kashire
/
lainchan
4
0
Fork 0
Código Issues 0 Pull requests 0 Versões 26 Wiki Atividade
The version of vichan running on lainchan.org
Você não pode selecionar mais de 25 tópicos Os tópicos devem começar com uma letra ou um número, podem incluir traços ('-') e podem ter até 35 caracteres.
3243 Commits
3 Branches
120MB
Tag: b3a2c62cbd
Branches Tags
${ item.name }
Criar branch ${ searchTerm }
de b3a2c62cbd
${ noResults }
lainchan/mod.php

198 linhas
7.3KB
Original Anotar Histórico 

  1. <?php

  2. 

  3. /*

  4.  *  Copyright (c) 2010-2014 Tinyboard Development Group

  5.  */

  6. 

  7. require 'inc/functions.php';

  8. require 'inc/mod/pages.php';

  9. require 'inc/mod/auth.php';

  10. 

  11. if ($config['debug'])

  12. 	$parse_start_time = microtime(true);

  13. 

  14. // Fix for magic quotes

  15. if (get_magic_quotes_gpc()) {

  16. 	function strip_array($var) {

  17. 		return is_array($var) ? array_map('strip_array', $var) : stripslashes($var);

  18. 	}

  19. 	

  20. 	$_GET = strip_array($_GET);

  21. 	$_POST = strip_array($_POST);

  22. }

  23. 

  24. $query = isset($_SERVER['QUERY_STRING']) ? rawurldecode($_SERVER['QUERY_STRING']) : '';

  25. 

  26. $pages = array(

  27. 	''					=> ':?/',			// redirect to dashboard

  28. 	'/'					=> 'dashboard',			// dashboard

  29. 	'/confirm/(.+)'				=> 'confirm',			// confirm action (if javascript didn't work)

  30. 	'/logout'				=> 'secure logout',		// logout

  31. 	

  32. 	'/users'				=> 'users',			// manage users

  33. 	'/users/(\d+)/(promote|demote)'		=> 'secure user_promote',	// prmote/demote user

  34. 	'/users/(\d+)'				=> 'secure_POST user',		// edit user

  35. 	'/users/new'				=> 'secure_POST user_new',	// create a new user

  36. 	

  37. 	'/new_PM/([^/]+)'			=> 'secure_POST new_pm',	// create a new pm

  38. 	'/PM/(\d+)(/reply)?'			=> 'pm',			// read a pm

  39. 	'/inbox'				=> 'inbox',			// pm inbox

  40. 	

  41. 	'/log'					=> 'log',			// modlog

  42. 	'/log/(\d+)'				=> 'log',			// modlog

  43. 	'/log:([^/]+)'				=> 'user_log',			// modlog

  44. 	'/log:([^/]+)/(\d+)'			=> 'user_log',			// modlog

  45. 	'/news'					=> 'secure_POST news',		// view news

  46. 	'/news/(\d+)'				=> 'secure_POST news',		// view news

  47. 	'/news/delete/(\d+)'			=> 'secure news_delete',	// delete from news

  48. 	

  49. 	'/noticeboard'				=> 'secure_POST noticeboard',	// view noticeboard

  50. 	'/noticeboard/(\d+)'			=> 'secure_POST noticeboard',	// view noticeboard

  51. 	'/noticeboard/delete/(\d+)'		=> 'secure noticeboard_delete',	// delete from noticeboard

  52. 	

  53. 	'/edit/(\%b)'				=> 'secure_POST edit_board',	// edit board details

  54. 	'/new-board'				=> 'secure_POST new_board',	// create a new board

  55. 	

  56. 	'/rebuild'				=> 'secure_POST rebuild',	// rebuild static files

  57. 	'/reports'				=> 'reports',			// report queue

  58. 	'/reports/(\d+)/dismiss(all)?'		=> 'secure report_dismiss',	// dismiss a report

  59. 	

  60. 	'/IP/([\w.:]+)'				=> 'secure_POST ip',		// view ip address

  61. 	'/IP/([\w.:]+)/remove_note/(\d+)'	=> 'secure ip_remove_note',	// remove note from ip address

  62. 	

  63. 	'/ban'					=> 'secure_POST ban',		// new ban

  64. 	'/bans'					=> 'secure_POST bans',		// ban list

  65. 	'/bans/(\d+)'				=> 'secure_POST bans',		// ban list

  66. 	'/ban-appeals'				=> 'secure_POST ban_appeals',	// view ban appeals

  67. 	

  68. 	'/recent/(\d+)'				=> 'recent_posts',		// view recent posts

  69. 

  70. 	'/search'				=> 'search_redirect',		// search

  71. 	'/search/(posts|IP_notes|bans|log)/(.+)/(\d+)'	=> 'search',		// search

  72. 	'/search/(posts|IP_notes|bans|log)/(.+)'	=> 'search',		// search

  73. 

  74. 	'/(\%b)/ban(&delete)?/(\d+)'		=> 'secure_POST ban_post', 	// ban poster

  75. 	'/(\%b)/move/(\d+)'			=> 'secure_POST move',		// move thread

  76. 	'/(\%b)/move_reply/(\d+)'			=> 'secure_POST move_reply',		// move reply

  77. 	'/(\%b)/edit(_raw)?/(\d+)'		=> 'secure_POST edit_post',	// edit post

  78. 	'/(\%b)/delete/(\d+)'			=> 'secure delete',		// delete post

  79. 	'/(\%b)/deletefile/(\d+)/(\d+)'		=> 'secure deletefile',		// delete file from post

  80. 	'/(\%b+)/spoiler/(\d+)/(\d+)'			=> 'secure spoiler_image',	// spoiler file

  81. 	'/(\%b)/deletebyip/(\d+)(/global)?'	=> 'secure deletebyip',		// delete all posts by IP address

  82. 	'/(\%b)/(un)?lock/(\d+)'		=> 'secure lock',		// lock thread

  83. 	'/(\%b)/(un)?sticky/(\d+)'		=> 'secure sticky',		// sticky thread

  84. 	'/(\%b)/bump(un)?lock/(\d+)'		=> 'secure bumplock',		// "bumplock" thread

  85. 	

  86. 	'/themes'				=> 'themes_list',		// manage themes

  87. 	'/themes/(\w+)'				=> 'secure_POST theme_configure',		// configure/reconfigure theme

  88. 	'/themes/(\w+)/rebuild'			=> 'secure theme_rebuild',		// rebuild theme

  89. 	'/themes/(\w+)/uninstall'		=> 'secure theme_uninstall',		// uninstall theme

  90. 	

  91. 	'/config'				=> 'secure_POST config',	// config editor

  92. 	'/config/(\%b)'				=> 'secure_POST config',	// config editor

  93. 	

  94. 	// these pages aren't listed in the dashboard without $config['debug']

  95. 	'/debug/antispam'			=> 'debug_antispam',

  96. 	'/debug/recent'				=> 'debug_recent_posts',

  97. 	'/debug/apc'				=> 'debug_apc',

  98. 	'/debug/sql'				=> 'secure_POST debug_sql',

  99. 	

  100. 	// This should always be at the end:

  101. 	'/(\%b)/'										=> 'view_board',

  102. 	'/(\%b)/' . preg_quote($config['file_index'], '!')					=> 'view_board',

  103. 	'/(\%b)/' . str_replace('%d', '(\d+)', preg_quote($config['file_page'], '!'))		=> 'view_board',

  104. 	'/(\%b)/' . preg_quote($config['dir']['res'], '!') .

  105. 			str_replace('%d', '(\d+)', preg_quote($config['file_page50'], '!'))	=> 'view_thread50',

  106. 	'/(\%b)/' . preg_quote($config['dir']['res'], '!') .

  107. 			str_replace('%d', '(\d+)', preg_quote($config['file_page'], '!'))	=> 'view_thread',

  108. );

  109. 

  110. 

  111. if (!$mod) {

  112. 	$pages = array('!^(.+)?$!' => 'login');

  113. } elseif (isset($_GET['status'], $_GET['r'])) {

  114. 	header('Location: ' . $_GET['r'], true, (int)$_GET['status']);

  115. 	exit;

  116. }

  117. 

  118. if (isset($config['mod']['custom_pages'])) {

  119. 	$pages = array_merge($pages, $config['mod']['custom_pages']);

  120. }

  121. 

  122. $new_pages = array();

  123. foreach ($pages as $key => $callback) {

  124. 	if (is_string($callback) && preg_match('/^secure /', $callback))

  125. 		$key .= '(/(?P<token>[a-f0-9]{8}))?';

  126. 	$key = str_replace('\%b', '?P<board>' . sprintf(substr($config['board_path'], 0, -1), $config['board_regex']), $key);

  127. 	$new_pages[@$key[0] == '!' ? $key : '!^' . $key . '(?:&[^&=]+=[^&]*)*$!u'] = $callback;

  128. }

  129. $pages = $new_pages;

  130. 

  131. foreach ($pages as $uri => $handler) {

  132. 	if (preg_match($uri, $query, $matches)) {

  133. 		$matches = array_slice($matches, 1);

  134. 		

  135. 		if (isset($matches['board'])) {

  136. 			$board_match = $matches['board'];

  137. 			unset($matches['board']);

  138. 			$key = array_search($board_match, $matches);

  139. 			if (preg_match('/^' . sprintf(substr($config['board_path'], 0, -1), '(' . $config['board_regex'] . ')') . '$/u', $matches[$key], $board_match)) {

  140. 				$matches[$key] = $board_match[1];

  141. 			}

  142. 		}

  143. 		

  144. 		if (is_string($handler) && preg_match('/^secure(_POST)? /', $handler, $m)) {

  145. 			$secure_post_only = isset($m[1]);

  146. 			if (!$secure_post_only || $_SERVER['REQUEST_METHOD'] == 'POST') {

  147. 				$token = isset($matches['token']) ? $matches['token'] : (isset($_POST['token']) ? $_POST['token'] : false);

  148. 				

  149. 				if ($token === false) {

  150. 					if ($secure_post_only)

  151. 						error($config['error']['csrf']);

  152. 					else {

  153. 						mod_confirm(substr($query, 1));

  154. 						exit;

  155. 					}

  156. 				}

  157. 			

  158. 				// CSRF-protected page; validate security token

  159. 				$actual_query = preg_replace('!/([a-f0-9]{8})$!', '', $query);

  160. 				if ($token != make_secure_link_token(substr($actual_query, 1))) {

  161. 					error($config['error']['csrf']);

  162. 				}

  163. 			}

  164. 			$handler = preg_replace('/^secure(_POST)? /', '', $handler);

  165. 		}

  166. 		

  167. 		if ($config['debug']) {

  168. 			$debug['mod_page'] = array(

  169. 				'req' => $query,

  170. 				'match' => $uri,

  171. 				'handler' => $handler,

  172. 			);

  173. 			$debug['time']['parse_mod_req'] = '~' . round((microtime(true) - $parse_start_time) * 1000, 2) . 'ms';

  174. 		}

  175. 		

  176. 		if (is_string($handler)) {

  177. 			if ($handler[0] == ':') {

  178. 				header('Location: ' . substr($handler, 1),  true, $config['redirect_http']);

  179. 			} elseif (is_callable("mod_page_$handler")) {

  180. 				call_user_func_array("mod_page_$handler", $matches);

  181. 			} elseif (is_callable("mod_$handler")) {

  182. 				call_user_func_array("mod_$handler", $matches);

  183. 			} else {

  184. 				error("Mod page '$handler' not found!");

  185. 			}

  186. 		} elseif (is_callable($handler)) {

  187. 			call_user_func_array($handler, $matches);

  188. 		} else {

  189. 			error("Mod page '$handler' not a string, and not callable!");

  190. 		}

  191. 		

  192. 		exit;

  193. 	}

  194. }

  195. 

  196. error($config['error']['404']);