Code Coverage for /data/phpBB/includes/acp/acp

	Code Coverage
	Classes and Traits			Functions and Methods				Lines
Total	0.00% covered (danger)	0.00%	0 / 1	0.00% covered (danger)	0.00%	0 / 2	CRAP	0.00% covered (danger)	0.00%	0 / 314
acp_bbcodes	0.00% covered (danger)	0.00%	0 / 1	0.00% covered (danger)	0.00%	0 / 2	1980.00	0.00% covered (danger)	0.00%	0 / 310
main				0.00% covered (danger)	0.00%	0 / 1	1806.00	0.00% covered (danger)	0.00%	0 / 294
build_regexp				0.00% covered (danger)	0.00%	0 / 1	6.00	0.00% covered (danger)	0.00%	0 / 16

1	<?php
2	/**
3	*
4	* This file is part of the phpBB Forum Software package.
5	*
6	* @copyright (c) phpBB Limited <https://www.phpbb.com>
7	* @license GNU General Public License, version 2 (GPL-2.0)
8	*
9	* For full copyright and license information, please see
10	* the docs/CREDITS.txt file.
11	*
12	*/
13
14	/**
15	* @ignore
16	*/
17	if (!defined('IN_PHPBB'))
18	{
19	exit;
20	}
21
22	class acp_bbcodes
23	{
24	var $u_action;
25
26	function main($id, $mode)
27	{
28	global $db, $user, $template, $cache, $request, $phpbb_dispatcher, $phpbb_container;
29	global $phpbb_log;
30
31	$user->add_lang('acp/posting');
32
33	// Set up general vars
34	$action = $request->variable('action', '');
35	$bbcode_id = $request->variable('bbcode', 0);
36
37	$this->tpl_name = 'acp_bbcodes';
38	$this->page_title = 'ACP_BBCODES';
39	$form_key = 'acp_bbcodes';
40
41	add_form_key($form_key);
42
43	// Set up mode-specific vars
44	switch ($action)
45	{
46	case 'add':
47	$bbcode_match = $bbcode_tpl = $bbcode_helpline = '';
48	$display_on_posting = 0;
49	break;
50
51	case 'edit':
52	$sql = 'SELECT bbcode_match, bbcode_tpl, display_on_posting, bbcode_helpline
53	FROM ' . BBCODES_TABLE . '
54	WHERE bbcode_id = ' . $bbcode_id;
55	$result = $db->sql_query($sql);
56	$row = $db->sql_fetchrow($result);
57	$db->sql_freeresult($result);
58
59	if (!$row)
60	{
61	trigger_error($user->lang['BBCODE_NOT_EXIST'] . adm_back_link($this->u_action), E_USER_WARNING);
62	}
63
64	$bbcode_match = $row['bbcode_match'];
65	$bbcode_tpl = htmlspecialchars($row['bbcode_tpl'], ENT_COMPAT);
66	$display_on_posting = $row['display_on_posting'];
67	$bbcode_helpline = $row['bbcode_helpline'];
68	break;
69
70	case 'modify':
71	$sql = 'SELECT bbcode_id, bbcode_tag
72	FROM ' . BBCODES_TABLE . '
73	WHERE bbcode_id = ' . $bbcode_id;
74	$result = $db->sql_query($sql);
75	$row = $db->sql_fetchrow($result);
76	$db->sql_freeresult($result);
77
78	if (!$row)
79	{
80	trigger_error($user->lang['BBCODE_NOT_EXIST'] . adm_back_link($this->u_action), E_USER_WARNING);
81	}
82
83	// No break here
84
85	case 'create':
86	$display_on_posting = $request->variable('display_on_posting', 0);
87
88	$bbcode_match = $request->variable('bbcode_match', '');
89	$bbcode_tpl = html_entity_decode($request->variable('bbcode_tpl', '', true), ENT_COMPAT);
90	$bbcode_helpline = $request->variable('bbcode_helpline', '', true);
91	break;
92	}
93
94	// Do major work
95	switch ($action)
96	{
97	case 'edit':
98	case 'add':
99
100	$tpl_ary = array(
101	'S_EDIT_BBCODE' => true,
102	'U_BACK' => $this->u_action,
103	'U_ACTION' => $this->u_action . '&action=' . (($action == 'add') ? 'create' : 'modify') . (($bbcode_id) ? "&bbcode=$bbcode_id" : ''),
104
105	'L_BBCODE_USAGE_EXPLAIN'=> sprintf($user->lang['BBCODE_USAGE_EXPLAIN'], '<a href="#down">', '</a>'),
106	'BBCODE_MATCH' => $bbcode_match,
107	'BBCODE_TPL' => $bbcode_tpl,
108	'BBCODE_HELPLINE' => $bbcode_helpline,
109	'DISPLAY_ON_POSTING' => $display_on_posting,
110	);
111
112	$bbcode_tokens = array('TEXT', 'SIMPLETEXT', 'INTTEXT', 'IDENTIFIER', 'NUMBER', 'EMAIL', 'URL', 'LOCAL_URL', 'RELATIVE_URL', 'COLOR');
113	$bbcode_tokens = array_merge($bbcode_tokens, ['ALNUM', 'CHOICE', 'FLOAT', 'HASHMAP', 'INT', 'IP', 'IPPORT', 'IPV4', 'IPV6', 'MAP', 'RANGE', 'REGEXP', 'TIMESTAMP', 'UINT']);
114
115	/**
116	* Modify custom bbcode template data before we display the add/edit form
117	*
118	* @event core.acp_bbcodes_edit_add
119	* @var string action Type of the action: add\|edit
120	* @var array tpl_ary Array with custom bbcode add/edit data
121	* @var int bbcode_id When editing: the bbcode id,
122	* when creating: 0
123	* @var array bbcode_tokens Array of bbcode tokens
124	* @since 3.1.0-a3
125	*/
126	$vars = array('action', 'tpl_ary', 'bbcode_id', 'bbcode_tokens');
127	extract($phpbb_dispatcher->trigger_event('core.acp_bbcodes_edit_add', compact($vars)));
128
129	$template->assign_vars($tpl_ary);
130
131	foreach ($bbcode_tokens as $token)
132	{
133	$template->assign_block_vars('token', array(
134	'TOKEN' => '{' . $token . '}',
135	'EXPLAIN' => ($token === 'LOCAL_URL') ? $user->lang(array('tokens', $token), generate_board_url() . '/') : $user->lang(array('tokens', $token)),
136	));
137	}
138
139	return;
140
141	break;
142
143	case 'modify':
144	case 'create':
145
146	$sql_ary = $hidden_fields = array();
147
148	/**
149	* Modify custom bbcode data before the modify/create action
150	*
151	* @event core.acp_bbcodes_modify_create
152	* @var string action Type of the action: modify\|create
153	* @var array sql_ary Array with new bbcode data
154	* @var int bbcode_id When editing: the bbcode id,
155	* when creating: 0
156	* @var bool display_on_posting Display bbcode on posting form
157	* @var string bbcode_match The bbcode usage string to match
158	* @var string bbcode_tpl The bbcode HTML replacement string
159	* @var string bbcode_helpline The bbcode help line string
160	* @var array hidden_fields Array of hidden fields for use when
161	* submitting form when $warn_unsafe is true
162	* @since 3.1.0-a3
163	*/
164	$vars = array(
165	'action',
166	'sql_ary',
167	'bbcode_id',
168	'display_on_posting',
169	'bbcode_match',
170	'bbcode_tpl',
171	'bbcode_helpline',
172	'hidden_fields',
173	);
174	extract($phpbb_dispatcher->trigger_event('core.acp_bbcodes_modify_create', compact($vars)));
175
176	$acp_utils = $phpbb_container->get('text_formatter.acp_utils');
177	$bbcode_info = $acp_utils->analyse_bbcode($bbcode_match, $bbcode_tpl);
178	$warn_unsafe = ($bbcode_info['status'] === $acp_utils::BBCODE_STATUS_UNSAFE);
179
180	if ($bbcode_info['status'] === $acp_utils::BBCODE_STATUS_INVALID_TEMPLATE)
181	{
182	trigger_error($user->lang['BBCODE_INVALID_TEMPLATE'] . adm_back_link($this->u_action), E_USER_WARNING);
183	}
184	if ($bbcode_info['status'] === $acp_utils::BBCODE_STATUS_INVALID_DEFINITION)
185	{
186	trigger_error($user->lang['BBCODE_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
187	}
188
189	if (!$warn_unsafe && !check_form_key($form_key))
190	{
191	trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
192	}
193
194	if (!$warn_unsafe \|\| confirm_box(true))
195	{
196	$data = $this->build_regexp($bbcode_match, $bbcode_tpl);
197
198	// Make sure the user didn't pick a "bad" name for the BBCode tag.
199	$hard_coded = array('code', 'quote', 'quote=', 'attachment', 'attachment=', 'b', 'i', 'url', 'url=', 'img', 'size', 'size=', 'color', 'color=', 'u', 'list', 'list=', 'email', 'email=', 'flash', 'flash=');
200
201	if (($action == 'modify' && strtolower($data['bbcode_tag']) !== strtolower($row['bbcode_tag'])) \|\| ($action == 'create'))
202	{
203	$sql = 'SELECT 1 as test
204	FROM ' . BBCODES_TABLE . "
205	WHERE LOWER(bbcode_tag) = '" . $db->sql_escape(strtolower($data['bbcode_tag'])) . "'";
206	$result = $db->sql_query($sql);
207	$info = $db->sql_fetchrow($result);
208	$db->sql_freeresult($result);
209
210	// Grab the end, interrogate the last closing tag
211	if (isset($info['test']) && $info['test'] === '1'
212	\|\| in_array(strtolower($data['bbcode_tag']), $hard_coded)
213	\|\| (preg_match('#\[/([^[]*)]$#', $bbcode_match, $regs) && in_array(strtolower($regs[1]), $hard_coded))
214	)
215	{
216	trigger_error($user->lang['BBCODE_INVALID_TAG_NAME'] . adm_back_link($this->u_action), E_USER_WARNING);
217	}
218	}
219
220	if (substr($data['bbcode_tag'], -1) === '=')
221	{
222	$test = substr($data['bbcode_tag'], 0, -1);
223	}
224	else
225	{
226	$test = $data['bbcode_tag'];
227	}
228
229	if (strlen($data['bbcode_tag']) > 16)
230	{
231	trigger_error($user->lang['BBCODE_TAG_TOO_LONG'] . adm_back_link($this->u_action), E_USER_WARNING);
232	}
233
234	if (strlen($bbcode_match) > 4000)
235	{
236	trigger_error($user->lang['BBCODE_TAG_DEF_TOO_LONG'] . adm_back_link($this->u_action), E_USER_WARNING);
237	}
238
239	if (strlen($bbcode_helpline) > 3000)
240	{
241	trigger_error($user->lang['BBCODE_HELPLINE_TOO_LONG'] . adm_back_link($this->u_action), E_USER_WARNING);
242	}
243
244	/**
245	* Replace Emojis and other 4bit UTF-8 chars not allowed by MySQL to UCR/NCR.
246	* Using their Numeric Character Reference's Hexadecimal notation.
247	*/
248	$bbcode_helpline = utf8_encode_ucr($bbcode_helpline);
249
250	$sql_ary = array_merge($sql_ary, array(
251	'bbcode_tag' => $data['bbcode_tag'],
252	'bbcode_match' => $bbcode_match,
253	'bbcode_tpl' => $bbcode_tpl,
254	'display_on_posting' => $display_on_posting,
255	'bbcode_helpline' => $bbcode_helpline,
256	'first_pass_match' => $data['first_pass_match'],
257	'first_pass_replace' => $data['first_pass_replace'],
258	'second_pass_match' => $data['second_pass_match'],
259	'second_pass_replace' => $data['second_pass_replace']
260	));
261
262	if ($action == 'create')
263	{
264	$sql = 'SELECT MAX(bbcode_id) as max_bbcode_id
265	FROM ' . BBCODES_TABLE;
266	$result = $db->sql_query($sql);
267	$row = $db->sql_fetchrow($result);
268	$db->sql_freeresult($result);
269
270	if ($row)
271	{
272	$bbcode_id = (int) $row['max_bbcode_id'] + 1;
273
274	// Make sure it is greater than the core bbcode ids...
275	if ($bbcode_id <= NUM_CORE_BBCODES)
276	{
277	$bbcode_id = NUM_CORE_BBCODES + 1;
278	}
279	}
280	else
281	{
282	$bbcode_id = NUM_CORE_BBCODES + 1;
283	}
284
285	if ($bbcode_id > BBCODE_LIMIT)
286	{
287	trigger_error($user->lang['TOO_MANY_BBCODES'] . adm_back_link($this->u_action), E_USER_WARNING);
288	}
289
290	$sql_ary['bbcode_id'] = (int) $bbcode_id;
291
292	$db->sql_query('INSERT INTO ' . BBCODES_TABLE . $db->sql_build_array('INSERT', $sql_ary));
293	$cache->destroy('sql', BBCODES_TABLE);
294	$phpbb_container->get('text_formatter.cache')->invalidate();
295
296	$lang = 'BBCODE_ADDED';
297	$log_action = 'LOG_BBCODE_ADD';
298	}
299	else
300	{
301	$sql = 'UPDATE ' . BBCODES_TABLE . '
302	SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
303	WHERE bbcode_id = ' . $bbcode_id;
304	$db->sql_query($sql);
305	$cache->destroy('sql', BBCODES_TABLE);
306	$phpbb_container->get('text_formatter.cache')->invalidate();
307
308	$lang = 'BBCODE_EDITED';
309	$log_action = 'LOG_BBCODE_EDIT';
310	}
311
312	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, $log_action, false, array($data['bbcode_tag']));
313
314	/**
315	* Event after a BBCode has been added or updated
316	*
317	* @event core.acp_bbcodes_modify_create_after
318	* @var string action Type of the action: modify\|create
319	* @var int bbcode_id The id of the added or updated bbcode
320	* @var array sql_ary Array with bbcode data (read only)
321	* @since 3.2.4-RC1
322	*/
323	$vars = array(
324	'action',
325	'bbcode_id',
326	'sql_ary',
327	);
328	extract($phpbb_dispatcher->trigger_event('core.acp_bbcodes_modify_create_after', compact($vars)));
329
330	trigger_error($user->lang[$lang] . adm_back_link($this->u_action));
331	}
332	else
333	{
334	confirm_box(false, $user->lang['BBCODE_DANGER'], build_hidden_fields(array_merge($hidden_fields, array(
335	'action' => $action,
336	'bbcode' => $bbcode_id,
337	'bbcode_match' => $bbcode_match,
338	'bbcode_tpl' => htmlspecialchars($bbcode_tpl, ENT_COMPAT),
339	'bbcode_helpline' => $bbcode_helpline,
340	'display_on_posting' => $display_on_posting,
341	)))
342	, 'confirm_bbcode.html');
343	}
344
345	break;
346
347	case 'delete':
348
349	$sql = 'SELECT bbcode_tag
350	FROM ' . BBCODES_TABLE . "
351	WHERE bbcode_id = $bbcode_id";
352	$result = $db->sql_query($sql);
353	$row = $db->sql_fetchrow($result);
354	$db->sql_freeresult($result);
355
356	if ($row)
357	{
358	if (confirm_box(true))
359	{
360	$bbcode_tag = $row['bbcode_tag'];
361
362	$db->sql_query('DELETE FROM ' . BBCODES_TABLE . " WHERE bbcode_id = $bbcode_id");
363	$cache->destroy('sql', BBCODES_TABLE);
364	$phpbb_container->get('text_formatter.cache')->invalidate();
365	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_BBCODE_DELETE', false, array($bbcode_tag));
366
367	/**
368	* Event after a BBCode has been deleted
369	*
370	* @event core.acp_bbcodes_delete_after
371	* @var string action Type of the action: delete
372	* @var int bbcode_id The id of the deleted bbcode
373	* @var string bbcode_tag The tag of the deleted bbcode
374	* @since 3.2.4-RC1
375	*/
376	$vars = array(
377	'action',
378	'bbcode_id',
379	'bbcode_tag',
380	);
381	extract($phpbb_dispatcher->trigger_event('core.acp_bbcodes_delete_after', compact($vars)));
382
383	if ($request->is_ajax())
384	{
385	$json_response = new \phpbb\json_response;
386	$json_response->send(array(
387	'MESSAGE_TITLE' => $user->lang['INFORMATION'],
388	'MESSAGE_TEXT' => $user->lang['BBCODE_DELETED'],
389	'REFRESH_DATA' => array(
390	'time' => 3
391	)
392	));
393	}
394	}
395	else
396	{
397	confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array(
398	'bbcode' => $bbcode_id,
399	'i' => $id,
400	'mode' => $mode,
401	'action' => $action))
402	);
403	}
404	}
405
406	break;
407	}
408
409	$u_action = $this->u_action;
410
411	$template_data = array(
412	'U_ACTION' => $this->u_action . '&action=add',
413	);
414
415	$sql_ary = array(
416	'SELECT' => 'b.*',
417	'FROM' => array(BBCODES_TABLE => 'b'),
418	'ORDER_BY' => 'b.bbcode_tag',
419	);
420
421	/**
422	* Modify custom bbcode template data before we display the form
423	*
424	* @event core.acp_bbcodes_display_form
425	* @var string action Type of the action: modify\|create
426	* @var array sql_ary The SQL array to get custom bbcode data
427	* @var array template_data Array with form template data
428	* @var string u_action The u_action link
429	* @since 3.1.0-a3
430	*/
431	$vars = array('action', 'sql_ary', 'template_data', 'u_action');
432	extract($phpbb_dispatcher->trigger_event('core.acp_bbcodes_display_form', compact($vars)));
433
434	$result = $db->sql_query($db->sql_build_query('SELECT', $sql_ary));
435
436	$template->assign_vars($template_data);
437
438	while ($row = $db->sql_fetchrow($result))
439	{
440	$bbcodes_array = array(
441	'BBCODE_TAG' => $row['bbcode_tag'],
442	'U_EDIT' => $u_action . '&action=edit&bbcode=' . $row['bbcode_id'],
443	'U_DELETE' => $u_action . '&action=delete&bbcode=' . $row['bbcode_id'],
444	);
445
446	/**
447	* Modify display of custom bbcodes in the form
448	*
449	* @event core.acp_bbcodes_display_bbcodes
450	* @var array row Array with current bbcode data
451	* @var array bbcodes_array Array of bbcodes template data
452	* @var string u_action The u_action link
453	* @since 3.1.0-a3
454	*/
455	$vars = array('bbcodes_array', 'row', 'u_action');
456	extract($phpbb_dispatcher->trigger_event('core.acp_bbcodes_display_bbcodes', compact($vars)));
457
458	$template->assign_block_vars('bbcodes', $bbcodes_array);
459
460	}
461	$db->sql_freeresult($result);
462	}
463
464	/*
465	* Build regular expression for custom bbcode
466	*/
467	function build_regexp(&$bbcode_match, &$bbcode_tpl)
468	{
469	$bbcode_match = trim($bbcode_match);
470	$bbcode_tag = preg_replace('/.?\[([a-z0-9_-]+)./i', '$1', $bbcode_match);
471
472	if (!preg_match('/^[a-zA-Z0-9_-]+$/', $bbcode_tag))
473	{
474	global $user;
475	trigger_error($user->lang['BBCODE_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
476	}
477
478	return array(
479	'bbcode_tag' => $bbcode_tag,
480	'first_pass_match' => '/(?!)/',
481	'first_pass_replace' => '',
482	// Use a non-matching, valid regexp to effectively disable this BBCode
483	'second_pass_match' => '/(?!)/',
484	'second_pass_replace' => ''
485	);
486	}
487	}