Code Coverage for /data/phpBB/includes/functions

	Code Coverage
	Lines			Functions and Methods				Classes and Traits
Total	49.73% covered (danger)	49.73%	362 / 728	41.94% covered (danger)	41.94%	13 / 31	CRAP	0.00% covered (danger)	0.00%	0 / 1
gen_sort_selects	0.00% covered (danger)	0.00%	0 / 52	0.00% covered (danger)	0.00%	0 / 1	72
make_jumpbox	0.00% covered (danger)	0.00%	0 / 67	0.00% covered (danger)	0.00%	0 / 1	462
bump_topic_allowed	0.00% covered (danger)	0.00%	0 / 26	0.00% covered (danger)	0.00%	0 / 1	72
get_context	100.00% covered (success)	100.00%	39 / 39	100.00% covered (success)	100.00%	1 / 1	15
phpbb_clean_search_string	100.00% covered (success)	100.00%	4 / 4	100.00% covered (success)	100.00%	1 / 1	1
decode_message	100.00% covered (success)	100.00%	20 / 20	100.00% covered (success)	100.00%	1 / 1	3
strip_bbcode	100.00% covered (success)	100.00%	9 / 9	100.00% covered (success)	100.00%	1 / 1	3
generate_text_for_display	78.12% covered (warning)	78.12%	25 / 32	0.00% covered (danger)	0.00%	0 / 1	14.77
generate_text_for_storage	96.55% covered (success)	96.55%	28 / 29	0.00% covered (danger)	0.00%	0 / 1	6
generate_text_for_edit	100.00% covered (success)	100.00%	12 / 12	100.00% covered (success)	100.00%	1 / 1	4
make_clickable_callback	100.00% covered (success)	100.00%	61 / 61	100.00% covered (success)	100.00%	1 / 1	24
make_clickable	100.00% covered (success)	100.00%	53 / 53	100.00% covered (success)	100.00%	1 / 1	16
censor_text	81.82% covered (warning)	81.82%	9 / 11	0.00% covered (danger)	0.00%	0 / 1	8.38
bbcode_nl2br	100.00% covered (success)	100.00%	2 / 2	100.00% covered (success)	100.00%	1 / 1	1
smiley_text	42.86% covered (danger)	42.86%	3 / 7	0.00% covered (danger)	0.00%	0 / 1	6.99
parse_attachments	0.00% covered (danger)	0.00%	0 / 171	0.00% covered (danger)	0.00%	0 / 1	1406
extension_allowed	0.00% covered (danger)	0.00%	0 / 4	0.00% covered (danger)	0.00%	0 / 1	12
truncate_string	47.62% covered (danger)	47.62%	10 / 21	0.00% covered (danger)	0.00%	0 / 1	20.64
get_username_string	100.00% covered (success)	100.00%	47 / 47	100.00% covered (success)	100.00%	1 / 1	27
phpbb_add_quickmod_option	0.00% covered (danger)	0.00%	0 / 7	0.00% covered (danger)	0.00%	0 / 1	2
phpbb_generate_string_list	90.91% covered (success)	90.91%	10 / 11	0.00% covered (danger)	0.00%	0 / 1	4.01
phpbb_format_quote	94.12% covered (success)	94.12%	16 / 17	0.00% covered (danger)	0.00%	0 / 1	4.00
bitfield	53.85% covered (warning)	53.85%	14 / 26	44.44% covered (danger)	44.44%	4 / 9	29.62	0.00% covered (danger)	0.00%	0 / 1
__construct	100.00% covered (success)	100.00%	1 / 1	100.00% covered (success)	100.00%	1 / 1	1
get	100.00% covered (success)	100.00%	6 / 6	100.00% covered (success)	100.00%	1 / 1	2
set	100.00% covered (success)	100.00%	6 / 6	100.00% covered (success)	100.00%	1 / 1	2
clear	0.00% covered (danger)	0.00%	0 / 4	0.00% covered (danger)	0.00%	0 / 1	6
get_blob	0.00% covered (danger)	0.00%	0 / 1	0.00% covered (danger)	0.00%	0 / 1	2
get_base64	100.00% covered (success)	100.00%	1 / 1	100.00% covered (success)	100.00%	1 / 1	1
get_bin	0.00% covered (danger)	0.00%	0 / 5	0.00% covered (danger)	0.00%	0 / 1	6
get_all_set	0.00% covered (danger)	0.00%	0 / 1	0.00% covered (danger)	0.00%	0 / 1	2
merge	0.00% covered (danger)	0.00%	0 / 1	0.00% covered (danger)	0.00%	0 / 1	2

1	<?php
2	/**
3	*
4	* This file is part of the phpBB Forum Software package.
5	*
6	* @copyright (c) phpBB Limited <https://www.phpbb.com>
7	* @license GNU General Public License, version 2 (GPL-2.0)
8	*
9	* For full copyright and license information, please see
10	* the docs/CREDITS.txt file.
11	*
12	*/
13
14	/**
15	* @ignore
16	*/
17
18	use phpbb\attachment\attachment_category;
19
20	if (!defined('IN_PHPBB'))
21	{
22	exit;
23	}
24
25	/**
26	* gen_sort_selects()
27	* make_jumpbox()
28	* bump_topic_allowed()
29	* get_context()
30	* phpbb_clean_search_string()
31	* decode_message()
32	* strip_bbcode()
33	* generate_text_for_display()
34	* generate_text_for_storage()
35	* generate_text_for_edit()
36	* make_clickable_callback()
37	* make_clickable()
38	* censor_text()
39	* bbcode_nl2br()
40	* smiley_text()
41	* parse_attachments()
42	* extension_allowed()
43	* truncate_string()
44	* get_username_string()
45	* class bitfield
46	*/
47
48	/**
49	* Generate sort selection fields
50	*/
51	function gen_sort_selects(&$limit_days, &$sort_by_text, &$sort_days, &$sort_key, &$sort_dir, &$s_limit_days, &$s_sort_key, &$s_sort_dir, &$u_sort_param, $def_st = false, $def_sk = false, $def_sd = false)
52	{
53	global $user, $phpbb_dispatcher;
54
55	$sort_dir_text = array('a' => $user->lang['ASCENDING'], 'd' => $user->lang['DESCENDING']);
56
57	$sorts = array(
58	'st' => array(
59	'key' => 'sort_days',
60	'default' => $def_st,
61	'options' => $limit_days,
62	'output' => &$s_limit_days,
63	),
64
65	'sk' => array(
66	'key' => 'sort_key',
67	'default' => $def_sk,
68	'options' => $sort_by_text,
69	'output' => &$s_sort_key,
70	),
71
72	'sd' => array(
73	'key' => 'sort_dir',
74	'default' => $def_sd,
75	'options' => $sort_dir_text,
76	'output' => &$s_sort_dir,
77	),
78	);
79	$u_sort_param = '';
80
81	foreach ($sorts as $name => $sort_ary)
82	{
83	$key = $sort_ary['key'];
84	$selected = ${$sort_ary['key']};
85
86	// Check if the key is selectable. If not, we reset to the default or first key found.
87	// This ensures the values are always valid. We also set $sort_dir/sort_key/etc. to the
88	// correct value, else the protection is void. ;)
89	if (!isset($sort_ary['options'][$selected]))
90	{
91	if ($sort_ary['default'] !== false)
92	{
93	$selected = ${$key} = $sort_ary['default'];
94	}
95	else
96	{
97	@reset($sort_ary['options']);
98	$selected = ${$key} = key($sort_ary['options']);
99	}
100	}
101
102	$sort_ary['output'] = '<select name="' . $name . '" id="' . $name . '">';
103	foreach ($sort_ary['options'] as $option => $text)
104	{
105	$sort_ary['output'] .= '<option value="' . $option . '"' . (($selected == $option) ? ' selected="selected"' : '') . '>' . $text . '</option>';
106	}
107	$sort_ary['output'] .= '</select>';
108
109	$u_sort_param .= ($selected !== $sort_ary['default']) ? ((strlen($u_sort_param)) ? '&' : '') . "{$name}={$selected}" : '';
110	}
111
112	/**
113	* Run code before generated sort selects are returned
114	*
115	* @event core.gen_sort_selects_after
116	* @var int limit_days Days limit
117	* @var array sort_by_text Sort by text options
118	* @var int sort_days Sort by days flag
119	* @var string sort_key Sort key
120	* @var string sort_dir Sort dir
121	* @var string s_limit_days String of days limit
122	* @var string s_sort_key String of sort key
123	* @var string s_sort_dir String of sort dir
124	* @var string u_sort_param Sort URL params
125	* @var bool def_st Default sort days
126	* @var bool def_sk Default sort key
127	* @var bool def_sd Default sort dir
128	* @var array sorts Sorts
129	* @since 3.1.9-RC1
130	*/
131	$vars = array(
132	'limit_days',
133	'sort_by_text',
134	'sort_days',
135	'sort_key',
136	'sort_dir',
137	's_limit_days',
138	's_sort_key',
139	's_sort_dir',
140	'u_sort_param',
141	'def_st',
142	'def_sk',
143	'def_sd',
144	'sorts',
145	);
146	extract($phpbb_dispatcher->trigger_event('core.gen_sort_selects_after', compact($vars)));
147	}
148
149	/**
150	* Generate Jumpbox
151	*/
152	function make_jumpbox($action, $forum_id = false, $select_all = false, $acl_list = false, $force_display = false)
153	{
154	global $config, $auth, $template, $user, $db, $phpbb_path_helper, $phpbb_dispatcher;
155
156	// We only return if the jumpbox is not forced to be displayed (in case it is needed for functionality)
157	if (!$config['load_jumpbox'] && $force_display === false)
158	{
159	return;
160	}
161
162	$sql = 'SELECT forum_id, forum_name, parent_id, forum_type, left_id, right_id
163	FROM ' . FORUMS_TABLE . '
164	ORDER BY left_id ASC';
165	$result = $db->sql_query($sql, 600);
166
167	$rowset = array();
168	while ($row = $db->sql_fetchrow($result))
169	{
170	$rowset[(int) $row['forum_id']] = $row;
171	}
172	$db->sql_freeresult($result);
173
174	$right = $padding = 0;
175	$padding_store = array('0' => 0);
176	$display_jumpbox = false;
177	$iteration = 0;
178
179	/**
180	* Modify the jumpbox forum list data
181	*
182	* @event core.make_jumpbox_modify_forum_list
183	* @var array rowset Array with the forums list data
184	* @since 3.1.10-RC1
185	*/
186	$vars = array('rowset');
187	extract($phpbb_dispatcher->trigger_event('core.make_jumpbox_modify_forum_list', compact($vars)));
188
189	// Sometimes it could happen that forums will be displayed here not be displayed within the index page
190	// This is the result of forums not displayed at index, having list permissions and a parent of a forum with no permissions.
191	// If this happens, the padding could be "broken"
192
193	foreach ($rowset as $row)
194	{
195	if ($row['left_id'] < $right)
196	{
197	$padding++;
198	$padding_store[$row['parent_id']] = $padding;
199	}
200	else if ($row['left_id'] > $right + 1)
201	{
202	// Ok, if the $padding_store for this parent is empty there is something wrong. For now we will skip over it.
203	// @todo digging deep to find out "how" this can happen.
204	$padding = (isset($padding_store[$row['parent_id']])) ? $padding_store[$row['parent_id']] : $padding;
205	}
206
207	$right = $row['right_id'];
208
209	if ($row['forum_type'] == FORUM_CAT && ($row['left_id'] + 1 == $row['right_id']))
210	{
211	// Non-postable forum with no subforums, don't display
212	continue;
213	}
214
215	if (!$auth->acl_get('f_list', $row['forum_id']))
216	{
217	// if the user does not have permissions to list this forum skip
218	continue;
219	}
220
221	if ($acl_list && !$auth->acl_gets($acl_list, $row['forum_id']))
222	{
223	continue;
224	}
225
226	$tpl_ary = array();
227	if (!$display_jumpbox)
228	{
229	$tpl_ary[] = array(
230	'FORUM_ID' => ($select_all) ? 0 : -1,
231	'FORUM_NAME' => ($select_all) ? $user->lang['ALL_FORUMS'] : $user->lang['SELECT_FORUM'],
232	'S_FORUM_COUNT' => $iteration,
233	'LINK' => $phpbb_path_helper->append_url_params($action, array('f' => $forum_id)),
234	);
235
236	$iteration++;
237	$display_jumpbox = true;
238	}
239
240	$tpl_ary[] = array(
241	'FORUM_ID' => $row['forum_id'],
242	'FORUM_NAME' => $row['forum_name'],
243	'SELECTED' => ($row['forum_id'] == $forum_id) ? ' selected="selected"' : '',
244	'S_FORUM_COUNT' => $iteration,
245	'S_IS_CAT' => ($row['forum_type'] == FORUM_CAT) ? true : false,
246	'S_IS_LINK' => ($row['forum_type'] == FORUM_LINK) ? true : false,
247	'S_IS_POST' => ($row['forum_type'] == FORUM_POST) ? true : false,
248	'LINK' => $phpbb_path_helper->append_url_params($action, array('f' => $row['forum_id'])),
249	);
250
251	/**
252	* Modify the jumpbox before it is assigned to the template
253	*
254	* @event core.make_jumpbox_modify_tpl_ary
255	* @var array row The data of the forum
256	* @var array tpl_ary Template data of the forum
257	* @since 3.1.10-RC1
258	*/
259	$vars = array(
260	'row',
261	'tpl_ary',
262	);
263	extract($phpbb_dispatcher->trigger_event('core.make_jumpbox_modify_tpl_ary', compact($vars)));
264
265	$template->assign_block_vars_array('jumpbox_forums', $tpl_ary);
266
267	unset($tpl_ary);
268
269	for ($i = 0; $i < $padding; $i++)
270	{
271	$template->assign_block_vars('jumpbox_forums.level', array());
272	}
273	$iteration++;
274	}
275	unset($padding_store, $rowset);
276
277	$url_parts = $phpbb_path_helper->get_url_parts($action);
278
279	$template->assign_vars(array(
280	'S_DISPLAY_JUMPBOX' => $display_jumpbox,
281	'S_JUMPBOX_ACTION' => $action,
282	'HIDDEN_FIELDS_FOR_JUMPBOX' => build_hidden_fields($url_parts['params']),
283	));
284	}
285
286	/**
287	* Bump Topic Check - used by posting and viewtopic
288	*/
289	function bump_topic_allowed($forum_id, $topic_bumped, $last_post_time, $topic_poster, $last_topic_poster)
290	{
291	global $config, $auth, $user, $phpbb_dispatcher;
292
293	/**
294	* Event to run code before the topic bump checks
295	*
296	* @event core.bump_topic_allowed_before
297	* @var int forum_id ID of the forum
298	* @var int topic_bumped Flag indicating if the topic was already bumped (0/1)
299	* @var int last_post_time The time of the topic last post
300	* @var int topic_poster User ID of the topic author
301	* @var int last_topic_poster User ID of the topic last post author
302	* @since 3.3.14-RC1
303	*/
304	$vars = [
305	'forum_id',
306	'topic_bumped',
307	'last_post_time',
308	'topic_poster',
309	'last_topic_poster',
310	];
311	extract($phpbb_dispatcher->trigger_event('core.bump_topic_allowed_before', compact($vars)));
312
313	// Check permission and make sure the last post was not already bumped
314	if (!$auth->acl_get('f_bump', $forum_id) \|\| $topic_bumped)
315	{
316	return false;
317	}
318
319	// Check bump time range, is the user really allowed to bump the topic at this time?
320	$bump_time = ($config['bump_type'] == 'm') ? $config['bump_interval'] * 60 : (($config['bump_type'] == 'h') ? $config['bump_interval'] * 3600 : $config['bump_interval'] * 86400);
321
322	// Check bump time
323	if ($last_post_time + $bump_time > time())
324	{
325	return false;
326	}
327
328	// Check bumper, only topic poster and last poster are allowed to bump
329	if ($topic_poster != $user->data['user_id'] && $last_topic_poster != $user->data['user_id'])
330	{
331	return false;
332	}
333
334	/**
335	* Event to run code after the topic bump checks
336	*
337	* @event core.bump_topic_allowed_after
338	* @var int forum_id ID of the forum
339	* @var int topic_bumped Flag indicating if the topic was already bumped (0/1)
340	* @var int last_post_time The time of the topic last post
341	* @var int topic_poster User ID of the topic author
342	* @var int last_topic_poster User ID of the topic last post author
343	* @var int bump_time Bump time range
344	* @since 3.3.14-RC1
345	*/
346	$vars = [
347	'forum_id',
348	'topic_bumped',
349	'last_post_time',
350	'topic_poster',
351	'last_topic_poster',
352	'bump_time',
353	];
354	extract($phpbb_dispatcher->trigger_event('core.bump_topic_allowed_after', compact($vars)));
355
356	// A bump time of 0 will completely disable the bump feature... not intended but might be useful.
357	return $bump_time;
358	}
359
360	/**
361	* Generates a text with approx. the specified length which contains the specified words and their context
362	*
363	* @param string $text The full text from which context shall be extracted
364	* @param array $words An array of words which should be contained in the result, has to be a valid part of a PCRE pattern (escape with preg_quote!)
365	* @param int $length The desired length of the resulting text, however the result might be shorter or longer than this value
366	*
367	* @return string Context of the specified words separated by "..."
368	*/
369	function get_context(string $text, array $words, int $length = 400): string
370	{
371	if ($length <= 0)
372	{
373	return $text;
374	}
375
376	// We need to turn the entities back into their original form, to not cut the message in between them
377	$text = htmlspecialchars_decode($text);
378
379	// Replace all spaces/invisible characters with single spaces
380	$text = preg_replace("/[\p{Z}\h\v]+/u", ' ', $text);
381
382	$text_length = utf8_strlen($text);
383
384	// Get first occurrence of each word
385	$word_indexes = [];
386	foreach ($words as $word)
387	{
388	$pos = utf8_stripos($text, $word);
389
390	if ($pos !== false)
391	{
392	$word_indexes[$pos] = $word;
393	}
394	}
395	if (!empty($word_indexes))
396	{
397	ksort($word_indexes);
398
399	// Size of the fragment of text per word
400	$num_indexes = count($word_indexes);
401	$characters_per_word = (int) ($length / $num_indexes) + 2; // 2 to leave one character of margin at the sides to don't cut words
402
403	// Get text fragment indexes
404	$fragments = [];
405	foreach ($word_indexes as $index => $word)
406	{
407	$word_length = utf8_strlen($word);
408	$start = max(0, min($text_length - 1 - $characters_per_word, (int) ($index + ($word_length / 2) - ($characters_per_word / 2))));
409	$end = $start + $characters_per_word;
410
411	// Check if we can merge this fragment into the previous fragment
412	if (!empty($fragments))
413	{
414	[$prev_start, $prev_end] = end($fragments);
415
416	if ($prev_end + $characters_per_word >= $index + $word_length)
417	{
418	array_pop($fragments);
419	$start = $prev_start;
420	$end = $prev_end + $characters_per_word;
421	}
422	}
423
424	$fragments[] = [$start, $end];
425	}
426	}
427	else
428	{
429	// There is no coincidences, so we just create a fragment with the first $length characters
430	$fragments[] = [0, $length];
431	$end = $length;
432	}
433
434	$output = [];
435	foreach ($fragments as [$start, $end])
436	{
437	$fragment = utf8_substr($text, $start, $end - $start + 1);
438
439	$fragment_start = 0;
440	$fragment_end = $end - $start + 1;
441
442	// Find the first valid alphanumeric character in the fragment to don't cut words
443	if ($start > 0 && preg_match('/[^\p{L}\p{N}][\p{L}\p{N}]/u', $fragment, $matches, PREG_OFFSET_CAPTURE))
444	{
445	$fragment_start = utf8_strlen(substr($fragment, 0, (int) $matches[0][1])) + 1;
446	}
447
448	// Find the last valid alphanumeric character in the fragment to don't cut words
449	if ($end < $text_length - 1 && preg_match_all('/[\p{L}\p{N}][^\p{L}\p{N}]/u', $fragment, $matches, PREG_OFFSET_CAPTURE))
450	{
451	$fragment_end = utf8_strlen(substr($fragment, 0, end($matches[0])[1]));
452	}
453
454	$output[] = utf8_substr($fragment, $fragment_start, $fragment_end - $fragment_start + 1);
455	}
456
457	return ($fragments[0][0] !== 0 ? '... ' : '') . utf8_htmlspecialchars(implode(' ... ', $output)) . ($end < $text_length - 1 ? ' ...' : '');
458	}
459
460	/**
461	* Cleans a search string by removing single wildcards from it and replacing multiple spaces with a single one.
462	*
463	* @param string $search_string The full search string which should be cleaned.
464	*
465	* @return string The cleaned search string without any wildcards and multiple spaces.
466	*/
467	function phpbb_clean_search_string($search_string)
468	{
469	// This regular expressions matches every single wildcard.
470	// That means one after a whitespace or the beginning of the string or one before a whitespace or the end of the string.
471	$search_string = preg_replace('#(?<=^\|\s)\*+(?=\s\|$)#', '', $search_string);
472	$search_string = trim($search_string);
473	$search_string = preg_replace(array('#\s+#u', '#\+#u'), array(' ', ''), $search_string);
474	return $search_string;
475	}
476
477	/**
478	* Decode text whereby text is coming from the db and expected to be pre-parsed content
479	* We are placing this outside of the message parser because we are often in need of it...
480	*
481	* NOTE: special chars are kept encoded
482	*
483	* @param string &$message Original message, passed by reference
484	* @param string $bbcode_uid BBCode UID
485	* @return void
486	*/
487	function decode_message(&$message, $bbcode_uid = '')
488	{
489	global $phpbb_container, $phpbb_dispatcher;
490
491	/**
492	* Use this event to modify the message before it is decoded
493	*
494	* @event core.decode_message_before
495	* @var string message_text The message content
496	* @var string bbcode_uid The message BBCode UID
497	* @since 3.1.9-RC1
498	*/
499	$message_text = $message;
500	$vars = array('message_text', 'bbcode_uid');
501	extract($phpbb_dispatcher->trigger_event('core.decode_message_before', compact($vars)));
502	$message = $message_text;
503
504	if (preg_match('#^<[rt][ >]#', $message))
505	{
506	$message = htmlspecialchars($phpbb_container->get('text_formatter.utils')->unparse($message), ENT_COMPAT);
507	}
508	else
509	{
510	if ($bbcode_uid)
511	{
512	$match = array('<br />', "[/*:m:$bbcode_uid]", ":u:$bbcode_uid", ":o:$bbcode_uid", ":$bbcode_uid");
513	$replace = array("\n", '', '', '', '');
514	}
515	else
516	{
517	$match = array('<br />');
518	$replace = array("\n");
519	}
520
521	$message = str_replace($match, $replace, $message);
522
523	$match = get_preg_expression('bbcode_htm');
524	$replace = array('\1', '\1', '\2', '\2', '\1', '', '');
525
526	$message = preg_replace($match, $replace, $message);
527	}
528
529	/**
530	* Use this event to modify the message after it is decoded
531	*
532	* @event core.decode_message_after
533	* @var string message_text The message content
534	* @var string bbcode_uid The message BBCode UID
535	* @since 3.1.9-RC1
536	*/
537	$message_text = $message;
538	$vars = array('message_text', 'bbcode_uid');
539	extract($phpbb_dispatcher->trigger_event('core.decode_message_after', compact($vars)));
540	$message = $message_text;
541	}
542
543	/**
544	* Strips all bbcode from a text in place
545	*/
546	function strip_bbcode(&$text, $uid = '')
547	{
548	global $phpbb_container;
549
550	if (preg_match('#^<[rt][ >]#', $text))
551	{
552	$text = utf8_htmlspecialchars($phpbb_container->get('text_formatter.utils')->clean_formatting($text));
553	}
554	else
555	{
556	if (!$uid)
557	{
558	$uid = '[0-9a-z]{5,}';
559	}
560
561	$text = preg_replace("#\[\/?[a-z0-9\\+\-]+(?:=(?:"."\|[^\]]*))?(?::[a-z])?(\:$uid)\]#", ' ', $text);
562
563	$match = get_preg_expression('bbcode_htm');
564	$replace = array('\1', '\1', '\2', '\1', '', '');
565
566	$text = preg_replace($match, $replace, $text);
567	}
568	}
569
570	/**
571	* For display of custom parsed text on user-facing pages
572	* Expects $text to be the value directly from the database (stored value)
573	*
574	* @return string Generated text
575	*/
576	function generate_text_for_display($text, $uid, $bitfield, $flags, $censor_text = true)
577	{
578	static $bbcode;
579	global $auth, $config, $user;
580	global $phpbb_dispatcher, $phpbb_container;
581
582	if ($text === '')
583	{
584	return '';
585	}
586
587	/**
588	* Use this event to modify the text before it is parsed
589	*
590	* @event core.modify_text_for_display_before
591	* @var string text The text to parse
592	* @var string uid The BBCode UID
593	* @var string bitfield The BBCode Bitfield
594	* @var int flags The BBCode Flags
595	* @var bool censor_text Whether or not to apply word censors
596	* @since 3.1.0-a1
597	*/
598	$vars = array('text', 'uid', 'bitfield', 'flags', 'censor_text');
599	extract($phpbb_dispatcher->trigger_event('core.modify_text_for_display_before', compact($vars)));
600
601	if (preg_match('#^<[rt][ >]#', $text))
602	{
603	$renderer = $phpbb_container->get('text_formatter.renderer');
604
605	// Temporarily switch off viewcensors if applicable
606	$old_censor = $renderer->get_viewcensors();
607
608	// Check here if the user is having viewing censors disabled (and also allowed to do so).
609	if (!$user->optionget('viewcensors') && $config['allow_nocensors'] && $auth->acl_get('u_chgcensors'))
610	{
611	$censor_text = false;
612	}
613
614	if ($old_censor !== $censor_text)
615	{
616	$renderer->set_viewcensors($censor_text);
617	}
618
619	$text = $renderer->render($text);
620
621	// Restore the previous value
622	if ($old_censor !== $censor_text)
623	{
624	$renderer->set_viewcensors($old_censor);
625	}
626	}
627	else
628	{
629	if ($censor_text)
630	{
631	$text = censor_text($text);
632	}
633
634	// Parse bbcode if bbcode uid stored and bbcode enabled
635	if ($uid && ($flags & OPTION_FLAG_BBCODE))
636	{
637	if (!class_exists('bbcode'))
638	{
639	global $phpbb_root_path, $phpEx;
640	include($phpbb_root_path . 'includes/bbcode.' . $phpEx);
641	}
642
643	if (empty($bbcode))
644	{
645	$bbcode = new bbcode($bitfield);
646	}
647	else
648	{
649	$bbcode->bbcode_set_bitfield($bitfield);
650	}
651
652	$bbcode->bbcode_second_pass($text, $uid);
653	}
654
655	$text = bbcode_nl2br($text);
656	$text = smiley_text($text, !($flags & OPTION_FLAG_SMILIES));
657	}
658
659	/**
660	* Use this event to modify the text after it is parsed
661	*
662	* @event core.modify_text_for_display_after
663	* @var string text The text to parse
664	* @var string uid The BBCode UID
665	* @var string bitfield The BBCode Bitfield
666	* @var int flags The BBCode Flags
667	* @since 3.1.0-a1
668	*/
669	$vars = array('text', 'uid', 'bitfield', 'flags');
670	extract($phpbb_dispatcher->trigger_event('core.modify_text_for_display_after', compact($vars)));
671
672	return $text;
673	}
674
675	/**
676	* For parsing custom parsed text to be stored within the database.
677	* This function additionally returns the uid and bitfield that needs to be stored.
678	* Expects $text to be the value directly from $request->variable() and in it's non-parsed form
679	*
680	* @param string $text The text to be replaced with the parsed one
681	* @param string $uid The BBCode uid for this parse
682	* @param string $bitfield The BBCode bitfield for this parse
683	* @param int $flags The allow_bbcode, allow_urls and allow_smilies compiled into a single integer.
684	* @param bool $allow_bbcode If BBCode is allowed (i.e. if BBCode is parsed)
685	* @param bool $allow_urls If urls is allowed
686	* @param bool $allow_smilies If smilies are allowed
687	* @param bool $allow_img_bbcode
688	* @param bool $allow_quote_bbcode
689	* @param bool $allow_url_bbcode
690	* @param string $mode Mode to parse text as, e.g. post or sig
691	*
692	* @return array An array of string with the errors that occurred while parsing
693	*/
694	function generate_text_for_storage(&$text, &$uid, &$bitfield, &$flags, $allow_bbcode = false, $allow_urls = false, $allow_smilies = false, $allow_img_bbcode = true, $allow_quote_bbcode = true, $allow_url_bbcode = true, $mode = 'post')
695	{
696	global $phpbb_root_path, $phpEx, $phpbb_dispatcher;
697
698	/**
699	* Use this event to modify the text before it is prepared for storage
700	*
701	* @event core.modify_text_for_storage_before
702	* @var string text The text to parse
703	* @var string uid The BBCode UID
704	* @var string bitfield The BBCode Bitfield
705	* @var int flags The BBCode Flags
706	* @var bool allow_bbcode Whether or not to parse BBCode
707	* @var bool allow_urls Whether or not to parse URLs
708	* @var bool allow_smilies Whether or not to parse Smilies
709	* @var bool allow_img_bbcode Whether or not to parse the [img] BBCode
710	* @var bool allow_quote_bbcode Whether or not to parse the [quote] BBCode
711	* @var bool allow_url_bbcode Whether or not to parse the [url] BBCode
712	* @var string mode Mode to parse text as, e.g. post or sig
713	* @since 3.1.0-a1
714	* @changed 3.2.0-a1 Added mode
715	* @changed 4.0.0-a1 Removed allow_flash_bbcode
716	*/
717	$vars = array(
718	'text',
719	'uid',
720	'bitfield',
721	'flags',
722	'allow_bbcode',
723	'allow_urls',
724	'allow_smilies',
725	'allow_img_bbcode',
726	'allow_quote_bbcode',
727	'allow_url_bbcode',
728	'mode',
729	);
730	extract($phpbb_dispatcher->trigger_event('core.modify_text_for_storage_before', compact($vars)));
731
732	$uid = $bitfield = '';
733	$flags = (($allow_bbcode) ? OPTION_FLAG_BBCODE : 0) + (($allow_smilies) ? OPTION_FLAG_SMILIES : 0) + (($allow_urls) ? OPTION_FLAG_LINKS : 0);
734
735	if (!class_exists('parse_message'))
736	{
737	include($phpbb_root_path . 'includes/message_parser.' . $phpEx);
738	}
739
740	$message_parser = new parse_message($text);
741	$message_parser->parse($allow_bbcode, $allow_urls, $allow_smilies, $allow_img_bbcode, $allow_quote_bbcode, $allow_url_bbcode, true, $mode);
742
743	$text = $message_parser->message;
744	$uid = $message_parser->bbcode_uid;
745
746	// If the bbcode_bitfield is empty, there is no need for the uid to be stored.
747	if (!$message_parser->bbcode_bitfield)
748	{
749	$uid = '';
750	}
751
752	$bitfield = $message_parser->bbcode_bitfield;
753
754	/**
755	* Use this event to modify the text after it is prepared for storage
756	*
757	* @event core.modify_text_for_storage_after
758	* @var string text The text to parse
759	* @var string uid The BBCode UID
760	* @var string bitfield The BBCode Bitfield
761	* @var int flags The BBCode Flags
762	* @var string message_parser The message_parser object
763	* @since 3.1.0-a1
764	* @changed 3.1.11-RC1 Added message_parser to vars
765	*/
766	$vars = array('text', 'uid', 'bitfield', 'flags', 'message_parser');
767	extract($phpbb_dispatcher->trigger_event('core.modify_text_for_storage_after', compact($vars)));
768
769	return $message_parser->warn_msg;
770	}
771
772	/**
773	* For decoding custom parsed text for edits as well as extracting the flags
774	* Expects $text to be the value directly from the database (pre-parsed content)
775	*/
776	function generate_text_for_edit($text, $uid, $flags)
777	{
778	global $phpbb_dispatcher;
779
780	/**
781	* Use this event to modify the text before it is decoded for editing
782	*
783	* @event core.modify_text_for_edit_before
784	* @var string text The text to parse
785	* @var string uid The BBCode UID
786	* @var int flags The BBCode Flags
787	* @since 3.1.0-a1
788	*/
789	$vars = array('text', 'uid', 'flags');
790	extract($phpbb_dispatcher->trigger_event('core.modify_text_for_edit_before', compact($vars)));
791
792	decode_message($text, $uid);
793
794	/**
795	* Use this event to modify the text after it is decoded for editing
796	*
797	* @event core.modify_text_for_edit_after
798	* @var string text The text to parse
799	* @var int flags The BBCode Flags
800	* @since 3.1.0-a1
801	*/
802	$vars = array('text', 'flags');
803	extract($phpbb_dispatcher->trigger_event('core.modify_text_for_edit_after', compact($vars)));
804
805	return array(
806	'allow_bbcode' => ($flags & OPTION_FLAG_BBCODE) ? 1 : 0,
807	'allow_smilies' => ($flags & OPTION_FLAG_SMILIES) ? 1 : 0,
808	'allow_urls' => ($flags & OPTION_FLAG_LINKS) ? 1 : 0,
809	'text' => $text
810	);
811	}
812
813	/**
814	* A subroutine of make_clickable used with preg_replace
815	* It places correct HTML around an url, shortens the displayed text
816	* and makes sure no entities are inside URLs
817	*/
818	function make_clickable_callback($type, $whitespace, $url, $relative_url, $class)
819	{
820	$orig_url = $url;
821	$orig_relative = $relative_url;
822	$append = '';
823	$url = html_entity_decode($url, ENT_COMPAT);
824	$relative_url = html_entity_decode($relative_url, ENT_COMPAT);
825
826	// make sure no HTML entities were matched
827	$chars = array('<', '>', '"');
828	$split = false;
829
830	foreach ($chars as $char)
831	{
832	$next_split = strpos($url, $char);
833	if ($next_split !== false)
834	{
835	$split = ($split !== false) ? min($split, $next_split) : $next_split;
836	}
837	}
838
839	if ($split !== false)
840	{
841	// an HTML entity was found, so the URL has to end before it
842	$append = substr($url, $split) . $relative_url;
843	$url = substr($url, 0, $split);
844	$relative_url = '';
845	}
846	else if ($relative_url)
847	{
848	// same for $relative_url
849	$split = false;
850	foreach ($chars as $char)
851	{
852	$next_split = strpos($relative_url, $char);
853	if ($next_split !== false)
854	{
855	$split = ($split !== false) ? min($split, $next_split) : $next_split;
856	}
857	}
858
859	if ($split !== false)
860	{
861	$append = substr($relative_url, $split);
862	$relative_url = substr($relative_url, 0, $split);
863	}
864	}
865	// if the last character of the url is a punctuation mark, exclude it from the url
866	$last_char = ($relative_url) ? $relative_url[strlen($relative_url) - 1] : $url[strlen($url) - 1];
867
868	switch ($last_char)
869	{
870	case '.':
871	case '?':
872	case '!':
873	case ':':
874	case ',':
875	$append = $last_char;
876	if ($relative_url)
877	{
878	$relative_url = substr($relative_url, 0, -1);
879	}
880	else
881	{
882	$url = substr($url, 0, -1);
883	}
884	break;
885
886	// set last_char to empty here, so the variable can be used later to
887	// check whether a character was removed
888	default:
889	$last_char = '';
890	break;
891	}
892
893	$short_url = (utf8_strlen($url) > 55) ? utf8_substr($url, 0, 39) . ' ... ' . utf8_substr($url, -10) : $url;
894
895	switch ($type)
896	{
897	case MAGIC_URL_LOCAL:
898	$tag = 'l';
899	$relative_url = preg_replace('/[&?]sid=[0-9a-f]{32}$/', '', preg_replace('/([&?])sid=[0-9a-f]{32}&/', '$1', $relative_url));
900	$url = $url . '/' . $relative_url;
901	$text = $relative_url;
902
903	// this url goes to http://domain.tld/path/to/board/ which
904	// would result in an empty link if treated as local so
905	// don't touch it and let MAGIC_URL_FULL take care of it.
906	if (!$relative_url)
907	{
908	return $whitespace . $orig_url . '/' . $orig_relative; // slash is taken away by relative url pattern
909	}
910	break;
911
912	case MAGIC_URL_FULL:
913	$tag = 'm';
914	$text = $short_url;
915	break;
916
917	case MAGIC_URL_WWW:
918	$tag = 'w';
919	$url = 'http://' . $url;
920	$text = $short_url;
921	break;
922
923	case MAGIC_URL_EMAIL:
924	$tag = 'e';
925	$text = $short_url;
926	$url = 'mailto:' . $url;
927	break;
928	}
929
930	$url = htmlspecialchars($url, ENT_COMPAT);
931	$text = htmlspecialchars($text, ENT_COMPAT);
932	$append = htmlspecialchars($append, ENT_COMPAT);
933
934	$html = "$whitespace<!-- $tag --><a$class href=\"$url\">$text</a><!-- $tag -->$append";
935
936	return $html;
937	}
938
939	/**
940	* Replaces magic urls of form http://xxx.xxx., www.xxx. and xxx@xxx.xxx.
941	* Cuts down displayed size of link if over 50 chars, turns absolute links
942	* into relative versions when the server/script path matches the link
943	*
944	* @param string $text Message text to parse URL/email entries
945	* @param bool\|string $server_url The server URL. If false, the board URL will be used
946	* @param string $class CSS class selector to add to the parsed URL entries
947	*
948	* @return string A text with parsed URL/email entries
949	*/
950	function make_clickable($text, $server_url = false, string $class = 'postlink')
951	{
952	if ($server_url === false)
953	{
954	$server_url = generate_board_url();
955	}
956
957	static $static_class;
958	static $magic_url_match_args;
959
960	if (!isset($magic_url_match_args[$server_url]) \|\| $static_class != $class)
961	{
962	$static_class = $class;
963	$class = ($static_class) ? ' class="' . $static_class . '"' : '';
964	$local_class = ($static_class) ? ' class="' . $static_class . '-local"' : '';
965
966	if (!is_array($magic_url_match_args))
967	{
968	$magic_url_match_args = array();
969	}
970
971	// Check if the match for this $server_url and $class already exists
972	$element_exists = false;
973	if (isset($magic_url_match_args[$server_url]))
974	{
975	array_walk_recursive($magic_url_match_args[$server_url], function($value) use (&$element_exists, $static_class)
976	{
977	if ($value == $static_class)
978	{
979	$element_exists = true;
980	}
981	}
982	);
983	}
984
985	// Only add new $server_url and $class matches if not exist
986	if (!$element_exists)
987	{
988	// relative urls for this board
989	$magic_url_match_args[$server_url][] = [
990	'#(^\|[\n\t (>.])(' . preg_quote($server_url, '#') . ')/(' . get_preg_expression('relative_url_inline') . ')#iu',
991	MAGIC_URL_LOCAL,
992	$local_class,
993	$static_class,
994	];
995
996	// matches a xxxx://aaaaa.bbb.cccc. ...
997	$magic_url_match_args[$server_url][] = [
998	'#(^\|[\n\t (>.])(' . get_preg_expression('url_inline') . ')#iu',
999	MAGIC_URL_FULL,
1000	$class,
1001	$static_class,
1002	];
1003
1004	// matches a "www.xxxx.yyyy[/zzzz]" kinda lazy URL thing
1005	$magic_url_match_args[$server_url][] = [
1006	'#(^\|[\n\t (>])(' . get_preg_expression('www_url_inline') . ')#iu',
1007	MAGIC_URL_WWW,
1008	$class,
1009	$static_class,
1010	];
1011	}
1012
1013	if (!isset($magic_url_match_args[$server_url]['email']))
1014	{
1015	// matches an email@domain type address at the start of a line, or after a space or after what might be a BBCode.
1016	$magic_url_match_args[$server_url]['email'] = [
1017	'/(^\|[\n\t (>])(' . get_preg_expression('email') . ')/iu',
1018	MAGIC_URL_EMAIL,
1019	'',
1020	];
1021	}
1022	}
1023
1024	foreach ($magic_url_match_args[$server_url] as $magic_args)
1025	{
1026	if (preg_match($magic_args[0], $text, $matches))
1027	{
1028	// Only apply $class from the corresponding function call argument (excepting emails which never has a class)
1029	if ($magic_args[1] != MAGIC_URL_EMAIL && $magic_args[3] != $static_class)
1030	{
1031	continue;
1032	}
1033
1034	$text = preg_replace_callback($magic_args[0], function($matches) use ($magic_args)
1035	{
1036	$relative_url = isset($matches[3]) ? $matches[3] : '';
1037	return make_clickable_callback($magic_args[1], $matches[1], $matches[2], $relative_url, $magic_args[2]);
1038	}, $text);
1039	}
1040	}
1041
1042	return $text;
1043	}
1044
1045	/**
1046	* Censoring
1047	*/
1048	function censor_text($text)
1049	{
1050	static $censors;
1051
1052	// Nothing to do?
1053	if ($text === '')
1054	{
1055	return '';
1056	}
1057
1058	// We moved the word censor checks in here because we call this function quite often - and then only need to do the check once
1059	if (!isset($censors) \|\| !is_array($censors))
1060	{
1061	global $config, $user, $auth, $cache;
1062
1063	// We check here if the user is having viewing censors disabled (and also allowed to do so).
1064	if (!$user->optionget('viewcensors') && $config['allow_nocensors'] && $auth->acl_get('u_chgcensors'))
1065	{
1066	$censors = array();
1067	}
1068	else
1069	{
1070	$censors = $cache->obtain_word_list();
1071	}
1072	}
1073
1074	if (count($censors))
1075	{
1076	return preg_replace($censors['match'], $censors['replace'], $text);
1077	}
1078
1079	return $text;
1080	}
1081
1082	/**
1083	* custom version of nl2br which takes custom BBCodes into account
1084	*/
1085	function bbcode_nl2br($text)
1086	{
1087	// custom BBCodes might contain carriage returns so they
1088	// are not converted into <br /> so now revert that
1089	$text = str_replace(array("\n", "\r"), array('<br />', "\n"), $text);
1090	return $text;
1091	}
1092
1093	/**
1094	* Smiley processing
1095	*/
1096	function smiley_text($text, $force_option = false)
1097	{
1098	global $config, $user, $phpbb_path_helper, $phpbb_dispatcher;
1099
1100	if ($force_option \|\| !$config['allow_smilies'] \|\| !$user->optionget('viewsmilies'))
1101	{
1102	return preg_replace('#<!\-\- s(.?) \-\-><img src="\{SMILIES_PATH\}\/.? \/><!\-\- s\1 \-\->#', '\1', $text);
1103	}
1104	else
1105	{
1106	$root_path = $phpbb_path_helper->get_web_root_path();
1107
1108	/**
1109	* Event to override the root_path for smilies
1110	*
1111	* @event core.smiley_text_root_path
1112	* @var string root_path root_path for smilies
1113	* @since 3.1.11-RC1
1114	*/
1115	$vars = array('root_path');
1116	extract($phpbb_dispatcher->trigger_event('core.smiley_text_root_path', compact($vars)));
1117	return preg_replace('#<!\-\- s(.?) \-\-><img src="\{SMILIES_PATH\}\/(.?) \/><!\-\- s\1 \-\->#', '<img class="smilies" src="' . $root_path . $config['smilies_path'] . '/\2 />', $text);
1118	}
1119	}
1120
1121	/**
1122	* General attachment parsing
1123	*
1124	* @param mixed $forum_id The forum id the attachments are displayed in (false if in private message)
1125	* @param string &$message The post/private message
1126	* @param array &$attachments The attachments to parse for (inline) display. The attachments array will hold templated data after parsing.
1127	* @param array &$update_count_ary The attachment counts to be updated - will be filled
1128	* @param bool $preview If set to true the attachments are parsed for preview. Within preview mode the comments are fetched from the given $attachments array and not fetched from the database.
1129	*/
1130	function parse_attachments($forum_id, &$message, &$attachments, &$update_count_ary, $preview = false)
1131	{
1132	if (!count($attachments))
1133	{
1134	return;
1135	}
1136
1137	global $template, $cache, $user, $phpbb_dispatcher;
1138	global $extensions, $config, $phpbb_root_path, $phpEx;
1139	global $phpbb_container;
1140
1141	$storage_attachment = $phpbb_container->get('storage.attachment');
1142
1143	/** @var \phpbb\controller\helper */
1144	$controller_helper = $phpbb_container->get('controller.helper');
1145
1146	//
1147	$compiled_attachments = array();
1148
1149	if (!isset($template->filename['attachment_tpl']))
1150	{
1151	$template->set_filenames(array(
1152	'attachment_tpl' => 'attachment.html')
1153	);
1154	}
1155
1156	if (empty($extensions) \|\| !is_array($extensions))
1157	{
1158	$extensions = $cache->obtain_attach_extensions($forum_id);
1159	}
1160
1161	// Look for missing attachment information...
1162	$attach_ids = array();
1163	foreach ($attachments as $pos => $attachment)
1164	{
1165	// If is_orphan is set, we need to retrieve the attachments again...
1166	if (!isset($attachment['extension']) && !isset($attachment['physical_filename']))
1167	{
1168	$attach_ids[(int) $attachment['attach_id']] = $pos;
1169	}
1170	}
1171
1172	// Grab attachments (security precaution)
1173	if (count($attach_ids))
1174	{
1175	global $db;
1176
1177	$new_attachment_data = array();
1178
1179	$sql = 'SELECT *
1180	FROM ' . ATTACHMENTS_TABLE . '
1181	WHERE ' . $db->sql_in_set('attach_id', array_keys($attach_ids));
1182	$result = $db->sql_query($sql);
1183
1184	while ($row = $db->sql_fetchrow($result))
1185	{
1186	if (!isset($attach_ids[$row['attach_id']]))
1187	{
1188	continue;
1189	}
1190
1191	// If we preview attachments we will set some retrieved values here
1192	if ($preview)
1193	{
1194	$row['attach_comment'] = $attachments[$attach_ids[$row['attach_id']]]['attach_comment'];
1195	}
1196
1197	$new_attachment_data[$attach_ids[$row['attach_id']]] = $row;
1198	}
1199	$db->sql_freeresult($result);
1200
1201	$attachments = $new_attachment_data;
1202	unset($new_attachment_data);
1203	}
1204
1205	// Make sure attachments are properly ordered
1206	ksort($attachments);
1207
1208	foreach ($attachments as $attachment)
1209	{
1210	if (!count($attachment))
1211	{
1212	continue;
1213	}
1214
1215	// We need to reset/empty the _file block var, because this function might be called more than once
1216	$template->destroy_block_vars('_file');
1217
1218	$block_array = array();
1219
1220	// Some basics...
1221	$attachment['extension'] = strtolower(trim($attachment['extension']));
1222	$filename = utf8_basename($attachment['physical_filename']);
1223
1224	$upload_icon = '';
1225	$download_link = '';
1226	$display_cat = false;
1227
1228	if (isset($extensions[$attachment['extension']]))
1229	{
1230	if ($user->img('icon_topic_attach', '') && !$extensions[$attachment['extension']]['upload_icon'])
1231	{
1232	$upload_icon = $user->img('icon_topic_attach', '');
1233	}
1234	else if ($extensions[$attachment['extension']]['upload_icon'])
1235	{
1236	$upload_icon = '<img src="' . $phpbb_root_path . $config['upload_icons_path'] . '/' . trim($extensions[$attachment['extension']]['upload_icon']) . '" alt="" />';
1237	}
1238	}
1239
1240	$filesize = get_formatted_filesize($attachment['filesize'], false);
1241
1242	$comment = bbcode_nl2br(censor_text($attachment['attach_comment']));
1243
1244	$block_array += array(
1245	'UPLOAD_ICON' => $upload_icon,
1246	'FILESIZE' => $filesize['value'],
1247	'MIMETYPE' => $attachment['mimetype'],
1248	'SIZE_LANG' => $filesize['unit'],
1249	'DOWNLOAD_NAME' => utf8_basename($attachment['real_filename']),
1250	'COMMENT' => $comment,
1251	);
1252
1253	$denied = false;
1254
1255	if (!extension_allowed($forum_id, $attachment['extension'], $extensions))
1256	{
1257	$denied = true;
1258
1259	$block_array += array(
1260	'S_DENIED' => true,
1261	'DENIED_MESSAGE' => sprintf($user->lang['EXTENSION_DISABLED_AFTER_POSTING'], $attachment['extension'])
1262	);
1263	}
1264
1265	if (!$denied)
1266	{
1267	$display_cat = $extensions[$attachment['extension']]['display_cat'];
1268
1269	if ($display_cat == attachment_category::IMAGE)
1270	{
1271	if ($attachment['thumbnail'])
1272	{
1273	$display_cat = attachment_category::THUMB;
1274	}
1275	else
1276	{
1277	if ($config['img_display_inlined'])
1278	{
1279	$display_cat = attachment_category::IMAGE;
1280	}
1281	else
1282	{
1283	$display_cat = attachment_category::NONE;
1284	}
1285	}
1286	}
1287
1288	// Make some descisions based on user options being set.
1289	if (($display_cat == attachment_category::IMAGE \|\| $display_cat == attachment_category::THUMB) && !$user->optionget('viewimg'))
1290	{
1291	$display_cat = attachment_category::NONE;
1292	}
1293
1294	$download_link = $controller_helper->route(
1295	'phpbb_storage_attachment',
1296	[
1297	'id' => (int) $attachment['attach_id'],
1298	'filename' => $attachment['real_filename'],
1299	]
1300	);
1301	$l_downloaded_viewed = 'VIEWED_COUNTS';
1302
1303	switch ($display_cat)
1304	{
1305	// Images
1306	case attachment_category::IMAGE:
1307	$inline_link = $controller_helper->route(
1308	'phpbb_storage_attachment',
1309	[
1310	'id' => (int) $attachment['attach_id'],
1311	'filename' => $attachment['real_filename'],
1312	]
1313	);
1314
1315	$block_array += array(
1316	'S_IMAGE' => true,
1317	'U_INLINE_LINK' => $inline_link,
1318	);
1319
1320	$update_count_ary[] = $attachment['attach_id'];
1321	break;
1322
1323	// Images, but display Thumbnail
1324	case attachment_category::THUMB:
1325	$thumbnail_link = $controller_helper->route(
1326	'phpbb_storage_attachment',
1327	[
1328	'id' => (int) $attachment['attach_id'],
1329	'filename' => $attachment['real_filename'],
1330	't' => 1,
1331	]
1332	);
1333
1334	$block_array += array(
1335	'S_THUMBNAIL' => true,
1336	'THUMB_IMAGE' => $thumbnail_link,
1337	);
1338
1339	$update_count_ary[] = $attachment['attach_id'];
1340	break;
1341
1342	// Audio files
1343	case attachment_category::AUDIO:
1344	$block_array += [
1345	'S_AUDIO_FILE' => true,
1346	];
1347
1348	$update_count_ary[] = $attachment['attach_id'];
1349	break;
1350
1351	// Video files
1352	case attachment_category::VIDEO:
1353	$block_array += [
1354	'S_VIDEO_FILE' => true,
1355	];
1356
1357	$update_count_ary[] = $attachment['attach_id'];
1358	break;
1359
1360	default:
1361	$l_downloaded_viewed = 'DOWNLOAD_COUNTS';
1362
1363	$block_array += array(
1364	'S_FILE' => true,
1365	);
1366	break;
1367	}
1368
1369	if (!isset($attachment['download_count']))
1370	{
1371	$attachment['download_count'] = 0;
1372	}
1373
1374	$block_array += array(
1375	'U_DOWNLOAD_LINK' => $download_link,
1376	'L_DOWNLOAD_COUNT' => $user->lang($l_downloaded_viewed, (int) $attachment['download_count']),
1377	);
1378	}
1379
1380	$update_count = $update_count_ary;
1381	/**
1382	* Use this event to modify the attachment template data.
1383	*
1384	* This event is triggered once per attachment.
1385	*
1386	* @event core.parse_attachments_modify_template_data
1387	* @var array attachment Array with attachment data
1388	* @var array block_array Template data of the attachment
1389	* @var int display_cat Attachment category data
1390	* @var string download_link Attachment download link
1391	* @var array extensions Array with attachment extensions data
1392	* @var mixed forum_id The forum id the attachments are displayed in (false if in private message)
1393	* @var bool preview Flag indicating if we are in post preview mode
1394	* @var array update_count Array with attachment ids to update download count
1395	* @since 3.1.0-RC5
1396	*/
1397	$vars = array(
1398	'attachment',
1399	'block_array',
1400	'display_cat',
1401	'download_link',
1402	'extensions',
1403	'forum_id',
1404	'preview',
1405	'update_count',
1406	);
1407	extract($phpbb_dispatcher->trigger_event('core.parse_attachments_modify_template_data', compact($vars)));
1408	$update_count_ary = $update_count;
1409	unset($update_count, $display_cat, $download_link);
1410
1411	$template->assign_block_vars('_file', $block_array);
1412
1413	$compiled_attachments[] = $template->assign_display('attachment_tpl');
1414	}
1415
1416	$attachments = $compiled_attachments;
1417	unset($compiled_attachments);
1418
1419	$unset_tpl = array();
1420
1421	preg_match_all('#<!\-\- ia([0-9]+) \-\->(.*?)<!\-\- ia\1 \-\->#', $message, $matches, PREG_PATTERN_ORDER);
1422
1423	$replace = array();
1424	foreach (array_keys($matches[0]) as $num)
1425	{
1426	$index = $matches[1][$num];
1427
1428	$replace['from'][] = $matches[0][$num];
1429	$replace['to'][] = (isset($attachments[$index])) ? $attachments[$index] : sprintf($user->lang['MISSING_INLINE_ATTACHMENT'], $matches[2][array_search($index, $matches[1])]);
1430
1431	$unset_tpl[] = $index;
1432	}
1433
1434	if (isset($replace['from']))
1435	{
1436	$message = str_replace($replace['from'], $replace['to'], $message);
1437	}
1438
1439	$unset_tpl = array_unique($unset_tpl);
1440
1441	// Sort correctly
1442	if ($config['display_order'])
1443	{
1444	// Ascending sort
1445	krsort($attachments);
1446	}
1447	else
1448	{
1449	// Descending sort
1450	ksort($attachments);
1451	}
1452
1453	// Needed to let not display the inlined attachments at the end of the post again
1454	foreach ($unset_tpl as $index)
1455	{
1456	unset($attachments[$index]);
1457	}
1458	}
1459
1460	/**
1461	* Check if extension is allowed to be posted.
1462	*
1463	* @param mixed $forum_id The forum id to check or false if private message
1464	* @param string $extension The extension to check, for example zip.
1465	* @param array &$extensions The extension array holding the information from the cache (will be obtained if empty)
1466	*
1467	* @return bool False if the extension is not allowed to be posted, else true.
1468	*/
1469	function extension_allowed($forum_id, $extension, &$extensions)
1470	{
1471	if (empty($extensions))
1472	{
1473	global $cache;
1474	$extensions = $cache->obtain_attach_extensions($forum_id);
1475	}
1476
1477	return (!isset($extensions['_allowed_'][$extension])) ? false : true;
1478	}
1479
1480	/**
1481	* Truncates string while retaining special characters if going over the max length
1482	* The default max length is 60 at the moment
1483	* The maximum storage length is there to fit the string within the given length. The string may be further truncated due to html entities.
1484	* For example: string given is 'a "quote"' (length: 9), would be a stored as 'a "quote"' (length: 19)
1485	*
1486	* @param string $string The text to truncate to the given length. String is specialchared.
1487	* @param int $max_length Maximum length of string (multibyte character count as 1 char / Html entity count as 1 char)
1488	* @param int $max_store_length Maximum character length of string (multibyte character count as 1 char / Html entity count as entity chars).
1489	* @param bool $allow_reply Allow Re: in front of string
1490	* NOTE: This parameter can cause undesired behavior (returning strings longer than $max_store_length) and is deprecated.
1491	* @param string $append String to be appended
1492	*/
1493	function truncate_string($string, $max_length = 60, $max_store_length = 255, $allow_reply = false, $append = '')
1494	{
1495	$strip_reply = false;
1496	$stripped = false;
1497	if ($allow_reply && strpos($string, 'Re: ') === 0)
1498	{
1499	$strip_reply = true;
1500	$string = substr($string, 4);
1501	}
1502
1503	$_chars = utf8_str_split(html_entity_decode($string, ENT_COMPAT));
1504	$chars = array_map('utf8_htmlspecialchars', $_chars);
1505
1506	// Now check the length ;)
1507	if (count($chars) > $max_length)
1508	{
1509	// Cut off the last elements from the array
1510	$string = implode('', array_slice($chars, 0, $max_length - utf8_strlen($append)));
1511	$stripped = true;
1512	}
1513
1514	// Due to specialchars, we may not be able to store the string...
1515	if (utf8_strlen($string) > $max_store_length)
1516	{
1517	// let's split again, we do not want half-baked strings where entities are split
1518	$_chars = utf8_str_split(html_entity_decode($string, ENT_COMPAT));
1519	$chars = array_map('utf8_htmlspecialchars', $_chars);
1520
1521	do
1522	{
1523	array_pop($chars);
1524	$string = implode('', $chars);
1525	}
1526	while (!empty($chars) && utf8_strlen($string) > $max_store_length);
1527	}
1528
1529	if ($strip_reply)
1530	{
1531	$string = 'Re: ' . $string;
1532	}
1533
1534	if ($append != '' && $stripped)
1535	{
1536	$string = $string . $append;
1537	}
1538
1539	return $string;
1540	}
1541
1542	/**
1543	* Get username details for placing into templates.
1544	* This function caches all modes on first call, except for no_profile and anonymous user - determined by $user_id.
1545	*
1546	* @html Username spans and links
1547	*
1548	* @param string $mode Can be profile (for getting an url to the profile), username (for obtaining the username), colour (for obtaining the user colour), full (for obtaining a html string representing a coloured link to the users profile) or no_profile (the same as full but forcing no profile link)
1549	* @param int $user_id The users id
1550	* @param string $username The users name
1551	* @param string $username_colour The users colour
1552	* @param string\|false $guest_username optional parameter to specify the guest username. It will be used in favor of the GUEST language variable then.
1553	* @param string\|false $custom_profile_url optional parameter to specify a profile url. The user id get appended to this url as &u={user_id}
1554	*
1555	* @return string A string consisting of what is wanted based on $mode.
1556	*/
1557	function get_username_string($mode, $user_id, $username, $username_colour = '', $guest_username = false, $custom_profile_url = false)
1558	{
1559	static $_profile_cache;
1560	global $phpbb_dispatcher;
1561
1562	// We cache some common variables we need within this function
1563	if (empty($_profile_cache))
1564	{
1565	global $phpbb_root_path, $phpEx;
1566
1567	/** @html Username spans and links for usage in the template */
1568	$_profile_cache['base_url'] = append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u={USER_ID}');
1569	$_profile_cache['tpl_noprofile'] = '<span class="username">{USERNAME}</span>';
1570	$_profile_cache['tpl_noprofile_colour'] = '<span style="color: {USERNAME_COLOUR};" class="username-coloured">{USERNAME}</span>';
1571	$_profile_cache['tpl_profile'] = '<a href="{PROFILE_URL}" class="username">{USERNAME}</a>';
1572	$_profile_cache['tpl_profile_colour'] = '<a href="{PROFILE_URL}" style="color: {USERNAME_COLOUR};" class="username-coloured">{USERNAME}</a>';
1573	}
1574
1575	global $user, $auth;
1576
1577	// This switch makes sure we only run code required for the mode
1578	switch ($mode)
1579	{
1580	case 'full':
1581	case 'no_profile':
1582	case 'colour':
1583
1584	// Build correct username colour
1585	$username_colour = ($username_colour) ? '#' . $username_colour : '';
1586
1587	// Return colour
1588	if ($mode == 'colour')
1589	{
1590	$username_string = $username_colour;
1591	break;
1592	}
1593
1594	// no break;
1595
1596	case 'username':
1597
1598	// Build correct username
1599	if ($guest_username === false)
1600	{
1601	$username = ($username) ? $username : $user->lang['GUEST'];
1602	}
1603	else
1604	{
1605	$username = ($user_id && $user_id != ANONYMOUS) ? $username : ((!empty($guest_username)) ? $guest_username : $user->lang['GUEST']);
1606	}
1607
1608	// Return username
1609	if ($mode == 'username')
1610	{
1611	$username_string = $username;
1612	break;
1613	}
1614
1615	// no break;
1616
1617	case 'profile':
1618
1619	// Build correct profile url - only show if not anonymous and permission to view profile if registered user
1620	// For anonymous the link leads to a login page.
1621	if ($user_id && $user_id != ANONYMOUS && ($user->data['user_id'] == ANONYMOUS \|\| $auth->acl_get('u_viewprofile')))
1622	{
1623	$profile_url = ($custom_profile_url !== false) ? $custom_profile_url . '&u=' . (int) $user_id : str_replace(array('={USER_ID}', '=%7BUSER_ID%7D'), '=' . (int) $user_id, $_profile_cache['base_url']);
1624	}
1625	else
1626	{
1627	$profile_url = '';
1628	}
1629
1630	// Return profile
1631	if ($mode == 'profile')
1632	{
1633	$username_string = $profile_url;
1634	break;
1635	}
1636
1637	// no break;
1638	}
1639
1640	if (!isset($username_string))
1641	{
1642	if (($mode == 'full' && !$profile_url) \|\| $mode == 'no_profile')
1643	{
1644	$username_string = str_replace(array('{USERNAME_COLOUR}', '{USERNAME}'), array($username_colour, $username), (!$username_colour) ? $_profile_cache['tpl_noprofile'] : $_profile_cache['tpl_noprofile_colour']);
1645	}
1646	else
1647	{
1648	$username_string = str_replace(array('{PROFILE_URL}', '{USERNAME_COLOUR}', '{USERNAME}'), array($profile_url, $username_colour, $username), (!$username_colour) ? $_profile_cache['tpl_profile'] : $_profile_cache['tpl_profile_colour']);
1649	}
1650	}
1651
1652	/**
1653	* Use this event to change the output of get_username_string()
1654	*
1655	* @event core.modify_username_string
1656	* @var string mode profile\|username\|colour\|full\|no_profile
1657	* @var int user_id String or array of additional url
1658	* parameters
1659	* @var string username The user's username
1660	* @var string username_colour The user's colour
1661	* @var string guest_username Optional parameter to specify the
1662	* guest username.
1663	* @var string custom_profile_url Optional parameter to specify a
1664	* profile url.
1665	* @var string username_string The string that has been generated
1666	* @var array _profile_cache Array of original return templates
1667	* @since 3.1.0-a1
1668	*/
1669	$vars = array(
1670	'mode',
1671	'user_id',
1672	'username',
1673	'username_colour',
1674	'guest_username',
1675	'custom_profile_url',
1676	'username_string',
1677	'_profile_cache',
1678	);
1679	extract($phpbb_dispatcher->trigger_event('core.modify_username_string', compact($vars)));
1680
1681	return $username_string;
1682	}
1683
1684	/**
1685	* Add an option to the quick-mod tools.
1686	*
1687	* @param string $url The recepting URL for the quickmod actions.
1688	* @param string $option The language key for the value of the option.
1689	* @param string $lang_string The language string to use.
1690	*/
1691	function phpbb_add_quickmod_option($url, $option, $lang_string)
1692	{
1693	global $template, $user, $phpbb_path_helper;
1694
1695	$lang_string = $user->lang($lang_string);
1696	$template->assign_block_vars('quickmod', array(
1697	'VALUE' => $option,
1698	'TITLE' => $lang_string,
1699	'LINK' => $phpbb_path_helper->append_url_params($url, array('action' => $option)),
1700	));
1701	}
1702
1703	/**
1704	* Concatenate an array into a string list.
1705	*
1706	* @param array $items Array of items to concatenate
1707	* @param object $user The phpBB $user object.
1708	*
1709	* @return string String list. Examples: "A"; "A and B"; "A, B, and C"
1710	*/
1711	function phpbb_generate_string_list($items, $user)
1712	{
1713	if (empty($items))
1714	{
1715	return '';
1716	}
1717
1718	$count = count($items);
1719	$last_item = array_pop($items);
1720	$lang_key = 'STRING_LIST_MULTI';
1721
1722	if ($count == 1)
1723	{
1724	return $last_item;
1725	}
1726	else if ($count == 2)
1727	{
1728	$lang_key = 'STRING_LIST_SIMPLE';
1729	}
1730	$list = implode($user->lang['COMMA_SEPARATOR'], $items);
1731
1732	return $user->lang($lang_key, $list, $last_item);
1733	}
1734
1735	class bitfield
1736	{
1737	var $data;
1738
1739	function __construct($bitfield = '')
1740	{
1741	$this->data = base64_decode($bitfield);
1742	}
1743
1744	/**
1745	*/
1746	function get($n)
1747	{
1748	// Get the ($n / 8)th char
1749	$byte = $n >> 3;
1750
1751	if (strlen($this->data) >= $byte + 1)
1752	{
1753	$c = $this->data[$byte];
1754
1755	// Lookup the ($n % 8)th bit of the byte
1756	$bit = 7 - ($n & 7);
1757	return (bool) (ord($c) & (1 << $bit));
1758	}
1759	else
1760	{
1761	return false;
1762	}
1763	}
1764
1765	function set($n)
1766	{
1767	$byte = $n >> 3;
1768	$bit = 7 - ($n & 7);
1769
1770	if (strlen($this->data) >= $byte + 1)
1771	{
1772	$this->data[$byte] = $this->data[$byte] \| chr(1 << $bit);
1773	}
1774	else
1775	{
1776	$this->data .= str_repeat("\0", $byte - strlen($this->data));
1777	$this->data .= chr(1 << $bit);
1778	}
1779	}
1780
1781	function clear($n)
1782	{
1783	$byte = $n >> 3;
1784
1785	if (strlen($this->data) >= $byte + 1)
1786	{
1787	$bit = 7 - ($n & 7);
1788	$this->data[$byte] = $this->data[$byte] &~ chr(1 << $bit);
1789	}
1790	}
1791
1792	function get_blob()
1793	{
1794	return $this->data;
1795	}
1796
1797	function get_base64()
1798	{
1799	return base64_encode($this->data);
1800	}
1801
1802	function get_bin()
1803	{
1804	$bin = '';
1805	$len = strlen($this->data);
1806
1807	for ($i = 0; $i < $len; ++$i)
1808	{
1809	$bin .= str_pad(decbin(ord($this->data[$i])), 8, '0', STR_PAD_LEFT);
1810	}
1811
1812	return $bin;
1813	}
1814
1815	function get_all_set()
1816	{
1817	return array_keys(array_filter(str_split($this->get_bin())));
1818	}
1819
1820	function merge($bitfield)
1821	{
1822	$this->data = $this->data \| $bitfield->get_blob();
1823	}
1824	}
1825
1826	/**
1827	* Formats the quote according to the given BBCode status setting
1828	*
1829	* @param phpbb\language\language $language Language class
1830	* @param parse_message $message_parser Message parser class
1831	* @param phpbb\textformatter\utils_interface $text_formatter_utils Text formatter utilities
1832	* @param bool $bbcode_status The status of the BBCode setting
1833	* @param array $quote_attributes The attributes of the quoted post
1834	* @param string $message_link Link of the original quoted post
1835	*/
1836	function phpbb_format_quote($language, $message_parser, $text_formatter_utils, $bbcode_status, $quote_attributes, $message_link = '')
1837	{
1838	if ($bbcode_status)
1839	{
1840	$quote_text = $text_formatter_utils->generate_quote(
1841	censor_text($message_parser->message),
1842	$quote_attributes
1843	);
1844
1845	$message_parser->message = $quote_text . "\n\n";
1846	}
1847	else
1848	{
1849	$offset = 0;
1850	$quote_string = "> ";
1851	$message = censor_text(trim($message_parser->message));
1852	// see if we are nesting. It's easily tricked but should work for one level of nesting
1853	if (strpos($message, ">") !== false)
1854	{
1855	$offset = 10;
1856	}
1857	$message = utf8_wordwrap($message, 75 + $offset, "\n");
1858
1859	$message = $quote_string . $message;
1860	$message = str_replace("\n", "\n" . $quote_string, $message);
1861
1862	$message_parser->message = $quote_attributes['author'] . " " . $language->lang('WROTE') . ":\n" . $message . "\n";
1863	}
1864
1865	if ($message_link)
1866	{
1867	$message_parser->message = $message_link . $message_parser->message;
1868	}
1869	}