shell bypass 403
function tmpl_drawpmsg($obj, $usr, $mini)
$o1 =& $GLOBALS['FUD_OPT_1'];
$o2 =& $GLOBALS['FUD_OPT_2'];
$a = (int) $obj->users_opt;
$b =& $usr->users_opt;
if (!$mini) {
$custom_tag = $obj->custom_status ? '<br />'.$obj->custom_status.'' : '';
$c = (int) $obj->level_opt;
if ($obj->avatar_loc && $a & 8388608 && $b & 8192 && $o1 & 28 && !($c & 2)) {
if (!($c & 1)) {
$level_name =& $obj->level_name;
$level_image = $obj->level_img ? ' <img src="[[relativeurl]]/images/'.$obj->level_img.'" alt="" />' : '';
} else {
$level_name = $level_image = '';
} else {
$level_image = $obj->level_img ? ' <img src="[[relativeurl]]/images/'.$obj->level_img.'" alt="" />' : '';
$obj->avatar_loc = '';
$level_name =& $obj->level_name;
$avatar = ($obj->avatar_loc || $level_image) ? '<td class="avatarPad wo">'.$obj->avatar_loc.$level_image.'</td>' : '';
$dmsg_tags = ($custom_tag || $level_name) ? '<div class="ctags">'.$level_name.$custom_tag.'</div>' : '';
if (($o2 & 32 && !($a & 32768)) || $b & 1048576) {
$obj->login = $obj->alias;
$online_indicator = (($obj->last_visit + $GLOBALS['LOGEDIN_TIMEOUT'] * 60) > __request_timestamp__) ? '<img src="[[relativeurl]]/theme/default/images/online.png" alt="'.$obj->login.' is currently online" title="'.$obj->login.' is currently online" />' : '<img src="[[relativeurl]]/theme/default/images/offline.png" alt="'.$obj->login.' is currently offline" title="'.$obj->login.' is currently offline" />';
} else {
$online_indicator = '';
if ($obj->location) {
if (strlen($obj->location) > $GLOBALS['MAX_LOCATION_SHOW']) {
$location = substr($obj->location, 0, $GLOBALS['MAX_LOCATION_SHOW']) .'...';
} else {
$location = $obj->location;
$location = '<br /><b>Location:</b> '.$location;
} else {
$location = '';
$usr->buddy_list = $usr->buddy_list ? unserialize($usr->buddy_list) : array();
if ($obj->user_id != _uid && $obj->user_id > 0) {
$buddy_link = !isset($usr->buddy_list[$obj->user_id]) ? '<a href="[[relativeurl]]/index.php?t=buddy_list&'._rsid.'&add='.$obj->user_id.'&SQ='.$GLOBALS['sq'].'">add to buddy list</a><br />' : '<br />[<a href="[[relativeurl]]/index.php?t=buddy_list&del='.$obj->user_id.'&redr=1&'._rsid.'&SQ='.$GLOBALS['sq'].'">remove from buddy list</a>]';
} else {
$buddy_link = '';
/* Show im buttons if need be. */
if ($b & 16384) {
$im = '';
if ($obj->icq) {
$im .= '<a href="[[relativeurl]]/index.php?t=usrinfo&id='.$obj->user_id.'&'._rsid.'#icq_msg"><img src="[[relativeurl]]/theme/default/images/icq.png" alt="" title="'.$obj->icq.'" /></a> ';
if ($obj->facebook) {
$im .= '<a href="'.$obj->facebook.'"><img src="[[relativeurl]]/theme/default/images/facebook.png" title="'.$obj->facebook.'" alt="" /></a> ';
if ($obj->yahoo) {
$im .= '<a href="'.$obj->yahoo.'&.src=pg"><img src="[[relativeurl]]/theme/default/images/yahoo.png" alt="" title="'.$obj->yahoo.'" /></a> ';
if ($obj->jabber) {
$im .= '<img src="[[relativeurl]]/theme/default/images/jabber.png" title="'.$obj->jabber.'" alt="" />';
if ($obj->google) {
$im .= '<img src="[[relativeurl]]/theme/default/images/google.png" title="'.$obj->google.'" alt="" />';
if ($obj->skype) {
$im .= '<a href="callto://'.$obj->skype.'"><img src="[[relativeurl]]/theme/default/images/skype.png" title="'.$obj->skype.'" alt="" /></a>';
if ($obj->twitter) {
$im .= '<a href="'.$obj->twitter.'"><img src="[[relativeurl]]/theme/default/images/twitter.png" title="'.$obj->twitter.'" alt="" /></a>';
if ($im) {
$dmsg_im_row = ''.$im.'<br />';
} else {
$dmsg_im_row = '';
} else {
$dmsg_im_row = '';
if ($obj->ouser_id != _uid) {
$user_profile = '<a href="[[relativeurl]]/index.php?t=usrinfo&id='.$obj->user_id.'&'._rsid.'"><img src="[[relativeurl]]/theme/default/images/msg_about.gif" alt="" /></a>';
$email_link = ($o1 & 4194304 && $a & 16) ? '<a href="[[relativeurl]]/index.php?t=email&toi='.$obj->user_id.'&'._rsid.'" rel="nofollow"><img src="[[relativeurl]]/theme/default/images/msg_email.gif" alt="" /></a>' : '';
$private_msg_link = '<a href="[[relativeurl]]/index.php?t=ppost&toi='.$obj->user_id.'&'._rsid.'"><img title="Send a private message to this user" src="[[relativeurl]]/theme/default/images/msg_pm.gif" alt="" /></a>';
} else {
$user_profile = $email_link = $private_msg_link = '';
$msg_toolbar = '<tr><td colspan="2" class="MsgToolBar"><table border="0" cellspacing="0" cellpadding="0" class="wa"><tr>
<td class="nw al">'.$user_profile.' '.$email_link.' '.$private_msg_link.'</td>
<td class="nw ar"><a href="[[relativeurl]]/index.php?t=pmsg&'._rsid.'&btn_delete=1&sel='.$obj->id.'&SQ='.$GLOBALS['sq'].'"><img src="[[relativeurl]]/theme/default/images/msg_delete.gif" alt="" /></a> '.($obj->fldr == 4 ? '<a href="[[relativeurl]]/index.php?t=ppost&msg_id='.$obj->id.'&'._rsid.'"><img src="[[relativeurl]]/theme/default/images/msg_edit.gif" alt="" /></a> ' : '' ) .($obj->fldr == 1 ? '<a href="[[relativeurl]]/index.php?t=ppost&reply='.$obj->id.'&'._rsid.'"><img src="[[relativeurl]]/theme/default/images/msg_reply.gif" alt="" /></a> <a href="[[relativeurl]]/index.php?t=ppost&quote='.$obj->id.'&'._rsid.'"><img src="[[relativeurl]]/theme/default/images/msg_quote.gif" alt="" /></a> ' : '' ) .'<a href="[[relativeurl]]/index.php?t=ppost&forward='.$obj->id.'&'._rsid.'"><img src="[[relativeurl]]/theme/default/images/msg_forward.gif" alt="" /></a></td>
} else {
$dmsg_tags = $dmsg_im_row = $user_profile = $msg_toolbar = $buddy_link = $avatar = $online_indicator = $host_name = $location = '';
if ($obj->length > 0) {
$msg_body = read_pmsg_body($obj->foff, $obj->length);
} else {
$msg_body = 'No Message Body';
$msg_body = $obj->length ? read_pmsg_body($obj->foff, $obj->length) : 'No Message Body';
$file_attachments = '';
if ($obj->attach_cnt) {
$c = uq('SELECT, a.original_name, a.dlcount, m.icon, a.fsize FROM fud30_attach a LEFT JOIN fud30_mime m ON WHERE a.message_id='. $obj->id .' AND attach_opt=1');
while ($r = db_rowobj($c)) {
$sz = $r->fsize/1024;
$sz = $sz<1000 ? number_format($sz, 2) .'KB' : number_format($sz / 1024 ,2) .'MB';
if(!$r->icon) {
$r->icon = 'unknown.gif';
$file_attachments .= '<li>
<img alt="" src="[[relativeurl]]/images/mime/'.$r->icon.'" class="at" />
<span class="GenText fb">Attachment:</span> <a href="[[relativeurl]]/index.php?t=getfile&id='.$r->id.'&'._rsid.'&private=1" title="'.$r->original_name.'">'.$r->original_name.'</a>
<br />
<span class="SmallText">(Size: '.$sz.', Downloaded '.convertPlural($r->dlcount, array(''.$r->dlcount.' time',''.$r->dlcount.' times')).')</span>
if ($file_attachments) {
$file_attachments = '<ul class="AttachmentsList">
/* Append session to getfile. */
if ($o1 & 128 && !isset($_COOKIE[$GLOBALS['COOKIE_NAME']])) {
$msg_body = str_replace('<img src="index.php?t=getfile', '<img src="index.php?t=getfile&S='. s, $msg_body);
$tap = 1;
if ($o2 & 32768 && (isset($tap) || $o2 & 8192)) {
$pos = 0;
while (($pos = strpos($msg_body, '<img src="index.php/fa/', $pos)) !== false) {
$pos = strpos($msg_body, '"', $pos + 11);
$msg_body = substr_replace($msg_body, _rsid, $pos, 0);
return '<tr>
<table cellspacing="0" cellpadding="0" class="MsgTable">
<td class="MsgR1 al vt expanded">'.(!$mini && $obj->icon ? '<img src="[[relativeurl]]/images/message_icons/'.$obj->icon.'" alt="" /> ' : '' ) .'<span class="MsgSubText">'.$obj->subject.'</span></td>
<td class="MsgR1 vt ar DateText">'.print_date('%a, %d %B %Y %H:%M', $obj->post_stamp).'</td>
<tr class="MsgR2"><td class="MsgR2" colspan="2">
<table cellspacing="0" cellpadding="0" class="ContentTable">
<tr class="MsgR2">
<td class="msgud">'.$online_indicator.(!$mini ? '<a href="[[relativeurl]]/index.php?t=usrinfo&id='.$obj->user_id.'&'._rsid.'">'.htmlspecialchars($obj->alias, ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML5, null, false).'</a>' : ''.htmlspecialchars($obj->alias, ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML5, null, false).'' ) .(!$mini ? '<br /><b>Messages:</b> '.$obj->posted_msg_count.'<br /><b>Registered:</b> '.print_date('%B %Y', $obj->join_date).' '.$location.'' : '' ) .'</td>
<td class="msgud">'.$dmsg_tags.'</td>
<td class="msgot">'.$buddy_link.$dmsg_im_row.(!$mini && $obj->host_name && $o1 & 268435456 ? '<b>From:</b> '.$obj->host_name.'<br />' : '' ) .'</td>
<td class="MsgR3" colspan="2">
'.(($obj->sig && $o1 & 32768 && $obj->pmsg_opt & 1 && $b & 4096) ? '<br /><br /><div class="signature">'.$obj->sig.'</div>' : '' ) .'
<td class="MsgR2 ac" colspan="2">'.$GLOBALS['dpmsg_prev_message'].' '.$GLOBALS['dpmsg_next_message'].'</td>