&quot;.*?&quot;)?\]\s*(.*?)\s*\[/quote\]#siu', '[quote\1]' . "\n" . '\2' ."\n[/quote]", $this->message);
96 }
97 */
98
99 // Add other checks which needs to be placed before actually parsing anything (be it bbcodes, smilies, urls...)
100 }
101
102 /**
103 * Init bbcode data for later parsing
104 */
105 function bbcode_init()
106 {
107 static $rowset;
108
109 // This array holds all bbcode data. BBCodes will be processed in this
110 // order, so it is important to keep [code] in first position and
111 // [quote] in second position.
112 $this->bbcodes = array(
113 'code' => array('bbcode_id' => 8, 'regexp' => array('#\[code(?:=([a-z]+))?\](.+\[/code\])#ise' => "\$this->bbcode_code('\$1', '\$2')")),
114 'quote' => array('bbcode_id' => 0, 'regexp' => array('#\[quote(?:=&quot;(.*?)&quot;)?\](.+)\[/quote\]#ise' => "\$this->bbcode_quote('\$0')")),
115 'attachment' => array('bbcode_id' => 12, 'regexp' => array('#\[attachment=([0-9]+)\](.*?)\[/attachment\]#ise' => "\$this->bbcode_attachment('\$1', '\$2')")),
116 'b' => array('bbcode_id' => 1, 'regexp' => array('#\[b\](.*?)\[/b\]#ise' => "\$this->bbcode_strong('\$1')")),
117 'i' => array('bbcode_id' => 2, 'regexp' => array('#\[i\](.*?)\[/i\]#ise' => "\$this->bbcode_italic('\$1')")),
118 'url' => array('bbcode_id' => 3, 'regexp' => array('#\[url(=(.*))?\](.*)\[/url\]#iUe' => "\$this->validate_url('\$2', '\$3')")),
119 'img' => array('bbcode_id' => 4, 'regexp' => array('#\[img\](.*)\[/img\]#iUe' => "\$this->bbcode_img('\$1')")),
120 'size' => array('bbcode_id' => 5, 'regexp' => array('#\[size=([\-\+]?\d+)\](.*?)\[/size\]#ise' => "\$this->bbcode_size('\$1', '\$2')")),
121 'color' => array('bbcode_id' => 6, 'regexp' => array('!\[color=(#[0-9a-f]{6}|[a-z\-]+)\](.*?)\[/color\]!ise' => "\$this->bbcode_color('\$1', '\$2')")),
122 'u' => array('bbcode_id' => 7, 'regexp' => array('#\[u\](.*?)\[/u\]#ise' => "\$this->bbcode_underline('\$1')")),
123 'list' => array('bbcode_id' => 9, 'regexp' => array('#\[list(?:=(?:[a-z0-9]|disc|circle|square))?].*\[/list]#ise' => "\$this->bbcode_parse_list('\$0')")),
124 'email' => array('bbcode_id' => 10, 'regexp' => array('#\[email=?(.*?)?\](.*?)\[/email\]#ise' => "\$this->validate_email('\$1', '\$2')")),
125 'flash' => array('bbcode_id' => 11, 'regexp' => array('#\[flash=([0-9]+),([0-9]+)\](.*?)\[/flash\]#ie' => "\$this->bbcode_flash('\$1', '\$2', '\$3')"))
126 );
127
128 // Zero the parsed items array
129 $this->parsed_items = array();
130
131 foreach ($this->bbcodes as $tag => $bbcode_data)
132 {
133 $this->parsed_items[$tag] = 0;
134 }
135
136 if (!is_array($rowset))
137 {
138 global $db;
139 $rowset = array();
140
141 $sql = 'SELECT *
142 FROM ' . BBCODES_TABLE;
143 $result = $db->sql_query($sql);
144
145 while ($row = $db->sql_fetchrow($result))
146 {
147 $rowset[] = $row;
148 }
149 $db->sql_freeresult($result);
150 }
151
152 foreach ($rowset as $row)
153 {
154 $this->bbcodes[$row['bbcode_tag']] = array(
155 'bbcode_id' => (int) $row['bbcode_id'],
156 'regexp' => array($row['first_pass_match'] => str_replace('$uid', $this->bbcode_uid, $row['first_pass_replace']))
157 );
158 }
159 }
160
161 /**
162 * Making some pre-checks for bbcodes as well as increasing the number of parsed items
163 */
164 function check_bbcode($bbcode, &$in)
165 {
166 // when using the /e modifier, preg_replace slashes double-quotes but does not
167 // seem to slash anything else
168 $in = str_replace("\r\n", "\n", str_replace('\"', '"', $in));
169
170 // Trimming here to make sure no empty bbcodes are parsed accidently
171 if (trim($in) == '')
172 {
173 return false;
174 }
175
176 $this->parsed_items[$bbcode]++;
177
178 return true;
179 }
180
181 /**
182 * Transform some characters in valid bbcodes
183 */
184 function bbcode_specialchars($text)
185 {
186 $str_from = array('<', '>', '[', ']', '.', ':');
187 $str_to = array('&lt;', '&gt;', '&#91;', '&#93;', '&#46;', '&#58;');
188
189 return str_replace($str_from, $str_to, $text);
190 }
191
192 /**
193 * Parse size tag
194 */
195 function bbcode_size($stx, $in)
196 {
197 global $user, $config;
198
199 if (!$this->check_bbcode('size', $in))
200 {
201 return '';
202 }
203
204 if ($config['max_' . $this->mode . '_font_size'] && $config['max_' . $this->mode . '_font_size'] < $stx)
205 {
206 $this->warn_msg[] = sprintf($user->lang['MAX_FONT_SIZE_EXCEEDED'], $config['max_' . $this->mode . '_font_size']);
207
208 return '[size=' . $stx . ']' . $in . '[/size]';
209 }
210
211 return '[size=' . $stx . ':' . $this->bbcode_uid . ']' . $in . '[/size:' . $this->bbcode_uid . ']';
212 }
213
214 /**
215 * Parse color tag
216 */
217 function bbcode_color($stx, $in)
218 {
219 if (!$this->check_bbcode('color', $in))
220 {
221 return '';
222 }
223
224 return '[color=' . $stx . ':' . $this->bbcode_uid . ']' . $in . '[/color:' . $this->bbcode_uid . ']';
225 }
226
227 /**
228 * Parse u tag
229 */
230 function bbcode_underline($in)
231 {
232 if (!$this->check_bbcode('u', $in))
233 {
234 return '';
235 }
236
237 return '[u:' . $this->bbcode_uid . ']' . $in . '[/u:' . $this->bbcode_uid . ']';
238 }
239
240 /**
241 * Parse b tag
242 */
243 function bbcode_strong($in)
244 {
245 if (!$this->check_bbcode('b', $in))
246 {
247 return '';
248 }
249
250 return '[b:' . $this->bbcode_uid . ']' . $in . '[/b:' . $this->bbcode_uid . ']';
251 }
252
253 /**
254 * Parse i tag
255 */
256 function bbcode_italic($in)
257 {
258 if (!$this->check_bbcode('i', $in))
259 {
260 return '';
261 }
262
263 return '[i:' . $this->bbcode_uid . ']' . $in . '[/i:' . $this->bbcode_uid . ']';
264 }
265
266 /**
267 * Parse img tag
268 */
269 function bbcode_img($in)
270 {
271 global $user, $config;
272
273 if (!$this->check_bbcode('img', $in))
274 {
275 return '';
276 }
277
278 $in = trim($in);
279 $error = false;
280
281 $in = str_replace(' ', '%20', $in);
282
283 // Checking urls
284 if (!preg_match('#^' . get_preg_expression('url') . '$#i', $in) && !preg_match('#^' . get_preg_expression('www_url') . '$#i', $in))
285 {
286 return '[img]' . $in . '[/img]';
287 }
288
289 // Try to cope with a common user error... not specifying a protocol but only a subdomain
290 if (!preg_match('#^[a-z0-9]+://#i', $in))
291 {
292 $in = 'http://' . $in;
293 }
294
295 if ($config['max_' . $this->mode . '_img_height'] || $config['max_' . $this->mode . '_img_width'])
296 {
297 $stats = @getimagesize($in);
298
299 if ($stats === false)
300 {
301 $error = true;
302 $this->warn_msg[] = $user->lang['UNABLE_GET_IMAGE_SIZE'];
303 }
304 else
305 {
306 if ($config['max_' . $this->mode . '_img_height'] && $config['max_' . $this->mode . '_img_height'] < $stats[1])
307 {
308 $error = true;
309 $this->warn_msg[] = sprintf($user->lang['MAX_IMG_HEIGHT_EXCEEDED'], $config['max_' . $this->mode . '_img_height']);
310 }
311
312 if ($config['max_' . $this->mode . '_img_width'] && $config['max_' . $this->mode . '_img_width'] < $stats[0])
313 {
314 $error = true;
315 $this->warn_msg[] = sprintf($user->lang['MAX_IMG_WIDTH_EXCEEDED'], $config['max_' . $this->mode . '_img_width']);
316 }
317 }
318 }
319
320 if ($error || $this->path_in_domain($in))
321 {
322 return '[img]' . $in . '[/img]';
323 }
324
325 return '[img:' . $this->bbcode_uid . ']' . $this->bbcode_specialchars($in) . '[/img:' . $this->bbcode_uid . ']';
326 }
327
328 /**
329 * Parse flash tag
330 */
331 function bbcode_flash($width, $height, $in)
332 {
333 global $user, $config;
334
335 if (!$this->check_bbcode('flash', $in))
336 {
337 return '';
338 }
339
340 $in = trim($in);
341 $error = false;
342
343 // Apply the same size checks on flash files as on images
344 if ($config['max_' . $this->mode . '_img_height'] || $config['max_' . $this->mode . '_img_width'])
345 {
346 if ($config['max_' . $this->mode . '_img_height'] && $config['max_' . $this->mode . '_img_height'] < $height)
347 {
348 $error = true;
349 $this->warn_msg[] = sprintf($user->lang['MAX_FLASH_HEIGHT_EXCEEDED'], $config['max_' . $this->mode . '_img_height']);
350 }
351
352 if ($config['max_' . $this->mode . '_img_width'] && $config['max_' . $this->mode . '_img_width'] < $width)
353 {
354 $error = true;
355 $this->warn_msg[] = sprintf($user->lang['MAX_FLASH_WIDTH_EXCEEDED'], $config['max_' . $this->mode . '_img_width']);
356 }
357 }
358
359 if ($error || $this->path_in_domain($in))
360 {
361 return '[flash=' . $width . ',' . $height . ']' . $in . '[/flash]';
362 }
363
364 return '[flash=' . $width . ',' . $height . ':' . $this->bbcode_uid . ']' . $this->bbcode_specialchars($in) . '[/flash:' . $this->bbcode_uid . ']';
365 }
366
367 /**
368 * Parse inline attachments [ia]
369 */
370 function bbcode_attachment($stx, $in)
371 {
372 if (!$this->check_bbcode('attachment', $in))
373 {
374 return '';
375 }
376
377 return '[attachment=' . $stx . ':' . $this->bbcode_uid . ']<!-- ia' . $stx . ' -->' . trim($in) . '<!-- ia' . $stx . ' -->[/attachment:' . $this->bbcode_uid . ']';
378 }
379
380 /**
381 * Parse code text from code tag
382 * @private
383 */
384 function bbcode_parse_code($stx, &$code)
385 {
386 switch (strtolower($stx))
387 {
388 case 'php':
389
390 $remove_tags = false;
391 $code = str_replace(array('&lt;', '&gt;'), array('<', '>'), $code);
392
393 if (!preg_match('/\<\?.*?\?\>/is', $code))
394 {
395 $remove_tags = true;
396 $code = "<?php $code ?>";
397 }
398
399 $conf = array('highlight.bg', 'highlight.comment', 'highlight.default', 'highlight.html', 'highlight.keyword', 'highlight.string');
400 foreach ($conf as $ini_var)
401 {
402 @ini_set($ini_var, str_replace('highlight.', 'syntax', $ini_var));
403 }
404
405 // Because highlight_string is specialcharing the text (but we already did this before), we have to reverse this in order to get correct results
406 $code = htmlspecialchars_decode($code);
407 $code = highlight_string($code, true);
408
409 $str_from = array('<span style="color: ', '<font color="syntax', '</font>', '<code>', '</code>','[', ']', '.', ':');
410 $str_to = array('<span class="', '<span class="syntax', '</span>', '', '', '&#91;', '&#93;', '&#46;', '&#58;');
411
412 if ($remove_tags)
413 {
414 $str_from[] = '<span class="syntaxdefault">&lt;?php </span>';
415 $str_to[] = '';
416 $str_from[] = '<span class="syntaxdefault">&lt;?php&nbsp;';
417 $str_to[] = '<span class="syntaxdefault">';
418 }
419
420 $code = str_replace($str_from, $str_to, $code);
421 $code = preg_replace('#^(<span class="[a-z_]+">)\n?(.*?)\n?(</span>)$#is', '$1$2$3', $code);
422
423 if ($remove_tags)
424 {
425 $code = preg_replace('#(<span class="[a-z]+">)?\?&gt;(</span>)#', '$1&nbsp;$2', $code);
426 }
427
428 $code = preg_replace('#^<span class="[a-z]+"><span class="([a-z]+)">(.*)</span></span>#s', '<span class="$1">$2</span>', $code);
429 $code = preg_replace('#(?:\s++|&nbsp;)*+</span>$#u', '</span>', $code);
430
431 // remove newline at the end
432 if (!empty($code) && substr($code, -1) == "\n")
433 {
434 $code = substr($code, 0, -1);
435 }
436
437 return "[code=$stx:" . $this->bbcode_uid . ']' . $code . '[/code:' . $this->bbcode_uid . ']';
438 break;
439
440 default:
441 return '[code:' . $this->bbcode_uid . ']' . $this->bbcode_specialchars($code) . '[/code:' . $this->bbcode_uid . ']';
442 break;
443 }
444 }
445
446 /**
447 * Parse code tag
448 * Expects the argument to start right after the opening [code] tag and to end with [/code]
449 */
450 function bbcode_code($stx, $in)
451 {
452 if (!$this->check_bbcode('code', $in))
453 {
454 return '';
455 }
456
457 // We remove the hardcoded elements from the code block here because it is not used in code blocks
458 // Having it here saves us one preg_replace per message containing [code] blocks
459 // Additionally, magic url parsing should go after parsing bbcodes, but for safety those are stripped out too...
460 $htm_match = get_preg_expression('bbcode_htm');
461 unset($htm_match[4], $htm_match[5]);
462 $htm_replace = array('\1', '\1', '\2', '\1');
463
464 $out = $code_block = '';
465 $open = 1;
466
467 while ($in)
468 {
469 // Determine position and tag length of next code block
470 preg_match('#(.*?)(\[code(?:=([a-z]+))?\])(.+)#is', $in, $buffer);
471 $pos = (isset($buffer[1])) ? strlen($buffer[1]) : false;
472 $tag_length = (isset($buffer[2])) ? strlen($buffer[2]) : false;
473
474 // Determine position of ending code tag
475 $pos2 = stripos($in, '[/code]');
476
477 // Which is the next block, ending code or code block
478 if ($pos !== false && $pos < $pos2)
479 {
480 // Open new block
481 if (!$open)
482 {
483 $out .= substr($in, 0, $pos);
484 $in = substr($in, $pos);
485 $stx = (isset($buffer[3])) ? $buffer[3] : '';
486 $code_block = '';
487 }
488 else
489 {
490 // Already opened block, just append to the current block
491 $code_block .= substr($in, 0, $pos) . ((isset($buffer[2])) ? $buffer[2] : '');
492 $in = substr($in, $pos);
493 }
494
495 $in = substr($in, $tag_length);
496 $open++;
497 }
498 else
499 {
500 // Close the block
501 if ($open == 1)
502 {
503 $code_block .= substr($in, 0, $pos2);
504 $code_block = preg_replace($htm_match, $htm_replace, $code_block);
505
506 // Parse this code block
507 $out .= $this->bbcode_parse_code($stx, $code_block);
508 $code_block = '';
509 $open--;
510 }
511 else if ($open)
512 {
513 // Close one open tag... add to the current code block
514 $code_block .= substr($in, 0, $pos2 + 7);
515 $open--;
516 }
517 else
518 {
519 // end code without opening code... will be always outside code block
520 $out .= substr($in, 0, $pos2 + 7);
521 }
522
523 $in = substr($in, $pos2 + 7);
524 }
525 }
526
527 // if now $code_block has contents we need to parse the remaining code while removing the last closing tag to match up.
528 if ($code_block)
529 {
530 $code_block = substr($code_block, 0, -7);
531 $code_block = preg_replace($htm_match, $htm_replace, $code_block);
532
533 $out .= $this->bbcode_parse_code($stx, $code_block);
534 }
535
536 return $out;
537 }
538
539 /**
540 * Parse list bbcode
541 * Expects the argument to start with a tag
542 */
543 function bbcode_parse_list($in)
544 {
545 if (!$this->check_bbcode('list', $in))
546 {
547 return '';
548 }
549
550 // $tok holds characters to stop at. Since the string starts with a '[' we'll get everything up to the first ']' which should be the opening [list] tag
551 $tok = ']';
552 $out = '[';
553
554 // First character is [
555 $in = substr($in, 1);
556 $list_end_tags = $item_end_tags = array();
557
558 do
559 {
560 $pos = strlen($in);
561
562 for ($i = 0, $tok_len = strlen($tok); $i < $tok_len; ++$i)
563 {
564 $tmp_pos = strpos($in, $tok[$i]);
565
566 if ($tmp_pos !== false && $tmp_pos < $pos)
567 {
568 $pos = $tmp_pos;
569 }
570 }
571
572 $buffer = substr($in, 0, $pos);
573 $tok = $in[$pos];
574
575 $in = substr($in, $pos + 1);
576
577 if ($tok == ']')
578 {
579 // if $tok is ']' the buffer holds a tag
580 if (strtolower($buffer) == '/list' && sizeof($list_end_tags))
581 {
582 // valid [/list] tag, check nesting so that we don't hit false positives
583 if (sizeof($item_end_tags) && sizeof($item_end_tags) >= sizeof($list_end_tags))
584 {
585 // current li tag has not been closed
586 $out = preg_replace('/\n?\[$/', '[', $out) . array_pop($item_end_tags) . '][';
587 }
588
589 $out .= array_pop($list_end_tags) . ']';
590 $tok = '[';
591 }
592 else if (preg_match('#^list(=[0-9a-z])?$#i', $buffer, $m))
593 {
594 // sub-list, add a closing tag
595 if (empty($m[1]) || preg_match('/^(?:disc|square|circle)$/i', $m[1]))
596 {
597 array_push($list_end_tags, '/list:u:' . $this->bbcode_uid);
598 }
599 else
600 {
601 array_push($list_end_tags, '/list:o:' . $this->bbcode_uid);
602 }
603 $out .= 'list' . substr($buffer, 4) . ':' . $this->bbcode_uid . ']';
604 $tok = '[';
605 }
606 else
607 {
608 if (($buffer == '*' || substr($buffer, -2) == '[*') && sizeof($list_end_tags))
609 {
610 // the buffer holds a bullet tag and we have a [list] tag open
611 if (sizeof($item_end_tags) >= sizeof($list_end_tags))
612 {
613 if (substr($buffer, -2) == '[*')
614 {
615 $out .= substr($buffer, 0, -2) . '[';
616 }
617 // current li tag has not been closed
618 if (preg_match('/\n\[$/', $out, $m))
619 {
620 $out = preg_replace('/\n\[$/', '[', $out);
621 $buffer = array_pop($item_end_tags) . "]\n[*:" . $this->bbcode_uid;
622 }
623 else
624 {
625 $buffer = array_pop($item_end_tags) . '][*:' . $this->bbcode_uid;
626 }
627 }
628 else
629 {
630 $buffer = '*:' . $this->bbcode_uid;
631 }
632
633 $item_end_tags[] = '/*:m:' . $this->bbcode_uid;
634 }
635 else if ($buffer == '/*')
636 {
637 array_pop($item_end_tags);
638 $buffer = '/*:' . $this->bbcode_uid;
639 }
640
641 $out .= $buffer . $tok;
642 $tok = '[]';
643 }
644 }
645 else
646 {
647 // Not within a tag, just add buffer to the return string
648 $out .= $buffer . $tok;
649 $tok = ($tok == '[') ? ']' : '[]';
650 }
651 }
652 while ($in);
653
654 // do we have some tags open? close them now
655 if (sizeof($item_end_tags))
656 {
657 $out .= '[' . implode('][', $item_end_tags) . ']';
658 }
659 if (sizeof($list_end_tags))
660 {
661 $out .= '[' . implode('][', $list_end_tags) . ']';
662 }
663
664 return $out;
665 }
666
667 /**
668 * Parse quote bbcode
669 * Expects the argument to start with a tag
670 */
671 function bbcode_quote($in)
672 {
673 global $config, $user;
674
675 /**
676 * If you change this code, make sure the cases described within the following reports are still working:
677 * #3572 - [quote="[test]test"]test [ test[/quote] - (correct: parsed)
678 * #14667 - [quote]test[/quote] test ] and [ test [quote]test[/quote] (correct: parsed)
679 * #14770 - [quote="["]test[/quote] (correct: parsed)
680 * [quote="[i]test[/i]"]test[/quote] (correct: parsed)
681 * [quote="[quote]test[/quote]"]test[/quote] (correct: NOT parsed)
682 */
683
684 $in = str_replace("\r\n", "\n", str_replace('\"', '"', trim($in)));
685
686 if (!$in)
687 {
688 return '';
689 }
690
691 // To let the parser not catch tokens within quote_username quotes we encode them before we start this...
692 $in = preg_replace('#quote=&quot;(.*?)&quot;\]#ie', "'quote=&quot;' . str_replace(array('[', ']'), array('&#91;', '&#93;'), '\$1') . '&quot;]'", $in);
693
694 $tok = ']';
695 $out = '[';
696
697 $in = substr($in, 1);
698 $close_tags = $error_ary = array();
699 $buffer = '';
700
701 do
702 {
703 $pos = strlen($in);
704 for ($i = 0, $tok_len = strlen($tok); $i < $tok_len; ++$i)
705 {
706 $tmp_pos = strpos($in, $tok[$i]);
707 if ($tmp_pos !== false && $tmp_pos < $pos)
708 {
709 $pos = $tmp_pos;
710 }
711 }
712
713 $buffer .= substr($in, 0, $pos);
714 $tok = $in[$pos];
715 $in = substr($in, $pos + 1);
716
717 if ($tok == ']')
718 {
719 if (strtolower($buffer) == '/quote' && sizeof($close_tags) && substr($out, -1, 1) == '[')
720 {
721 // we have found a closing tag
722 $out .= array_pop($close_tags) . ']';
723 $tok = '[';
724 $buffer = '';
725
726 /* Add space at the end of the closing tag if not happened before to allow following urls/smilies to be parsed correctly
727 * Do not try to think for the user. :/ Do not parse urls/smilies if there is no space - is the same as with other bbcodes too.
728 * Also, we won't have any spaces within $in anyway, only adding up spaces -> #10982
729 if (!$in || $in[0] !== ' ')
730 {
731 $out .= ' ';
732 }*/
733 }
734 else if (preg_match('#^quote(?:=&quot;(.*?)&quot;)?$#is', $buffer, $m))
735 {
736 $this->parsed_items['quote']++;
737
738 // the buffer holds a valid opening tag
739 if ($config['max_quote_depth'] && sizeof($close_tags) >= $config['max_quote_depth'])
740 {
741 // there are too many nested quotes
742 $error_ary['quote_depth'] = sprintf($user->lang['QUOTE_DEPTH_EXCEEDED'], $config['max_quote_depth']);
743
744 $out .= $buffer . $tok;
745 $tok = '[]';
746 $buffer = '';
747
748 continue;
749 }
750
751 array_push($close_tags, '/quote:' . $this->bbcode_uid);
752
753 if (isset($m[1]) && $m[1])
754 {
755 $username = str_replace(array('&#91;', '&#93;'), array('[', ']'), $m[1]);
756 $username = preg_replace('#\[(?!b|i|u|color|url|email|/b|/i|/u|/color|/url|/email)#iU', '&#91;$1', $username);
757
758 $end_tags = array();
759 $error = false;
760
761 preg_match_all('#\[((?:/)?(?:[a-z]+))#i', $username, $tags);
762 foreach ($tags[1] as $tag)
763 {
764 if ($tag[0] != '/')
765 {
766 $end_tags[] = '/' . $tag;
767 }
768 else
769 {
770 $end_tag = array_pop($end_tags);
771 $error = ($end_tag != $tag) ? true : false;
772 }
773 }
774
775 if ($error)
776 {
777 $username = $m[1];
778 }
779
780 $out .= 'quote=&quot;' . $username . '&quot;:' . $this->bbcode_uid . ']';
781 }
782 else
783 {
784 $out .= 'quote:' . $this->bbcode_uid . ']';
785 }
786
787 $tok = '[';
788 $buffer = '';
789 }
790 else if (preg_match('#^quote=&quot;(.*?)#is', $buffer, $m))
791 {
792 // the buffer holds an invalid opening tag
793 $buffer .= ']';
794 }
795 else
796 {
797 $out .= $buffer . $tok;
798 $tok = '[]';
799 $buffer = '';
800 }
801 }
802 else
803 {
804 /**
805 * Old quote code working fine, but having errors listed in bug #3572
806 *
807 * $out .= $buffer . $tok;
808 * $tok = ($tok == '[') ? ']' : '[]';
809 * $buffer = '';
810 */
811
812 $out .= $buffer . $tok;
813
814 if ($tok == '[')
815 {
816 // Search the text for the next tok... if an ending quote comes first, then change tok to []
817 $pos1 = stripos($in, '[/quote');
818 // If the token ] comes first, we change it to ]
819 $pos2 = strpos($in, ']');
820 // If the token [ comes first, we change it to [
821 $pos3 = strpos($in, '[');
822
823 if ($pos1 !== false && ($pos2 === false || $pos1 < $pos2) && ($pos3 === false || $pos1 < $pos3))
824 {
825 $tok = '[]';
826 }
827 else if ($pos3 !== false && ($pos2 === false || $pos3 < $pos2))
828 {
829 $tok = '[';
830 }
831 else
832 {
833 $tok = ']';
834 }
835 }
836 else
837 {
838 $tok = '[]';
839 }
840 $buffer = '';
841 }
842 }
843 while ($in);
844
845 if (sizeof($close_tags))
846 {
847 $out .= '[' . implode('][', $close_tags) . ']';
848 }
849
850 foreach ($error_ary as $error_msg)
851 {
852 $this->warn_msg[] = $error_msg;
853 }
854
855 return $out;
856 }
857
858 /**
859 * Validate email
860 */
861 function validate_email($var1, $var2)
862 {
863 $var1 = str_replace("\r\n", "\n", str_replace('\"', '"', trim($var1)));
864 $var2 = str_replace("\r\n", "\n", str_replace('\"', '"', trim($var2)));
865
866 $txt = $var2;
867 $email = ($var1) ? $var1 : $var2;
868
869 $validated = true;
870
871 if (!preg_match('/^' . get_preg_expression('email') . '$/i', $email))
872 {
873 $validated = false;
874 }
875
876 if (!$validated)
877 {
878 return '[email' . (($var1) ? "=$var1" : '') . ']' . $var2 . '[/email]';
879 }
880
881 $this->parsed_items['email']++;
882
883 if ($var1)
884 {
885 $retval = '[email=' . $this->bbcode_specialchars($email) . ':' . $this->bbcode_uid . ']' . $txt . '[/email:' . $this->bbcode_uid . ']';
886 }
887 else
888 {
889 $retval = '[email:' . $this->bbcode_uid . ']' . $this->bbcode_specialchars($email) . '[/email:' . $this->bbcode_uid . ']';
890 }
891
892 return $retval;
893 }
894
895 /**
896 * Validate url
897 *
898 * @param string $var1 optional url parameter for url bbcode: [url(=$var1)]$var2[/url]
899 * @param string $var2 url bbcode content: [url(=$var1)]$var2[/url]
900 */
901 function validate_url($var1, $var2)
902 {
903 global $config;
904
905 $var1 = str_replace("\r\n", "\n", str_replace('\"', '"', trim($var1)));
906 $var2 = str_replace("\r\n", "\n", str_replace('\"', '"', trim($var2)));
907
908 $url = ($var1) ? $var1 : $var2;
909
910 if (!$url || ($var1 && !$var2))
911 {
912 return '';
913 }
914
915 $valid = false;
916
917 $url = str_replace(' ', '%20', $url);
918
919 // Checking urls
920 if (preg_match('#^' . get_preg_expression('url') . '$#i', $url) ||
921 preg_match('#^' . get_preg_expression('www_url') . '$#i', $url) ||
922 preg_match('#^' . preg_quote(generate_board_url(), '#') . get_preg_expression('relative_url') . '$#i', $url))
923 {
924 $valid = true;
925 }
926
927 if ($valid)
928 {
929 $this->parsed_items['url']++;
930
931 // if there is no scheme, then add http schema
932 if (!preg_match('#^[a-z][a-z\d+\-.]*:/{2}#i', $url))
933 {
934 $url = 'http://' . $url;
935 }
936
937 // Is this a link to somewhere inside this board? If so then remove the session id from the url
938 if (strpos($url, generate_board_url()) !== false && strpos($url, 'sid=') !== false)
939 {
940 $url = preg_replace('/(&amp;|\?)sid=[0-9a-f]{32}&amp;/', '\1', $url);
941 $url = preg_replace('/(&amp;|\?)sid=[0-9a-f]{32}$/', '', $url);
942 $url = append_sid($url);
943 }
944
945 return ($var1) ? '[url=' . $this->bbcode_specialchars($url) . ':' . $this->bbcode_uid . ']' . $var2 . '[/url:' . $this->bbcode_uid . ']' : '[url:' . $this->bbcode_uid . ']' . $this->bbcode_specialchars($url) . '[/url:' . $this->bbcode_uid . ']';
946 }
947
948 return '[url' . (($var1) ? '=' . $var1 : '') . ']' . $var2 . '[/url]';
949 }
950
951 /**
952 * Check if url is pointing to this domain/script_path/php-file
953 *
954 * @param string $url the url to check
955 * @return true if the url is pointing to this domain/script_path/php-file, false if not
956 *
957 * @access private
958 */
959 function path_in_domain($url)
960 {
961 global $config, $phpEx, $user;
962
963 if ($config['force_server_vars'])
964 {
965 $check_path = $config['script_path'];
966 }
967 else
968 {
969 $check_path = ($user->page['root_script_path'] != '/') ? substr($user->page['root_script_path'], 0, -1) : '/';
970 }
971
972 // Is the user trying to link to a php file in this domain and script path?
973 if (strpos($url, ".{$phpEx}") !== false && strpos($url, $check_path) !== false)
974 {
975 $server_name = (!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME');
976
977 // Forcing server vars is the only way to specify/override the protocol
978 if ($config['force_server_vars'] || !$server_name)
979 {
980 $server_name = $config['server_name'];
981 }
982
983 // Check again in correct order...
984 $pos_ext = strpos($url, ".{$phpEx}");
985 $pos_path = strpos($url, $check_path);
986 $pos_domain = strpos($url, $server_name);
987
988 if ($pos_domain !== false && $pos_path >= $pos_domain && $pos_ext >= $pos_path)
989 {
990 // Ok, actually we allow linking to some files (this may be able to be extended in some way later...)
991 if (strpos($url, '/' . $check_path . '/download/file.' . $phpEx) !== 0)
992 {
993 return false;
994 }
995
996 return true;
997 }
998 }
999
1000 return false;
1001 }
1002 }
1003
1004 /**
1005 * Main message parser for posting, pm, etc. takes raw message
1006 * and parses it for attachments, bbcode and smilies
1007 * @package phpBB3
1008 */
1009 class parse_message extends bbcode_firstpass
1010 {
1011 var $attachment_data = array();
1012 var $filename_data = array();
1013
1014 // Helps ironing out user error
1015 var $message_status = '';
1016
1017 var $allow_img_bbcode = true;
1018 var $allow_flash_bbcode = true;
1019 var $allow_quote_bbcode = true;
1020 var $allow_url_bbcode = true;
1021
1022 var $mode;
1023
1024 /**
1025 * Init - give message here or manually
1026 */
1027 function parse_message($message = '')
1028 {
1029 // Init BBCode UID
1030 $this->bbcode_uid = substr(base_convert(unique_id(), 16, 36), 0, BBCODE_UID_LEN);
1031
1032 if ($message)
1033 {
1034 $this->message = $message;
1035 }
1036 }
1037
1038 /**
1039 * Parse Message
1040 */
1041 function parse($allow_bbcode, $allow_magic_url, $allow_smilies, $allow_img_bbcode = true, $allow_flash_bbcode = true, $allow_quote_bbcode = true, $allow_url_bbcode = true, $update_this_message = true, $mode = 'post')
1042 {
1043 global $config, $db, $user;
1044
1045 $mode = ($mode != 'post') ? 'sig' : 'post';
1046
1047 $this->mode = $mode;
1048
1049 $this->allow_img_bbcode = $allow_img_bbcode;
1050 $this->allow_flash_bbcode = $allow_flash_bbcode;
1051 $this->allow_quote_bbcode = $allow_quote_bbcode;
1052 $this->allow_url_bbcode = $allow_url_bbcode;
1053
1054 // If false, then $this->message won't be altered, the text will be returned instead.
1055 if (!$update_this_message)
1056 {
1057 $tmp_message = $this->message;
1058 $return_message = &$this->message;
1059 }
1060
1061 if ($this->message_status == 'display')
1062 {
1063 $this->decode_message();
1064 }
1065
1066 // Do some general 'cleanup' first before processing message,
1067 // e.g. remove excessive newlines(?), smilies(?)
1068 $match = array('#(script|about|applet|activex|chrome):#i');
1069 $replace = array("\\1&#058;");
1070 $this->message = preg_replace($match, $replace, trim($this->message));
1071
1072 // Message length check. 0 disables this check completely.
1073 if ($config['max_' . $mode . '_chars'] > 0)
1074 {
1075 $msg_len = ($mode == 'post') ? utf8_strlen($this->message) : utf8_strlen(preg_replace('#\[\/?[a-z\*\+\-]+(=[\S]+)?\]#ius', ' ', $this->message));
1076
1077 if ((!$msg_len && $mode !== 'sig') || $config['max_' . $mode . '_chars'] && $msg_len > $config['max_' . $mode . '_chars'])
1078 {
1079 $this->warn_msg[] = (!$msg_len) ? $user->lang['TOO_FEW_CHARS'] : sprintf($user->lang['TOO_MANY_CHARS_' . strtoupper($mode)], $msg_len, $config['max_' . $mode . '_chars']);
1080 return $this->warn_msg;
1081 }
1082 }
1083
1084 // Check for "empty" message
1085 if ($mode !== 'sig' && !utf8_clean_string($this->message))
1086 {
1087 $this->warn_msg[] = $user->lang['TOO_FEW_CHARS'];
1088 return $this->warn_msg;
1089 }
1090
1091 // Prepare BBcode (just prepares some tags for better parsing)
1092 if ($allow_bbcode && strpos($this->message, '[') !== false)
1093 {
1094 $this->bbcode_init();
1095 $disallow = array('img', 'flash', 'quote', 'url');
1096 foreach ($disallow as $bool)
1097 {
1098 if (!${'allow_' . $bool . '_bbcode'})
1099 {
1100 $this->bbcodes[$bool]['disabled'] = true;
1101 }
1102 }
1103
1104 $this->prepare_bbcodes();
1105 }
1106
1107 // Parse smilies
1108 if ($allow_smilies)
1109 {
1110 $this->smilies($config['max_' . $mode . '_smilies']);
1111 }
1112
1113 $num_urls = 0;
1114
1115 // Parse BBCode
1116 if ($allow_bbcode && strpos($this->message, '[') !== false)
1117 {
1118 $this->parse_bbcode();
1119 $num_urls += $this->parsed_items['url'];
1120 }
1121
1122 // Parse URL's
1123 if ($allow_magic_url)
1124 {
1125 $this->magic_url(generate_board_url());
1126
1127 if ($config['max_' . $mode . '_urls'])
1128 {
1129 $num_urls += preg_match_all('#\<!-- ([lmwe]) --\>.*?\<!-- \1 --\>#', $this->message, $matches);
1130 }
1131 }
1132
1133 // Check number of links
1134 if ($config['max_' . $mode . '_urls'] && $num_urls > $config['max_' . $mode . '_urls'])
1135 {
1136 $this->warn_msg[] = sprintf($user->lang['TOO_MANY_URLS'], $config['max_' . $mode . '_urls']);
1137 return $this->warn_msg;
1138 }
1139
1140 if (!$update_this_message)
1141 {
1142 unset($this->message);
1143 $this->message = $tmp_message;
1144 return $return_message;
1145 }
1146
1147 $this->message_status = 'parsed';
1148 return false;
1149 }
1150
1151 /**
1152 * Formatting text for display
1153 */
1154 function format_display($allow_bbcode, $allow_magic_url, $allow_smilies, $update_this_message = true)
1155 {
1156 // If false, then the parsed message get returned but internal message not processed.
1157 if (!$update_this_message)
1158 {
1159 $tmp_message = $this->message;
1160 $return_message = &$this->message;
1161 }
1162
1163 if ($this->message_status == 'plain')
1164 {
1165 // Force updating message - of course.
1166 $this->parse($allow_bbcode, $allow_magic_url, $allow_smilies, $this->allow_img_bbcode, $this->allow_flash_bbcode, $this->allow_quote_bbcode, $this->allow_url_bbcode, true);
1167 }
1168
1169 // Replace naughty words such as farty pants
1170 $this->message = censor_text($this->message);
1171
1172 // Parse BBcode
1173 if ($allow_bbcode)
1174 {
1175 $this->bbcode_cache_init();
1176
1177 // We are giving those parameters to be able to use the bbcode class on its own
1178 $this->bbcode_second_pass($this->message, $this->bbcode_uid);
1179 }
1180
1181 $this->message = bbcode_nl2br($this->message);
1182 $this->message = smiley_text($this->message, !$allow_smilies);
1183
1184 if (!$update_this_message)
1185 {
1186 unset($this->message);
1187 $this->message = $tmp_message;
1188 return $return_message;
1189 }
1190
1191 $this->message_status = 'display';
1192 return false;
1193 }
1194
1195 /**
1196 * Decode message to be placed back into form box
1197 */
1198 function decode_message($custom_bbcode_uid = '', $update_this_message = true)
1199 {
1200 // If false, then the parsed message get returned but internal message not processed.
1201 if (!$update_this_message)
1202 {
1203 $tmp_message = $this->message;
1204 $return_message = &$this->message;
1205 }
1206
1207 ($custom_bbcode_uid) ? decode_message($this->message, $custom_bbcode_uid) : decode_message($this->message, $this->bbcode_uid);
1208
1209 if (!$update_this_message)
1210 {
1211 unset($this->message);
1212 $this->message = $tmp_message;
1213 return $return_message;
1214 }
1215
1216 $this->message_status = 'plain';
1217 return false;
1218 }
1219
1220 /**
1221 * Replace magic urls of form http://xxx.xxx., www.xxx. and xxx@xxx.xxx.
1222 * Cuts down displayed size of link if over 50 chars, turns absolute links
1223 * into relative versions when the server/script path matches the link
1224 */
1225 function magic_url($server_url)
1226 {
1227 // We use the global make_clickable function
1228 $this->message = make_clickable($this->message, $server_url);
1229 }
1230
1231 /**
1232 * Parse Smilies
1233 */
1234 function smilies($max_smilies = 0)
1235 {
1236 global $db, $user;
1237 static $match;
1238 static $replace;
1239
1240 // See if the static arrays have already been filled on an earlier invocation
1241 if (!is_array($match))
1242 {
1243 $match = $replace = array();
1244
1245 // NOTE: obtain_* function? chaching the table contents?
1246
1247 // For now setting the ttl to 10 minutes
1248 switch ($db->sql_layer)
1249 {
1250 case 'mssql':
1251 case 'mssql_odbc':
1252 $sql = 'SELECT *
1253 FROM ' . SMILIES_TABLE . '
1254 ORDER BY LEN(code) DESC';
1255 break;
1256
1257 case 'firebird':
1258 $sql = 'SELECT *
1259 FROM ' . SMILIES_TABLE . '
1260 ORDER BY CHAR_LENGTH(code) DESC';
1261 break;
1262
1263 // LENGTH supported by MySQL, IBM DB2, Oracle and Access for sure...
1264 default:
1265 $sql = 'SELECT *
1266 FROM ' . SMILIES_TABLE . '
1267 ORDER BY LENGTH(code) DESC';
1268 break;
1269 }
1270 $result = $db->sql_query($sql, 600);
1271
1272 while ($row = $db->sql_fetchrow($result))
1273 {
1274 if (empty($row['code']))
1275 {
1276 continue;
1277 }
1278
1279 // (assertion)
1280 $match[] = '(?<=^|[\n .])' . preg_quote($row['code'], '#') . '(?![^<>]*>)';
1281 $replace[] = '<!-- s' . $row['code'] . ' --><img src="{SMILIES_PATH}/' . $row['smiley_url'] . '" alt="' . $row['code'] . '" title="' . $row['emotion'] . '" /><!-- s' . $row['code'] . ' -->';
1282 }
1283 $db->sql_freeresult($result);
1284 }
1285
1286 if (sizeof($match))
1287 {
1288 if ($max_smilies)
1289 {
1290 $num_matches = preg_match_all('#' . implode('|', $match) . '#', $this->message, $matches);
1291 unset($matches);
1292
1293 if ($num_matches !== false && $num_matches > $max_smilies)
1294 {
1295 $this->warn_msg[] = sprintf($user->lang['TOO_MANY_SMILIES'], $max_smilies);
1296 return;
1297 }
1298 }
1299
1300 // Make sure the delimiter # is added in front and at the end of every element within $match
1301 $this->message = trim(preg_replace(explode(chr(0), '#' . implode('#' . chr(0) . '#', $match) . '#'), $replace, $this->message));
1302 }
1303 }
1304
1305 /**
1306 * Parse Attachments
1307 */
1308 function parse_attachments($form_name, $mode, $forum_id, $submit, $preview, $refresh, $is_message = false)
1309 {
1310 global $config, $auth, $user, $phpbb_root_path, $phpEx, $db;
1311
1312 $error = array();
1313
1314 $num_attachments = sizeof($this->attachment_data);
1315 $this->filename_data['filecomment'] = utf8_normalize_nfc(request_var('filecomment', '', true));
1316 $upload_file = (isset($_FILES[$form_name]) && $_FILES[$form_name]['name'] != 'none' && trim($_FILES[$form_name]['name'])) ? true : false;
1317
1318 $add_file = (isset($_POST['add_file'])) ? true : false;
1319 $delete_file = (isset($_POST['delete_file'])) ? true : false;
1320
1321 // First of all adjust comments if changed
1322 $actual_comment_list = utf8_normalize_nfc(request_var('comment_list', array(''), true));
1323
1324 foreach ($actual_comment_list as $comment_key => $comment)
1325 {
1326 if (!isset($this->attachment_data[$comment_key]))
1327 {
1328 continue;
1329 }
1330
1331 if ($this->attachment_data[$comment_key]['attach_comment'] != $actual_comment_list[$comment_key])
1332 {
1333 $this->attachment_data[$comment_key]['attach_comment'] = $actual_comment_list[$comment_key];
1334 }
1335 }
1336
1337 $cfg = array();
1338 $cfg['max_attachments'] = ($is_message) ? $config['max_attachments_pm'] : $config['max_attachments'];
1339 $forum_id = ($is_message) ? 0 : $forum_id;
1340
1341 if ($submit && in_array($mode, array('post', 'reply', 'quote', 'edit')) && $upload_file)
1342 {
1343 if ($num_attachments < $cfg['max_attachments'] || $auth->acl_get('a_') || $auth->acl_get('m_', $forum_id))
1344 {
1345 $filedata = upload_attachment($form_name, $forum_id, false, '', $is_message);
1346 $error = $filedata['error'];
1347
1348 if ($filedata['post_attach'] && !sizeof($error))
1349 {
1350 $sql_ary = array(
1351 'physical_filename' => $filedata['physical_filename'],
1352 'attach_comment' => $this->filename_data['filecomment'],
1353 'real_filename' => $filedata['real_filename'],
1354 'extension' => $filedata['extension'],
1355 'mimetype' => $filedata['mimetype'],
1356 'filesize' => $filedata['filesize'],
1357 'filetime' => $filedata['filetime'],
1358 'thumbnail' => $filedata['thumbnail'],
1359 'is_orphan' => 1,
1360 'in_message' => ($is_message) ? 1 : 0,
1361 'poster_id' => $user->data['user_id'],
1362 );
1363
1364 $db->sql_query('INSERT INTO ' . ATTACHMENTS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary));
1365
1366 $new_entry = array(
1367 'attach_id' => $db->sql_nextid(),
1368 'is_orphan' => 1,
1369 'real_filename' => $filedata['real_filename'],
1370 'attach_comment'=> $this->filename_data['filecomment'],
1371 );
1372
1373 $this->attachment_data = array_merge(array(0 => $new_entry), $this->attachment_data);
1374 $this->message = preg_replace('#\[attachment=([0-9]+)\](.*?)\[\/attachment\]#e', "'[attachment='.(\\1 + 1).']\\2[/attachment]'", $this->message);
1375
1376 $this->filename_data['filecomment'] = '';
1377
1378 // This Variable is set to false here, because Attachments are entered into the
1379 // Database in two modes, one if the id_list is 0 and the second one if post_attach is true
1380 // Since post_attach is automatically switched to true if an Attachment got added to the filesystem,
1381 // but we are assigning an id of 0 here, we have to reset the post_attach variable to false.
1382 //
1383 // This is very relevant, because it could happen that the post got not submitted, but we do not
1384 // know this circumstance here. We could be at the posting page or we could be redirected to the entered
1385 // post. :)
1386 $filedata['post_attach'] = false;
1387 }
1388 }
1389 else
1390 {
1391 $error[] = sprintf($user->lang['TOO_MANY_ATTACHMENTS'], $cfg['max_attachments']);
1392 }
1393 }
1394
1395 if ($preview || $refresh || sizeof($error))
1396 {
1397 // Perform actions on temporary attachments
1398 if ($delete_file)
1399 {
1400 include_once($phpbb_root_path . 'includes/functions_admin.' . $phpEx);
1401
1402 $index = array_keys(request_var('delete_file', array(0 => 0)));
1403 $index = (!empty($index)) ? $index[0] : false;
1404
1405 if ($index !== false && !empty($this->attachment_data[$index]))
1406 {
1407 // delete selected attachment
1408 if ($this->attachment_data[$index]['is_orphan'])
1409 {
1410 $sql = 'SELECT attach_id, physical_filename, thumbnail
1411 FROM ' . ATTACHMENTS_TABLE . '
1412 WHERE attach_id = ' . (int) $this->attachment_data[$index]['attach_id'] . '
1413 AND is_orphan = 1
1414 AND poster_id = ' . $user->data['user_id'];
1415 $result = $db->sql_query($sql);
1416 $row = $db->sql_fetchrow($result);
1417 $db->sql_freeresult($result);
1418
1419 if ($row)
1420 {
1421 phpbb_unlink($row['physical_filename'], 'file');
1422
1423 if ($row['thumbnail'])
1424 {
1425 phpbb_unlink($row['physical_filename'], 'thumbnail');
1426 }
1427
1428 $db->sql_query('DELETE FROM ' . ATTACHMENTS_TABLE . ' WHERE attach_id = ' . (int) $this->attachment_data[$index]['attach_id']);
1429 }
1430 }
1431 else
1432 {
1433 delete_attachments('attach', array(intval($this->attachment_data[$index]['attach_id'])));
1434 }
1435
1436 unset($this->attachment_data[$index]);
1437 $this->message = preg_replace('#\[attachment=([0-9]+)\](.*?)\[\/attachment\]#e', "(\\1 == \$index) ? '' : ((\\1 > \$index) ? '[attachment=' . (\\1 - 1) . ']\\2[/attachment]' : '\\0')", $this->message);
1438
1439 // Reindex Array
1440 $this->attachment_data = array_values($this->attachment_data);
1441 }
1442 }
1443 else if (($add_file || $preview) && $upload_file)
1444 {
1445 if ($num_attachments < $cfg['max_attachments'] || $auth->acl_gets('m_', 'a_', $forum_id))
1446 {
1447 $filedata = upload_attachment($form_name, $forum_id, false, '', $is_message);
1448 $error = array_merge($error, $filedata['error']);
1449
1450 if (!sizeof($error))
1451 {
1452 $sql_ary = array(
1453 'physical_filename' => $filedata['physical_filename'],
1454 'attach_comment' => $this->filename_data['filecomment'],
1455 'real_filename' => $filedata['real_filename'],
1456 'extension' => $filedata['extension'],
1457 'mimetype' => $filedata['mimetype'],
1458 'filesize' => $filedata['filesize'],
1459 'filetime' => $filedata['filetime'],
1460 'thumbnail' => $filedata['thumbnail'],
1461 'is_orphan' => 1,
1462 'in_message' => ($is_message) ? 1 : 0,
1463 'poster_id' => $user->data['user_id'],
1464 );
1465
1466 $db->sql_query('INSERT INTO ' . ATTACHMENTS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary));
1467
1468 $new_entry = array(
1469 'attach_id' => $db->sql_nextid(),
1470 'is_orphan' => 1,
1471 'real_filename' => $filedata['real_filename'],
1472 'attach_comment'=> $this->filename_data['filecomment'],
1473 );
1474
1475 $this->attachment_data = array_merge(array(0 => $new_entry), $this->attachment_data);
1476 $this->message = preg_replace('#\[attachment=([0-9]+)\](.*?)\[\/attachment\]#e', "'[attachment='.(\\1 + 1).']\\2[/attachment]'", $this->message);
1477 $this->filename_data['filecomment'] = '';
1478 }
1479 }
1480 else
1481 {
1482 $error[] = sprintf($user->lang['TOO_MANY_ATTACHMENTS'], $cfg['max_attachments']);
1483 }
1484 }
1485 }
1486
1487 foreach ($error as $error_msg)
1488 {
1489 $this->warn_msg[] = $error_msg;
1490 }
1491 }
1492
1493 /**
1494 * Get Attachment Data
1495 */
1496 function get_submitted_attachment_data($check_user_id = false)
1497 {
1498 global $user, $db, $phpbb_root_path, $phpEx, $config;
1499
1500 $this->filename_data['filecomment'] = utf8_normalize_nfc(request_var('filecomment', '', true));
1501 $attachment_data = (isset($_POST['attachment_data'])) ? $_POST['attachment_data'] : array();
1502 $this->attachment_data = array();
1503
1504 $check_user_id = ($check_user_id === false) ? $user->data['user_id'] : $check_user_id;
1505
1506 if (!sizeof($attachment_data))
1507 {
1508 return;
1509 }
1510
1511 $not_orphan = $orphan = array();
1512
1513 foreach ($attachment_data as $pos => $var_ary)
1514 {
1515 if ($var_ary['is_orphan'])
1516 {
1517 $orphan[(int) $var_ary['attach_id']] = $pos;
1518 }
1519 else
1520 {
1521 $not_orphan[(int) $var_ary['attach_id']] = $pos;
1522 }
1523 }
1524
1525 // Regenerate already posted attachments
1526 if (sizeof($not_orphan))
1527 {
1528 // Get the attachment data, based on the poster id...
1529 $sql = 'SELECT attach_id, is_orphan, real_filename, attach_comment
1530 FROM ' . ATTACHMENTS_TABLE . '
1531 WHERE ' . $db->sql_in_set('attach_id', array_keys($not_orphan)) . '
1532 AND poster_id = ' . $check_user_id;
1533 $result = $db->sql_query($sql);
1534
1535 while ($row = $db->sql_fetchrow($result))
1536 {
1537 $pos = $not_orphan[$row['attach_id']];
1538 $this->attachment_data[$pos] = $row;
1539 set_var($this->attachment_data[$pos]['attach_comment'], $_POST['attachment_data'][$pos]['attach_comment'], 'string', true);
1540
1541 unset($not_orphan[$row['attach_id']]);
1542 }
1543 $db->sql_freeresult($result);
1544 }
1545
1546 if (sizeof($not_orphan))
1547 {
1548 trigger_error('NO_ACCESS_ATTACHMENT', E_USER_ERROR);
1549 }
1550
1551 // Regenerate newly uploaded attachments
1552 if (sizeof($orphan))
1553 {
1554 $sql = 'SELECT attach_id, is_orphan, real_filename, attach_comment
1555 FROM ' . ATTACHMENTS_TABLE . '
1556 WHERE ' . $db->sql_in_set('attach_id', array_keys($orphan)) . '
1557 AND poster_id = ' . $user->data['user_id'] . '
1558 AND is_orphan = 1';
1559 $result = $db->sql_query($sql);
1560
1561 while ($row = $db->sql_fetchrow($result))
1562 {
1563 $pos = $orphan[$row['attach_id']];
1564 $this->attachment_data[$pos] = $row;
1565 set_var($this->attachment_data[$pos]['attach_comment'], $_POST['attachment_data'][$pos]['attach_comment'], 'string', true);
1566
1567 unset($orphan[$row['attach_id']]);
1568 }
1569 $db->sql_freeresult($result);
1570 }
1571
1572 if (sizeof($orphan))
1573 {
1574 trigger_error('NO_ACCESS_ATTACHMENT', E_USER_ERROR);
1575 }
1576
1577 ksort($this->attachment_data);
1578 }
1579
1580 /**
1581 * Parse Poll
1582 */
1583 function parse_poll(&$poll)
1584 {
1585 global $auth, $user, $config;
1586
1587 $poll_max_options = $poll['poll_max_options'];
1588
1589 // Parse Poll Option text ;)
1590 $tmp_message = $this->message;
1591 $this->message = $poll['poll_option_text'];
1592 $bbcode_bitfield = $this->bbcode_bitfield;
1593
1594
1595 $poll['poll_option_text'] = $this->parse($poll['enable_bbcode'], ($config['allow_post_links']) ? $poll['enable_urls'] : false, $poll['enable_smilies'], $poll['img_status'], false, false, $config['allow_post_links'], false);
1596
1597 $bbcode_bitfield = base64_encode(base64_decode($bbcode_bitfield) | base64_decode($this->bbcode_bitfield));
1598 $this->message = $tmp_message;
1599
1600 // Parse Poll Title
1601 $tmp_message = $this->message;
1602 $this->message = $poll['poll_title'];
1603 $this->bbcode_bitfield = $bbcode_bitfield;
1604
1605 $poll['poll_options'] = explode("\n", trim($poll['poll_option_text']));
1606 $poll['poll_options_size'] = sizeof($poll['poll_options']);
1607
1608 if (!$poll['poll_title'] && $poll['poll_options_size'])
1609 {
1610 $this->warn_msg[] = $user->lang['NO_POLL_TITLE'];
1611 }
1612 else
1613 {
1614 if (utf8_strlen(preg_replace('#\[\/?[a-z\*\+\-]+(=[\S]+)?\]#ius', ' ', $this->message)) > 100)
1615 {
1616 $this->warn_msg[] = $user->lang['POLL_TITLE_TOO_LONG'];
1617 }
1618 $poll['poll_title'] = $this->parse($poll['enable_bbcode'], ($config['allow_post_links']) ? $poll['enable_urls'] : false, $poll['enable_smilies'], $poll['img_status'], false, false, $config['allow_post_links'], false);
1619 if (strlen($poll['poll_title']) > 255)
1620 {
1621 $this->warn_msg[] = $user->lang['POLL_TITLE_COMP_TOO_LONG'];
1622 }
1623 }
1624
1625 $this->bbcode_bitfield = base64_encode(base64_decode($bbcode_bitfield) | base64_decode($this->bbcode_bitfield));
1626 $this->message = $tmp_message;
1627 unset($tmp_message);
1628
1629 if (sizeof($poll['poll_options']) == 1)
1630 {
1631 $this->warn_msg[] = $user->lang['TOO_FEW_POLL_OPTIONS'];
1632 }
1633 else if ($poll['poll_options_size'] > (int) $config['max_poll_options'])
1634 {
1635 $this->warn_msg[] = $user->lang['TOO_MANY_POLL_OPTIONS'];
1636 }
1637 else if ($poll_max_options > $poll['poll_options_size'])
1638 {
1639 $this->warn_msg[] = $user->lang['TOO_MANY_USER_OPTIONS'];
1640 }
1641
1642 $poll['poll_max_options'] = ($poll['poll_max_options'] < 1) ? 1 : (($poll['poll_max_options'] > $config['max_poll_options']) ? $config['max_poll_options'] : $poll['poll_max_options']);
1643 }
1644 }
1645
1646 ?>
phpbb is a php-based BBS (buletin board system)