MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 General Support > Problem using .innerHTML
Full Version: Problem using .innerHTML
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

Mohammad-Za

2011-12-26, 05:50 PM
Hello Guys,
I have added a button under every post which when user clicks on it, The post will be replaced by a text (in BBCODE).
This button does:
		$("pid_"+pid).innerHTML = message;
It completely replaces the post with message! But it doesn't translate the BBCODE
For example if the message is :
Hello
It will be displayed like this:
[color=#FF0000]Hello[/color]

(I use "echo" in xmlhttp for message)
How Can I Solve IT?

Euan T

2011-12-26, 06:04 PM
You need to run the parser in xmlhttp.php before outputting the message.

Mohammad-Za

2011-12-26, 06:07 PM
(2011-12-26, 06:04 PM)euantor Wrote: [ -> ]You need to run the parser in xmlhttp.php before outputting the message.

Done it before! But nothing changed!
No one answers as usual!

Dennis Tsang

2011-12-26, 08:24 PM
Can you post the code you're using both in xmlhttp.php and the button? I'm kind of confused what this does.

Mohammad-Za

2011-12-26, 08:43 PM
(2011-12-26, 08:24 PM)Dennis Tsang Wrote: [ -> ]Can you post the code you're using both in xmlhttp.php and the button? I'm kind of confused what this does.
It's a plugin which user can Put his message between [payment=money][/payment] tag and the other users buy that message by clicking on it's button.
All of the functions work perfectly but after click on the buy button the post will be displayed without BBCODE translation:
And the page should be refreshed for translating BBCODE tags !
XMLHTTP:
function bank_buy()
{

global $db, $lang, $theme, $mybb, $post, $posts, $parser, $charset, $forum, $posthandler, $message;
require_once MYBB_ROOT."inc/functions.php";
require_once MYBB_ROOT."inc/functions_post.php";
$lang->load("bank");
if ($mybb->input['action'] == "pay" && $_SERVER['REQUEST_METHOD']=="POST")
{
	if(!verify_post_check($mybb->input['my_post_key'], true))
	{
		xmlhttp_error($lang->invalid_post_code);
	}

$pid=$_GET['pid'];
$tid=$_GET['tid'];
$money=$_GET['pay'];
$uid = intval($mybb->user['uid']);
$query = $db->query("SELECT * FROM ".TABLE_PREFIX."bank_pay WHERE uid=$uid");
$result=$db->fetch_array($query);
$query1 = $db->query("SELECT * FROM ".TABLE_PREFIX."posts WHERE pid=$pid");
$result1=$db->fetch_array($query1);
$pst=$result1['message'];
$post = get_post($pid);
$pay=intval($result['pay']);
if (!$uid)
{
			xmlhttp_error($lang->not_user);
}
if($money>$pay)
{
			xmlhttp_error($lang->send_notmonay);
}
else{
buy_do($pid,$tid,$money,$uid);
}
				require_once MYBB_ROOT."inc/class_parser.php";
		$parser = new postParser;
		
		$parser_options = array(
			"allow_html" => $forum['allowhtml'],
			"allow_mycode" => $forum['allowmycode'],
			"allow_smilies" => $forum['allowsmilies'],
			"allow_imgcode" => $forum['allowimgcode'],
			"allow_videocode" => $forum['allowvideocode'],
			"me_username" => $post['username'],
			"filter_badwords" => 1
		);
		
		if($post['smilieoff'] == 1)
		{
			$parser_options['allow_smilies'] = 0;
		}

			$post['message'] = $parser->parse_message($pst, $parser_options);



		echo $post['message']
			 

}

}

JS File:
function pay(postid,threadid,pay)
{
	this.spinner = new ActivityIndicator("body", {image: "images/spinner_big.gif"});
	pid = postid;
	tid = threadid;

	new Ajax.Request('xmlhttp.php?action=pay&pid='+ pid +'&tid='+ tid +'&pay='+ pay +'&my_post_key='+ my_post_key, {method: 'post',postBody:"pid="+pid, onComplete:pay_done});
	return false;
}

function pay_done(request)
{
	if(this.spinner)
	{
		this.spinner.destroy();
		this.spinner = '';
	}
	if(request.responseText.match(/<error>(.*)<\/error>/))
	{
		message = request.responseText.match(/<error>(.*)<\/error>/);
		alert(message[1]);
	}
	else if(request.responseText)
	{
	var message=request.responseText;
		$("pid_"+pid).innerHTML = message;
		Thread.qeCache[pid] = "";
	}
	
	}

Button:
<input type="button" value="'.$lang->money_buy.'" name="bank_bt" onclick="pay(\''.$pid.'\',\''.$tid.'\',\''.$pay.'\')" >

Dennis Tsang

2011-12-26, 08:52 PM
In your XMLHTTP code, find:
$post = get_post($pid);
After it, add:
$forum = get_forum($post['fid']);

See if that makes it work.

BTW you have major security holes in your code. Any malicious person can inject any SQL they want in your queries. Whenever you use user input in your queries you need to use $db->escape_string(...) to clean the user input.

Mohammad-Za

2011-12-26, 08:59 PM
(2011-12-26, 08:52 PM)Dennis Tsang Wrote: [ -> ]In your XMLHTTP code, find:
$post = get_post($pid);
After it, add:
$forum = get_forum($post['fid']);

See if that makes it work.
Thank You Very Much!
Worked perfectly.
(2011-12-26, 08:52 PM)Dennis Tsang Wrote: [ -> ]BTW you have major security holes in your code. Any malicious person can inject any SQL they want in your queries. Whenever you use user input in your queries you need to use $db->escape_string(...) to clean the user input.
Of Course! It's Just a BETA!

Dennis Tsang

2011-12-26, 09:03 PM
Ok I just wanted to let you know Toungue Glad it's working.

Mohammad-Za

2012-01-03, 09:36 PM
Now I have the same problem with attachment tag!
The Attachment inserted into the post will be displayed as code till refresh the page.
Codes: 
...
require_once MYBB_ROOT."inc/class_parser.php";
		$parser = new postParser;
		
		$parser_options = array(
			"allow_html" => $forum['allowhtml'],
			"allow_mycode" => $forum['allowmycode'],
			"allow_smilies" => $forum['allowsmilies'],
			"allow_imgcode" => $forum['allowimgcode'],
			"allow_videocode" => $forum['allowvideocode'],
			"me_username" => $post['username'],
			"filter_badwords" => 1
		);
		
		if($post['smilieoff'] == 1)
		{
			$parser_options['allow_smilies'] = 0;
		}


	$post['message'] = $parser->parse_message($pst, $parser_options);
	
	$text_1=$post['message'];
	$text_2=explode('['.$mybb->settings['tag'].'=',$text_1);
	$text_3=explode("$money]",$text_2[1]);
	$text_4=explode('[/',$text_3[1]);
	$text=$text_4[0];	
	$post =preg_replace('#\[('.$mybb->settings['tag'].')(=)((?:[a-zA-Z0-9_.\/]*))\](.*?)\[/'.$mybb->settings['tag'].'\]#s','<div><div style="padding: 0pt 5px; float: right; background-color: rgb(255, 204, 0); margin-top: 5px;">'.$lang->val.' 
	<strong><font color="#FF0000">'.$money.'</font> '.$mybb->settings['unit'].'</strong></div><div style="border: 2px solid rgb(255, 204, 0); padding: 5px; clear: both;">'.$text.'</div></div>', $post);	
		$query90 = $db->simple_select("attachments", "*", "pid='{$post['pid']}'");
		while($attachment = $db->fetch_array($query90))
		{
			$attachcache[$attachment['pid']][$attachment['aid']] = $attachment;
		}
		
		require_once MYBB_ROOT."inc/functions_post.php";
		
		get_post_attachments($post['pid'], $post);

		echo $post['message'];

As You See I used:
		while($attachment = $db->fetch_array($query90))
		{
			$attachcache[$attachment['pid']][$attachment['aid']] = $attachment;
		}
		
		require_once MYBB_ROOT."inc/functions_post.php";
		
		get_post_attachments($post['pid'], $post);

But didn't work!
MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 General Support > Problem using .innerHTML