[ Index ]

PHP Cross Reference of phpBB-3.3.0-deutsch

title

Body

[close]

/includes/acp/ -> acp_bbcodes.php (source)

   1  <?php
   2  /**
   3  *
   4  * This file is part of the phpBB Forum Software package.
   5  *
   6  * @copyright (c) phpBB Limited <https://www.phpbb.com>
   7  * @license GNU General Public License, version 2 (GPL-2.0)
   8  *
   9  * For full copyright and license information, please see
  10  * the docs/CREDITS.txt file.
  11  *
  12  */
  13  
  14  /**
  15  * @ignore
  16  */
  17  if (!defined('IN_PHPBB'))
  18  {
  19      exit;
  20  }
  21  
  22  class acp_bbcodes
  23  {
  24      var $u_action;
  25  
  26  	function main($id, $mode)
  27      {
  28          global $db, $user, $template, $cache, $request, $phpbb_dispatcher, $phpbb_container;
  29          global $phpbb_log;
  30  
  31          $user->add_lang('acp/posting');
  32  
  33          // Set up general vars
  34          $action    = $request->variable('action', '');
  35          $bbcode_id = $request->variable('bbcode', 0);
  36  
  37          $this->tpl_name = 'acp_bbcodes';
  38          $this->page_title = 'ACP_BBCODES';
  39          $form_key = 'acp_bbcodes';
  40  
  41          add_form_key($form_key);
  42  
  43          // Set up mode-specific vars
  44          switch ($action)
  45          {
  46              case 'add':
  47                  $bbcode_match = $bbcode_tpl = $bbcode_helpline = '';
  48                  $display_on_posting = 0;
  49              break;
  50  
  51              case 'edit':
  52                  $sql = 'SELECT bbcode_match, bbcode_tpl, display_on_posting, bbcode_helpline
  53                      FROM ' . BBCODES_TABLE . '
  54                      WHERE bbcode_id = ' . $bbcode_id;
  55                  $result = $db->sql_query($sql);
  56                  $row = $db->sql_fetchrow($result);
  57                  $db->sql_freeresult($result);
  58  
  59                  if (!$row)
  60                  {
  61                      trigger_error($user->lang['BBCODE_NOT_EXIST'] . adm_back_link($this->u_action), E_USER_WARNING);
  62                  }
  63  
  64                  $bbcode_match = $row['bbcode_match'];
  65                  $bbcode_tpl = htmlspecialchars($row['bbcode_tpl']);
  66                  $display_on_posting = $row['display_on_posting'];
  67                  $bbcode_helpline = $row['bbcode_helpline'];
  68              break;
  69  
  70              case 'modify':
  71                  $sql = 'SELECT bbcode_id, bbcode_tag
  72                      FROM ' . BBCODES_TABLE . '
  73                      WHERE bbcode_id = ' . $bbcode_id;
  74                  $result = $db->sql_query($sql);
  75                  $row = $db->sql_fetchrow($result);
  76                  $db->sql_freeresult($result);
  77  
  78                  if (!$row)
  79                  {
  80                      trigger_error($user->lang['BBCODE_NOT_EXIST'] . adm_back_link($this->u_action), E_USER_WARNING);
  81                  }
  82  
  83              // No break here
  84  
  85              case 'create':
  86                  $display_on_posting = $request->variable('display_on_posting', 0);
  87  
  88                  $bbcode_match = $request->variable('bbcode_match', '');
  89                  $bbcode_tpl = htmlspecialchars_decode($request->variable('bbcode_tpl', '', true));
  90                  $bbcode_helpline = $request->variable('bbcode_helpline', '', true);
  91              break;
  92          }
  93  
  94          // Do major work
  95          switch ($action)
  96          {
  97              case 'edit':
  98              case 'add':
  99  
 100                  $tpl_ary = array(
 101                      'S_EDIT_BBCODE'        => true,
 102                      'U_BACK'            => $this->u_action,
 103                      'U_ACTION'            => $this->u_action . '&amp;action=' . (($action == 'add') ? 'create' : 'modify') . (($bbcode_id) ? "&amp;bbcode=$bbcode_id" : ''),
 104  
 105                      'L_BBCODE_USAGE_EXPLAIN'=> sprintf($user->lang['BBCODE_USAGE_EXPLAIN'], '<a href="#down">', '</a>'),
 106                      'BBCODE_MATCH'            => $bbcode_match,
 107                      'BBCODE_TPL'            => $bbcode_tpl,
 108                      'BBCODE_HELPLINE'        => $bbcode_helpline,
 109                      'DISPLAY_ON_POSTING'    => $display_on_posting,
 110                  );
 111  
 112                  $bbcode_tokens = array('TEXT', 'SIMPLETEXT', 'INTTEXT', 'IDENTIFIER', 'NUMBER', 'EMAIL', 'URL', 'LOCAL_URL', 'RELATIVE_URL', 'COLOR');
 113  
 114                  /**
 115                  * Modify custom bbcode template data before we display the add/edit form
 116                  *
 117                  * @event core.acp_bbcodes_edit_add
 118                  * @var    string    action            Type of the action: add|edit
 119                  * @var    array    tpl_ary            Array with custom bbcode add/edit data
 120                  * @var    int        bbcode_id        When editing: the bbcode id,
 121                  *                                when creating: 0
 122                  * @var    array    bbcode_tokens    Array of bbcode tokens
 123                  * @since 3.1.0-a3
 124                  */
 125                  $vars = array('action', 'tpl_ary', 'bbcode_id', 'bbcode_tokens');
 126                  extract($phpbb_dispatcher->trigger_event('core.acp_bbcodes_edit_add', compact($vars)));
 127  
 128                  $template->assign_vars($tpl_ary);
 129  
 130                  foreach ($bbcode_tokens as $token)
 131                  {
 132                      $template->assign_block_vars('token', array(
 133                          'TOKEN'        => '{' . $token . '}',
 134                          'EXPLAIN'    => ($token === 'LOCAL_URL') ? $user->lang(array('tokens', $token), generate_board_url() . '/') : $user->lang(array('tokens', $token)),
 135                      ));
 136                  }
 137  
 138                  return;
 139  
 140              break;
 141  
 142              case 'modify':
 143              case 'create':
 144  
 145                  $sql_ary = $hidden_fields = array();
 146  
 147                  /**
 148                  * Modify custom bbcode data before the modify/create action
 149                  *
 150                  * @event core.acp_bbcodes_modify_create
 151                  * @var    string    action                Type of the action: modify|create
 152                  * @var    array    sql_ary                Array with new bbcode data
 153                  * @var    int        bbcode_id            When editing: the bbcode id,
 154                  *                                    when creating: 0
 155                  * @var    bool    display_on_posting    Display bbcode on posting form
 156                  * @var    string    bbcode_match        The bbcode usage string to match
 157                  * @var    string    bbcode_tpl            The bbcode HTML replacement string
 158                  * @var    string    bbcode_helpline        The bbcode help line string
 159                  * @var    array    hidden_fields        Array of hidden fields for use when
 160                  *                                    submitting form when $warn_unsafe is true
 161                  * @since 3.1.0-a3
 162                  */
 163                  $vars = array(
 164                      'action',
 165                      'sql_ary',
 166                      'bbcode_id',
 167                      'display_on_posting',
 168                      'bbcode_match',
 169                      'bbcode_tpl',
 170                      'bbcode_helpline',
 171                      'hidden_fields',
 172                  );
 173                  extract($phpbb_dispatcher->trigger_event('core.acp_bbcodes_modify_create', compact($vars)));
 174  
 175                  $acp_utils   = $phpbb_container->get('text_formatter.acp_utils');
 176                  $bbcode_info = $acp_utils->analyse_bbcode($bbcode_match, $bbcode_tpl);
 177                  $warn_unsafe = ($bbcode_info['status'] === $acp_utils::BBCODE_STATUS_UNSAFE);
 178  
 179                  if ($bbcode_info['status'] === $acp_utils::BBCODE_STATUS_INVALID_TEMPLATE)
 180                  {
 181                      trigger_error($user->lang['BBCODE_INVALID_TEMPLATE'] . adm_back_link($this->u_action), E_USER_WARNING);
 182                  }
 183                  if ($bbcode_info['status'] === $acp_utils::BBCODE_STATUS_INVALID_DEFINITION)
 184                  {
 185                      trigger_error($user->lang['BBCODE_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
 186                  }
 187  
 188                  if (!$warn_unsafe && !check_form_key($form_key))
 189                  {
 190                      trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
 191                  }
 192  
 193                  if (!$warn_unsafe || confirm_box(true))
 194                  {
 195                      $data = $this->build_regexp($bbcode_match, $bbcode_tpl);
 196  
 197                      // Make sure the user didn't pick a "bad" name for the BBCode tag.
 198                      $hard_coded = array('code', 'quote', 'quote=', 'attachment', 'attachment=', 'b', 'i', 'url', 'url=', 'img', 'size', 'size=', 'color', 'color=', 'u', 'list', 'list=', 'email', 'email=', 'flash', 'flash=');
 199  
 200                      if (($action == 'modify' && strtolower($data['bbcode_tag']) !== strtolower($row['bbcode_tag'])) || ($action == 'create'))
 201                      {
 202                          $sql = 'SELECT 1 as test
 203                              FROM ' . BBCODES_TABLE . "
 204                              WHERE LOWER(bbcode_tag) = '" . $db->sql_escape(strtolower($data['bbcode_tag'])) . "'";
 205                          $result = $db->sql_query($sql);
 206                          $info = $db->sql_fetchrow($result);
 207                          $db->sql_freeresult($result);
 208  
 209                          // Grab the end, interrogate the last closing tag
 210                          if (isset($info['test']) && $info['test'] === '1'
 211                              || in_array(strtolower($data['bbcode_tag']), $hard_coded)
 212                              || (preg_match('#\[/([^[]*)]$#', $bbcode_match, $regs) && in_array(strtolower($regs[1]), $hard_coded))
 213                          )
 214                          {
 215                              trigger_error($user->lang['BBCODE_INVALID_TAG_NAME'] . adm_back_link($this->u_action), E_USER_WARNING);
 216                          }
 217                      }
 218  
 219                      if (substr($data['bbcode_tag'], -1) === '=')
 220                      {
 221                          $test = substr($data['bbcode_tag'], 0, -1);
 222                      }
 223                      else
 224                      {
 225                          $test = $data['bbcode_tag'];
 226                      }
 227  
 228                      if (strlen($data['bbcode_tag']) > 16)
 229                      {
 230                          trigger_error($user->lang['BBCODE_TAG_TOO_LONG'] . adm_back_link($this->u_action), E_USER_WARNING);
 231                      }
 232  
 233                      if (strlen($bbcode_match) > 4000)
 234                      {
 235                          trigger_error($user->lang['BBCODE_TAG_DEF_TOO_LONG'] . adm_back_link($this->u_action), E_USER_WARNING);
 236                      }
 237  
 238                      if (strlen($bbcode_helpline) > 255)
 239                      {
 240                          trigger_error($user->lang['BBCODE_HELPLINE_TOO_LONG'] . adm_back_link($this->u_action), E_USER_WARNING);
 241                      }
 242  
 243                      $sql_ary = array_merge($sql_ary, array(
 244                          'bbcode_tag'                => $data['bbcode_tag'],
 245                          'bbcode_match'                => $bbcode_match,
 246                          'bbcode_tpl'                => $bbcode_tpl,
 247                          'display_on_posting'        => $display_on_posting,
 248                          'bbcode_helpline'            => $bbcode_helpline,
 249                          'first_pass_match'            => $data['first_pass_match'],
 250                          'first_pass_replace'        => $data['first_pass_replace'],
 251                          'second_pass_match'            => $data['second_pass_match'],
 252                          'second_pass_replace'        => $data['second_pass_replace']
 253                      ));
 254  
 255                      if ($action == 'create')
 256                      {
 257                          $sql = 'SELECT MAX(bbcode_id) as max_bbcode_id
 258                              FROM ' . BBCODES_TABLE;
 259                          $result = $db->sql_query($sql);
 260                          $row = $db->sql_fetchrow($result);
 261                          $db->sql_freeresult($result);
 262  
 263                          if ($row)
 264                          {
 265                              $bbcode_id = (int) $row['max_bbcode_id'] + 1;
 266  
 267                              // Make sure it is greater than the core bbcode ids...
 268                              if ($bbcode_id <= NUM_CORE_BBCODES)
 269                              {
 270                                  $bbcode_id = NUM_CORE_BBCODES + 1;
 271                              }
 272                          }
 273                          else
 274                          {
 275                              $bbcode_id = NUM_CORE_BBCODES + 1;
 276                          }
 277  
 278                          if ($bbcode_id > BBCODE_LIMIT)
 279                          {
 280                              trigger_error($user->lang['TOO_MANY_BBCODES'] . adm_back_link($this->u_action), E_USER_WARNING);
 281                          }
 282  
 283                          $sql_ary['bbcode_id'] = (int) $bbcode_id;
 284  
 285                          $db->sql_query('INSERT INTO ' . BBCODES_TABLE . $db->sql_build_array('INSERT', $sql_ary));
 286                          $cache->destroy('sql', BBCODES_TABLE);
 287                          $phpbb_container->get('text_formatter.cache')->invalidate();
 288  
 289                          $lang = 'BBCODE_ADDED';
 290                          $log_action = 'LOG_BBCODE_ADD';
 291                      }
 292                      else
 293                      {
 294                          $sql = 'UPDATE ' . BBCODES_TABLE . '
 295                              SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
 296                              WHERE bbcode_id = ' . $bbcode_id;
 297                          $db->sql_query($sql);
 298                          $cache->destroy('sql', BBCODES_TABLE);
 299                          $phpbb_container->get('text_formatter.cache')->invalidate();
 300  
 301                          $lang = 'BBCODE_EDITED';
 302                          $log_action = 'LOG_BBCODE_EDIT';
 303                      }
 304  
 305                      $phpbb_log->add('admin', $user->data['user_id'], $user->ip, $log_action, false, array($data['bbcode_tag']));
 306  
 307                      /**
 308                      * Event after a BBCode has been added or updated
 309                      *
 310                      * @event core.acp_bbcodes_modify_create_after
 311                      * @var    string    action        Type of the action: modify|create
 312                      * @var    int        bbcode_id    The id of the added or updated bbcode
 313                      * @var    array    sql_ary        Array with bbcode data (read only)
 314                      * @since 3.2.4-RC1
 315                      */
 316                      $vars = array(
 317                          'action',
 318                          'bbcode_id',
 319                          'sql_ary',
 320                      );
 321                      extract($phpbb_dispatcher->trigger_event('core.acp_bbcodes_modify_create_after', compact($vars)));
 322  
 323                      trigger_error($user->lang[$lang] . adm_back_link($this->u_action));
 324                  }
 325                  else
 326                  {
 327                      confirm_box(false, $user->lang['BBCODE_DANGER'], build_hidden_fields(array_merge($hidden_fields, array(
 328                          'action'                => $action,
 329                          'bbcode'                => $bbcode_id,
 330                          'bbcode_match'            => $bbcode_match,
 331                          'bbcode_tpl'            => htmlspecialchars($bbcode_tpl),
 332                          'bbcode_helpline'        => $bbcode_helpline,
 333                          'display_on_posting'    => $display_on_posting,
 334                          )))
 335                      , 'confirm_bbcode.html');
 336                  }
 337  
 338              break;
 339  
 340              case 'delete':
 341  
 342                  $sql = 'SELECT bbcode_tag
 343                      FROM ' . BBCODES_TABLE . "
 344                      WHERE bbcode_id = $bbcode_id";
 345                  $result = $db->sql_query($sql);
 346                  $row = $db->sql_fetchrow($result);
 347                  $db->sql_freeresult($result);
 348  
 349                  if ($row)
 350                  {
 351                      if (confirm_box(true))
 352                      {
 353                          $bbcode_tag = $row['bbcode_tag'];
 354  
 355                          $db->sql_query('DELETE FROM ' . BBCODES_TABLE . " WHERE bbcode_id = $bbcode_id");
 356                          $cache->destroy('sql', BBCODES_TABLE);
 357                          $phpbb_container->get('text_formatter.cache')->invalidate();
 358                          $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_BBCODE_DELETE', false, array($bbcode_tag));
 359  
 360                          /**
 361                          * Event after a BBCode has been deleted
 362                          *
 363                          * @event core.acp_bbcodes_delete_after
 364                          * @var    string    action        Type of the action: delete
 365                          * @var    int        bbcode_id    The id of the deleted bbcode
 366                          * @var    string    bbcode_tag    The tag of the deleted bbcode
 367                          * @since 3.2.4-RC1
 368                          */
 369                          $vars = array(
 370                              'action',
 371                              'bbcode_id',
 372                              'bbcode_tag',
 373                          );
 374                          extract($phpbb_dispatcher->trigger_event('core.acp_bbcodes_delete_after', compact($vars)));
 375  
 376                          if ($request->is_ajax())
 377                          {
 378                              $json_response = new \phpbb\json_response;
 379                              $json_response->send(array(
 380                                  'MESSAGE_TITLE'    => $user->lang['INFORMATION'],
 381                                  'MESSAGE_TEXT'    => $user->lang['BBCODE_DELETED'],
 382                                  'REFRESH_DATA'    => array(
 383                                      'time'    => 3
 384                                  )
 385                              ));
 386                          }
 387                      }
 388                      else
 389                      {
 390                          confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array(
 391                              'bbcode'    => $bbcode_id,
 392                              'i'            => $id,
 393                              'mode'        => $mode,
 394                              'action'    => $action))
 395                          );
 396                      }
 397                  }
 398  
 399              break;
 400          }
 401  
 402          $u_action = $this->u_action;
 403  
 404          $template_data = array(
 405              'U_ACTION'        => $this->u_action . '&amp;action=add',
 406          );
 407  
 408          $sql_ary = array(
 409              'SELECT'    => 'b.*',
 410              'FROM'        => array(BBCODES_TABLE => 'b'),
 411              'ORDER_BY'    => 'b.bbcode_tag',
 412          );
 413  
 414          /**
 415          *  Modify custom bbcode template data before we display the form
 416          *
 417          * @event core.acp_bbcodes_display_form
 418          * @var    string    action            Type of the action: modify|create
 419          * @var    array    sql_ary            The SQL array to get custom bbcode data
 420          * @var    array    template_data    Array with form template data
 421          * @var    string    u_action        The u_action link
 422          * @since 3.1.0-a3
 423          */
 424          $vars = array('action', 'sql_ary', 'template_data', 'u_action');
 425          extract($phpbb_dispatcher->trigger_event('core.acp_bbcodes_display_form', compact($vars)));
 426  
 427          $result = $db->sql_query($db->sql_build_query('SELECT', $sql_ary));
 428  
 429          $template->assign_vars($template_data);
 430  
 431          while ($row = $db->sql_fetchrow($result))
 432          {
 433              $bbcodes_array = array(
 434                  'BBCODE_TAG'        => $row['bbcode_tag'],
 435                  'U_EDIT'            => $u_action . '&amp;action=edit&amp;bbcode=' . $row['bbcode_id'],
 436                  'U_DELETE'            => $u_action . '&amp;action=delete&amp;bbcode=' . $row['bbcode_id'],
 437              );
 438  
 439              /**
 440              *  Modify display of custom bbcodes in the form
 441              *
 442              * @event core.acp_bbcodes_display_bbcodes
 443              * @var    array    row                Array with current bbcode data
 444              * @var    array    bbcodes_array    Array of bbcodes template data
 445              * @var    string    u_action        The u_action link
 446              * @since 3.1.0-a3
 447              */
 448              $vars = array('bbcodes_array', 'row', 'u_action');
 449              extract($phpbb_dispatcher->trigger_event('core.acp_bbcodes_display_bbcodes', compact($vars)));
 450  
 451              $template->assign_block_vars('bbcodes', $bbcodes_array);
 452  
 453          }
 454          $db->sql_freeresult($result);
 455      }
 456  
 457      /*
 458      * Build regular expression for custom bbcode
 459      */
 460  	function build_regexp(&$bbcode_match, &$bbcode_tpl)
 461      {
 462          $bbcode_match = trim($bbcode_match);
 463          $bbcode_tag = preg_replace('/.*?\[([a-z0-9_-]+).*/i', '$1', $bbcode_match);
 464  
 465          if (!preg_match('/^[a-zA-Z0-9_-]+$/', $bbcode_tag))
 466          {
 467              global $user;
 468              trigger_error($user->lang['BBCODE_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
 469          }
 470  
 471          return array(
 472              'bbcode_tag'                => $bbcode_tag,
 473              'first_pass_match'            => '/(?!)/',
 474              'first_pass_replace'        => '',
 475              // Use a non-matching, valid regexp to effectively disable this BBCode
 476              'second_pass_match'            => '/(?!)/',
 477              'second_pass_replace'        => ''
 478          );
 479      }
 480  }


Generated: Tue Apr 7 19:44:41 2020 Cross-referenced by PHPXref 0.7.1