1:   2:   3:   4:   5:   6:   7:   8:   9:  10:  11:  12:  13:  14:  15:  16:  17:  18:  19:  20:  21:  22:  23:  24:  25:  26:  27:  28:  29:  30:  31:  32:  33:  34:  35:  36:  37:  38:  39:  40:  41:  42:  43:  44:  45:  46:  47:  48:  49:  50:  51:  52:  53:  54:  55:  56:  57:  58:  59:  60:  61:  62:  63:  64:  65:  66:  67:  68:  69:  70:  71:  72:  73:  74:  75:  76:  77:  78:  79:  80:  81:  82:  83:  84:  85:  86:  87:  88:  89:  90:  91:  92:  93:  94:  95:  96:  97:  98:  99: 100: 101: 102: 103: 104: 105: 106: 107: 108: 109: 110: 111: 112: 113: 114: 115: 116: 117: 118: 119: 120: 121: 122: 123: 124: 125: 126: 127: 128: 129: 130: 131: 132: 133: 134: 135: 136: 137: 138: 139: 140: 141: 142: 143: 144: 145: 146: 147: 148: 149: 150: 151: 152: 153: 154: 155: 156: 157: 158: 159: 160: 161: 162: 163: 164: 165: 166: 167: 168: 169: 170: 171: 172: 173: 174: 175: 176: 177: 178: 179: 180: 181: 182: 183: 184: 185: 186: 187: 188: 189: 190: 191: 192: 193: 194: 195: 196: 197: 198: 199: 200: 201: 202: 203: 204: 205: 206: 207: 208: 209: 210: 211: 212: 213: 214: 215: 216: 217: 218: 219: 220: 221: 222: 223: 224: 225: 226: 227: 228: 229: 230: 231: 232: 233: 234: 235: 236: 237: 238: 239: 240: 241: 242: 243: 244: 245: 246: 247: 248: 249: 250: 251: 252: 253: 254: 255: 256: 257: 258: 259: 260: 261: 262: 263: 264: 265: 266: 267: 268: 269: 270: 271: 272: 273: 274: 275: 276: 277: 278: 279: 280: 281: 282: 283: 284: 285: 286: 287: 288: 289: 290: 291: 292: 293: 294: 295: 296: 297: 298: 299: 300: 301: 302: 303: 304: 305: 306: 307: 308: 309: 

<?php

/**
 * Maintains all XML-based interaction (mainly XMLhttp)
 *
 * Simple Machines Forum (SMF)
 *
 * @package SMF
 * @author Simple Machines https://www.simplemachines.org
 * @copyright 2020 Simple Machines and individual contributors
 * @license https://www.simplemachines.org/about/smf/license.php BSD
 *
 * @version 2.1 RC2
 */

if (!defined('SMF'))
    die('No direct access...');

/**
 * The main handler and designator for AJAX stuff - jumpto, message icons and previews
 */
function XMLhttpMain()
{
    loadTemplate('Xml');

    $subActions = array(
        'jumpto' => 'GetJumpTo',
        'messageicons' => 'ListMessageIcons',
        'previews' => 'RetrievePreview',
    );

    // Easy adding of sub actions.
    call_integration_hook('integrate_XMLhttpMain_subActions', array(&$subActions));

    if (!isset($_REQUEST['sa'], $subActions[$_REQUEST['sa']]))
        fatal_lang_error('no_access', false);

    call_helper($subActions[$_REQUEST['sa']]);
}

/**
 * Get a list of boards and categories used for the jumpto dropdown.
 */
function GetJumpTo()
{
    global $context, $sourcedir;

    // Find the boards/categories they can see.
    require_once($sourcedir . '/Subs-MessageIndex.php');
    $boardListOptions = array(
        'use_permissions' => true,
        'selected_board' => isset($context['current_board']) ? $context['current_board'] : 0,
    );
    $context['jump_to'] = getBoardList($boardListOptions);

    // Make the board safe for display.
    foreach ($context['jump_to'] as $id_cat => $cat)
    {
        $context['jump_to'][$id_cat]['name'] = un_htmlspecialchars(strip_tags($cat['name']));
        foreach ($cat['boards'] as $id_board => $board)
            $context['jump_to'][$id_cat]['boards'][$id_board]['name'] = un_htmlspecialchars(strip_tags($board['name']));
    }

    $context['sub_template'] = 'jump_to';
}

/**
 * Gets a list of available message icons and sends the info to the template for display
 */
function ListMessageIcons()
{
    global $context, $sourcedir, $board;

    require_once($sourcedir . '/Subs-Editor.php');
    $context['icons'] = getMessageIcons($board);

    $context['sub_template'] = 'message_icons';
}

/**
 * Handles retrieving previews of news items, newsletters, signatures and warnings.
 * Calls the appropriate function based on $_POST['item']
 *
 * @return void|bool Returns false if $_POST['item'] isn't set or isn't valid
 */
function RetrievePreview()
{
    global $context;

    $items = array(
        'newspreview',
        'newsletterpreview',
        'sig_preview',
        'warning_preview',
    );

    $context['sub_template'] = 'generic_xml';

    if (!isset($_POST['item']) || !in_array($_POST['item'], $items))
        return false;

    $_POST['item']();
}

/**
 * Handles previewing news items
 */
function newspreview()
{
    global $context, $sourcedir, $smcFunc;

    require_once($sourcedir . '/Subs-Post.php');

    $errors = array();
    $news = !isset($_POST['news']) ? '' : $smcFunc['htmlspecialchars']($_POST['news'], ENT_QUOTES);
    if (empty($news))
        $errors[] = array('value' => 'no_news');
    else
        preparsecode($news);

    $context['xml_data'] = array(
        'news' => array(
            'identifier' => 'parsedNews',
            'children' => array(
                array(
                    'value' => parse_bbc($news),
                ),
            ),
        ),
        'errors' => array(
            'identifier' => 'error',
            'children' => $errors
        ),
    );
}

/**
 * Handles previewing newsletters
 */
function newsletterpreview()
{
    global $context, $sourcedir, $txt;

    require_once($sourcedir . '/Subs-Post.php');
    require_once($sourcedir . '/ManageNews.php');
    loadLanguage('Errors');

    $context['post_error']['messages'] = array();
    $context['send_pm'] = !empty($_POST['send_pm']) ? 1 : 0;
    $context['send_html'] = !empty($_POST['send_html']) ? 1 : 0;

    if (empty($_POST['subject']))
        $context['post_error']['messages'][] = $txt['error_no_subject'];
    if (empty($_POST['message']))
        $context['post_error']['messages'][] = $txt['error_no_message'];

    prepareMailingForPreview();

    $context['sub_template'] = 'pm';
}

/**
 * Handles previewing signatures
 */
function sig_preview()
{
    global $context, $sourcedir, $smcFunc, $txt, $user_info;

    require_once($sourcedir . '/Profile-Modify.php');
    loadLanguage('Profile');
    loadLanguage('Errors');

    $user = isset($_POST['user']) ? (int) $_POST['user'] : 0;
    $is_owner = $user == $user_info['id'];

    // @todo Temporary
    // Borrowed from loadAttachmentContext in Display.php
    $can_change = $is_owner ? allowedTo(array('profile_extra_any', 'profile_extra_own')) : allowedTo('profile_extra_any');

    $errors = array();
    if (!empty($user) && $can_change)
    {
        $request = $smcFunc['db_query']('', '
            SELECT signature
            FROM {db_prefix}members
            WHERE id_member = {int:id_member}
            LIMIT 1',
            array(
                'id_member' => $user,
            )
        );
        list($current_signature) = $smcFunc['db_fetch_row']($request);
        $smcFunc['db_free_result']($request);
        censorText($current_signature);
        $current_signature = !empty($current_signature) ? parse_bbc($current_signature, true, 'sig' . $user) : $txt['no_signature_set'];

        $preview_signature = !empty($_POST['signature']) ? $_POST['signature'] : $txt['no_signature_preview'];
        $validation = profileValidateSignature($preview_signature);

        if ($validation !== true && $validation !== false)
            $errors[] = array('value' => $txt['profile_error_' . $validation], 'attributes' => array('type' => 'error'));

        censorText($preview_signature);
        $preview_signature = parse_bbc($preview_signature, true, 'sig' . $user);
    }
    elseif (!$can_change)
    {
        if ($is_owner)
            $errors[] = array('value' => $txt['cannot_profile_extra_own'], 'attributes' => array('type' => 'error'));
        else
            $errors[] = array('value' => $txt['cannot_profile_extra_any'], 'attributes' => array('type' => 'error'));
    }
    else
        $errors[] = array('value' => $txt['no_user_selected'], 'attributes' => array('type' => 'error'));

    $context['xml_data']['signatures'] = array(
        'identifier' => 'signature',
        'children' => array()
    );
    if (isset($current_signature))
        $context['xml_data']['signatures']['children'][] = array(
            'value' => $current_signature,
            'attributes' => array('type' => 'current'),
        );
    if (isset($preview_signature))
        $context['xml_data']['signatures']['children'][] = array(
            'value' => $preview_signature,
            'attributes' => array('type' => 'preview'),
        );
    if (!empty($errors))
        $context['xml_data']['errors'] = array(
            'identifier' => 'error',
            'children' => array_merge(
                array(
                    array(
                        'value' => $txt['profile_errors_occurred'],
                        'attributes' => array('type' => 'errors_occurred'),
                    ),
                ),
                $errors
            ),
        );
}

/**
 * Handles previewing user warnings
 */
function warning_preview()
{
    global $context, $sourcedir, $smcFunc, $txt, $user_info, $scripturl, $mbname;

    require_once($sourcedir . '/Subs-Post.php');
    loadLanguage('Errors');
    loadLanguage('ModerationCenter');

    $context['post_error']['messages'] = array();
    if (allowedTo('issue_warning'))
    {
        $warning_body = !empty($_POST['body']) ? trim(censorText($_POST['body'])) : '';
        $context['preview_subject'] = !empty($_POST['title']) ? trim($smcFunc['htmlspecialchars']($_POST['title'])) : '';
        if (isset($_POST['issuing']))
        {
            if (empty($_POST['title']) || empty($_POST['body']))
                $context['post_error']['messages'][] = $txt['warning_notify_blank'];
        }
        else
        {
            if (empty($_POST['title']))
                $context['post_error']['messages'][] = $txt['mc_warning_template_error_no_title'];
            if (empty($_POST['body']))
                $context['post_error']['messages'][] = $txt['mc_warning_template_error_no_body'];
            // Add in few replacements.
            /**
             * These are the defaults:
             * - {MEMBER} - Member Name. => current user for review
             * - {MESSAGE} - Link to Offending Post. (If Applicable) => not applicable here, so not replaced
             * - {FORUMNAME} - Forum Name.
             * - {SCRIPTURL} - Web address of forum.
             * - {REGARDS} - Standard email sign-off.
             */
            $find = array(
                '{MEMBER}',
                '{FORUMNAME}',
                '{SCRIPTURL}',
                '{REGARDS}',
            );
            $replace = array(
                $user_info['name'],
                $mbname,
                $scripturl,
                $txt['regards_team'],
            );
            $warning_body = str_replace($find, $replace, $warning_body);
        }

        if (!empty($_POST['body']))
        {
            preparsecode($warning_body);
            $warning_body = parse_bbc($warning_body, true);
        }
        $context['preview_message'] = $warning_body;
    }
    else
        $context['post_error']['messages'][] = array('value' => $txt['cannot_issue_warning'], 'attributes' => array('type' => 'error'));

    $context['sub_template'] = 'warning';
}

?>