Skip to:
Content

bbPress.org

Changeset 5


Ignore:
Timestamp:
12/27/2004 11:22:22 AM (19 years ago)
Author:
matt
Message:

Login, logout, sanitize everything, be fast.

Location:
trunk
Files:
3 added
10 edited

Legend:

Unmodified
Added
Removed
  • trunk/bb-includes/default-filters.php

    r2 r5  
    77add_filter('topic_time', 'since');
    88
    9 add_filter('topic_title', 'bb_specialchars');
     9add_filter('pre_topic_title', 'bb_specialchars');
    1010add_filter('get_forum_name', 'bb_specialchars');
    1111
    12 add_filter('post_text', 'code_trick');
    13 add_filter('post_text', 'encode_bad');
    14 add_filter('post_text', 'bb_autop');
     12add_filter('pre_post', 'trim');
     13add_filter('pre_post', 'encode_bad');
     14add_filter('pre_post', 'stripslashes', 40); // KSES doesn't like escaped atributes
     15add_filter('pre_post', 'bb_filter_kses', 50);
     16add_filter('pre_post', 'addslashes', 55);
     17add_filter('pre_post', 'bb_autop', 60);
    1518
    1619?>
  • trunk/bb-includes/formatting-functions.php

    r4 r5  
    1818}
    1919
    20 function bb_autop($pee, $br = 1) {
     20function bb_autop($pee, $br = 1) { // Reduced to be faster
    2121    $pee = $pee . "\n"; // just to make things a little easier, pad the end
    2222    $pee = preg_replace('|<br />\s*<br />|', "\n\n", $pee);
    2323    // Space things out a little
    24     $pee = preg_replace('!(<(?:table|thead|tfoot|caption|colgroup|tbody|tr|td|th|div|dl|dd|dt|ul|ol|li|pre|select|form|blockquote|math|p|h[1-6])[^>]*>)!', "\n$1", $pee);
    25     $pee = preg_replace('!(</(?:table|thead|tfoot|caption|colgroup|tbody|tr|td|th|div|dl|dd|dt|ul|ol|li|pre|select|form|blockquote|math|p|h[1-6])>)!', "$1\n", $pee);
     24    $pee = preg_replace('!(<(?:ul|ol|li|pre|blockquote|p|h[1-6])[^>]*>)!', "\n$1", $pee);
     25    $pee = preg_replace('!(</(?:ul|ol|li|pre|blockquote|p|h[1-6])>)!', "$1\n", $pee);
    2626    $pee = str_replace(array("\r\n", "\r"), "\n", $pee); // cross-platform newlines
    2727    $pee = preg_replace("/\n\n+/", "\n\n", $pee); // take care of duplicates
    2828    $pee = preg_replace('/\n?(.+?)(?:\n\s*\n|\z)/s', "\t<p>$1</p>\n", $pee); // make paragraphs, including one at the end
    2929    $pee = preg_replace('|<p>\s*?</p>|', '', $pee); // under certain strange conditions it could create a P of entirely whitespace
    30     $pee = preg_replace('!<p>\s*(</?(?:table|thead|tfoot|caption|colgroup|tbody|tr|td|th|div|dl|dd|dt|ul|ol|li|hr|pre|select|form|blockquote|math|p|h[1-6])[^>]*>)\s*</p>!', "$1", $pee); // don't pee all over a tag
     30    $pee = preg_replace('!<p>\s*(</?(?:ul|ol|li|pre|blockquote|p|h[1-6])[^>]*>)\s*</p>!', "$1", $pee); // don't pee all over a tag
    3131    $pee = preg_replace("|<p>(<li.+?)</p>|", "$1", $pee); // problem with nested lists
    3232    $pee = preg_replace('|<p><blockquote([^>]*)>|i', "<blockquote$1><p>", $pee);
    3333    $pee = str_replace('</blockquote></p>', '</p></blockquote>', $pee);
    34     $pee = preg_replace('!<p>\s*(</?(?:table|thead|tfoot|caption|colgroup|tbody|tr|td|th|div|dl|dd|dt|ul|ol|li|hr|pre|select|form|blockquote|math|p|h[1-6])[^>]*>)!', "$1", $pee);
    35     $pee = preg_replace('!(</?(?:table|thead|tfoot|caption|colgroup|tbody|tr|td|th|div|dl|dd|dt|ul|ol|li|pre|select|form|blockquote|math|p|h[1-6])[^>]*>)\s*</p>!', "$1", $pee);
     34    $pee = preg_replace('!<p>\s*(</?(?:ul|ol|li|pre|blockquote|p|h[1-6])[^>]*>)!', "$1", $pee);
     35    $pee = preg_replace('!(</?(?:ul|ol|li|pre|blockquote|p|h[1-6])[^>]*>)\s*</p>!', "$1", $pee);
    3636    if ($br) $pee = preg_replace('|(?<!<br />)\s*\n|', "<br />\n", $pee); // optionally make line breaks
    37     $pee = preg_replace('!(</?(?:table|thead|tfoot|caption|tbody|tr|td|th|div|dl|dd|dt|ul|ol|li|pre|select|form|blockquote|math|p|h[1-6])[^>]*>)\s*<br />!', "$1", $pee);
     37    $pee = preg_replace('!(</?(?:ul|ol|li|pre|blockquote|p|h[1-6])[^>]*>)\s*<br />!', "$1", $pee);
    3838    $pee = preg_replace('!<br />(\s*</?(?:p|li|div|dl|dd|dt|th|pre|td|ul|ol)>)!', '$1', $pee);
    3939    $pee = preg_replace('!(<pre.*?>)(.*?)</pre>!ise', " stripslashes('$1') .  clean_pre('$2')  . '</pre>' ", $pee);
     
    4242}
    4343function encodeit($text) {
    44         $text = stripslashes($text);
    45         $text = preg_replace("|\n+|", "\n", $text);
    46         $text = nl2br($text);
    47         return $text;
     44    $text = stripslashes($text); // because it's a regex callback
     45    $text = htmlspecialchars($text, ENT_QUOTES);
     46    $text = preg_replace("|\n+|", "\n", $text);
     47    $text = nl2br($text);
     48    return $text;
    4849}
    4950
     
    6162    $text = preg_replace('|&lt;(/?ul)&gt;|', '<$1>', $text);
    6263    $text = preg_replace('|&lt;(/?li)&gt;|', '<$1>', $text);
    63     $text = preg_replace('|&lt;(/?blockquote)&gt;|', '<$1>', $text);
     64    $text = preg_replace('|&lt;(/?blockquote.*?)&gt;|', '<$1>', $text);
    6465    $text = preg_replace('|&lt;(/?code)&gt;|', '<$1>', $text);
     66
     67    $text = preg_replace("|`(.*?)`|se", "'<code>' . encodeit('$1') . '</code>'", $text);
     68
    6569    return $text;
    6670}
    6771
    68 function wp_filter_kses($data) {
     72function bb_filter_kses($data) {
    6973    $allowedtags = array(
    7074        'a' => array(
     
    8690    return wp_kses($data, $allowedtags);
    8791}
     92
     93function user_sanitize( $text ) {
     94    $text = preg_replace('/[^a-z0-9_-]/i', '', $text);
     95    return $text;
     96}
    8897?>
  • trunk/bb-includes/functions.php

    r2 r5  
    154154    case 'mod_rewrite' :
    155155        return $bb->mod_rewrite;
     156        break;
     157    case 'path' :
     158        return $bb->path;
     159        break;
     160    case 'domain' :
     161        return $bb->domain;
    156162        break;
    157163    endswitch;
     
    223229    }
    224230}
     231
     232function current_time($type) {
     233    switch ($type) {
     234        case 'mysql':
     235            $d = gmdate('Y-m-d H:i:s');
     236            break;
     237        case 'timestamp':
     238            $d = time();
     239            break;
     240    }
     241    return $d;
     242}
     243
     244function bb_current_user() {
     245    global $bbdb;
     246    if ( !isset($_COOKIE['bb_user_' . BBHASH]) )
     247        return false;
     248    if ( !isset($_COOKIE['bb_pass_' . BBHASH]) )
     249        return false;
     250    $user = user_sanitize( $_COOKIE['bb_user_' . BBHASH] );
     251    $pass = user_sanitize( $_COOKIE['bb_pass_' . BBHASH] );
     252   
     253    return $bbdb->get_row("SELECT * FROM $bbdb->users WHERE username = '$user' AND user_password = '$pass'");
     254}
     255
     256function bb_check_login($user, $pass) {
     257    global $bbdb;
     258    $user = user_sanitize( $user );
     259    $pass = user_sanitize( md5( $pass ) );
     260    return $bbdb->get_row("SELECT * FROM $bbdb->users WHERE username = '$user' AND user_password = '$pass'");
     261}
     262
     263function bb_new_topic( $title, $forum ) {
     264    global $bbdb, $current_user;
     265    $title = apply_filters('pre_topic_title', $title);
     266    $forum = (int) $forum;
     267    $now   = current_time('mysql');
     268
     269    if ( $forum && $title ) {
     270        $bbdb->query("INSERT INTO $bbdb->topics
     271        (topic_title, topic_poster, topic_poster_name, topic_last_poster, topic_last_poster_name, topic_time, forum_id)
     272        VALUES
     273        ('$title', $current_user->user_id, '$current_user->username', $current_user->user_id, '$current_user->username', '$now', $forum)");
     274        $topic_id = $bbdb->insert_id;
     275        $bbdb->query("UPDATE $bbdb->forums SET topics = topics + 1 WHERE forum_id = $forum");
     276        return $topic_id;
     277    } else {
     278        return false;
     279    }
     280}
     281
     282function bb_new_post( $topic_id, $post ) {
     283    global $bbdb, $current_user;
     284    $post  = apply_filters('pre_post', $post);
     285    $tid   = (int) $topic_id;
     286    $now   = current_time('mysql');
     287    $uid   = $current_user->user_id;
     288    $uname = $current_user->username;
     289    $ip    = addslashes( $_SERVER['REMOTE_ADDR'] );
     290
     291    $topic = $bbdb->get_row("SELECT * FROM $bbdb->topics WHERE topic_id = $tid");
     292
     293    if ( $post && $topic ) {
     294        $bbdb->query("INSERT INTO $bbdb->posts
     295        (topic_id, poster_id, post_text, post_time, poster_ip)
     296        VALUES
     297        ('$tid',   '$uid',    '$post',   '$now',    '$ip'    )");
     298        $post_id = $bbdb->insert_id;
     299        $bbdb->query("UPDATE $bbdb->forums SET posts = posts + 1 WHERE forum_id = $topic->forum_id");
     300        $bbdb->query("UPDATE $bbdb->topics SET topic_last_poster = $uid, topic_last_poster_name = '$uname',
     301        topic_last_post_id = $post_id, topic_posts = topic_posts + 1 WHERE topic_id = $tid");
     302        return $post_id;
     303    } else {
     304        return false;
     305    }
     306}
     307
     308function get_post_link( $id ) {
     309    global $bbdb, $topic;
     310    $id = (int) $id;
     311    $topic_id = $bbdb->get_var("SELECT topic_id FROM $bbdb->posts WHERE post_id = $id");
     312    if ( !$topic_id )
     313        return false;
     314    $topic = $bbdb->get_row("SELECT * FROM $bbdb->topics WHERE topic_id = $topic_id");
     315
     316    return get_topic_link() . "#post-$id";
     317}
     318
    225319?>
  • trunk/bb-includes/kses.php

    r2 r5  
    22# Web page:    http://sourceforge.net/projects/kses
    33# [kses strips evil scripts!]
    4 if (!defined('CUSTOM_TAGS'))
    5     define('CUSTOM_TAGS', false);
    64   
    75function wp_kses($string, $allowed_html, $allowed_protocols =
  • trunk/bb-includes/template-functions.php

    r3 r5  
    1212
    1313function login_form() {
    14     return;
     14    global $current_user;
     15    if ($current_user) {
     16        echo "Welcome, $current_user->username! <a href='/user/$current_user->user_id'>View your profile &raquo;</a>
     17        <small>(<a href='" . get_option('uri') . "bb-login.php?logout'>Logout</a>)</small>";
     18    } else {
     19        require( ABSPATH . '/bb-templates/login-form.php');
     20    }
     21}
     22
     23function post_form() {
     24    global $current_user;
     25    if ($current_user) {
     26        require( ABSPATH . '/bb-templates/post-form.php');
     27    } else {
     28        echo "<p>You must login to post.";
     29        require( ABSPATH . '/bb-templates/login-form.php');
     30    }
    1531}
    1632
     
    6985    echo apply_filters('forum_name', get_forum_name() );
    7086}
    71 
     87function get_forum_id() {
     88    global $forum;
     89    return $forum->forum_id;
     90}
     91function forum_id() {
     92    echo apply_filters('forum_id', get_forum_id() );
     93}
    7294function get_forum_name() {
    7395    global $forum;
     
    107129
    108130// TOPICS
     131function get_topic_id() {
     132    global $topic;
     133    return $topic->topic_id;
     134}
     135
     136function topic_id() {
     137    echo apply_filters('topic_id', get_topic_id() );
     138}
     139
    109140function topic_link() {
     141    echo apply_filters('topic_link', get_topic_link() );
     142}
     143
     144function get_topic_link() {
    110145    global $topic, $bb;
    111     if ( $bb->mod_rewrite )
    112         $link = $bb->path . $topic->topic_id;
    113     else
    114         $link = $bb->path . "topic.php?id=$topic->topic_id";
    115 
    116     echo apply_filters('topic_link', $link);
     146
     147    if ( get_option('mod_rewrite') )
     148        $link = get_option('path') . $topic->topic_id;
     149    else
     150        $link = get_option('path') . "topic.php?id=$topic->topic_id";
     151
     152    return apply_filters('get_topic_link', $link);
    117153}
    118154
     
    170206
    171207function get_post_author() {
    172     global $post;
    173     return apply_filters('post_author', $post->poster_name);
     208    global $bbdb, $user_cache;
     209    $id = get_post_author_id();
     210    if ( $id ) :
     211        if ( isset( $user_cache[$id] ) ) {
     212            return $user_cache[$id]->username;
     213        } else {
     214            $user_cache[$id] = $bbdb->get_row("SELECT * FROM $bbdb->users WHERE user_id = $id");
     215            return $user_cache[$id]->username;
     216        }
     217    else :
     218        return 'Anonymous';
     219    endif;
    174220}
    175221
  • trunk/bb-settings.php

    r2 r5  
    3939register_shutdown_function('bb_shutdown_action_hook');
    4040
    41 $current_user = get_current_user();
     41define('BBHASH', md5($table_prefix) );
     42
     43$current_user = bb_current_user();
    4244
    4345?>
  • trunk/bb-templates/forum.php

    r2 r5  
    3333</div>
    3434<?php endif; ?>
     35<h2>New Topic in this Forum</h2>
     36<?php post_form(); ?>
    3537
    3638<?php get_footer(); ?>
  • trunk/bb-templates/login-form.php

    r3 r5  
    22<p>
    33  <label>Username:
    4   <input name="username" type="text" id="username" size="20" maxlength="40" />
     4  <input name="username" type="text" id="username" size="15" maxlength="40" value="<?php echo bb_specialchars($_COOKIE['bb_user_' . BBHASH], 1); ?>" />
    55  </label>
    6   -
     6
    77  <label>Password:
    8   <input name="password" type="text" id="password" size="20" maxlength="40" />
     8  <input name="password" type="password" id="password" size="15" maxlength="40" />
    99  </label>
    1010  <input type="submit" name="Submit" value="Login &raquo;" />
  • trunk/bb-templates/topic.php

    r3 r5  
    3232</div>
    3333<?php endif; ?>
     34<h2>Reply</h2>
     35<?php post_form(); ?>
    3436<?php get_footer(); ?>
  • trunk/upgrade.php

    r2 r5  
    22require('bb-config.php');
    33header ('content-type: text/plain');
     4set_time_limit(300);
    45
     6/* // uncomment to deslash old junk
    57$topics = $bbdb->get_results("SELECT topic_id FROM $bbdb->topics");
    68if ($topics) {
     
    1214}
    1315
    14 /* // uncomment to deslash old junk
     16
     17*/
     18
     19$posts = $bbdb->get_results("SELECT post_id, post_text FROM $bbdb->posts");
     20if ($posts) {
     21    foreach($posts as $post) {
     22        echo $post->post_id . ' ';
     23        $post_text = addslashes(deslash($post->post_text));
     24        $post_text = apply_filters('pre_post', $post_text);
     25        $bbdb->query("UPDATE $bbdb->posts SET post_text = '$post_text' WHERE post_id = '$post->post_id'");
     26    }
     27}
     28
     29/*
     30$topics = $bbdb->get_results("SELECT topic_id, topic_title FROM $bbdb->topics");
     31if ($topics) {
     32    foreach($topics as $topic) {
     33        $topic_title = bb_specialchars(addslashes(deslash($topic->topic_title)));
     34        $bbdb->query("UPDATE $bbdb->topics SET topic_title = '$topic_title' WHERE topic_id = '$topic->topic_id'");
     35    }
     36}
     37*/
     38
    1539function deslash($content) {
    1640    // Note: \\\ inside a regex denotes a single backslash.
     
    3054}
    3155
    32 $posts = $bbdb->get_results("SELECT post_id, post_text FROM $bbdb->posts");
    33 if ($posts) {
    34     foreach($posts as $post) {
    35         echo $post->post_id . ' ';
    36         $post_text = addslashes(deslash($post->post_text));
    37         $bbdb->query("UPDATE $bbdb->posts SET post_text = '$post_text' WHERE post_id = '$post->post_id'");
    38     }
    39 }
    40 
    41 $topics = $bbdb->get_results("SELECT topic_id, topic_title FROM $bbdb->topics");
    42 if ($topics) {
    43     foreach($topics as $topic) {
    44         $topic_title = addslashes(deslash($topic->topic_title));
    45         $bbdb->query("UPDATE $bbdb->topics SET topic_title = '$topic_title' WHERE topic_id = '$topic->topic_id'");
    46     }
    47 }
    48 */
    49 
    5056?>
Note: See TracChangeset for help on using the changeset viewer.