kashire
/
lainchan
4
0
Bifurcation 0
Code Tickets 0 Demandes d'ajout 0 Versions 26 Wiki Activité
The version of vichan running on lainchan.org
Vous ne pouvez pas sélectionner plus de 25 sujets Les noms de sujets doivent commencer par une lettre ou un nombre, peuvent contenir des tirets ('-') et peuvent comporter jusqu'à 35 caractères.
3726 Révisions
3 Branches
120MB
Aborescence: 7911c374e8
Branches Tags
${ item.name }
Créer la branche ${ searchTerm }
de '7911c374e8'
${ noResults }
lainchan/mod.php

196 lignes
7.5KB
Brut Annotations Historique 

  1. <?php

  2. 

  3. /*

  4.  *  Copyright (c) 2010-2014 Tinyboard Development Group

  5.  */

  6. 

  7. require_once 'inc/functions.php';

  8. 

  9. if ($config['debug'])

  10. 	$parse_start_time = microtime(true);

  11. 

  12. require_once 'inc/bans.php';

  13. require_once 'inc/mod/pages.php';

  14. 

  15. check_login(true);

  16. 

  17. $query = isset($_SERVER['QUERY_STRING']) ? rawurldecode($_SERVER['QUERY_STRING']) : '';

  18. 

  19. $pages = array(

  20. 	''					=> ':?/',			// redirect to dashboard

  21. 	'/'					=> 'dashboard',			// dashboard

  22. 	'/confirm/(.+)'				=> 'confirm',			// confirm action (if javascript didn't work)

  23. 	'/logout'				=> 'secure logout',		// logout

  24. 	

  25. 	'/users'				=> 'users',			// manage users

  26. 	'/users/(\d+)/(promote|demote)'		=> 'secure user_promote',	// prmote/demote user

  27. 	'/users/(\d+)'				=> 'secure_POST user',		// edit user

  28. 	'/users/new'				=> 'secure_POST user_new',	// create a new user

  29. 	

  30. 	'/new_PM/([^/]+)'			=> 'secure_POST new_pm',	// create a new pm

  31. 	'/PM/(\d+)(/reply)?'			=> 'pm',			// read a pm

  32. 	'/inbox'				=> 'inbox',			// pm inbox

  33. 	

  34. 	'/log'					=> 'log',			// modlog

  35. 	'/log/(\d+)'				=> 'log',			// modlog

  36. 	'/log:([^/]+)'				=> 'user_log',			// modlog

  37. 	'/log:([^/]+)/(\d+)'			=> 'user_log',			// modlog

  38. 	'/news'					=> 'secure_POST news',		// view news

  39. 	'/news/(\d+)'				=> 'secure_POST news',		// view news

  40. 	'/news/delete/(\d+)'			=> 'secure news_delete',	// delete from news

  41. 	

  42. 	'/noticeboard'				=> 'secure_POST noticeboard',	// view noticeboard

  43. 	'/noticeboard/(\d+)'			=> 'secure_POST noticeboard',	// view noticeboard

  44. 	'/noticeboard/delete/(\d+)'		=> 'secure noticeboard_delete',	// delete from noticeboard

  45. 	

  46. 	'/edit/(\%b)'				=> 'secure_POST edit_board',	// edit board details

  47. 	'/new-board'				=> 'secure_POST new_board',	// create a new board

  48. 	

  49. 	'/rebuild'				=> 'secure_POST rebuild',	// rebuild static files

  50. 	'/reports'				=> 'reports',			// report queue

  51. 	'/reports/(\d+)/dismiss(all)?'		=> 'secure report_dismiss',	// dismiss a report

  52. 	

  53. 	'/IP/([\w.:]+)'				=> 'secure_POST ip',		// view ip address

  54. 	'/IP/([\w.:]+)/remove_note/(\d+)'	=> 'secure ip_remove_note',	// remove note from ip address

  55. 	

  56. 	'/ban'					=> 'secure_POST ban',		// new ban

  57. 	'/bans'					=> 'secure_POST bans',		// ban list

  58. 	'/bans.json'				=> 'secure bans_json',		// ban list JSON

  59. 	'/ban-appeals'				=> 'secure_POST ban_appeals',	// view ban appeals

  60. 	

  61. 	'/recent/(\d+)'				=> 'recent_posts',		// view recent posts

  62. 

  63. 	'/search'				=> 'search_redirect',		// search

  64. 	'/search/(posts|IP_notes|bans|log)/(.+)/(\d+)'	=> 'search',		// search

  65. 	'/search/(posts|IP_notes|bans|log)/(.+)'	=> 'search',		// search

  66. 

  67. 	'/(\%b)/ban(&delete)?/(\d+)'		=> 'secure_POST ban_post', 	// ban poster

  68. 	'/(\%b)/move/(\d+)'			=> 'secure_POST move',		// move thread

  69. 	'/(\%b)/move_reply/(\d+)'			=> 'secure_POST move_reply',		// move reply

  70. 	'/(\%b)/edit(_raw)?/(\d+)'		=> 'secure_POST edit_post',	// edit post

  71. 	'/(\%b)/delete/(\d+)'			=> 'secure delete',		// delete post

  72. 	'/(\%b)/deletefile/(\d+)/(\d+)'		=> 'secure deletefile',		// delete file from post

  73. 	'/(\%b+)/spoiler/(\d+)/(\d+)'			=> 'secure spoiler_image',	// spoiler file

  74. 	'/(\%b)/deletebyip/(\d+)(/global)?'	=> 'secure deletebyip',		// delete all posts by IP address

  75. 	'/(\%b)/(un)?lock/(\d+)'		=> 'secure lock',		// lock thread

  76. 	'/(\%b)/(un)?sticky/(\d+)'		=> 'secure sticky',		// sticky thread

  77. 	'/(\%b)/bump(un)?lock/(\d+)'		=> 'secure bumplock',		// "bumplock" thread

  78. 	

  79. 	'/themes'				=> 'themes_list',		// manage themes

  80. 	'/themes/(\w+)'				=> 'secure_POST theme_configure',		// configure/reconfigure theme

  81. 	'/themes/(\w+)/rebuild'			=> 'secure theme_rebuild',		// rebuild theme

  82. 	'/themes/(\w+)/uninstall'		=> 'secure theme_uninstall',		// uninstall theme

  83. 	

  84. 	'/config'				=> 'secure_POST config',	// config editor

  85. 	'/config/(\%b)'				=> 'secure_POST config',	// config editor

  86. 	

  87. 	// these pages aren't listed in the dashboard without $config['debug']

  88. 	'/debug/antispam'			=> 'debug_antispam',

  89. 	'/debug/recent'				=> 'debug_recent_posts',

  90. 	'/debug/apc'				=> 'debug_apc',

  91. 	'/debug/sql'				=> 'secure_POST debug_sql',

  92. 	

  93. 	// This should always be at the end:

  94. 	'/(\%b)/'										=> 'view_board',

  95. 	'/(\%b)/' . preg_quote($config['file_index'], '!')					=> 'view_board',

  96. 	'/(\%b)/' . str_replace('%d', '(\d+)', preg_quote($config['file_page'], '!'))		=> 'view_board',

  97. 	'/(\%b)/' . preg_quote($config['dir']['res'], '!') .

  98. 			str_replace('%d', '(\d+)', preg_quote($config['file_page50'], '!'))	=> 'view_thread50',

  99. 	'/(\%b)/' . preg_quote($config['dir']['res'], '!') .

  100. 			str_replace('%d', '(\d+)', preg_quote($config['file_page'], '!'))	=> 'view_thread',

  101. 

  102. 	'/(\%b)/' . preg_quote($config['dir']['res'], '!') .

  103. 			str_replace(array('%d','%s'), array('(\d+)', '[a-z0-9-]+'), preg_quote($config['file_page50_slug'], '!'))	=> 'view_thread50',

  104. 	'/(\%b)/' . preg_quote($config['dir']['res'], '!') .

  105. 			str_replace(array('%d','%s'), array('(\d+)', '[a-z0-9-]+'), preg_quote($config['file_page_slug'], '!'))	=> 'view_thread',

  106. );

  107. 

  108. 

  109. if (!$mod) {

  110. 	$pages = array('!^(.+)?$!' => 'login');

  111. } elseif (isset($_GET['status'], $_GET['r'])) {

  112. 	header('Location: ' . $_GET['r'], true, (int)$_GET['status']);

  113. 	exit;

  114. }

  115. 

  116. if (isset($config['mod']['custom_pages'])) {

  117. 	$pages = array_merge($pages, $config['mod']['custom_pages']);

  118. }

  119. 

  120. $new_pages = array();

  121. foreach ($pages as $key => $callback) {

  122. 	if (is_string($callback) && preg_match('/^secure /', $callback))

  123. 		$key .= '(/(?P<token>[a-f0-9]{8}))?';

  124. 	$key = str_replace('\%b', '?P<board>' . sprintf(substr($config['board_path'], 0, -1), $config['board_regex']), $key);

  125. 	$new_pages[@$key[0] == '!' ? $key : '!^' . $key . '(?:&[^&=]+=[^&]*)*$!u'] = $callback;

  126. }

  127. $pages = $new_pages;

  128. 

  129. foreach ($pages as $uri => $handler) {

  130. 	if (preg_match($uri, $query, $matches)) {

  131. 		$matches = array_slice($matches, 1);

  132. 		

  133. 		if (isset($matches['board'])) {

  134. 			$board_match = $matches['board'];

  135. 			unset($matches['board']);

  136. 			$key = array_search($board_match, $matches);

  137. 			if (preg_match('/^' . sprintf(substr($config['board_path'], 0, -1), '(' . $config['board_regex'] . ')') . '$/u', $matches[$key], $board_match)) {

  138. 				$matches[$key] = $board_match[1];

  139. 			}

  140. 		}

  141. 		

  142. 		if (is_string($handler) && preg_match('/^secure(_POST)? /', $handler, $m)) {

  143. 			$secure_post_only = isset($m[1]);

  144. 			if (!$secure_post_only || $_SERVER['REQUEST_METHOD'] == 'POST') {

  145. 				$token = isset($matches['token']) ? $matches['token'] : (isset($_POST['token']) ? $_POST['token'] : false);

  146. 				

  147. 				if ($token === false) {

  148. 					if ($secure_post_only)

  149. 						error($config['error']['csrf']);

  150. 					else {

  151. 						mod_confirm(substr($query, 1));

  152. 						exit;

  153. 					}

  154. 				}

  155. 			

  156. 				// CSRF-protected page; validate security token

  157. 				$actual_query = preg_replace('!/([a-f0-9]{8})$!', '', $query);

  158. 				if ($token != make_secure_link_token(substr($actual_query, 1))) {

  159. 					error($config['error']['csrf']);

  160. 				}

  161. 			}

  162. 			$handler = preg_replace('/^secure(_POST)? /', '', $handler);

  163. 		}

  164. 		

  165. 		if ($config['debug']) {

  166. 			$debug['mod_page'] = array(

  167. 				'req' => $query,

  168. 				'match' => $uri,

  169. 				'handler' => $handler,

  170. 			);

  171. 			$debug['time']['parse_mod_req'] = '~' . round((microtime(true) - $parse_start_time) * 1000, 2) . 'ms';

  172. 		}

  173. 		

  174. 		if (is_string($handler)) {

  175. 			if ($handler[0] == ':') {

  176. 				header('Location: ' . substr($handler, 1),  true, $config['redirect_http']);

  177. 			} elseif (is_callable("mod_page_$handler")) {

  178. 				call_user_func_array("mod_page_$handler", $matches);

  179. 			} elseif (is_callable("mod_$handler")) {

  180. 				call_user_func_array("mod_$handler", $matches);

  181. 			} else {

  182. 				error("Mod page '$handler' not found!");

  183. 			}

  184. 		} elseif (is_callable($handler)) {

  185. 			call_user_func_array($handler, $matches);

  186. 		} else {

  187. 			error("Mod page '$handler' not a string, and not callable!");

  188. 		}

  189. 		

  190. 		exit;

  191. 	}

  192. }

  193. 

  194. error($config['error']['404']);