onokazu
onoka****@users*****
2006年 2月 5日 (日) 14:19:52 JST
Index: xoops2jp/html/class/module.textsanitizer.php diff -u xoops2jp/html/class/module.textsanitizer.php:1.6 xoops2jp/html/class/module.textsanitizer.php:1.6.2.1 --- xoops2jp/html/class/module.textsanitizer.php:1.6 Mon Oct 24 20:44:16 2005 +++ xoops2jp/html/class/module.textsanitizer.php Sun Feb 5 14:19:52 2006 @@ -1,602 +1,608 @@ -<?php -// $Id: module.textsanitizer.php,v 1.6 2005/10/24 11:44:16 onokazu Exp $ -// ------------------------------------------------------------------------ // -// XOOPS - PHP Content Management System // -// Copyright (c) 2000 XOOPS.org // -// <http://www.xoops.org/> // -// ------------------------------------------------------------------------ // -// This program is free software; you can redistribute it and/or modify // -// it under the terms of the GNU General Public License as published by // -// the Free Software Foundation; either version 2 of the License, or // -// (at your option) any later version. // -// // -// You may not change or alter any portion of this comment or credits // -// of supporting developers from this source code or any supporting // -// source code which is considered copyrighted (c) material of the // -// original comment or credit authors. // -// // -// This program is distributed in the hope that it will be useful, // -// but WITHOUT ANY WARRANTY; without even the implied warranty of // -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // -// GNU General Public License for more details. // -// // -// You should have received a copy of the GNU General Public License // -// along with this program; if not, write to the Free Software // -// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA // -// ------------------------------------------------------------------------ // -// Author: Kazumi Ono (http://www.myweb.ne.jp/, http://jp.xoops.org/) // -// Goghs Cheng (http://www.eqiao.com, http://www.devbeez.com/) // -// Project: The XOOPS Project (http://www.xoops.org/) // -// ------------------------------------------------------------------------- // - -/** - * Class to "clean up" text for various uses - * - * <b>Singleton</b> - * - * @package kernel - * @subpackage core - * - * @author Kazumi Ono <onoka****@xoops*****> - * @author Goghs Cheng - * @copyright (c) 2000-2003 The Xoops Project - www.xoops.org - */ -class MyTextSanitizer -{ - /** - * @var array - */ - var $smileys = array(); - - /** - * - */ - var $censorConf; - - /* - * Constructor of this class - * - * Gets allowed html tags from admin config settings - * <br> should not be allowed since nl2br will be used - * when storing data. - * - * @access private - * - * @todo Sofar, this does nuttin' ;-) - */ - function MyTextSanitizer() - { - - } - - /** - * Access the only instance of this class - * - * @return object - * - * @static - * @staticvar object - */ - function &getInstance() - { - static $instance; - if (!isset($instance)) { - $instance = new MyTextSanitizer(); - } - return $instance; - } - - /** - * Get the smileys - * - * @return array - */ - function getSmileys() - { - return $this->smileys; - } - - /** - * Replace emoticons in the message with smiley images - * - * @param string $message - * - * @return string - */ - function &smiley($message) - { - $db =& Database::getInstance(); - if (count($this->smileys) == 0) { - if ($getsmiles = $db->query("SELECT * FROM ".$db->prefix("smiles"))){ - while ($smiles = $db->fetchArray($getsmiles)) { - $message =& str_replace($smiles['code'], '<img src="'.XOOPS_UPLOAD_URL.'/'.htmlspecialchars($smiles['smile_url']).'" alt="" />', $message); - array_push($this->smileys, $smiles); - } - } - } - elseif (is_array($this->smileys)) { - foreach ($this->smileys as $smile) { - $message =& str_replace($smile['code'], '<img src="'.XOOPS_UPLOAD_URL.'/'.htmlspecialchars($smile['smile_url']).'" alt="" />', $message); - } - } - return $message; - } - - /** - * Make links in the text clickable - * - * @param string $text - * @return string - **/ - function &makeClickable(&$text) - { - $patterns = array("/(^|[^]_a-z0-9-=\"'\/])([a-z]+?):\/\/([^, \r\n\"\(\)'<>]+)/i", "/(^|[^]_a-z0-9-=\"'\/])www\.([a-z0-9\-]+)\.([^, \r\n\"\(\)'<>]+)/i", "/(^|[^]_a-z0-9-=\"'\/])ftp\.([a-z0-9\-]+)\.([^, \r\n\"\(\)'<>]+)/i", "/(^|[^]_a-z0-9-=\"'\/:\.])([a-z0-9\-_\.]+?)@([^, \r\n\"\(\)'<>\[\]]+)/i"); - $replacements = array("\\1<a href=\"\\2://\\3\" target=\"_blank\">\\2://\\3</a>", "\\1<a href=\"http://www.\\2.\\3\" target=\"_blank\">www.\\2.\\3</a>", "\\1<a href=\"ftp://ftp.\\2.\\3\" target=\"_blank\">ftp.\\2.\\3</a>", "\\1<a href=\"mailto:\\2@\\3\">\\2@\\3</a>"); - return preg_replace($patterns, $replacements, $text); - } - - /** - * Replace XoopsCodes with their equivalent HTML formatting - * - * @param string $text - * @param bool $allowimage Allow images in the text? - * On FALSE, uses links to images. - * @return string - **/ - function &xoopsCodeDecode(&$text, $allowimage = 1) - { - $imgCallbackPattern = "/\[img( align=\w+)]([^\"\(\)\?\&'<>]*)\[\/img\]/sU"; - $text = preg_replace_callback($imgCallbackPattern, array($this, '_filterImgUrl'), $text); - - $patterns = array(); - $replacements = array(); - // RMV: added new markup for intrasite url (allows easier site moves) - // TODO: automatically convert other URLs to this format if XOOPS_URL matches?? - $patterns[] = "/\[siteurl=(['\"]?)([^\"'<>]*)\\1](.*)\[\/siteurl\]/sU"; - $replacements[] = '<a href="'.XOOPS_URL.'/\\2" target="_blank">\\3</a>'; - $patterns[] = "/\[url=(['\"]?)(http[s]?:\/\/[^\"'<>]*)\\1](.*)\[\/url\]/sU"; - $replacements[] = '<a href="\\2" target="_blank">\\3</a>'; - $patterns[] = "/\[url=(['\"]?)(ftp?:\/\/[^\"'<>]*)\\1](.*)\[\/url\]/sU"; - $replacements[] = '<a href="\\2" target="_blank">\\3</a>'; - $patterns[] = "/\[url=(['\"]?)([^\"'<>]*)\\1](.*)\[\/url\]/sU"; - $replacements[] = '<a href="http://\\2" target="_blank">\\3</a>'; - $patterns[] = "/\[color=(['\"]?)([a-zA-Z0-9]*)\\1](.*)\[\/color\]/sU"; - $replacements[] = '<span style="color: #\\2;">\\3</span>'; - $patterns[] = "/\[size=(['\"]?)([a-z0-9-]*)\\1](.*)\[\/size\]/sU"; - $replacements[] = '<span style="font-size: \\2;">\\3</span>'; - $patterns[] = "/\[font=(['\"]?)([^;<>\*\(\)\"']*)\\1](.*)\[\/font\]/sU"; - $replacements[] = '<span style="font-family: \\2;">\\3</span>'; - $patterns[] = "/\[email]([^;<>\*\(\)\"']*)\[\/email\]/sU"; - $replacements[] = '<a href="mailto:\\1">\\1</a>'; - $patterns[] = "/\[b](.*)\[\/b\]/sU"; - $replacements[] = '<b>\\1</b>'; - $patterns[] = "/\[i](.*)\[\/i\]/sU"; - $replacements[] = '<i>\\1</i>'; - $patterns[] = "/\[u](.*)\[\/u\]/sU"; - $replacements[] = '<u>\\1</u>'; - $patterns[] = "/\[d](.*)\[\/d\]/sU"; - $replacements[] = '<del>\\1</del>'; - //$patterns[] = "/\[li](.*)\[\/li\]/sU"; - //$replacements[] = '<li>\\1</li>'; - $patterns[] = "/\[img align=(['\"]?)(left|center|right)\\1]([^\"\(\)\?\&'<>]*)\[\/img\]/sU"; - $patterns[] = "/\[img]([^\"\(\)\?\&'<>]*)\[\/img\]/sU"; - $patterns[] = "/\[img align=(['\"]?)(left|center|right)\\1 id=(['\"]?)([0-9]*)\\3]([^\"\(\)\?\&'<>]*)\[\/img\]/sU"; - $patterns[] = "/\[img id=(['\"]?)([0-9]*)\\1]([^\"\(\)\?\&'<>]*)\[\/img\]/sU"; - if ($allowimage != 1) { - $replacements[] = '<a href="\\3" target="_blank">\\3</a>'; - $replacements[] = '<a href="\\1" target="_blank">\\1</a>'; - $replacements[] = '<a href="'.XOOPS_URL.'/image.php?id=\\4" target="_blank">\\5</a>'; - $replacements[] = '<a href="'.XOOPS_URL.'/image.php?id=\\2" target="_blank">\\3</a>'; - } else { - $replacements[] = '<img src="\\3" align="\\2" alt="" />'; - $replacements[] = '<img src="\\1" alt="" />'; - $replacements[] = '<img src="'.XOOPS_URL.'/image.php?id=\\4" align="\\2" alt="\\5" />'; - $replacements[] = '<img src="'.XOOPS_URL.'/image.php?id=\\2" alt="\\3" />'; - } - $patterns[] = "/\[quote]/sU"; - $replacements[] = _QUOTEC.'<div class="xoopsQuote"><blockquote>'; - //$replacements[] = 'Quote: <div class="xoopsQuote"><blockquote>'; - $patterns[] = "/\[\/quote]/sU"; - $replacements[] = '</blockquote></div>'; - $patterns[] = "/javascript:/si"; - $replacements[] = "java script:"; - $patterns[] = "/about:/si"; - $replacements[] = "about :"; - return preg_replace($patterns, $replacements, $text); - } - - /** - * Filters out invalid strings included in URL, if any - * - * @param array $matches - * @return string - */ - function _filterImgUrl($matches) - { - if ($this->checkUrlString($matches[2])) { - return $matches[0]; - } else { - return ""; - } - } - - /** - * Checks if invalid strings are included in URL - * - * @param string $text - * @return bool - */ - function checkUrlString($text) - { - // Check control code - if (preg_match("/[\\0-\\31]/", $text)) { - return false; - } - // check black pattern(deprecated) - return !preg_match("/^(javascript|vbscript|about):/i", $text); - } - - /** - * Convert linebreaks to <br /> tags - * - * @param string $text - * - * @return string - */ - function &nl2Br($text) - { - return preg_replace("/(\015\012)|(\015)|(\012)/","<br />",$text); - } - - /** - * Add slashes to the text if magic_quotes_gpc is turned off. - * - * @param string $text - * @return string - **/ - function &addSlashes($text) - { - if (!get_magic_quotes_gpc()) { - $text =& addslashes($text); - } - return $text; - } - /* - * if magic_quotes_gpc is on, stirip back slashes - * - * @param string $text - * - * @return string - */ - function &stripSlashesGPC($text) - { - if (get_magic_quotes_gpc()) { - $text =& stripslashes($text); - } - return $text; - } - - /* - * for displaying data in html textbox forms - * - * @param string $text - * - * @return string - */ - function &htmlSpecialChars($text) - { - //return preg_replace("/&/i", '&', htmlspecialchars($text, ENT_QUOTES)); - return preg_replace(array("/&/i", "/ /i"), array('&', '&nbsp;'), htmlspecialchars($text, ENT_QUOTES)); - } - - /** - * Reverses {@link htmlSpecialChars()} - * - * @param string $text - * @return string - **/ - function &undoHtmlSpecialChars(&$text) - { - return preg_replace(array("/>/i", "/</i", "/"/i", "/'/i"), array(">", "<", "\"", "'"), $text); - } - - /** - * Filters textarea form data in DB for display - * - * @param string $text - * @param bool $html allow html? - * @param bool $smiley allow smileys? - * @param bool $xcode allow xoopscode? - * @param bool $image allow inline images? - * @param bool $br convert linebreaks? - * @return string - **/ - function &displayTarea(&$text, $html = 0, $smiley = 1, $xcode = 1, $image = 1, $br = 1) - { - if ($html != 1) { - // html not allowed - $text =& $this->htmlSpecialChars($text); - } - $text =& $this->codePreConv($text, $xcode); // Ryuji_edit(2003-11-18) - $text =& $this->makeClickable($text); - if ($smiley != 0) { - // process smiley - $text =& $this->smiley($text); - } - if ($xcode != 0) { - // decode xcode - if ($image != 0) { - // image allowed - $text =& $this->xoopsCodeDecode($text); - } else { - // image not allowed - $text =& $this->xoopsCodeDecode($text, 0); - } - } - if ($br != 0) { - $text =& $this->nl2Br($text); - } - $text =& $this->codeConv($text, $xcode, $image); // Ryuji_edit(2003-11-18) - return $text; - } - - /** - * Filters textarea form data submitted for preview - * - * @param string $text - * @param bool $html allow html? - * @param bool $smiley allow smileys? - * @param bool $xcode allow xoopscode? - * @param bool $image allow inline images? - * @param bool $br convert linebreaks? - * @return string - **/ - function &previewTarea(&$text, $html = 0, $smiley = 1, $xcode = 1, $image = 1, $br = 1) - { - $text =& $this->stripSlashesGPC($text); - if ($html != 1) { - // html not allowed - $text =& $this->htmlSpecialChars($text); - } - $text =& $this->codePreConv($text, $xcode); // Ryuji_edit(2003-11-18) - $text =& $this->makeClickable($text); - if ($smiley != 0) { - // process smiley - $text =& $this->smiley($text); - } - if ($xcode != 0) { - // decode xcode - if ($image != 0) { - // image allowed - $text =& $this->xoopsCodeDecode($text); - } else { - // image not allowed - $text =& $this->xoopsCodeDecode($text, 0); - } - } - if ($br != 0) { - $text =& $this->nl2Br($text); - } - $text =& $this->codeConv($text, $xcode, $image); // Ryuji_edit(2003-11-18) - return $text; - } - - /** - * Replaces banned words in a string with their replacements - * - * @param string $text - * @return string - * - * @deprecated - **/ - function &censorString(&$text) - { - if (!isset($this->censorConf)) { - $config_handler =& xoops_gethandler('config'); - $this->censorConf =& $config_handler->getConfigsByCat(XOOPS_CONF_CENSOR); - } - if ($this->censorConf['censor_enable'] == 1) { - $replacement = $this->censorConf['censor_replace']; - foreach ($this->censorConf['censor_words'] as $bad) { - if ( !empty($bad) ) { - $bad = quotemeta($bad); - $patterns[] = "/(\s)".$bad."/siU"; - $replacements[] = "\\1".$replacement; - $patterns[] = "/^".$bad."/siU"; - $replacements[] = $replacement; - $patterns[] = "/(\n)".$bad."/siU"; - $replacements[] = "\\1".$replacement; - $patterns[] = "/]".$bad."/siU"; - $replacements[] = "]".$replacement; - $text = preg_replace($patterns, $replacements, $text); - } - } - } - return $text; - } - - - /**#@+ - * Sanitizing of [code] tag - */ - function codePreConv($text, $xcode = 1) { - if($xcode != 0){ - $patterns = "/\[code](.*)\[\/code\]/esU"; - $replacements = "'[code]'.base64_encode('$1').'[/code]'"; - $text = preg_replace($patterns, $replacements, $text); - } - return $text; - } - - function codeConv($text, $xcode = 1, $image = 1){ - if($xcode != 0){ - $patterns = "/\[code](.*)\[\/code\]/esU"; - if ($image != 0) { - // image allowed - $replacements = "'<div class=\"xoopsCode\"><pre><code>'.MyTextSanitizer::codeSanitizer('$1').'</code></pre></div>'"; - //$text =& $this->xoopsCodeDecode($text); - } else { - // image not allowed - $replacements = "'<div class=\"xoopsCode\"><pre><code>'.MyTextSanitizer::codeSanitizer('$1', 0).'</code></pre></div>'"; - //$text =& $this->xoopsCodeDecode($text, 0); - } - $text = preg_replace($patterns, $replacements, $text); - } - return $text; - } - - function codeSanitizer($str, $image = 1){ - if($image != 0){ - $str = $this->xoopsCodeDecode( - $this->htmlSpecialChars(str_replace('\"', '"', base64_decode($str))) - ); - }else{ - $str = $this->xoopsCodeDecode( - $this->htmlSpecialChars(str_replace('\"', '"', base64_decode($str))),0 - ); - } - return $str; - } - - - /**#@-*/ - - -##################### Deprecated Methods ###################### - - /**#@+ - * @deprecated - */ - function sanitizeForDisplay($text, $allowhtml = 0, $smiley = 1, $bbcode = 1) - { - if ( $allowhtml == 0 ) { - $text = $this->htmlSpecialChars($text); - } else { - //$config =& $GLOBALS['xoopsConfig']; - //$allowed = $config['allowed_html']; - //$text = strip_tags($text, $allowed); - $text = $this->makeClickable($text); - } - if ( $smiley == 1 ) { - $text = $this->smiley($text); - } - if ( $bbcode == 1 ) { - $text = $this->xoopsCodeDecode($text); - } - $text = $this->nl2Br($text); - return $text; - } - - function sanitizeForPreview($text, $allowhtml = 0, $smiley = 1, $bbcode = 1) - { - $text = $this->oopsStripSlashesGPC($text); - if ( $allowhtml == 0 ) { - $text = $this->htmlSpecialChars($text); - } else { - //$config =& $GLOBALS['xoopsConfig']; - //$allowed = $config['allowed_html']; - //$text = strip_tags($text, $allowed); - $text = $this->makeClickable($text); - } - if ( $smiley == 1 ) { - $text = $this->smiley($text); - } - if ( $bbcode == 1 ) { - $text = $this->xoopsCodeDecode($text); - } - $text = $this->nl2Br($text); - return $text; - } - - function makeTboxData4Save($text) - { - //$text = $this->undoHtmlSpecialChars($text); - return $this->addSlashes($text); - } - - function makeTboxData4Show($text, $smiley=0) - { - $text = $this->htmlSpecialChars($text); - return $text; - } - - function makeTboxData4Edit($text) - { - return $this->htmlSpecialChars($text); - } - - function makeTboxData4Preview($text, $smiley=0) - { - $text = $this->stripSlashesGPC($text); - $text = $this->htmlSpecialChars($text); - return $text; - } - - function makeTboxData4PreviewInForm($text) - { - $text = $this->stripSlashesGPC($text); - return $this->htmlSpecialChars($text); - } - - function makeTareaData4Save($text) - { - return $this->addSlashes($text); - } - - function &makeTareaData4Show(&$text, $html=1, $smiley=1, $xcode=1) - { - return $this->displayTarea($text, $html, $smiley, $xcode); - } - - function makeTareaData4Edit($text) - { - return $this->htmlSpecialChars($text); - } - - function &makeTareaData4Preview(&$text, $html=1, $smiley=1, $xcode=1) - { - return $this->previewTarea($text, $html, $smiley, $xcode); - } - - function makeTareaData4PreviewInForm($text) - { - //if magic_quotes_gpc is on, do stipslashes - $text = $this->stripSlashesGPC($text); - return $this->htmlSpecialChars($text); - } - - function makeTareaData4InsideQuotes($text) - { - return $this->htmlSpecialChars($text); - } - - function &oopsStripSlashesGPC($text) - { - return $this->stripSlashesGPC($text); - } - - function &oopsStripSlashesRT($text) - { - if (get_magic_quotes_runtime()) { - $text =& stripslashes($text); - } - return $text; - } - - function &oopsAddSlashes($text) - { - return $this->addSlashes($text); - } - - function &oopsHtmlSpecialChars($text) - { - return $this->htmlSpecialChars($text); - } - - function &oopsNl2Br($text) - { - return $this->nl2br($text); - } - /**#@-*/ -} +<?php +// $Id: module.textsanitizer.php,v 1.6.2.1 2006/02/05 05:19:52 onokazu Exp $ +// ------------------------------------------------------------------------ // +// XOOPS - PHP Content Management System // +// Copyright (c) 2000 XOOPS.org // +// <http://www.xoops.org/> // +// ------------------------------------------------------------------------ // +// This program is free software; you can redistribute it and/or modify // +// it under the terms of the GNU General Public License as published by // +// the Free Software Foundation; either version 2 of the License, or // +// (at your option) any later version. // +// // +// You may not change or alter any portion of this comment or credits // +// of supporting developers from this source code or any supporting // +// source code which is considered copyrighted (c) material of the // +// original comment or credit authors. // +// // +// This program is distributed in the hope that it will be useful, // +// but WITHOUT ANY WARRANTY; without even the implied warranty of // +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // +// GNU General Public License for more details. // +// // +// You should have received a copy of the GNU General Public License // +// along with this program; if not, write to the Free Software // +// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA // +// ------------------------------------------------------------------------ // +// Author: Kazumi Ono (http://www.myweb.ne.jp/, http://jp.xoops.org/) // +// Goghs Cheng (http://www.eqiao.com, http://www.devbeez.com/) // +// Project: The XOOPS Project (http://www.xoops.org/) // +// ------------------------------------------------------------------------- // + +/** + * Class to "clean up" text for various uses + * + * <b>Singleton</b> + * + * @package kernel + * @subpackage core + * + * @author Kazumi Ono <onoka****@xoops*****> + * @author Goghs Cheng + * @copyright (c) 2000-2003 The Xoops Project - www.xoops.org + */ +class MyTextSanitizer +{ + /** + * @var array + */ + var $smileys = array(); + + /** + * + */ + var $censorConf; + + /* + * Constructor of this class + * + * Gets allowed html tags from admin config settings + * <br> should not be allowed since nl2br will be used + * when storing data. + * + * @access private + * + * @todo Sofar, this does nuttin' ;-) + */ + function MyTextSanitizer() + { + + } + + /** + * Access the only instance of this class + * + * @return object + * + * @static + * @staticvar object + */ + function &getInstance() + { + static $instance; + if (!isset($instance)) { + $instance = new MyTextSanitizer(); + } + return $instance; + } + + /** + * Get the smileys + * + * @return array + */ + function getSmileys() + { + return $this->smileys; + } + + /** + * Replace emoticons in the message with smiley images + * + * @param string $message + * + * @return string + */ + function &smiley($message) + { + $db =& Database::getInstance(); + if (count($this->smileys) == 0) { + if ($getsmiles = $db->query("SELECT * FROM ".$db->prefix("smiles"))){ + while ($smiles = $db->fetchArray($getsmiles)) { + $message = str_replace($smiles['code'], '<img src="'.XOOPS_UPLOAD_URL.'/'.htmlspecialchars($smiles['smile_url']).'" alt="" />', $message); + array_push($this->smileys, $smiles); + } + } + } + elseif (is_array($this->smileys)) { + foreach ($this->smileys as $smile) { + $message = str_replace($smile['code'], '<img src="'.XOOPS_UPLOAD_URL.'/'.htmlspecialchars($smile['smile_url']).'" alt="" />', $message); + } + } + return $message; + } + + /** + * Make links in the text clickable + * + * @param string $text + * @return string + **/ + function &makeClickable(&$text) + { + $patterns = array("/(^|[^]_a-z0-9-=\"'\/])([a-z]+?):\/\/([^, \r\n\"\(\)'<>]+)/i", "/(^|[^]_a-z0-9-=\"'\/])www\.([a-z0-9\-]+)\.([^, \r\n\"\(\)'<>]+)/i", "/(^|[^]_a-z0-9-=\"'\/])ftp\.([a-z0-9\-]+)\.([^, \r\n\"\(\)'<>]+)/i", "/(^|[^]_a-z0-9-=\"'\/:\.])([a-z0-9\-_\.]+?)@([^, \r\n\"\(\)'<>\[\]]+)/i"); + $replacements = array("\\1<a href=\"\\2://\\3\" target=\"_blank\">\\2://\\3</a>", "\\1<a href=\"http://www.\\2.\\3\" target=\"_blank\">www.\\2.\\3</a>", "\\1<a href=\"ftp://ftp.\\2.\\3\" target=\"_blank\">ftp.\\2.\\3</a>", "\\1<a href=\"mailto:\\2@\\3\">\\2@\\3</a>"); + $ret = preg_replace($patterns, $replacements, $text); + return $ret; + } + + /** + * Replace XoopsCodes with their equivalent HTML formatting + * + * @param string $text + * @param bool $allowimage Allow images in the text? + * On FALSE, uses links to images. + * @return string + **/ + function &xoopsCodeDecode(&$text, $allowimage = 1) + { + $imgCallbackPattern = "/\[img( align=\w+)]([^\"\(\)\?\&'<>]*)\[\/img\]/sU"; + $text = preg_replace_callback($imgCallbackPattern, array($this, '_filterImgUrl'), $text); + + $patterns = array(); + $replacements = array(); + // RMV: added new markup for intrasite url (allows easier site moves) + // TODO: automatically convert other URLs to this format if XOOPS_URL matches?? + $patterns[] = "/\[siteurl=(['\"]?)([^\"'<>]*)\\1](.*)\[\/siteurl\]/sU"; + $replacements[] = '<a href="'.XOOPS_URL.'/\\2" target="_blank">\\3</a>'; + $patterns[] = "/\[url=(['\"]?)(http[s]?:\/\/[^\"'<>]*)\\1](.*)\[\/url\]/sU"; + $replacements[] = '<a href="\\2" target="_blank">\\3</a>'; + $patterns[] = "/\[url=(['\"]?)(ftp?:\/\/[^\"'<>]*)\\1](.*)\[\/url\]/sU"; + $replacements[] = '<a href="\\2" target="_blank">\\3</a>'; + $patterns[] = "/\[url=(['\"]?)([^\"'<>]*)\\1](.*)\[\/url\]/sU"; + $replacements[] = '<a href="http://\\2" target="_blank">\\3</a>'; + $patterns[] = "/\[color=(['\"]?)([a-zA-Z0-9]*)\\1](.*)\[\/color\]/sU"; + $replacements[] = '<span style="color: #\\2;">\\3</span>'; + $patterns[] = "/\[size=(['\"]?)([a-z0-9-]*)\\1](.*)\[\/size\]/sU"; + $replacements[] = '<span style="font-size: \\2;">\\3</span>'; + $patterns[] = "/\[font=(['\"]?)([^;<>\*\(\)\"']*)\\1](.*)\[\/font\]/sU"; + $replacements[] = '<span style="font-family: \\2;">\\3</span>'; + $patterns[] = "/\[email]([^;<>\*\(\)\"']*)\[\/email\]/sU"; + $replacements[] = '<a href="mailto:\\1">\\1</a>'; + $patterns[] = "/\[b](.*)\[\/b\]/sU"; + $replacements[] = '<b>\\1</b>'; + $patterns[] = "/\[i](.*)\[\/i\]/sU"; + $replacements[] = '<i>\\1</i>'; + $patterns[] = "/\[u](.*)\[\/u\]/sU"; + $replacements[] = '<u>\\1</u>'; + $patterns[] = "/\[d](.*)\[\/d\]/sU"; + $replacements[] = '<del>\\1</del>'; + //$patterns[] = "/\[li](.*)\[\/li\]/sU"; + //$replacements[] = '<li>\\1</li>'; + $patterns[] = "/\[img align=(['\"]?)(left|center|right)\\1]([^\"\(\)\?\&'<>]*)\[\/img\]/sU"; + $patterns[] = "/\[img]([^\"\(\)\?\&'<>]*)\[\/img\]/sU"; + $patterns[] = "/\[img align=(['\"]?)(left|center|right)\\1 id=(['\"]?)([0-9]*)\\3]([^\"\(\)\?\&'<>]*)\[\/img\]/sU"; + $patterns[] = "/\[img id=(['\"]?)([0-9]*)\\1]([^\"\(\)\?\&'<>]*)\[\/img\]/sU"; + if ($allowimage != 1) { + $replacements[] = '<a href="\\3" target="_blank">\\3</a>'; + $replacements[] = '<a href="\\1" target="_blank">\\1</a>'; + $replacements[] = '<a href="'.XOOPS_URL.'/image.php?id=\\4" target="_blank">\\5</a>'; + $replacements[] = '<a href="'.XOOPS_URL.'/image.php?id=\\2" target="_blank">\\3</a>'; + } else { + $replacements[] = '<img src="\\3" align="\\2" alt="" />'; + $replacements[] = '<img src="\\1" alt="" />'; + $replacements[] = '<img src="'.XOOPS_URL.'/image.php?id=\\4" align="\\2" alt="\\5" />'; + $replacements[] = '<img src="'.XOOPS_URL.'/image.php?id=\\2" alt="\\3" />'; + } + $patterns[] = "/\[quote]/sU"; + $replacements[] = _QUOTEC.'<div class="xoopsQuote"><blockquote>'; + //$replacements[] = 'Quote: <div class="xoopsQuote"><blockquote>'; + $patterns[] = "/\[\/quote]/sU"; + $replacements[] = '</blockquote></div>'; + $patterns[] = "/javascript:/si"; + $replacements[] = "java script:"; + $patterns[] = "/about:/si"; + $replacements[] = "about :"; + $ret = preg_replace($patterns, $replacements, $text); + return $ret; + } + + /** + * Filters out invalid strings included in URL, if any + * + * @param array $matches + * @return string + */ + function _filterImgUrl($matches) + { + if ($this->checkUrlString($matches[2])) { + return $matches[0]; + } else { + return ""; + } + } + + /** + * Checks if invalid strings are included in URL + * + * @param string $text + * @return bool + */ + function checkUrlString($text) + { + // Check control code + if (preg_match("/[\\0-\\31]/", $text)) { + return false; + } + // check black pattern(deprecated) + return !preg_match("/^(javascript|vbscript|about):/i", $text); + } + + /** + * Convert linebreaks to <br /> tags + * + * @param string $text + * + * @return string + */ + function &nl2Br($text) + { + $ret = preg_replace("/(\015\012)|(\015)|(\012)/","<br />",$text); + return $ret; + } + + /** + * Add slashes to the text if magic_quotes_gpc is turned off. + * + * @param string $text + * @return string + **/ + function &addSlashes($text) + { + if (!get_magic_quotes_gpc()) { + $text = addslashes($text); + } + return $text; + } + /* + * if magic_quotes_gpc is on, stirip back slashes + * + * @param string $text + * + * @return string + */ + function &stripSlashesGPC($text) + { + if (get_magic_quotes_gpc()) { + $text = stripslashes($text); + } + return $text; + } + + /* + * for displaying data in html textbox forms + * + * @param string $text + * + * @return string + */ + function &htmlSpecialChars($text) + { + //return preg_replace("/&/i", '&', htmlspecialchars($text, ENT_QUOTES)); + $ret = preg_replace(array("/&/i", "/ /i"), array('&', '&nbsp;'), htmlspecialchars($text, ENT_QUOTES)); + return $ret; + } + + /** + * Reverses {@link htmlSpecialChars()} + * + * @param string $text + * @return string + **/ + function &undoHtmlSpecialChars(&$text) + { + return preg_replace(array("/>/i", "/</i", "/"/i", "/'/i"), array(">", "<", "\"", "'"), $text); + } + + /** + * Filters textarea form data in DB for display + * + * @param string $text + * @param bool $html allow html? + * @param bool $smiley allow smileys? + * @param bool $xcode allow xoopscode? + * @param bool $image allow inline images? + * @param bool $br convert linebreaks? + * @return string + **/ + function &displayTarea(&$text, $html = 0, $smiley = 1, $xcode = 1, $image = 1, $br = 1) + { + if ($html != 1) { + // html not allowed + $text =& $this->htmlSpecialChars($text); + } + $text = $this->codePreConv($text, $xcode); // Ryuji_edit(2003-11-18) + $text =& $this->makeClickable($text); + if ($smiley != 0) { + // process smiley + $text =& $this->smiley($text); + } + if ($xcode != 0) { + // decode xcode + if ($image != 0) { + // image allowed + $text =& $this->xoopsCodeDecode($text); + } else { + // image not allowed + $text =& $this->xoopsCodeDecode($text, 0); + } + } + if ($br != 0) { + $text =& $this->nl2Br($text); + } + $text = $this->codeConv($text, $xcode, $image); // Ryuji_edit(2003-11-18) + return $text; + } + + /** + * Filters textarea form data submitted for preview + * + * @param string $text + * @param bool $html allow html? + * @param bool $smiley allow smileys? + * @param bool $xcode allow xoopscode? + * @param bool $image allow inline images? + * @param bool $br convert linebreaks? + * @return string + **/ + function &previewTarea(&$text, $html = 0, $smiley = 1, $xcode = 1, $image = 1, $br = 1) + { + $text =& $this->stripSlashesGPC($text); + if ($html != 1) { + // html not allowed + $text =& $this->htmlSpecialChars($text); + } + $text = $this->codePreConv($text, $xcode); // Ryuji_edit(2003-11-18) + $text =& $this->makeClickable($text); + if ($smiley != 0) { + // process smiley + $text =& $this->smiley($text); + } + if ($xcode != 0) { + // decode xcode + if ($image != 0) { + // image allowed + $text =& $this->xoopsCodeDecode($text); + } else { + // image not allowed + $text =& $this->xoopsCodeDecode($text, 0); + } + } + if ($br != 0) { + $text =& $this->nl2Br($text); + } + $text =& $this->codeConv($text, $xcode, $image); // Ryuji_edit(2003-11-18) + return $text; + } + + /** + * Replaces banned words in a string with their replacements + * + * @param string $text + * @return string + * + * @deprecated + **/ + function &censorString(&$text) + { + if (!isset($this->censorConf)) { + $config_handler =& xoops_gethandler('config'); + $this->censorConf =& $config_handler->getConfigsByCat(XOOPS_CONF_CENSOR); + } + if ($this->censorConf['censor_enable'] == 1) { + $replacement = $this->censorConf['censor_replace']; + foreach ($this->censorConf['censor_words'] as $bad) { + if ( !empty($bad) ) { + $bad = quotemeta($bad); + $patterns[] = "/(\s)".$bad."/siU"; + $replacements[] = "\\1".$replacement; + $patterns[] = "/^".$bad."/siU"; + $replacements[] = $replacement; + $patterns[] = "/(\n)".$bad."/siU"; + $replacements[] = "\\1".$replacement; + $patterns[] = "/]".$bad."/siU"; + $replacements[] = "]".$replacement; + $text = preg_replace($patterns, $replacements, $text); + } + } + } + return $text; + } + + + /**#@+ + * Sanitizing of [code] tag + */ + function codePreConv($text, $xcode = 1) { + if($xcode != 0){ + $patterns = "/\[code](.*)\[\/code\]/esU"; + $replacements = "'[code]'.base64_encode('$1').'[/code]'"; + $text = preg_replace($patterns, $replacements, $text); + } + return $text; + } + + function codeConv($text, $xcode = 1, $image = 1){ + if($xcode != 0){ + $patterns = "/\[code](.*)\[\/code\]/esU"; + if ($image != 0) { + // image allowed + $replacements = "'<div class=\"xoopsCode\"><pre><code>'.MyTextSanitizer::codeSanitizer('$1').'</code></pre></div>'"; + //$text =& $this->xoopsCodeDecode($text); + } else { + // image not allowed + $replacements = "'<div class=\"xoopsCode\"><pre><code>'.MyTextSanitizer::codeSanitizer('$1', 0).'</code></pre></div>'"; + //$text =& $this->xoopsCodeDecode($text, 0); + } + $text = preg_replace($patterns, $replacements, $text); + } + return $text; + } + + function codeSanitizer($str, $image = 1){ + if($image != 0){ + $str = $this->xoopsCodeDecode( + $this->htmlSpecialChars(str_replace('\"', '"', base64_decode($str))) + ); + }else{ + $str = $this->xoopsCodeDecode( + $this->htmlSpecialChars(str_replace('\"', '"', base64_decode($str))),0 + ); + } + return $str; + } + + + /**#@-*/ + + +##################### Deprecated Methods ###################### + + /**#@+ + * @deprecated + */ + function sanitizeForDisplay($text, $allowhtml = 0, $smiley = 1, $bbcode = 1) + { + if ( $allowhtml == 0 ) { + $text = $this->htmlSpecialChars($text); + } else { + //$config =& $GLOBALS['xoopsConfig']; + //$allowed = $config['allowed_html']; + //$text = strip_tags($text, $allowed); + $text = $this->makeClickable($text); + } + if ( $smiley == 1 ) { + $text = $this->smiley($text); + } + if ( $bbcode == 1 ) { + $text = $this->xoopsCodeDecode($text); + } + $text = $this->nl2Br($text); + return $text; + } + + function sanitizeForPreview($text, $allowhtml = 0, $smiley = 1, $bbcode = 1) + { + $text = $this->oopsStripSlashesGPC($text); + if ( $allowhtml == 0 ) { + $text = $this->htmlSpecialChars($text); + } else { + //$config =& $GLOBALS['xoopsConfig']; + //$allowed = $config['allowed_html']; + //$text = strip_tags($text, $allowed); + $text = $this->makeClickable($text); + } + if ( $smiley == 1 ) { + $text = $this->smiley($text); + } + if ( $bbcode == 1 ) { + $text = $this->xoopsCodeDecode($text); + } + $text = $this->nl2Br($text); + return $text; + } + + function makeTboxData4Save($text) + { + //$text = $this->undoHtmlSpecialChars($text); + return $this->addSlashes($text); + } + + function makeTboxData4Show($text, $smiley=0) + { + $text = $this->htmlSpecialChars($text); + return $text; + } + + function makeTboxData4Edit($text) + { + return $this->htmlSpecialChars($text); + } + + function makeTboxData4Preview($text, $smiley=0) + { + $text = $this->stripSlashesGPC($text); + $text = $this->htmlSpecialChars($text); + return $text; + } + + function makeTboxData4PreviewInForm($text) + { + $text = $this->stripSlashesGPC($text); + return $this->htmlSpecialChars($text); + } + + function makeTareaData4Save($text) + { + return $this->addSlashes($text); + } + + function &makeTareaData4Show(&$text, $html=1, $smiley=1, $xcode=1) + { + $ret = $this->displayTarea($text, $html, $smiley, $xcode); + return $ret; + } + + function makeTareaData4Edit($text) + { + return $this->htmlSpecialChars($text); + } + + function &makeTareaData4Preview(&$text, $html=1, $smiley=1, $xcode=1) + { + $ret = $this->previewTarea($text, $html, $smiley, $xcode); + return $ret; + } + + function makeTareaData4PreviewInForm($text) + { + //if magic_quotes_gpc is on, do stipslashes + $text = $this->stripSlashesGPC($text); + return $this->htmlSpecialChars($text); + } + + function makeTareaData4InsideQuotes($text) + { + return $this->htmlSpecialChars($text); + } + + function &oopsStripSlashesGPC($text) + { + return $this->stripSlashesGPC($text); + } + + function &oopsStripSlashesRT($text) + { + if (get_magic_quotes_runtime()) { + $text =& stripslashes($text); + } + return $text; + } + + function &oopsAddSlashes($text) + { + return $this->addSlashes($text); + } + + function &oopsHtmlSpecialChars($text) + { + return $this->htmlSpecialChars($text); + } + + function &oopsNl2Br($text) + { + return $this->nl2br($text); + } + /**#@-*/ +} ?> \ No newline at end of file Index: xoops2jp/html/class/token.php diff -u xoops2jp/html/class/token.php:1.3 xoops2jp/html/class/token.php:1.3.8.1 --- xoops2jp/html/class/token.php:1.3 Wed Aug 3 21:39:11 2005 +++ xoops2jp/html/class/token.php Sun Feb 5 14:19:52 2006 @@ -190,7 +190,7 @@ */ function &create($name,$timeout = XOOPS_TOKEN_TIMEOUT) { - $token = new XoopsToken($name,$timeout); + $token =& new XoopsToken($name,$timeout); $this->register($token); return $token; } @@ -204,12 +204,11 @@ */ function &fetch($name) { + $ret = null; if(isset($_SESSION[XOOPS_TOKEN_SESSION_STRING][$this->_prefix.$name])) { - return $_SESSION[XOOPS_TOKEN_SESSION_STRING][$this->_prefix.$name]; - } - else { - return null; + $ret =& $_SESSION[XOOPS_TOKEN_SESSION_STRING][$this->_prefix.$name]; } + return $ret; } /** @@ -285,8 +284,9 @@ */ function &quickCreate($name,$timeout = XOOPS_TOKEN_TIMEOUT) { - $handler = new XoopsSingleTokenHandler(); - return $handler->create($name,$timeout); + $handler =& new XoopsSingleTokenHandler(); + $ret =& $handler->create($name,$timeout); + return $ret; } /** @@ -311,7 +311,7 @@ { function &create($name,$timeout=XOOPS_TOKEN_TIMEOUT) { - $token = new XoopsToken($name,$timeout); + $token =& new XoopsToken($name,$timeout); $token->setSerialNumber($this->getUniqueSerial($name)); $this->register($token); return $token; @@ -319,12 +319,11 @@ function &fetch($name,$serial_number) { + $ret = null; if(isset($_SESSION[XOOPS_TOKEN_MULTI_SESSION_STRING][$this->_prefix.$name][$serial_number])) { - return $_SESSION[XOOPS_TOKEN_MULTI_SESSION_STRING][$this->_prefix.$name][$serial_number]; - } - else { - return null; + $ret =& $_SESSION[XOOPS_TOKEN_MULTI_SESSION_STRING][$this->_prefix.$name][$serial_number]; } + return $ret; } function register(&$token) @@ -362,8 +361,9 @@ */ function &quickCreate($name,$timeout = XOOPS_TOKEN_TIMEOUT) { - $handler = new XoopsMultiTokenHandler(); - return $handler->create($name,$timeout); + $handler =& new XoopsMultiTokenHandler(); + $ret =& $handler->create($name,$timeout); + return $ret; } /** Index: xoops2jp/html/class/xoopsblock.php diff -u xoops2jp/html/class/xoopsblock.php:1.4 xoops2jp/html/class/xoopsblock.php:1.4.6.1 --- xoops2jp/html/class/xoopsblock.php:1.4 Wed Aug 3 21:39:11 2005 +++ xoops2jp/html/class/xoopsblock.php Sun Feb 5 14:19:52 2006 @@ -1,536 +1,537 @@ -<?php -// $Id: xoopsblock.php,v 1.4 2005/08/03 12:39:11 onokazu Exp $ -// ------------------------------------------------------------------------ // -// XOOPS - PHP Content Management System // -// Copyright (c) 2000 XOOPS.org // -// <http://www.xoops.org/> // -// ------------------------------------------------------------------------ // -// This program is free software; you can redistribute it and/or modify // -// it under the terms of the GNU General Public License as published by // -// the Free Software Foundation; either version 2 of the License, or // -// (at your option) any later version. // -// // -// You may not change or alter any portion of this comment or credits // -// of supporting developers from this source code or any supporting // -// source code which is considered copyrighted (c) material of the // -// original comment or credit authors. // -// // -// This program is distributed in the hope that it will be useful, // -// but WITHOUT ANY WARRANTY; without even the implied warranty of // -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // -// GNU General Public License for more details. // -// // -// You should have received a copy of the GNU General Public License // -// along with this program; if not, write to the Free Software // -// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA // -// ------------------------------------------------------------------------ // -// Author: Kazumi Ono (AKA onokazu) // -// URL: http://www.myweb.ne.jp/, http://www.xoops.org/, http://jp.xoops.org/ // -// Project: The XOOPS Project // -// ------------------------------------------------------------------------- // - -if (!defined('XOOPS_ROOT_PATH')) { - exit(); -} -require_once XOOPS_ROOT_PATH."/kernel/object.php"; - -class XoopsBlock extends XoopsObject -{ - var $db; - - function XoopsBlock($id = null) - { - $this->db =& Database::getInstance(); - $this->initVar('bid', XOBJ_DTYPE_INT, null, false); - $this->initVar('mid', XOBJ_DTYPE_INT, 0, false); - $this->initVar('func_num', XOBJ_DTYPE_INT, 0, false); - $this->initVar('options', XOBJ_DTYPE_TXTBOX, null, false, 255); - $this->initVar('name', XOBJ_DTYPE_TXTBOX, null, true, 150); - //$this->initVar('position', XOBJ_DTYPE_INT, 0, false); - $this->initVar('title', XOBJ_DTYPE_TXTBOX, null, false, 150); - $this->initVar('content', XOBJ_DTYPE_TXTAREA, null, false); - $this->initVar('side', XOBJ_DTYPE_INT, 0, false); - $this->initVar('weight', XOBJ_DTYPE_INT, 0, false); - $this->initVar('visible', XOBJ_DTYPE_INT, 0, false); - $this->initVar('block_type', XOBJ_DTYPE_OTHER, null, false); - $this->initVar('c_type', XOBJ_DTYPE_OTHER, null, false); - $this->initVar('isactive', XOBJ_DTYPE_INT, null, false); - - $this->initVar('dirname', XOBJ_DTYPE_TXTBOX, null, false, 50); - $this->initVar('func_file', XOBJ_DTYPE_TXTBOX, null, false, 50); - $this->initVar('show_func', XOBJ_DTYPE_TXTBOX, null, false, 50); - $this->initVar('edit_func', XOBJ_DTYPE_TXTBOX, null, false, 50); - - $this->initVar('template', XOBJ_DTYPE_OTHER, null, false); - $this->initVar('bcachetime', XOBJ_DTYPE_INT, 0, false); - $this->initVar('last_modified', XOBJ_DTYPE_INT, 0, false); - - if ( !empty($id) ) { - if ( is_array($id) ) { - $this->assignVars($id); - } else { - $this->load(intval($id)); - } - } - } - - function load($id) - { - $sql = 'SELECT * FROM '.$this->db->prefix('newblocks').' WHERE bid = '.$id; - $arr = $this->db->fetchArray($this->db->query($sql)); - $this->assignVars($arr); - } - - function store() - { - if ( !$this->cleanVars() ) { - return false; - } - foreach ( $this->cleanVars as $k=>$v ) { - ${$k} = $v; - } - if ( empty($bid) ) { - $bid = $this->db->genId($this->db->prefix("newblocks")."_bid_seq"); - $sql = sprintf("INSERT INTO %s (bid, mid, func_num, options, name, title, content, side, weight, visible, block_type, c_type, isactive, dirname, func_file, show_func, edit_func, template, bcachetime, last_modified) VALUES (%u, %u, %u, %s, %s, %s, %s, %u, %u, %u, %s, %s, %u, %s, %s, %s, %s, %s, %u, %u)", $this->db->prefix('newblocks'), $bid, $mid, $func_num, $this->db->quoteString($options), $this->db->quoteString($name), $this->db->quoteString($title), $this->db->quoteString($content), $side, $weight, $visible, $this->db->quoteString($block_type), $this->db->quoteString($c_type), 1, $this->db->quoteString($dirname), $this->db->quoteString($func_file), $this->db->quoteString($show_func), $this->db->quoteString($edit_func), $this->db->quoteString($template), $bcachetime, time()); - } else { - $sql = "UPDATE ".$this->db->prefix("newblocks")." SET options=".$this->db->quoteString($options); - // a custom block needs its own name - if ( $block_type == "C" ) { - $sql .= ", name=".$this->db->quoteString($name); - } - $sql .= ", isactive=".$isactive.", title=".$this->db->quoteString($title).", content=".$this->db->quoteString($content).", side=".$side.", weight=".$weight.", visible=".$visible.", c_type=".$this->db->quoteString($c_type).", template=".$this->db->quoteString($template).", bcachetime=".$bcachetime.", last_modified=".time()." WHERE bid=".$bid; - } - if ( !$this->db->query($sql) ) { - $this->setErrors("Could not save block data into database"); - return false; - } - if ( empty($bid) ) { - $bid = $this->db->getInsertId(); - } - return $bid; - } - - function delete() - { - $sql = sprintf("DELETE FROM %s WHERE bid = %u", $this->db->prefix('newblocks'), $this->getVar('bid')); - if ( !$this->db->query($sql) ) { - return false; - } - $sql = sprintf("DELETE FROM %s WHERE gperm_name = 'block_read' AND gperm_itemid = %u AND gperm_modid = 1", $this->db->prefix('group_permission'), $this->getVar('bid')); - $this->db->query($sql); - $sql = sprintf("DELETE FROM %s WHERE block_id = %u", $this->db->prefix('block_module_link'), $this->getVar('bid')); - $this->db->query($sql); - return true; - } - - /** - * do stripslashes/htmlspecialchars according to the needed output - * - * @param $format output use: S for Show and E for Edit - * @param $c_type type of block content - * @returns string - */ - function &getContent($format = 'S', $c_type = 'T') - { - switch ( $format ) { - case 'S': - // check the type of content - // H : custom HTML block - // P : custom PHP block - // S : use text sanitizater (smilies enabled) - // T : use text sanitizater (smilies disabled) - if ( $c_type == 'H' ) { - return str_replace('{X_SITEURL}', XOOPS_URL.'/', $this->getVar('content', 'N')); - } elseif ( $c_type == 'P' ) { - ob_start(); - echo eval($this->getVar('content', 'N')); - $content = ob_get_contents(); - ob_end_clean(); - return str_replace('{X_SITEURL}', XOOPS_URL.'/', $content); - } elseif ( $c_type == 'S' ) { - $myts =& MyTextSanitizer::getInstance(); - return str_replace('{X_SITEURL}', XOOPS_URL.'/', $myts->displayTarea($this->getVar('content', 'N'), 1, 1)); - } else { - $myts =& MyTextSanitizer::getInstance(); - return str_replace('{X_SITEURL}', XOOPS_URL.'/', $myts->displayTarea($this->getVar('content', 'N'), 1, 0)); - } - break; - case 'E': - return $this->getVar('content', 'E'); - break; - default: - return $this->getVar('content', 'N'); - break; - } - } - - function &buildBlock() - { - global $xoopsConfig, $xoopsOption; - $block = array(); - // M for module block, S for system block C for Custom - if ( $this->getVar("block_type") != "C" ) { - // get block display function - $show_func = $this->getVar('show_func'); - if ( !$show_func ) { - return false; - } - // must get lang files b4 execution of the function - if ( file_exists(XOOPS_ROOT_PATH."/modules/".$this->getVar('dirname')."/blocks/".$this->getVar('func_file')) ) { - if ( file_exists(XOOPS_ROOT_PATH."/modules/".$this->getVar('dirname')."/language/".$xoopsConfig['language']."/blocks.php") ) { - include_once XOOPS_ROOT_PATH."/modules/".$this->getVar('dirname')."/language/".$xoopsConfig['language']."/blocks.php"; - } elseif ( file_exists(XOOPS_ROOT_PATH."/modules/".$this->getVar('dirname')."/language/english/blocks.php") ) { - include_once XOOPS_ROOT_PATH."/modules/".$this->getVar('dirname')."/language/english/blocks.php"; - } - include_once XOOPS_ROOT_PATH."/modules/".$this->getVar('dirname')."/blocks/".$this->getVar('func_file'); - $options = explode("|", $this->getVar("options")); - if ( function_exists($show_func) ) { - // execute the function - $block = $show_func($options); - if ( !$block ) { - return false; - } - } else { - return false; - } - } else { - return false; - } - } else { - // it is a custom block, so just return the contents - $block['content'] = $this->getContent("S",$this->getVar("c_type")); - if (empty($block['content'])) { - return false; - } - } - return $block; - } - - /* - * Aligns the content of a block - * If position is 0, content in DB is positioned - * before the original content - * If position is 1, content in DB is positioned - * after the original content - */ - function &buildContent($position,$content="",$contentdb="") - { - if ( $position == 0 ) { - $ret = $contentdb.$content; - } elseif ( $position == 1 ) { - $ret = $content.$contentdb; - } - return $ret; - } - - function &buildTitle($originaltitle, $newtitle="") - { - if ($newtitle != "") { - $ret = $newtitle; - } else { - $ret = $originaltitle; - } - return $ret; - } - - function isCustom() - { - if ( $this->getVar("block_type") == "C" ) { - return true; - } - return false; - } - - /** - * gets html form for editting block options - * - */ - function getOptions() - { - global $xoopsConfig; - if ( $this->getVar("block_type") != "C" ) { - $edit_func = $this->getVar('edit_func'); - if ( !$edit_func ) { - return false; - } - if ( file_exists(XOOPS_ROOT_PATH."/modules/".$this->getVar('dirname')."/blocks/".$this->getVar('func_file')) ) { - if ( file_exists(XOOPS_ROOT_PATH."/modules/".$this->getVar('dirname')."/language/".$xoopsConfig['language']."/blocks.php") ) { - include_once XOOPS_ROOT_PATH."/modules/".$this->getVar('dirname')."/language/".$xoopsConfig['language']."/blocks.php"; - } elseif ( file_exists(XOOPS_ROOT_PATH."/modules/".$this->getVar('dirname')."/language/english/blocks.php") ) { - include_once XOOPS_ROOT_PATH."/modules/".$this->getVar('dirname')."/language/english/blocks.php"; - } - include_once XOOPS_ROOT_PATH.'/modules/'.$this->getVar('dirname').'/blocks/'.$this->getVar('func_file'); - $options = explode("|", $this->getVar("options")); - $edit_form = $edit_func($options); - if ( !$edit_form ) { - return false; - } - return $edit_form; - } else { - return false; - } - } else { - return false; - } - } - - /** - * get all the blocks that match the supplied parameters - * @param $side 0: sideblock - left - * 1: sideblock - right - * 2: sideblock - left and right - * 3: centerblock - left - * 4: centerblock - right - * 5: centerblock - center - * 6: centerblock - left, right, center - * @param $groupid groupid (can be an array) - * @param $visible 0: not visible 1: visible - * @param $orderby order of the blocks - * @returns array of block objects - */ - function &getAllBlocksByGroup($groupid, $asobject=true, $side=null, $visible=null, $orderby="b.weight,b.bid", $isactive=1) - { - $db =& Database::getInstance(); - $ret = array(); - if ( !$asobject ) { - $sql = "SELECT b.bid "; - } else { - $sql = "SELECT b.* "; - } - $sql .= "FROM ".$db->prefix("newblocks")." b LEFT JOIN ".$db->prefix("group_permission")." l ON l.gperm_itemid=b.bid WHERE gperm_name = 'block_read' AND gperm_modid = 1"; - if ( is_array($groupid) ) { - $sql .= " AND (l.gperm_groupid=".$groupid[0].""; - $size = count($groupid); - if ( $size > 1 ) { - for ( $i = 1; $i < $size; $i++ ) { - $sql .= " OR l.gperm_groupid=".$groupid[$i].""; - } - } - $sql .= ")"; - } else { - $sql .= " AND l.gperm_groupid=".$groupid.""; - } - $sql .= " AND b.isactive=".$isactive; - if ( isset($side) ) { - // get both sides in sidebox? (some themes need this) - if ( $side == XOOPS_SIDEBLOCK_BOTH ) { - $side = "(b.side=0 OR b.side=1)"; - } elseif ( $side == XOOPS_CENTERBLOCK_ALL ) { - $side = "(b.side=3 OR b.side=4 OR b.side=5)"; - } else { - $side = "b.side=".$side; - } - $sql .= " AND ".$side; - } - if ( isset($visible) ) { - $sql .= " AND b.visible=$visible"; - } - $sql .= " ORDER BY $orderby"; - $result = $db->query($sql); - $added = array(); - while ( $myrow = $db->fetchArray($result) ) { - if ( !in_array($myrow['bid'], $added) ) { - if (!$asobject) { - $ret[] = $myrow['bid']; - } else { - $ret[] = new XoopsBlock($myrow); - } - array_push($added, $myrow['bid']); - } - } - //echo $sql; - return $ret; - } - - function &getAllBlocks($rettype="object", $side=null, $visible=null, $orderby="side,weight,bid", $isactive=1) - { - $db =& Database::getInstance(); - $ret = array(); - $where_query = " WHERE isactive=".$isactive; - if ( isset($side) ) { - // get both sides in sidebox? (some themes need this) - if ( $side == 2 ) { - $side = "(side=0 OR side=1)"; - } elseif ( $side == 6 ) { - $side = "(side=3 OR side=4 OR side=5)"; - } else { - $side = "side=".$side; - } - $where_query .= " AND ".$side; - } - if ( isset($visible) ) { - $where_query .= " AND visible=$visible"; - } - $where_query .= " ORDER BY $orderby"; - switch ($rettype) { - case "object": - $sql = "SELECT * FROM ".$db->prefix("newblocks")."".$where_query; - $result = $db->query($sql); - while ( $myrow = $db->fetchArray($result) ) { - $ret[] = new XoopsBlock($myrow); - } - break; - case "list": - $sql = "SELECT * FROM ".$db->prefix("newblocks")."".$where_query; - $result = $db->query($sql); - while ( $myrow = $db->fetchArray($result) ) { - $block = new XoopsBlock($myrow); - $name = ($block->getVar("block_type") != "C") ? $block->getVar("name") : $block->getVar("title"); - $ret[$block->getVar("bid")] = $name; - } - break; - case "id": - $sql = "SELECT bid FROM ".$db->prefix("newblocks")."".$where_query; - $result = $db->query($sql); - while ( $myrow = $db->fetchArray($result) ) { - $ret[] = $myrow['bid']; - } - break; - } - //echo $sql; - return $ret; - } - - function &getByModule($moduleid, $asobject=true) - { - $db =& Database::getInstance(); - if ( $asobject == true ) { - $sql = $sql = "SELECT * FROM ".$db->prefix("newblocks")." WHERE mid=".$moduleid.""; - } else { - $sql = "SELECT bid FROM ".$db->prefix("newblocks")." WHERE mid=".$moduleid.""; - } - $result = $db->query($sql); - $ret = array(); - while( $myrow = $db->fetchArray($result) ) { - if ( $asobject ) { - $ret[] = new XoopsBlock($myrow); - } else { - $ret[] = $myrow['bid']; - } - } - return $ret; - } - - function &getAllByGroupModule($groupid, $module_id=0, $toponlyblock=false, $visible=null, $orderby='b.weight,b.bid', $isactive=1) - { - $db =& Database::getInstance(); - $ret = array(); - $sql = "SELECT DISTINCT gperm_itemid FROM ".$db->prefix('group_permission')." WHERE gperm_name = 'block_read' AND gperm_modid = 1"; - if ( is_array($groupid) ) { - $sql .= ' AND gperm_groupid IN ('.implode(',', $groupid).')'; - } else { - if (intval($groupid) > 0) { - $sql .= ' AND gperm_groupid='.$groupid; - } - } - $result = $db->query($sql); - $blockids = array(); - while ( $myrow = $db->fetchArray($result) ) { - $blockids[] = $myrow['gperm_itemid']; - } - if (!empty($blockids)) { - $sql = 'SELECT b.* FROM '.$db->prefix('newblocks').' b, '.$db->prefix('block_module_link').' m WHERE m.block_id=b.bid'; - $sql .= ' AND b.isactive='.$isactive; - if (isset($visible)) { - $sql .= ' AND b.visible='.intval($visible); - } - $module_id = intval($module_id); - if (!empty($module_id)) { - $sql .= ' AND m.module_id IN (0,'.$module_id; - if ($toponlyblock) { - $sql .= ',-1'; - } - $sql .= ')'; - } else { - if ($toponlyblock) { - $sql .= ' AND m.module_id IN (0,-1)'; - } else { - $sql .= ' AND m.module_id=0'; - } - } - $sql .= ' AND b.bid IN ('.implode(',', $blockids).')'; - $sql .= ' ORDER BY '.$orderby; - $result = $db->query($sql); - while ( $myrow = $db->fetchArray($result) ) { - $block =& new XoopsBlock($myrow); - $ret[$myrow['bid']] =& $block; - unset($block); - } - } - return $ret; - } - - function &getNonGroupedBlocks($module_id=0, $toponlyblock=false, $visible=null, $orderby='b.weight,b.bid', $isactive=1) - { - $db =& Database::getInstance(); - $ret = array(); - $bids = array(); - $sql = "SELECT DISTINCT(bid) from ".$db->prefix('newblocks'); - if ($result = $db->query($sql)) { - while ( $myrow = $db->fetchArray($result) ) { - $bids[] = $myrow['bid']; - } - } - $sql = "SELECT DISTINCT(p.gperm_itemid) from ".$db->prefix('group_permission')." p, ".$db->prefix('groups')." g WHERE g.groupid=p.gperm_groupid AND p.gperm_name='block_read'"; - $grouped = array(); - if ($result = $db->query($sql)) { - while ( $myrow = $db->fetchArray($result) ) { - $grouped[] = $myrow['gperm_itemid']; - } - } - $non_grouped = array_diff($bids, $grouped); - if (!empty($non_grouped)) { - $sql = 'SELECT b.* FROM '.$db->prefix('newblocks').' b, '.$db->prefix('block_module_link').' m WHERE m.block_id=b.bid'; - $sql .= ' AND b.isactive='.$isactive; - if (isset($visible)) { - $sql .= ' AND b.visible='.intval($visible); - } - $module_id = intval($module_id); - if (!empty($module_id)) { - $sql .= ' AND m.module_id IN (0,'.$module_id; - if ($toponlyblock) { - $sql .= ',-1'; - } - $sql .= ')'; - } else { - if ($toponlyblock) { - $sql .= ' AND m.module_id IN (0,-1)'; - } else { - $sql .= ' AND m.module_id=0'; - } - } - $sql .= ' AND b.bid IN ('.implode(',', $non_grouped).')'; - $sql .= ' ORDER BY '.$orderby; - $result = $db->query($sql); - while ( $myrow = $db->fetchArray($result) ) { - $block =& new XoopsBlock($myrow); - $ret[$myrow['bid']] =& $block; - unset($block); - } - } - return $ret; - } - - function countSimilarBlocks($moduleId, $funcNum, $showFunc = null) - { - $funcNum = intval($funcNum); - $moduleId = intval($moduleId); - if ($funcNum < 1 || $moduleId < 1) { - // invalid query - return 0; - } - $db =& Database::getInstance(); - if (isset($showFunc)) { - // showFunc is set for more strict comparison - $sql = sprintf("SELECT COUNT(*) FROM %s WHERE mid = %d AND func_num = %d AND show_func = %s", $db->prefix('newblocks'), $moduleId, $funcNum, $db->quoteString(trim($showFunc))); - } else { - $sql = sprintf("SELECT COUNT(*) FROM %s WHERE mid = %d AND func_num = %d", $db->prefix('newblocks'), $moduleId, $funcNum); - } - if (!$result = $db->query($sql)) { - return 0; - } - list($count) = $db->fetchRow($result); - return $count; - } -} +<?php +// $Id: xoopsblock.php,v 1.4.6.1 2006/02/05 05:19:52 onokazu Exp $ +// ------------------------------------------------------------------------ // +// XOOPS - PHP Content Management System // +// Copyright (c) 2000 XOOPS.org // +// <http://www.xoops.org/> // +// ------------------------------------------------------------------------ // +// This program is free software; you can redistribute it and/or modify // +// it under the terms of the GNU General Public License as published by // +// the Free Software Foundation; either version 2 of the License, or // +// (at your option) any later version. // +// // +// You may not change or alter any portion of this comment or credits // +// of supporting developers from this source code or any supporting // +// source code which is considered copyrighted (c) material of the // +// original comment or credit authors. // +// // +// This program is distributed in the hope that it will be useful, // +// but WITHOUT ANY WARRANTY; without even the implied warranty of // +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // +// GNU General Public License for more details. // +// // +// You should have received a copy of the GNU General Public License // +// along with this program; if not, write to the Free Software // +// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA // +// ------------------------------------------------------------------------ // +// Author: Kazumi Ono (AKA onokazu) // +// URL: http://www.myweb.ne.jp/, http://www.xoops.org/, http://jp.xoops.org/ // +// Project: The XOOPS Project // +// ------------------------------------------------------------------------- // + +if (!defined('XOOPS_ROOT_PATH')) { + exit(); +} +require_once XOOPS_ROOT_PATH."/kernel/object.php"; + +class XoopsBlock extends XoopsObject +{ + var $db; + + function XoopsBlock($id = null) + { + $this->db =& Database::getInstance(); + $this->initVar('bid', XOBJ_DTYPE_INT, null, false); + $this->initVar('mid', XOBJ_DTYPE_INT, 0, false); + $this->initVar('func_num', XOBJ_DTYPE_INT, 0, false); + $this->initVar('options', XOBJ_DTYPE_TXTBOX, null, false, 255); + $this->initVar('name', XOBJ_DTYPE_TXTBOX, null, true, 150); + //$this->initVar('position', XOBJ_DTYPE_INT, 0, false); + $this->initVar('title', XOBJ_DTYPE_TXTBOX, null, false, 150); + $this->initVar('content', XOBJ_DTYPE_TXTAREA, null, false); + $this->initVar('side', XOBJ_DTYPE_INT, 0, false); + $this->initVar('weight', XOBJ_DTYPE_INT, 0, false); + $this->initVar('visible', XOBJ_DTYPE_INT, 0, false); + $this->initVar('block_type', XOBJ_DTYPE_OTHER, null, false); + $this->initVar('c_type', XOBJ_DTYPE_OTHER, null, false); + $this->initVar('isactive', XOBJ_DTYPE_INT, null, false); + + $this->initVar('dirname', XOBJ_DTYPE_TXTBOX, null, false, 50); + $this->initVar('func_file', XOBJ_DTYPE_TXTBOX, null, false, 50); + $this->initVar('show_func', XOBJ_DTYPE_TXTBOX, null, false, 50); + $this->initVar('edit_func', XOBJ_DTYPE_TXTBOX, null, false, 50); + + $this->initVar('template', XOBJ_DTYPE_OTHER, null, false); + $this->initVar('bcachetime', XOBJ_DTYPE_INT, 0, false); + $this->initVar('last_modified', XOBJ_DTYPE_INT, 0, false); + + if ( !empty($id) ) { + if ( is_array($id) ) { + $this->assignVars($id); + } else { + $this->load(intval($id)); + } + } + } + + function load($id) + { + $sql = 'SELECT * FROM '.$this->db->prefix('newblocks').' WHERE bid = '.$id; + $arr = $this->db->fetchArray($this->db->query($sql)); + $this->assignVars($arr); + } + + function store() + { + if ( !$this->cleanVars() ) { + return false; + } + foreach ( $this->cleanVars as $k=>$v ) { + ${$k} = $v; + } + if ( empty($bid) ) { + $bid = $this->db->genId($this->db->prefix("newblocks")."_bid_seq"); + $sql = sprintf("INSERT INTO %s (bid, mid, func_num, options, name, title, content, side, weight, visible, block_type, c_type, isactive, dirname, func_file, show_func, edit_func, template, bcachetime, last_modified) VALUES (%u, %u, %u, %s, %s, %s, %s, %u, %u, %u, %s, %s, %u, %s, %s, %s, %s, %s, %u, %u)", $this->db->prefix('newblocks'), $bid, $mid, $func_num, $this->db->quoteString($options), $this->db->quoteString($name), $this->db->quoteString($title), $this->db->quoteString($content), $side, $weight, $visible, $this->db->quoteString($block_type), $this->db->quoteString($c_type), 1, $this->db->quoteString($dirname), $this->db->quoteString($func_file), $this->db->quoteString($show_func), $this->db->quoteString($edit_func), $this->db->quoteString($template), $bcachetime, time()); + } else { + $sql = "UPDATE ".$this->db->prefix("newblocks")." SET options=".$this->db->quoteString($options); + // a custom block needs its own name + if ( $block_type == "C" ) { + $sql .= ", name=".$this->db->quoteString($name); + } + $sql .= ", isactive=".$isactive.", title=".$this->db->quoteString($title).", content=".$this->db->quoteString($content).", side=".$side.", weight=".$weight.", visible=".$visible.", c_type=".$this->db->quoteString($c_type).", template=".$this->db->quoteString($template).", bcachetime=".$bcachetime.", last_modified=".time()." WHERE bid=".$bid; + } + if ( !$this->db->query($sql) ) { + $this->setErrors("Could not save block data into database"); + return false; + } + if ( empty($bid) ) { + $bid = $this->db->getInsertId(); + } + return $bid; + } + + function delete() + { + $sql = sprintf("DELETE FROM %s WHERE bid = %u", $this->db->prefix('newblocks'), $this->getVar('bid')); + if ( !$this->db->query($sql) ) { + return false; + } + $sql = sprintf("DELETE FROM %s WHERE gperm_name = 'block_read' AND gperm_itemid = %u AND gperm_modid = 1", $this->db->prefix('group_permission'), $this->getVar('bid')); + $this->db->query($sql); + $sql = sprintf("DELETE FROM %s WHERE block_id = %u", $this->db->prefix('block_module_link'), $this->getVar('bid')); + $this->db->query($sql); + return true; + } + + /** + * do stripslashes/htmlspecialchars according to the needed output + * + * @param $format output use: S for Show and E for Edit + * @param $c_type type of block content + * @returns string + */ + function &getContent($format = 'S', $c_type = 'T') + { + switch ( $format ) { + case 'S': + // check the type of content + // H : custom HTML block + // P : custom PHP block + // S : use text sanitizater (smilies enabled) + // T : use text sanitizater (smilies disabled) + if ( $c_type == 'H' ) { + return str_replace('{X_SITEURL}', XOOPS_URL.'/', $this->getVar('content', 'N')); + } elseif ( $c_type == 'P' ) { + ob_start(); + echo eval($this->getVar('content', 'N')); + $content = ob_get_contents(); + ob_end_clean(); + return str_replace('{X_SITEURL}', XOOPS_URL.'/', $content); + } elseif ( $c_type == 'S' ) { + $myts =& MyTextSanitizer::getInstance(); + return str_replace('{X_SITEURL}', XOOPS_URL.'/', $myts->displayTarea($this->getVar('content', 'N'), 1, 1)); + } else { + $myts =& MyTextSanitizer::getInstance(); + return str_replace('{X_SITEURL}', XOOPS_URL.'/', $myts->displayTarea($this->getVar('content', 'N'), 1, 0)); + } + break; + case 'E': + return $this->getVar('content', 'E'); + break; + default: + return $this->getVar('content', 'N'); + break; + } + } + + function &buildBlock() + { + global $xoopsConfig, $xoopsOption; + $ret = false; + $block = array(); + // M for module block, S for system block C for Custom + if ( $this->getVar("block_type") != "C" ) { + // get block display function + $show_func = $this->getVar('show_func'); + if ( !$show_func ) { + return $ret; + } + // must get lang files b4 execution of the function + if ( file_exists(XOOPS_ROOT_PATH."/modules/".$this->getVar('dirname')."/blocks/".$this->getVar('func_file')) ) { + if ( file_exists(XOOPS_ROOT_PATH."/modules/".$this->getVar('dirname')."/language/".$xoopsConfig['language']."/blocks.php") ) { + include_once XOOPS_ROOT_PATH."/modules/".$this->getVar('dirname')."/language/".$xoopsConfig['language']."/blocks.php"; + } elseif ( file_exists(XOOPS_ROOT_PATH."/modules/".$this->getVar('dirname')."/language/english/blocks.php") ) { + include_once XOOPS_ROOT_PATH."/modules/".$this->getVar('dirname')."/language/english/blocks.php"; + } + include_once XOOPS_ROOT_PATH."/modules/".$this->getVar('dirname')."/blocks/".$this->getVar('func_file'); + $options = explode("|", $this->getVar("options")); + if ( function_exists($show_func) ) { + // execute the function + $block = $show_func($options); + if ( !$block ) { + return $ret; + } + } else { + return $ret; + } + } else { + return $ret; + } + } else { + // it is a custom block, so just return the contents + $block['content'] = $this->getContent("S",$this->getVar("c_type")); + if (empty($block['content'])) { + return $ret; + } + } + return $block; + } + + /* + * Aligns the content of a block + * If position is 0, content in DB is positioned + * before the original content + * If position is 1, content in DB is positioned + * after the original content + */ + function &buildContent($position,$content="",$contentdb="") + { + if ( $position == 0 ) { + $ret = $contentdb.$content; + } elseif ( $position == 1 ) { + $ret = $content.$contentdb; + } + return $ret; + } + + function &buildTitle($originaltitle, $newtitle="") + { + if ($newtitle != "") { + $ret = $newtitle; + } else { + $ret = $originaltitle; + } + return $ret; + } + + function isCustom() + { + if ( $this->getVar("block_type") == "C" ) { + return true; + } + return false; + } + + /** + * gets html form for editting block options + * + */ + function getOptions() + { + global $xoopsConfig; + if ( $this->getVar("block_type") != "C" ) { + $edit_func = $this->getVar('edit_func'); + if ( !$edit_func ) { + return false; + } + if ( file_exists(XOOPS_ROOT_PATH."/modules/".$this->getVar('dirname')."/blocks/".$this->getVar('func_file')) ) { + if ( file_exists(XOOPS_ROOT_PATH."/modules/".$this->getVar('dirname')."/language/".$xoopsConfig['language']."/blocks.php") ) { + include_once XOOPS_ROOT_PATH."/modules/".$this->getVar('dirname')."/language/".$xoopsConfig['language']."/blocks.php"; + } elseif ( file_exists(XOOPS_ROOT_PATH."/modules/".$this->getVar('dirname')."/language/english/blocks.php") ) { + include_once XOOPS_ROOT_PATH."/modules/".$this->getVar('dirname')."/language/english/blocks.php"; + } + include_once XOOPS_ROOT_PATH.'/modules/'.$this->getVar('dirname').'/blocks/'.$this->getVar('func_file'); + $options = explode("|", $this->getVar("options")); + $edit_form = $edit_func($options); + if ( !$edit_form ) { + return false; + } + return $edit_form; + } else { + return false; + } + } else { + return false; + } + } + + /** + * get all the blocks that match the supplied parameters + * @param $side 0: sideblock - left + * 1: sideblock - right + * 2: sideblock - left and right + * 3: centerblock - left + * 4: centerblock - right + * 5: centerblock - center + * 6: centerblock - left, right, center + * @param $groupid groupid (can be an array) + * @param $visible 0: not visible 1: visible + * @param $orderby order of the blocks + * @returns array of block objects + */ + function &getAllBlocksByGroup($groupid, $asobject=true, $side=null, $visible=null, $orderby="b.weight,b.bid", $isactive=1) + { + $db =& Database::getInstance(); + $ret = array(); + if ( !$asobject ) { + $sql = "SELECT b.bid "; + } else { + $sql = "SELECT b.* "; + } + $sql .= "FROM ".$db->prefix("newblocks")." b LEFT JOIN ".$db->prefix("group_permission")." l ON l.gperm_itemid=b.bid WHERE gperm_name = 'block_read' AND gperm_modid = 1"; + if ( is_array($groupid) ) { + $sql .= " AND (l.gperm_groupid=".$groupid[0].""; + $size = count($groupid); + if ( $size > 1 ) { + for ( $i = 1; $i < $size; $i++ ) { + $sql .= " OR l.gperm_groupid=".$groupid[$i].""; + } + } + $sql .= ")"; + } else { + $sql .= " AND l.gperm_groupid=".$groupid.""; + } + $sql .= " AND b.isactive=".$isactive; + if ( isset($side) ) { + // get both sides in sidebox? (some themes need this) + if ( $side == XOOPS_SIDEBLOCK_BOTH ) { + $side = "(b.side=0 OR b.side=1)"; + } elseif ( $side == XOOPS_CENTERBLOCK_ALL ) { + $side = "(b.side=3 OR b.side=4 OR b.side=5)"; + } else { + $side = "b.side=".$side; + } + $sql .= " AND ".$side; + } + if ( isset($visible) ) { + $sql .= " AND b.visible=$visible"; + } + $sql .= " ORDER BY $orderby"; + $result = $db->query($sql); + $added = array(); + while ( $myrow = $db->fetchArray($result) ) { + if ( !in_array($myrow['bid'], $added) ) { + if (!$asobject) { + $ret[] = $myrow['bid']; + } else { + $ret[] = new XoopsBlock($myrow); + } + array_push($added, $myrow['bid']); + } + } + //echo $sql; + return $ret; + } + + function &getAllBlocks($rettype="object", $side=null, $visible=null, $orderby="side,weight,bid", $isactive=1) + { + $db =& Database::getInstance(); + $ret = array(); + $where_query = " WHERE isactive=".$isactive; + if ( isset($side) ) { + // get both sides in sidebox? (some themes need this) + if ( $side == 2 ) { + $side = "(side=0 OR side=1)"; + } elseif ( $side == 6 ) { + $side = "(side=3 OR side=4 OR side=5)"; + } else { + $side = "side=".$side; + } + $where_query .= " AND ".$side; + } + if ( isset($visible) ) { + $where_query .= " AND visible=$visible"; + } + $where_query .= " ORDER BY $orderby"; + switch ($rettype) { + case "object": + $sql = "SELECT * FROM ".$db->prefix("newblocks")."".$where_query; + $result = $db->query($sql); + while ( $myrow = $db->fetchArray($result) ) { + $ret[] = new XoopsBlock($myrow); + } + break; + case "list": + $sql = "SELECT * FROM ".$db->prefix("newblocks")."".$where_query; + $result = $db->query($sql); + while ( $myrow = $db->fetchArray($result) ) { + $block = new XoopsBlock($myrow); + $name = ($block->getVar("block_type") != "C") ? $block->getVar("name") : $block->getVar("title"); + $ret[$block->getVar("bid")] = $name; + } + break; + case "id": + $sql = "SELECT bid FROM ".$db->prefix("newblocks")."".$where_query; + $result = $db->query($sql); + while ( $myrow = $db->fetchArray($result) ) { + $ret[] = $myrow['bid']; + } + break; + } + //echo $sql; + return $ret; + } + + function &getByModule($moduleid, $asobject=true) + { + $db =& Database::getInstance(); + if ( $asobject == true ) { + $sql = $sql = "SELECT * FROM ".$db->prefix("newblocks")." WHERE mid=".$moduleid.""; + } else { + $sql = "SELECT bid FROM ".$db->prefix("newblocks")." WHERE mid=".$moduleid.""; + } + $result = $db->query($sql); + $ret = array(); + while( $myrow = $db->fetchArray($result) ) { + if ( $asobject ) { + $ret[] = new XoopsBlock($myrow); + } else { + $ret[] = $myrow['bid']; + } + } + return $ret; + } + + function &getAllByGroupModule($groupid, $module_id=0, $toponlyblock=false, $visible=null, $orderby='b.weight,b.bid', $isactive=1) + { + $db =& Database::getInstance(); + $ret = array(); + $sql = "SELECT DISTINCT gperm_itemid FROM ".$db->prefix('group_permission')." WHERE gperm_name = 'block_read' AND gperm_modid = 1"; + if ( is_array($groupid) ) { + $sql .= ' AND gperm_groupid IN ('.implode(',', $groupid).')'; + } else { + if (intval($groupid) > 0) { + $sql .= ' AND gperm_groupid='.$groupid; + } + } + $result = $db->query($sql); + $blockids = array(); + while ( $myrow = $db->fetchArray($result) ) { + $blockids[] = $myrow['gperm_itemid']; + } + if (!empty($blockids)) { + $sql = 'SELECT b.* FROM '.$db->prefix('newblocks').' b, '.$db->prefix('block_module_link').' m WHERE m.block_id=b.bid'; + $sql .= ' AND b.isactive='.$isactive; + if (isset($visible)) { + $sql .= ' AND b.visible='.intval($visible); + } + $module_id = intval($module_id); + if (!empty($module_id)) { + $sql .= ' AND m.module_id IN (0,'.$module_id; + if ($toponlyblock) { + $sql .= ',-1'; + } + $sql .= ')'; + } else { + if ($toponlyblock) { + $sql .= ' AND m.module_id IN (0,-1)'; + } else { + $sql .= ' AND m.module_id=0'; + } + } + $sql .= ' AND b.bid IN ('.implode(',', $blockids).')'; + $sql .= ' ORDER BY '.$orderby; + $result = $db->query($sql); + while ( $myrow = $db->fetchArray($result) ) { + $block =& new XoopsBlock($myrow); + $ret[$myrow['bid']] =& $block; + unset($block); + } + } + return $ret; + } + + function &getNonGroupedBlocks($module_id=0, $toponlyblock=false, $visible=null, $orderby='b.weight,b.bid', $isactive=1) + { + $db =& Database::getInstance(); + $ret = array(); + $bids = array(); + $sql = "SELECT DISTINCT(bid) from ".$db->prefix('newblocks'); + if ($result = $db->query($sql)) { + while ( $myrow = $db->fetchArray($result) ) { + $bids[] = $myrow['bid']; + } + } + $sql = "SELECT DISTINCT(p.gperm_itemid) from ".$db->prefix('group_permission')." p, ".$db->prefix('groups')." g WHERE g.groupid=p.gperm_groupid AND p.gperm_name='block_read'"; + $grouped = array(); + if ($result = $db->query($sql)) { + while ( $myrow = $db->fetchArray($result) ) { + $grouped[] = $myrow['gperm_itemid']; + } + } + $non_grouped = array_diff($bids, $grouped); + if (!empty($non_grouped)) { + $sql = 'SELECT b.* FROM '.$db->prefix('newblocks').' b, '.$db->prefix('block_module_link').' m WHERE m.block_id=b.bid'; + $sql .= ' AND b.isactive='.$isactive; + if (isset($visible)) { + $sql .= ' AND b.visible='.intval($visible); + } + $module_id = intval($module_id); + if (!empty($module_id)) { + $sql .= ' AND m.module_id IN (0,'.$module_id; + if ($toponlyblock) { + $sql .= ',-1'; + } + $sql .= ')'; + } else { + if ($toponlyblock) { + $sql .= ' AND m.module_id IN (0,-1)'; + } else { + $sql .= ' AND m.module_id=0'; + } + } + $sql .= ' AND b.bid IN ('.implode(',', $non_grouped).')'; + $sql .= ' ORDER BY '.$orderby; + $result = $db->query($sql); + while ( $myrow = $db->fetchArray($result) ) { + $block =& new XoopsBlock($myrow); + $ret[$myrow['bid']] =& $block; + unset($block); + } + } + return $ret; + } + + function countSimilarBlocks($moduleId, $funcNum, $showFunc = null) + { + $funcNum = intval($funcNum); + $moduleId = intval($moduleId); + if ($funcNum < 1 || $moduleId < 1) { + // invalid query + return 0; + } + $db =& Database::getInstance(); + if (isset($showFunc)) { + // showFunc is set for more strict comparison + $sql = sprintf("SELECT COUNT(*) FROM %s WHERE mid = %d AND func_num = %d AND show_func = %s", $db->prefix('newblocks'), $moduleId, $funcNum, $db->quoteString(trim($showFunc))); + } else { + $sql = sprintf("SELECT COUNT(*) FROM %s WHERE mid = %d AND func_num = %d", $db->prefix('newblocks'), $moduleId, $funcNum); + } + if (!$result = $db->query($sql)) { + return 0; + } + list($count) = $db->fetchRow($result); + return $count; + } +} ?> \ No newline at end of file
