[ Index ]

PHP Cross Reference of phpBB-3.3.2-deutsch

title

Body

[close]

/includes/acp/ -> acp_bbcodes.php (source)

   1  <?php
   2  /**
   3  *
   4  * This file is part of the phpBB Forum Software package.
   5  *
   6  * @copyright (c) phpBB Limited <https://www.phpbb.com>
   7  * @license GNU General Public License, version 2 (GPL-2.0)
   8  *
   9  * For full copyright and license information, please see
  10  * the docs/CREDITS.txt file.
  11  *
  12  */
  13  
  14  /**
  15  * @ignore
  16  */
  17  if (!defined('IN_PHPBB'))
  18  {
  19      exit;
  20  }
  21  
  22  class acp_bbcodes
  23  {
  24      var $u_action;
  25  
  26  	function main($id, $mode)
  27      {
  28          global $db, $user, $template, $cache, $request, $phpbb_dispatcher, $phpbb_container;
  29          global $phpbb_log;
  30  
  31          $user->add_lang('acp/posting');
  32  
  33          // Set up general vars
  34          $action    = $request->variable('action', '');
  35          $bbcode_id = $request->variable('bbcode', 0);
  36  
  37          $this->tpl_name = 'acp_bbcodes';
  38          $this->page_title = 'ACP_BBCODES';
  39          $form_key = 'acp_bbcodes';
  40  
  41          add_form_key($form_key);
  42  
  43          // Set up mode-specific vars
  44          switch ($action)
  45          {
  46              case 'add':
  47                  $bbcode_match = $bbcode_tpl = $bbcode_helpline = '';
  48                  $display_on_posting = 0;
  49              break;
  50  
  51              case 'edit':
  52                  $sql = 'SELECT bbcode_match, bbcode_tpl, display_on_posting, bbcode_helpline
  53                      FROM ' . BBCODES_TABLE . '
  54                      WHERE bbcode_id = ' . $bbcode_id;
  55                  $result = $db->sql_query($sql);
  56                  $row = $db->sql_fetchrow($result);
  57                  $db->sql_freeresult($result);
  58  
  59                  if (!$row)
  60                  {
  61                      trigger_error($user->lang['BBCODE_NOT_EXIST'] . adm_back_link($this->u_action), E_USER_WARNING);
  62                  }
  63  
  64                  $bbcode_match = $row['bbcode_match'];
  65                  $bbcode_tpl = htmlspecialchars($row['bbcode_tpl']);
  66                  $display_on_posting = $row['display_on_posting'];
  67                  $bbcode_helpline = $row['bbcode_helpline'];
  68              break;
  69  
  70              case 'modify':
  71                  $sql = 'SELECT bbcode_id, bbcode_tag
  72                      FROM ' . BBCODES_TABLE . '
  73                      WHERE bbcode_id = ' . $bbcode_id;
  74                  $result = $db->sql_query($sql);
  75                  $row = $db->sql_fetchrow($result);
  76                  $db->sql_freeresult($result);
  77  
  78                  if (!$row)
  79                  {
  80                      trigger_error($user->lang['BBCODE_NOT_EXIST'] . adm_back_link($this->u_action), E_USER_WARNING);
  81                  }
  82  
  83              // No break here
  84  
  85              case 'create':
  86                  $display_on_posting = $request->variable('display_on_posting', 0);
  87  
  88                  $bbcode_match = $request->variable('bbcode_match', '');
  89                  $bbcode_tpl = htmlspecialchars_decode($request->variable('bbcode_tpl', '', true));
  90                  $bbcode_helpline = $request->variable('bbcode_helpline', '', true);
  91              break;
  92          }
  93  
  94          // Do major work
  95          switch ($action)
  96          {
  97              case 'edit':
  98              case 'add':
  99  
 100                  $tpl_ary = array(
 101                      'S_EDIT_BBCODE'        => true,
 102                      'U_BACK'            => $this->u_action,
 103                      'U_ACTION'            => $this->u_action . '&amp;action=' . (($action == 'add') ? 'create' : 'modify') . (($bbcode_id) ? "&amp;bbcode=$bbcode_id" : ''),
 104  
 105                      'L_BBCODE_USAGE_EXPLAIN'=> sprintf($user->lang['BBCODE_USAGE_EXPLAIN'], '<a href="#down">', '</a>'),
 106                      'BBCODE_MATCH'            => $bbcode_match,
 107                      'BBCODE_TPL'            => $bbcode_tpl,
 108                      'BBCODE_HELPLINE'        => $bbcode_helpline,
 109                      'DISPLAY_ON_POSTING'    => $display_on_posting,
 110                  );
 111  
 112                  $bbcode_tokens = array('TEXT', 'SIMPLETEXT', 'INTTEXT', 'IDENTIFIER', 'NUMBER', 'EMAIL', 'URL', 'LOCAL_URL', 'RELATIVE_URL', 'COLOR');
 113  
 114                  /**
 115                  * Modify custom bbcode template data before we display the add/edit form
 116                  *
 117                  * @event core.acp_bbcodes_edit_add
 118                  * @var    string    action            Type of the action: add|edit
 119                  * @var    array    tpl_ary            Array with custom bbcode add/edit data
 120                  * @var    int        bbcode_id        When editing: the bbcode id,
 121                  *                                when creating: 0
 122                  * @var    array    bbcode_tokens    Array of bbcode tokens
 123                  * @since 3.1.0-a3
 124                  */
 125                  $vars = array('action', 'tpl_ary', 'bbcode_id', 'bbcode_tokens');
 126                  extract($phpbb_dispatcher->trigger_event('core.acp_bbcodes_edit_add', compact($vars)));
 127  
 128                  $template->assign_vars($tpl_ary);
 129  
 130                  foreach ($bbcode_tokens as $token)
 131                  {
 132                      $template->assign_block_vars('token', array(
 133                          'TOKEN'        => '{' . $token . '}',
 134                          'EXPLAIN'    => ($token === 'LOCAL_URL') ? $user->lang(array('tokens', $token), generate_board_url() . '/') : $user->lang(array('tokens', $token)),
 135                      ));
 136                  }
 137  
 138                  return;
 139  
 140              break;
 141  
 142              case 'modify':
 143              case 'create':
 144  
 145                  $sql_ary = $hidden_fields = array();
 146  
 147                  /**
 148                  * Modify custom bbcode data before the modify/create action
 149                  *
 150                  * @event core.acp_bbcodes_modify_create
 151                  * @var    string    action                Type of the action: modify|create
 152                  * @var    array    sql_ary                Array with new bbcode data
 153                  * @var    int        bbcode_id            When editing: the bbcode id,
 154                  *                                    when creating: 0
 155                  * @var    bool    display_on_posting    Display bbcode on posting form
 156                  * @var    string    bbcode_match        The bbcode usage string to match
 157                  * @var    string    bbcode_tpl            The bbcode HTML replacement string
 158                  * @var    string    bbcode_helpline        The bbcode help line string
 159                  * @var    array    hidden_fields        Array of hidden fields for use when
 160                  *                                    submitting form when $warn_unsafe is true
 161                  * @since 3.1.0-a3
 162                  */
 163                  $vars = array(
 164                      'action',
 165                      'sql_ary',
 166                      'bbcode_id',
 167                      'display_on_posting',
 168                      'bbcode_match',
 169                      'bbcode_tpl',
 170                      'bbcode_helpline',
 171                      'hidden_fields',
 172                  );
 173                  extract($phpbb_dispatcher->trigger_event('core.acp_bbcodes_modify_create', compact($vars)));
 174  
 175                  $acp_utils   = $phpbb_container->get('text_formatter.acp_utils');
 176                  $bbcode_info = $acp_utils->analyse_bbcode($bbcode_match, $bbcode_tpl);
 177                  $warn_unsafe = ($bbcode_info['status'] === $acp_utils::BBCODE_STATUS_UNSAFE);
 178  
 179                  if ($bbcode_info['status'] === $acp_utils::BBCODE_STATUS_INVALID_TEMPLATE)
 180                  {
 181                      trigger_error($user->lang['BBCODE_INVALID_TEMPLATE'] . adm_back_link($this->u_action), E_USER_WARNING);
 182                  }
 183                  if ($bbcode_info['status'] === $acp_utils::BBCODE_STATUS_INVALID_DEFINITION)
 184                  {
 185                      trigger_error($user->lang['BBCODE_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
 186                  }
 187  
 188                  if (!$warn_unsafe && !check_form_key($form_key))
 189                  {
 190                      trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
 191                  }
 192  
 193                  if (!$warn_unsafe || confirm_box(true))
 194                  {
 195                      $data = $this->build_regexp($bbcode_match, $bbcode_tpl);
 196  
 197                      // Make sure the user didn't pick a "bad" name for the BBCode tag.
 198                      $hard_coded = array('code', 'quote', 'quote=', 'attachment', 'attachment=', 'b', 'i', 'url', 'url=', 'img', 'size', 'size=', 'color', 'color=', 'u', 'list', 'list=', 'email', 'email=', 'flash', 'flash=');
 199  
 200                      if (($action == 'modify' && strtolower($data['bbcode_tag']) !== strtolower($row['bbcode_tag'])) || ($action == 'create'))
 201                      {
 202                          $sql = 'SELECT 1 as test
 203                              FROM ' . BBCODES_TABLE . "
 204                              WHERE LOWER(bbcode_tag) = '" . $db->sql_escape(strtolower($data['bbcode_tag'])) . "'";
 205                          $result = $db->sql_query($sql);
 206                          $info = $db->sql_fetchrow($result);
 207                          $db->sql_freeresult($result);
 208  
 209                          // Grab the end, interrogate the last closing tag
 210                          if (isset($info['test']) && $info['test'] === '1'
 211                              || in_array(strtolower($data['bbcode_tag']), $hard_coded)
 212                              || (preg_match('#\[/([^[]*)]$#', $bbcode_match, $regs) && in_array(strtolower($regs[1]), $hard_coded))
 213                          )
 214                          {
 215                              trigger_error($user->lang['BBCODE_INVALID_TAG_NAME'] . adm_back_link($this->u_action), E_USER_WARNING);
 216                          }
 217                      }
 218  
 219                      if (substr($data['bbcode_tag'], -1) === '=')
 220                      {
 221                          $test = substr($data['bbcode_tag'], 0, -1);
 222                      }
 223                      else
 224                      {
 225                          $test = $data['bbcode_tag'];
 226                      }
 227  
 228                      if (strlen($data['bbcode_tag']) > 16)
 229                      {
 230                          trigger_error($user->lang['BBCODE_TAG_TOO_LONG'] . adm_back_link($this->u_action), E_USER_WARNING);
 231                      }
 232  
 233                      if (strlen($bbcode_match) > 4000)
 234                      {
 235                          trigger_error($user->lang['BBCODE_TAG_DEF_TOO_LONG'] . adm_back_link($this->u_action), E_USER_WARNING);
 236                      }
 237  
 238                      if (strlen($bbcode_helpline) > 255)
 239                      {
 240                          trigger_error($user->lang['BBCODE_HELPLINE_TOO_LONG'] . adm_back_link($this->u_action), E_USER_WARNING);
 241                      }
 242  
 243                      /**
 244                       * Replace Emojis and other 4bit UTF-8 chars not allowed by MySQL to UCR/NCR.
 245                       * Using their Numeric Character Reference's Hexadecimal notation.
 246                       */
 247                      $bbcode_helpline = utf8_encode_ucr($bbcode_helpline);
 248  
 249                      $sql_ary = array_merge($sql_ary, array(
 250                          'bbcode_tag'                => $data['bbcode_tag'],
 251                          'bbcode_match'                => $bbcode_match,
 252                          'bbcode_tpl'                => $bbcode_tpl,
 253                          'display_on_posting'        => $display_on_posting,
 254                          'bbcode_helpline'            => $bbcode_helpline,
 255                          'first_pass_match'            => $data['first_pass_match'],
 256                          'first_pass_replace'        => $data['first_pass_replace'],
 257                          'second_pass_match'            => $data['second_pass_match'],
 258                          'second_pass_replace'        => $data['second_pass_replace']
 259                      ));
 260  
 261                      if ($action == 'create')
 262                      {
 263                          $sql = 'SELECT MAX(bbcode_id) as max_bbcode_id
 264                              FROM ' . BBCODES_TABLE;
 265                          $result = $db->sql_query($sql);
 266                          $row = $db->sql_fetchrow($result);
 267                          $db->sql_freeresult($result);
 268  
 269                          if ($row)
 270                          {
 271                              $bbcode_id = (int) $row['max_bbcode_id'] + 1;
 272  
 273                              // Make sure it is greater than the core bbcode ids...
 274                              if ($bbcode_id <= NUM_CORE_BBCODES)
 275                              {
 276                                  $bbcode_id = NUM_CORE_BBCODES + 1;
 277                              }
 278                          }
 279                          else
 280                          {
 281                              $bbcode_id = NUM_CORE_BBCODES + 1;
 282                          }
 283  
 284                          if ($bbcode_id > BBCODE_LIMIT)
 285                          {
 286                              trigger_error($user->lang['TOO_MANY_BBCODES'] . adm_back_link($this->u_action), E_USER_WARNING);
 287                          }
 288  
 289                          $sql_ary['bbcode_id'] = (int) $bbcode_id;
 290  
 291                          $db->sql_query('INSERT INTO ' . BBCODES_TABLE . $db->sql_build_array('INSERT', $sql_ary));
 292                          $cache->destroy('sql', BBCODES_TABLE);
 293                          $phpbb_container->get('text_formatter.cache')->invalidate();
 294  
 295                          $lang = 'BBCODE_ADDED';
 296                          $log_action = 'LOG_BBCODE_ADD';
 297                      }
 298                      else
 299                      {
 300                          $sql = 'UPDATE ' . BBCODES_TABLE . '
 301                              SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
 302                              WHERE bbcode_id = ' . $bbcode_id;
 303                          $db->sql_query($sql);
 304                          $cache->destroy('sql', BBCODES_TABLE);
 305                          $phpbb_container->get('text_formatter.cache')->invalidate();
 306  
 307                          $lang = 'BBCODE_EDITED';
 308                          $log_action = 'LOG_BBCODE_EDIT';
 309                      }
 310  
 311                      $phpbb_log->add('admin', $user->data['user_id'], $user->ip, $log_action, false, array($data['bbcode_tag']));
 312  
 313                      /**
 314                      * Event after a BBCode has been added or updated
 315                      *
 316                      * @event core.acp_bbcodes_modify_create_after
 317                      * @var    string    action        Type of the action: modify|create
 318                      * @var    int        bbcode_id    The id of the added or updated bbcode
 319                      * @var    array    sql_ary        Array with bbcode data (read only)
 320                      * @since 3.2.4-RC1
 321                      */
 322                      $vars = array(
 323                          'action',
 324                          'bbcode_id',
 325                          'sql_ary',
 326                      );
 327                      extract($phpbb_dispatcher->trigger_event('core.acp_bbcodes_modify_create_after', compact($vars)));
 328  
 329                      trigger_error($user->lang[$lang] . adm_back_link($this->u_action));
 330                  }
 331                  else
 332                  {
 333                      confirm_box(false, $user->lang['BBCODE_DANGER'], build_hidden_fields(array_merge($hidden_fields, array(
 334                          'action'                => $action,
 335                          'bbcode'                => $bbcode_id,
 336                          'bbcode_match'            => $bbcode_match,
 337                          'bbcode_tpl'            => htmlspecialchars($bbcode_tpl),
 338                          'bbcode_helpline'        => $bbcode_helpline,
 339                          'display_on_posting'    => $display_on_posting,
 340                          )))
 341                      , 'confirm_bbcode.html');
 342                  }
 343  
 344              break;
 345  
 346              case 'delete':
 347  
 348                  $sql = 'SELECT bbcode_tag
 349                      FROM ' . BBCODES_TABLE . "
 350                      WHERE bbcode_id = $bbcode_id";
 351                  $result = $db->sql_query($sql);
 352                  $row = $db->sql_fetchrow($result);
 353                  $db->sql_freeresult($result);
 354  
 355                  if ($row)
 356                  {
 357                      if (confirm_box(true))
 358                      {
 359                          $bbcode_tag = $row['bbcode_tag'];
 360  
 361                          $db->sql_query('DELETE FROM ' . BBCODES_TABLE . " WHERE bbcode_id = $bbcode_id");
 362                          $cache->destroy('sql', BBCODES_TABLE);
 363                          $phpbb_container->get('text_formatter.cache')->invalidate();
 364                          $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_BBCODE_DELETE', false, array($bbcode_tag));
 365  
 366                          /**
 367                          * Event after a BBCode has been deleted
 368                          *
 369                          * @event core.acp_bbcodes_delete_after
 370                          * @var    string    action        Type of the action: delete
 371                          * @var    int        bbcode_id    The id of the deleted bbcode
 372                          * @var    string    bbcode_tag    The tag of the deleted bbcode
 373                          * @since 3.2.4-RC1
 374                          */
 375                          $vars = array(
 376                              'action',
 377                              'bbcode_id',
 378                              'bbcode_tag',
 379                          );
 380                          extract($phpbb_dispatcher->trigger_event('core.acp_bbcodes_delete_after', compact($vars)));
 381  
 382                          if ($request->is_ajax())
 383                          {
 384                              $json_response = new \phpbb\json_response;
 385                              $json_response->send(array(
 386                                  'MESSAGE_TITLE'    => $user->lang['INFORMATION'],
 387                                  'MESSAGE_TEXT'    => $user->lang['BBCODE_DELETED'],
 388                                  'REFRESH_DATA'    => array(
 389                                      'time'    => 3
 390                                  )
 391                              ));
 392                          }
 393                      }
 394                      else
 395                      {
 396                          confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array(
 397                              'bbcode'    => $bbcode_id,
 398                              'i'            => $id,
 399                              'mode'        => $mode,
 400                              'action'    => $action))
 401                          );
 402                      }
 403                  }
 404  
 405              break;
 406          }
 407  
 408          $u_action = $this->u_action;
 409  
 410          $template_data = array(
 411              'U_ACTION'        => $this->u_action . '&amp;action=add',
 412          );
 413  
 414          $sql_ary = array(
 415              'SELECT'    => 'b.*',
 416              'FROM'        => array(BBCODES_TABLE => 'b'),
 417              'ORDER_BY'    => 'b.bbcode_tag',
 418          );
 419  
 420          /**
 421          *  Modify custom bbcode template data before we display the form
 422          *
 423          * @event core.acp_bbcodes_display_form
 424          * @var    string    action            Type of the action: modify|create
 425          * @var    array    sql_ary            The SQL array to get custom bbcode data
 426          * @var    array    template_data    Array with form template data
 427          * @var    string    u_action        The u_action link
 428          * @since 3.1.0-a3
 429          */
 430          $vars = array('action', 'sql_ary', 'template_data', 'u_action');
 431          extract($phpbb_dispatcher->trigger_event('core.acp_bbcodes_display_form', compact($vars)));
 432  
 433          $result = $db->sql_query($db->sql_build_query('SELECT', $sql_ary));
 434  
 435          $template->assign_vars($template_data);
 436  
 437          while ($row = $db->sql_fetchrow($result))
 438          {
 439              $bbcodes_array = array(
 440                  'BBCODE_TAG'        => $row['bbcode_tag'],
 441                  'U_EDIT'            => $u_action . '&amp;action=edit&amp;bbcode=' . $row['bbcode_id'],
 442                  'U_DELETE'            => $u_action . '&amp;action=delete&amp;bbcode=' . $row['bbcode_id'],
 443              );
 444  
 445              /**
 446              *  Modify display of custom bbcodes in the form
 447              *
 448              * @event core.acp_bbcodes_display_bbcodes
 449              * @var    array    row                Array with current bbcode data
 450              * @var    array    bbcodes_array    Array of bbcodes template data
 451              * @var    string    u_action        The u_action link
 452              * @since 3.1.0-a3
 453              */
 454              $vars = array('bbcodes_array', 'row', 'u_action');
 455              extract($phpbb_dispatcher->trigger_event('core.acp_bbcodes_display_bbcodes', compact($vars)));
 456  
 457              $template->assign_block_vars('bbcodes', $bbcodes_array);
 458  
 459          }
 460          $db->sql_freeresult($result);
 461      }
 462  
 463      /*
 464      * Build regular expression for custom bbcode
 465      */
 466  	function build_regexp(&$bbcode_match, &$bbcode_tpl)
 467      {
 468          $bbcode_match = trim($bbcode_match);
 469          $bbcode_tag = preg_replace('/.*?\[([a-z0-9_-]+).*/i', '$1', $bbcode_match);
 470  
 471          if (!preg_match('/^[a-zA-Z0-9_-]+$/', $bbcode_tag))
 472          {
 473              global $user;
 474              trigger_error($user->lang['BBCODE_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
 475          }
 476  
 477          return array(
 478              'bbcode_tag'                => $bbcode_tag,
 479              'first_pass_match'            => '/(?!)/',
 480              'first_pass_replace'        => '',
 481              // Use a non-matching, valid regexp to effectively disable this BBCode
 482              'second_pass_match'            => '/(?!)/',
 483              'second_pass_replace'        => ''
 484          );
 485      }
 486  }


Generated: Wed Nov 11 20:28:18 2020 Cross-referenced by PHPXref 0.7.1