phpBB

Code Changes

File: includes/functions_posting.php

  Unmodified   Added   Modified   Removed
Line 288Line 288

if (sizeof($icons))
{


if (sizeof($icons))
{

 
		$root_path = (defined('PHPBB_USE_BOARD_URL_PATH') && PHPBB_USE_BOARD_URL_PATH) ? generate_board_url() . '/' : $phpbb_root_path;


		foreach ($icons as $id => $data)
{
if ($data['display'])
{
$template->assign_block_vars('topic_icon', array(
'ICON_ID' => $id,

		foreach ($icons as $id => $data)
{
if ($data['display'])
{
$template->assign_block_vars('topic_icon', array(
'ICON_ID' => $id,

					'ICON_IMG'		=> $phpbb_root_path . $config['icons_path'] . '/' . $data['img'],

					'ICON_IMG'		=> $root_path . $config['icons_path'] . '/' . $data['img'],

					'ICON_WIDTH'	=> $data['width'],
'ICON_HEIGHT' => $data['height'],


					'ICON_WIDTH'	=> $data['width'],
'ICON_HEIGHT' => $data['height'],


Line 388Line 390
	include_once($phpbb_root_path . 'includes/functions_upload.' . $phpEx);
$upload = new fileupload();


	include_once($phpbb_root_path . 'includes/functions_upload.' . $phpEx);
$upload = new fileupload();


	if ($config['check_attachment_content'])

	if ($config['check_attachment_content'] && isset($config['mime_triggers']))

	{
$upload->set_disallowed_content(explode('|', $config['mime_triggers']));

	{
$upload->set_disallowed_content(explode('|', $config['mime_triggers']));

 
	}
else if (!$config['check_attachment_content'])
{
$upload->set_disallowed_content(array());

	}

if (!$local)

	}

if (!$local)

Line 420Line 426
	}

$cat_id = (isset($extensions[$file->get('extension')]['display_cat'])) ? $extensions[$file->get('extension')]['display_cat'] : ATTACHMENT_CATEGORY_NONE;

	}

$cat_id = (isset($extensions[$file->get('extension')]['display_cat'])) ? $extensions[$file->get('extension')]['display_cat'] : ATTACHMENT_CATEGORY_NONE;


// Make sure the image category only holds valid images...
if ($cat_id == ATTACHMENT_CATEGORY_IMAGE && !$file->is_image())
{
$file->remove();

// If this error occurs a user tried to exploit an IE Bug by renaming extensions
// Since the image category is displaying content inline we need to catch this.
trigger_error($user->lang['ATTACHED_IMAGE_NOT_IMAGE']);
}

 

// Do we have to create a thumbnail?
$filedata['thumbnail'] = ($cat_id == ATTACHMENT_CATEGORY_IMAGE && $config['img_create_thumbnail']) ? 1 : 0;


// Do we have to create a thumbnail?
$filedata['thumbnail'] = ($cat_id == ATTACHMENT_CATEGORY_IMAGE && $config['img_create_thumbnail']) ? 1 : 0;

Line 469Line 465
		$filedata['post_attach'] = false;

return $filedata;

		$filedata['post_attach'] = false;

return $filedata;

 
	}

// Make sure the image category only holds valid images...
if ($cat_id == ATTACHMENT_CATEGORY_IMAGE && !$file->is_image())
{
$file->remove();

// If this error occurs a user tried to exploit an IE Bug by renaming extensions
// Since the image category is displaying content inline we need to catch this.
trigger_error($user->lang['ATTACHED_IMAGE_NOT_IMAGE']);

	}

$filedata['filesize'] = $file->get('filesize');

	}

$filedata['filesize'] = $file->get('filesize');

Line 496Line 502
	if ($free_space = @disk_free_space($phpbb_root_path . $config['upload_path']))
{
if ($free_space <= $file->get('filesize'))

	if ($free_space = @disk_free_space($phpbb_root_path . $config['upload_path']))
{
if ($free_space <= $file->get('filesize'))

 
		{
if ($auth->acl_get('a_'))
{
$filedata['error'][] = $user->lang['ATTACH_DISK_FULL'];
}
else

		{
$filedata['error'][] = $user->lang['ATTACH_QUOTA_REACHED'];

		{
$filedata['error'][] = $user->lang['ATTACH_QUOTA_REACHED'];

 
			}

			$filedata['post_attach'] = false;

$file->remove();

			$filedata['post_attach'] = false;

$file->remove();

Line 1160Line 1173
/**
* User Notification
*/

/**
* User Notification
*/

function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id, $topic_id, $post_id)

function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id, $topic_id, $post_id, $author_name = '')

{
global $db, $user, $config, $phpbb_root_path, $phpEx, $auth;


{
global $db, $user, $config, $phpbb_root_path, $phpEx, $auth;


Line 1180Line 1193
	$topic_title = ($topic_notification) ? $topic_title : $subject;
$topic_title = censor_text($topic_title);


	$topic_title = ($topic_notification) ? $topic_title : $subject;
$topic_title = censor_text($topic_title);


	// Get banned User ID's
$sql = 'SELECT ban_userid
FROM ' . BANLIST_TABLE . '
WHERE ban_userid <> 0
AND ban_exclude <> 1';
$result = $db->sql_query($sql);

$sql_ignore_users = ANONYMOUS . ', ' . $user->data['user_id'];
while ($row = $db->sql_fetchrow($result))

	// Exclude guests, current user and banned users from notifications
if (!function_exists('phpbb_get_banned_user_ids'))








	{

	{

		$sql_ignore_users .= ', ' . (int) $row['ban_userid'];

		include($phpbb_root_path . 'includes/functions_user.' . $phpEx);

	}

	}

	$db->sql_freeresult($result);



	$sql_ignore_users = phpbb_get_banned_user_ids();
$sql_ignore_users[ANONYMOUS] = ANONYMOUS;
$sql_ignore_users[$user->data['user_id']] = $user->data['user_id'];


$notify_rows = array();

// -- get forum_userids || topic_userids
$sql = 'SELECT u.user_id, u.username, u.user_email, u.user_lang, u.user_notify_type, u.user_jabber
FROM ' . (($topic_notification) ? TOPICS_WATCH_TABLE : FORUMS_WATCH_TABLE) . ' w, ' . USERS_TABLE . ' u


$notify_rows = array();

// -- get forum_userids || topic_userids
$sql = 'SELECT u.user_id, u.username, u.user_email, u.user_lang, u.user_notify_type, u.user_jabber
FROM ' . (($topic_notification) ? TOPICS_WATCH_TABLE : FORUMS_WATCH_TABLE) . ' w, ' . USERS_TABLE . ' u

		WHERE w.' . (($topic_notification) ? 'topic_id' : 'forum_id') . ' = ' . (($topic_notification) ? $topic_id : $forum_id) . "
AND w.user_id NOT IN ($sql_ignore_users)
AND w.notify_status = " . NOTIFY_YES . '

		WHERE w.' . (($topic_notification) ? 'topic_id' : 'forum_id') . ' = ' . (($topic_notification) ? $topic_id : $forum_id) . '
AND ' . $db->sql_in_set('w.user_id', $sql_ignore_users, true) . '
AND w.notify_status = ' . NOTIFY_YES . '

			AND u.user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ')
AND u.user_id = w.user_id';
$result = $db->sql_query($sql);

while ($row = $db->sql_fetchrow($result))
{

			AND u.user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ')
AND u.user_id = w.user_id';
$result = $db->sql_query($sql);

while ($row = $db->sql_fetchrow($result))
{

		$notify_rows[$row['user_id']] = array(
'user_id' => $row['user_id'],


		$notify_user_id = (int) $row['user_id'];
$notify_rows[$notify_user_id] = array(
'user_id' => $notify_user_id,

			'username'		=> $row['username'],
'user_email' => $row['user_email'],
'user_jabber' => $row['user_jabber'],

			'username'		=> $row['username'],
'user_email' => $row['user_email'],
'user_jabber' => $row['user_jabber'],

Line 1219Line 1228
			'method'		=> $row['user_notify_type'],
'allowed' => false
);

			'method'		=> $row['user_notify_type'],
'allowed' => false
);

 

// Add users who have been already notified to ignore list
$sql_ignore_users[$notify_user_id] = $notify_user_id;

	}
$db->sql_freeresult($result);

// forum notification is sent to those not already receiving topic notifications
if ($topic_notification)
{

	}
$db->sql_freeresult($result);

// forum notification is sent to those not already receiving topic notifications
if ($topic_notification)
{

		if (sizeof($notify_rows))
{
$sql_ignore_users .= ', ' . implode(', ', array_keys($notify_rows));
}


 
		$sql = 'SELECT u.user_id, u.username, u.user_email, u.user_lang, u.user_notify_type, u.user_jabber
FROM ' . FORUMS_WATCH_TABLE . ' fw, ' . USERS_TABLE . " u
WHERE fw.forum_id = $forum_id

		$sql = 'SELECT u.user_id, u.username, u.user_email, u.user_lang, u.user_notify_type, u.user_jabber
FROM ' . FORUMS_WATCH_TABLE . ' fw, ' . USERS_TABLE . " u
WHERE fw.forum_id = $forum_id

				AND fw.user_id NOT IN ($sql_ignore_users)
AND fw.notify_status = " . NOTIFY_YES . '

				AND " . $db->sql_in_set('fw.user_id', $sql_ignore_users, true) . '
AND fw.notify_status = ' . NOTIFY_YES . '

				AND u.user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ')
AND u.user_id = fw.user_id';
$result = $db->sql_query($sql);

while ($row = $db->sql_fetchrow($result))
{

				AND u.user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ')
AND u.user_id = fw.user_id';
$result = $db->sql_query($sql);

while ($row = $db->sql_fetchrow($result))
{

			$notify_rows[$row['user_id']] = array(
'user_id' => $row['user_id'],


			$notify_user_id = (int) $row['user_id'];
$notify_rows[$notify_user_id] = array(
'user_id' => $notify_user_id,

				'username'		=> $row['username'],
'user_email' => $row['user_email'],
'user_jabber' => $row['user_jabber'],

				'username'		=> $row['username'],
'user_email' => $row['user_email'],
'user_jabber' => $row['user_jabber'],

Line 1272Line 1280
			}
}
}

			}
}
}



 

// Now, we have to do a little step before really sending, we need to distinguish our users a little bit. ;)
$msg_users = $delete_ids = $update_notification = array();


// Now, we have to do a little step before really sending, we need to distinguish our users a little bit. ;)
$msg_users = $delete_ids = $update_notification = array();

Line 1286Line 1293
		{
$msg_users[] = $row;
$update_notification[$row['notify_type']][] = $row['user_id'];

		{
$msg_users[] = $row;
$update_notification[$row['notify_type']][] = $row['user_id'];

 

/*
* We also update the forums watch table for this user when we are
* sending out a topic notification to prevent sending out another
* notification in case this user is also subscribed to the forum
* this topic was posted in.
* Since an UPDATE query is used, this has no effect on users only
* subscribed to the topic (i.e. no row is created) and should not
* be a performance issue.
*/
if ($row['notify_type'] === 'topic')
{
$update_notification['forum'][] = $row['user_id'];
}

		}
}
unset($notify_rows);

		}
}
unset($notify_rows);

Line 1323Line 1344
					'USERNAME'		=> htmlspecialchars_decode($addr['name']),
'TOPIC_TITLE' => htmlspecialchars_decode($topic_title),
'FORUM_NAME' => htmlspecialchars_decode($forum_name),

					'USERNAME'		=> htmlspecialchars_decode($addr['name']),
'TOPIC_TITLE' => htmlspecialchars_decode($topic_title),
'FORUM_NAME' => htmlspecialchars_decode($forum_name),

 
					'AUTHOR_NAME'	=> htmlspecialchars_decode($author_name),


'U_FORUM' => generate_board_url() . "/viewforum.$phpEx?f=$forum_id",
'U_TOPIC' => generate_board_url() . "/viewtopic.$phpEx?f=$forum_id&t=$topic_id",


'U_FORUM' => generate_board_url() . "/viewforum.$phpEx?f=$forum_id",
'U_TOPIC' => generate_board_url() . "/viewtopic.$phpEx?f=$forum_id&t=$topic_id",

Line 1479Line 1501
		break;

case 'delete_first_post':

		break;

case 'delete_first_post':

			$sql = 'SELECT p.post_id, p.poster_id, p.post_username, u.username, u.user_colour

			$sql = 'SELECT p.post_id, p.poster_id, p.post_time, p.post_username, u.username, u.user_colour

				FROM ' . POSTS_TABLE . ' p, ' . USERS_TABLE . " u
WHERE p.topic_id = $topic_id
AND p.poster_id = u.user_id

				FROM ' . POSTS_TABLE . ' p, ' . USERS_TABLE . " u
WHERE p.topic_id = $topic_id
AND p.poster_id = u.user_id

Line 1493Line 1515
				$sql_data[FORUMS_TABLE] = ($data['post_approved']) ? 'forum_posts = forum_posts - 1' : '';
}


				$sql_data[FORUMS_TABLE] = ($data['post_approved']) ? 'forum_posts = forum_posts - 1' : '';
}


			$sql_data[TOPICS_TABLE] = 'topic_poster = ' . intval($row['poster_id']) . ', topic_first_post_id = ' . intval($row['post_id']) . ", topic_first_poster_colour = '" . $db->sql_escape($row['user_colour']) . "', topic_first_poster_name = '" . (($row['poster_id'] == ANONYMOUS) ? $db->sql_escape($row['post_username']) : $db->sql_escape($row['username'])) . "'";

			$sql_data[TOPICS_TABLE] = 'topic_poster = ' . intval($row['poster_id']) . ', topic_first_post_id = ' . intval($row['post_id']) . ", topic_first_poster_colour = '" . $db->sql_escape($row['user_colour']) . "', topic_first_poster_name = '" . (($row['poster_id'] == ANONYMOUS) ? $db->sql_escape($row['post_username']) : $db->sql_escape($row['username'])) . "', topic_time = " . (int) $row['post_time'];


// Decrementing topic_replies here is fine because this case only happens if there is more than one post within the topic - basically removing one "reply"
$sql_data[TOPICS_TABLE] .= ', topic_replies_real = topic_replies_real - 1' . (($data['post_approved']) ? ', topic_replies = topic_replies - 1' : '');


// Decrementing topic_replies here is fine because this case only happens if there is more than one post within the topic - basically removing one "reply"
$sql_data[TOPICS_TABLE] .= ', topic_replies_real = topic_replies_real - 1' . (($data['post_approved']) ? ', topic_replies = topic_replies - 1' : '');

Line 1680Line 1702
	// The variable name should be $post_approved, because it indicates if the post is approved or not
$post_approval = 1;


	// The variable name should be $post_approved, because it indicates if the post is approved or not
$post_approval = 1;


	// Check the permissions for post approval. Moderators are not affected.
if (!$auth->acl_get('f_noapprove', $data['forum_id']) && !$auth->acl_get('m_approve', $data['forum_id']))


	// Check the permissions for post approval.
// Moderators must go through post approval like ordinary users.
if (!$auth->acl_get('f_noapprove', $data['forum_id']))

	{
// Post not approved, but in queue
$post_approval = 0;

	{
// Post not approved, but in queue
$post_approval = 0;

Line 1870Line 1893

case 'edit_topic':
case 'edit_first_post':


case 'edit_topic':
case 'edit_first_post':

			if (isset($poll['poll_options']) && !empty($poll['poll_options']))

			if (isset($poll['poll_options']))

			{

			{

				$poll_start = ($poll['poll_start']) ? $poll['poll_start'] : $current_time;

				$poll_start = ($poll['poll_start'] || empty($poll['poll_options'])) ? $poll['poll_start'] : $current_time;

				$poll_length = $poll['poll_length'] * 86400;
if ($poll_length < 0)
{

				$poll_length = $poll['poll_length'] * 86400;
if ($poll_length < 0)
{

Line 2075Line 2098
	}

// Update Poll Tables

	}

// Update Poll Tables

	if (isset($poll['poll_options']) && !empty($poll['poll_options']))

	if (isset($poll['poll_options']))

	{
$cur_poll_options = array();


	{
$cur_poll_options = array();


		if ($poll['poll_start'] && $mode == 'edit')

		if ($mode == 'edit')

		{
$sql = 'SELECT *
FROM ' . POLL_OPTIONS_TABLE . '

		{
$sql = 'SELECT *
FROM ' . POLL_OPTIONS_TABLE . '

Line 2585Line 2608
	// Send Notifications
if (($mode == 'reply' || $mode == 'quote' || $mode == 'post') && $post_approval)
{

	// Send Notifications
if (($mode == 'reply' || $mode == 'quote' || $mode == 'post') && $post_approval)
{

		user_notification($mode, $subject, $data['topic_title'], $data['forum_name'], $data['forum_id'], $data['topic_id'], $data['post_id']);





		// If a username was supplied or the poster is a guest, we will use the supplied username.
// Doing it this way we can use "...post by guest-username..." in notifications when
// "guest-username" is supplied or ommit the username if it is not.
$username = ($username !== '' || !$user->data['is_registered']) ? $username : $user->data['username'];
user_notification($mode, $subject, $data['topic_title'], $data['forum_name'], $data['forum_id'], $data['topic_id'], $data['post_id'], $username);

	}

$params = $add_anchor = '';

	}

$params = $add_anchor = '';

Line 2607Line 2634

$url = (!$params) ? "{$phpbb_root_path}viewforum.$phpEx" : "{$phpbb_root_path}viewtopic.$phpEx";
$url = append_sid($url, 'f=' . $data['forum_id'] . $params) . $add_anchor;


$url = (!$params) ? "{$phpbb_root_path}viewforum.$phpEx" : "{$phpbb_root_path}viewtopic.$phpEx";
$url = append_sid($url, 'f=' . $data['forum_id'] . $params) . $add_anchor;

 

return $url;
}

/**
* Handle topic bumping
* @param int $forum_id The ID of the forum the topic is being bumped belongs to
* @param int $topic_id The ID of the topic is being bumping
* @param array $post_data Passes some topic parameters:
* - 'topic_title'
* - 'topic_last_post_id'
* - 'topic_last_poster_id'
* - 'topic_last_post_subject'
* - 'topic_last_poster_name'
* - 'topic_last_poster_colour'
* @param int $bump_time The time at which topic was bumped, usually it is a current time as obtained via time().
* @return string An URL to the bumped topic, example: ./viewtopic.php?forum_id=1&amptopic_id=2&ampp=3#p3
*/
function phpbb_bump_topic($forum_id, $topic_id, $post_data, $bump_time = false)
{
global $config, $db, $user, $phpEx, $phpbb_root_path;

if ($bump_time === false)
{
$bump_time = time();
}

// Begin bumping
$db->sql_transaction('begin');

// Update the topic's last post post_time
$sql = 'UPDATE ' . POSTS_TABLE . "
SET post_time = $bump_time
WHERE post_id = {$post_data['topic_last_post_id']}
AND topic_id = $topic_id";
$db->sql_query($sql);

// Sync the topic's last post time, the rest of the topic's last post data isn't changed
$sql = 'UPDATE ' . TOPICS_TABLE . "
SET topic_last_post_time = $bump_time,
topic_bumped = 1,
topic_bumper = " . $user->data['user_id'] . "
WHERE topic_id = $topic_id";
$db->sql_query($sql);

// Update the forum's last post info
$sql = 'UPDATE ' . FORUMS_TABLE . "
SET forum_last_post_id = " . $post_data['topic_last_post_id'] . ",
forum_last_poster_id = " . $post_data['topic_last_poster_id'] . ",
forum_last_post_subject = '" . $db->sql_escape($post_data['topic_last_post_subject']) . "',
forum_last_post_time = $bump_time,
forum_last_poster_name = '" . $db->sql_escape($post_data['topic_last_poster_name']) . "',
forum_last_poster_colour = '" . $db->sql_escape($post_data['topic_last_poster_colour']) . "'
WHERE forum_id = $forum_id";
$db->sql_query($sql);

// Update bumper's time of the last posting to prevent flood
$sql = 'UPDATE ' . USERS_TABLE . "
SET user_lastpost_time = $bump_time
WHERE user_id = " . $user->data['user_id'];
$db->sql_query($sql);

$db->sql_transaction('commit');

// Mark this topic as posted to
markread('post', $forum_id, $topic_id, $bump_time);

// Mark this topic as read
markread('topic', $forum_id, $topic_id, $bump_time);

// Update forum tracking info
if ($config['load_db_lastread'] && $user->data['is_registered'])
{
$sql = 'SELECT mark_time
FROM ' . FORUMS_TRACK_TABLE . '
WHERE user_id = ' . $user->data['user_id'] . '
AND forum_id = ' . $forum_id;
$result = $db->sql_query($sql);
$f_mark_time = (int) $db->sql_fetchfield('mark_time');
$db->sql_freeresult($result);
}
else if ($config['load_anon_lastread'] || $user->data['is_registered'])
{
$f_mark_time = false;
}

if (($config['load_db_lastread'] && $user->data['is_registered']) || $config['load_anon_lastread'] || $user->data['is_registered'])
{
// Update forum info
$sql = 'SELECT forum_last_post_time
FROM ' . FORUMS_TABLE . '
WHERE forum_id = ' . $forum_id;
$result = $db->sql_query($sql);
$forum_last_post_time = (int) $db->sql_fetchfield('forum_last_post_time');
$db->sql_freeresult($result);

update_forum_tracking_info($forum_id, $forum_last_post_time, $f_mark_time, false);
}

add_log('mod', $forum_id, $topic_id, 'LOG_BUMP_TOPIC', $post_data['topic_title']);

$url = append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f=$forum_id&amp;t=$topic_id&amp;p={$post_data['topic_last_post_id']}") . "#p{$post_data['topic_last_post_id']}";


return $url;
}


return $url;
}